Operating System
Download
Report
Transcript Operating System
IS4406: Information
Technologies
Dr. Frederic Adam
Department of Accounting, Finance and
Information Systems
University College Cork
Ireland
© Frederic Adam, 2000
Quick history of IS
• Very rapid growth as a profession and an academic
discipline
• early over-enthusiasm lead to mistakes
– loads of requests to computerise
– crude methods of development and analysis
– business applications not well understood
• discouragement and scepticism as a result
• maturation was required on both theoretical and
practical sides (i.e. technology and management)
• IS has become established as a discipline and
functional area
© Frederic Adam, 2000
Has Lead to...
• ability to use information systems technology
is essential for success
• some companies apply IT with great benefit;
others make no progress at all
• “reactive approach” to IT no longer works
– too much novelty too fast
– technology evolution less and less predictable
• role of business managers in introducing IT
has become paramount
© Frederic Adam, 2000
Growth of IS
• Number of people involved:
– In companies
– In society at large
• Importance:
– very visible information systems
– size of investments
• Notoriety:
– Internet…
– public perception
© Frederic Adam, 2000
Change of Focus in IS:
• Very Technical
– specialists’ domain
– centralised concentrated expertise
– expensive
– well guarded
– computer based
• Very Managerial
– every manager’s business
– decentralised awareness
– very cheap
– service department more open to the outside
– information based
© Frederic Adam, 2000
Evolution of IS departments
IS Staff
Hardware
1960’s
1990’s
Total costs of running the IS function (after Earl, 1989)
© Frederic Adam, 2000
Evolution of IS in business
Three eras have been identified (Rockart & Van
Bullen, 1984)
• First: in the 50s and beginning of the 60s
• Second: in the 60s and the 70s
• Third: in the 80s and the 90s
They correspond to conceptual advances in the
Information Systems field and technical
advances in computers
© Frederic Adam, 2000
First era - Data Processing:
•
•
•
•
•
computer people highly specialised
no attention to user requirements
systems are very inflexible
users have no computing competencies
applications are mainly “number crunching”
© Frederic Adam, 2000
Second era - Management
Information System.
• Computers are seen as a part of the corporate
strategy
• Communication develops between the
computer people (“Techies”) and other
functions
• Range of applications available broadens accounting, finance, manufacturing ...
• Better methodologies are available to analyse
requirements
© Frederic Adam, 2000
Third era - Information
Management
• All managers are involved in the production /
processing of information
• Almost all staff members have access to a
computer
• Users have become more computer literate
• Prototyping methodologies mean better analysis of
problems of users
• Better development environments mean users can
develop their own applications
© Frederic Adam, 2000
Information Technology for
Business
• IS are at the core of the collection / processing /
storage of information
• IS is used to produce the information used for
decision making
• IS is used for the co-ordination of the activities of
the business
• IS is used to communicate with the outside
© Frederic Adam, 2000
Information as the Lifeblood of
Organisations
• Information and communication amongst
organisational actors is a key to success
• reliable and timely circulation of information
• robust networks of communication (formal
and informal)
• robust storage and retrieval of information
© Frederic Adam, 2000
Basic flows of information
• Organisations are organised in a number of
functional areas
• they carry out complementary missions
• they interact and collaborate in managing the
organisation
• What are they called? What are their mission?
© Frederic Adam, 2000
Examples:
• Finance: managing the cash flows, providing
resources to the firm
– sub area: Accounting (books and legal reporting)
– sub area: Accounts receivable and payable: deal with
suppliers and customers
• Marketing: promoting the firm and its products
• Sales: selling the products; dealing with customers
– sub area: sales orders
– sub area: returns
• Production: manufacture goods
– sub area: purchasing raw material
– sub area: quality control
© Frederic Adam, 2000
Collaboration / Conflict between
areas
• All areas of the firm must exchange info with the
others (just like organisations must interact with
the outside)
• divergence of viewpoints means opportunities for
conflict are great
• managing same resources / using the same assets
but with radically different goals
• Examples??
© Frederic Adam, 2000
Examples:
• Quality control versus production:
– production want to increase volumes and keep
productivity at highest levels
– QC want to prevent any “faulty” product to come out of
the door
In an environment where zero defect is only a remote
target => conflict is likely
• same versus sales
in one organisation, QC were referred to as the Sales
Prevention department
• Dealing with returns
© Frederic Adam, 2000
Collaboration and Information
• Functional areas cannot collaborate if no
information circulates (e.g. factory floor isolated
from rest of organisation)
• first stage: people talk to one another
• then exchange of documents
• then develop integrated systems shared by several
functional areas / the whole firm
• This requires the existence of common definitions
and reliable / undisputed sources of data
• Also people must have incentives to collaborate
© Frederic Adam, 2000
Reliable Common Grammar:
Examples
• Sales statistics:
–
–
–
–
as per invoices?
before returns
adjusted for bad debts
Also, what feed back time?
• Production figures:
– after rejects
– adjusted for loss / destruction in finished goods storage
– Any possibilities that figures are not reliable?
• business analysts must talk to everyone to ensure
existence of common reliable methods
© Frederic Adam, 2000
Reliable / Undisputed sources of
data
• No debate between functional areas about basic
figures of the business - production figures
Figure 1
• Robust measures of individual / area performance
for the purpose of assessment and rewarding Incentives
• Robust externally oriented systems for invoicing /
paying
• Reliable systems for storage / processing /
retrieval of data
• Archiving for comparison
© Frederic Adam, 2000
Corresponding Information
Systems
• The basic Accounting sub-systems are:
–
–
–
–
–
–
–
–
–
payroll
order entry
inventory (goods for sales, raw material...)
shipping
accounts receivable
purchasing
receiving
accounts payable
general ledger
• Figure 1 shows the relationships between them
© Frederic Adam, 2000
Also required for manufacturing
environments
• Goods are manufactured, not purchased
• recipes must be known in advance for all products
• activity must be planned for in advance:
–
–
–
–
volumes
raw material
machine
competent personnel (shift work)
}
limiting / constraining
factors
• communication must take place with other key
functional areas => PLANNING
© Frederic Adam, 2000
Manufacturing Tasks
• Based on volumes
• determine quantities of RM to commit (+ planning
for additional purchases)
• schedule production runs (including sub-assemblies)
• line up workers to operate the machines
• deal with short term variations (e.g. issue of over
time work)
=> Master schedule for production
© Frederic Adam, 2000
Required computer systems
• Set of individual modules supporting the different
tasks
• Each module links into the others so as to
eliminate re-entry of data (e.g. volumes)
• Database structure well suited to such a system
• BOM, Staff, Machines (and their characteristics)
are stored in specific tables
• Work orders are entered => schedule comes out
© Frederic Adam, 2000
Computer Software for Business
• Several types or layers of software
• From close to the machine to close to the users
• Also IT infrastructure (cables, networks and
services)
• All administered by the IS department or the
community of users
© Frederic Adam, 2000
First layer: Operating System
• Until the 60s, no operating systems
• Waste of computer resources as only one job can
run at a time
• Most of the components are idling while a small
number of them works
• Operating System - a set of programs to enable a
computer to manage its own resources
• No user intervention required
© Frederic Adam, 2000
Definition
• program that controls the overall activity of
the computer
• provides “service” to other applications
• Manages multi-user environments
• missions involve:
– accepting commands from users
– loading programs for execution
– scheduling the use of computer resources
– managing the memory / allocating space
– synchronising the use of I/O and storage devices
© Frederic Adam, 2000
Operating Systems Components:
• Resident monitor - stored in ROM - loaded when
PC powered on
– handles basic operations
– load keyboard, screen, mouse drivers etc...
• External Routines - to carry out specific tasks:
– user part of the OS
– located on hard disk (e.g. Windows directory)
– format disks; making backups;etc...
© Frederic Adam, 2000
Operating System - a closer look
at its roles:
• Job control program
• I/O management
• Program manager
• Memory Manager
© Frederic Adam, 2000
Job control Program:
• Job = application program + its data
• JCP prepares the job to be run
– security - job protection (access levels)
– setting limits and priorities
– allocating resources
• In particular, allocates memory
• use a JCL
© Frederic Adam, 2000
Setting limits and priorities:
• select I/O devices
– which tape drive
– which printer
• assign a level of priority - queuing jobs
– jobs that run faster, little I/O activity = high priority
– jobs that tie up many different resources = low
priority
– jobs that are vital = high priority
• assign a % of the resources (shared system)
• initiate job accounting
– measure exact usage of resources
– rates
– maintains audit trail
© Frederic Adam, 2000
Input / Output Manager:
• I/O devices are much slower than CPU
• Try to minimise idling time - mediate differences
in speed
• monitors exchanges Input-RAM and RAM-output
• uses channels (independent processors) to free
CPU from handling the transfers
• uses buffers to speed up transfer
© Frederic Adam, 2000
Program Manager:
• handles the movements of programs into the
RAM
• more complex when more than one job at a time
• uses different types of algorithms:
– batch processing
– time sharing
– real-time processing
• can be multi-processing or multi-programming or
multi-tasking...
© Frederic Adam, 2000
Batch Processing:
• Stage one: Data collection
• stage 2: Data processing
• Little computer resources used until submission of
jobs
• E.g. registration day in UCC.
• Data not up-to-date until end of processing
© Frederic Adam, 2000
Time sharing:
•
•
•
•
•
Several users run jobs at the same time
Each has a time slice of the computer
Each process start and is interrupted in turn
User unaware of slicing because speed is high
Mostly in centralised environments (where
computing resources are centralised
© Frederic Adam, 2000
Real-Time processing / on-line
applications:
• Update / processing of data is done in real time i.e. as changes occur
• Typical example - Bookings from travel agents
• Speed is paramount unlike with batch processing
• Only available in the last 20 years because it
requires loads of power.
© Frederic Adam, 2000
Multiprogramming:
Mode of operation of computer
• Multiprogramming refers to the concurrent
execution of more than one program
• Computers can only execute one instruction at
a time but they can work on several programs
at a time
• Operating system organises the switches of the
CPU from one job to another
• Switching takes place when I/O operations
occur
© Frederic Adam, 2000
Multiprocessing:
• Different from Multiprogramming
• Refers to a situation when two or more CPUs
execute instructions at the same time
• eg: space shuttle is directed by calculations
made by FIVE computers
• If one computer is not be fast enough
– one computer handles processing
– one handles I/O operations
• If one computer fails
– parallel processing
© Frederic Adam, 2000
Multitasking:
• Nearly the same as multiprogramming
• But more often used for smaller computers
• For PCs, multitasking appeared with Windows 3.1
• e.g. ALT + TabKey or look in the task bar
© Frederic Adam, 2000
Memory Manager:
• Programs are moved in and out of memory all
the time - because memory is not big enough
• Memory Manager keeps track of program’s
address in memory (RAM) and on disk
• Parts that are not needed go back to the disk
• This is referred to as “Virtual Storage” - i.e.
storage on disk of elements that should be in
the memory
© Frederic Adam, 2000
Techniques for Virtual Memory:
• Paging:
– pgms chopped into fixed length sections (pages)
– size can be adjusted at will
– pgm broken down independently from pgm logic
• Segmentation:
– fragmentation respects pgm logic
– 1 segment = 1 module of pgm
– aim at reducing the number of page transfers
© Frederic Adam, 2000
Basics of data organisation:
DATA HIERARCHY (four cats)
• Fields = represent a single data item
– numeric field (numbers, currency...)
– alphabetic field (text or “string”)
– alphanumeric field (any combination of the above)
• Records = made up of a related set of fields as many as required to describe entity
– each “case” or instance in the data has its own
record
• File = a set of related records - as many as
instances
• Database = a collection of related files
© Frederic Adam, 2000
Example of data structure
Fields
Records
File
Name
First name Telephone
Borg
Healy
McEnroe
Cantona
John
Margaret
Bjorn
Paul
45 25 65 65
25 58 96 63
12 25 28 89
25 78 85 85
+ Other files
ie: more information
© Frederic Adam, 2000
Database: Definition.
"A collection of interrelated data stored together with
controlled redundancy, to serve one or more
applications in an optimal fashion; the data is
stored so that it is independent of the application
programs which use it; a common and controlled
approach is used in adding new data and in
modifying existing data within the database."
© Frederic Adam, 2000
Definition - closer look
• A collection of interrelated data stored together
• with controlled redundancy
• to serve one or more applications in an optimal
fashion
• the data is stored so that it is independent of the
application programs which use it
• a common and controlled approach is used in
adding new data and in modifying existing data
within the database.
© Frederic Adam, 2000
DataBase Management
System (DBMS):
• program that makes it possible to:
– create
– use
– maintain
a database
• provides a logical access to the data stored in
the DB
• users/programmers do not have to worry
about the physical aspects of the DB
© Frederic Adam, 2000
Relational DBs:
• Data items stored in tables (records + fields)
• Specific fields from each table related to other
fields in other tables (joint)
• infinite number of possible viewpoints on the
data (queries)
• most flexible of all DBs but slower for complex
searches (many connections to follow)
• Oracle, SyBase on Unix, Access, Paradox for
Windows...
© Frederic Adam, 2000
Describing relationships
• Attempt at modelling the business elements
(entities) and their relationships (links)
• Can be based on users’ descriptions of the
business processes
• Specifies dependencies between the data items
• Coded in an Entity-Relationship Diagram
(ERD)
© Frederic Adam, 2000
Types of Relationships
• one-to-one: one instance of one data item
corresponds to one instance of another
• one-to-many: one instance to many instances
• many-to-many: many instance correspond to
many instances
• Also some relationships may be:
– compulsory
– optional
© Frederic Adam, 2000
Structured Query Language
• used for defining and manipulating data in
Relational DBs
• aimed at:
–
–
–
–
–
–
reducing training costs
increasing productivity
improve application portability
increase application longevity
reduce dependency on single vendors
enable cross systems communication
• In practice, SQLs can be a bit different
© Frederic Adam, 2000
Querying RDBs with SQL
• use a form of pseudo english to retrieve data
in a view (which looks like a table)
• syntax is based on a number of “clauses”
• Select: specifies what data elements will be
included in the view
• From: lists the tables involved
• Where: specifies conditions to filter the data
– specific values sought
– links between tables
© Frederic Adam, 2000
Additional syntax
• Add computation in the “select” statement:
– select SUM(price)
– select AVG(price), MAX, MIN, COUNT
• Simplify comparisons with a BETWEEN clause
and LIKE clause (with *, ?)
• Add sorting instruction after the where clause
– ORDER BY name (alphabetical)
– ORDER BY price (ascending)
• Provide aggregate information by grouping
data:
© Frederic
Adam, 2000
Functions of Database
Management Systems
•
•
•
•
•
•
•
•
•
Data storage retrieval and update facilities
A user-accessible catalogue or data dictionary
Support for shared update
Backup and recovery services
Security services
Integrity services
Services to promote data independence
Telecommunications
Utilities
© Frederic Adam, 2000
Support for Logical
Transactions
• logical transaction = many separate physical
transactions (reading, updating, writing records)
• if transaction are interrupted before entire
completion "up to date" data is sacrificed for
consistent data.
• If not, transaction is committed - ie written to disk
• DBMS provides mechanisms that either Commit
or Rollback transactions
© Frederic Adam, 2000
SHARED UPDATE
• i.e. Two or more users making updates to
database at the same time
– Single vs. Multiuser Environment (eg: Networked
DBMS)
• Problem: double update
– CUSTOMER BALANCE: 418
– Pat (recording sale: +100) and Jo (recording payment -100):
– CORRECT: Pat reads, updates and writes (commits: 518). Jo
reads (518), updates and writes (commits: 418).
– VALUE: 418.
– INCORRECT: Pat reads and updates. Jo reads and updates.
Pat writes (commit: 518). Jo writes (commit: 318).
– VALUE: 318.
© Frederic Adam, 2000
SHARED UPDATE SOLUTIONS
• 1. AVOIDANCE:
– Prohibit shared update,
– Allow access for retrieval only,
– Record updates in transaction file and update database
periodically using a batch program.
• Problem: Data is temporarily out of date
• customer may not be allowed credit because his
balance had not been credited with last payment.
© Frederic Adam, 2000
SHARED UPDATE SOLUTIONS
• 2. LOCKING
– Lock table/record/field from access by other users.
• TYPES OF LOCK
– Exclusive Lock
– Read Only Lock
– Lock Time-Out
• Other variables
– Lock Granularity
– Deadlock
© Frederic Adam, 2000
• TYPES OF LOCK
– Exclusive Lock: Other users can neither read nor
update locked table/record/row. Extreme and inflexible.
– Read Only Lock: Other users can read but not update
the locked table/record.
– Lock Time-Out: If a record is locked, a user could
have a long wait for its release. Some DBMS's detect
lengthy locks and unlock them, undoing any updates
made to any records during the transaction.
– Lock Granularity: Refers to the level of the lock:
field, record, page/block, table.
– Deadlock: Users can have a lock on more than one
record at a time. This poses problems when two users
require each others locked records.
© Frederic Adam, 2000
RECOVERY
1.
Backups or Saves (normal backup of DB files)
2.
Journaling / Audit trail / Audit file
– Keep a log or journal of the activity which updates the
database
– recovery involves: Copying the backup over database
and running a special program to update the backup
version of the database with the transaction in the log.
© Frederic Adam, 2000
SECURITY
• Restriction of access to authorised users only.
1.
2.
3.
4.
Passwords
Encryption
Views
Authorisation Levels
•
•
•
•
read only
edit
delete
create
© Frederic Adam, 2000
Data Integrity
• DBMS provides a mechanism to enforce
specific rules.
– Examples:
•
*
*
*
*Customer numbers must be numeric,
But programmers must also develop their own
Credit Limits must be £300, £500 or £1000
only,
The sales rep for a given customer must exist,
No customer may be deleted if he/she currently
has an order on file.
© Frederic Adam, 2000
Data Independence
• DBMS must support the isolation of data structure
from the programs
• Users or application programs not be affected by
changes to the database structure. (no
reprogramming or recompilation)
• Logical and Physical Data Independence Usually
achieved through Subschema or View type
mechanisms.
© Frederic Adam, 2000
Database Schema
• description of the overall logical structure of a
database, expressed / programmed in Data
Definition Language (DDL)
• broken down into sub-schemas: logical description
of a user’s view or program’s view of the data
used
• DDL can be very sophisticated on a mainframe or
trivial on a PC (queries / views)
© Frederic Adam, 2000
Telecommunication
• organisations are rarely single site / single entity
• flows of data transcend the boundaries of
organisations - so do information systems
• data communication must be implemented
• databases can be used to support the distribution
of information resources
© Frederic Adam, 2000
Integration of applications
• organisational data sources are varied
• all applications must be integrated to save time (ie:
exchange data)
• databases can be used to enable this integration
(eg: MFG/PRO)
• portability / compatibility is paramount (eg:
ODBC drivers)
© Frederic Adam, 2000
Database Utilities
•
•
•
•
•
Compact datafiles
Index / re-index data files
Repair database (crash)
Import/export data from and to other sources
Enforce standards (eg: integrity of relationships,
NF...)
• Associated data dictionary
• Access to remote computers (login, emulation)
© Frederic Adam, 2000
Distributed Databases
• Logical next step in geographically dispersed
organisations
• goal is to provide location transparency
• starting point = a set of decentralised DBs
located in different places, developed for the
specific information needs of each site
• Aim: to integrate these decentralised DBs into
a coherent DDB
© Frederic Adam, 2000
Advantages of Distributed
DBs:
• Increased reliability of systems and availability
of data
• Local control preserved
• Modular growth possible at each site and at
new sites
• Optimised communication costs
• Faster response times
© Frederic Adam, 2000
Control in normal DBs
• transaction control: ability of the DBMS to ensure
the successful completion of transactions
– commit transactions
– roll-back to previous state
• concurrency control: ability of the DBMS to
arbitrate between concurrent uses of data:
– simultaneous access
– simultaneous update
– deletion
© Frederic Adam, 2000
Control in Distributed DBs
• Different portions of the overall database reside
at different locations
• these portions are controlled by different
processors running sometimes different DBMSs
• common schema means queries can involve any
portion of the DB residing at any location
© Frederic Adam, 2000
Options for Distributed DBs
• Issue of physical design (data structure)
• performance of the DB (response time...) depends
upon good design
• There are a number of options:
–
–
–
–
data replication
horizontal partitioning
vertical partitioning
combinations of the above
© Frederic Adam, 2000
Data replication
• store a separate copy of the full tables in each
location
• if a copy is stored at every site: Full Replication
• Advantages:
– reliability
– fast response
• Disadvantages
– storage requirements
– complexity and cost of updating
© Frederic Adam, 2000
Horizontal partitioning
• some of the rows of the tables are stored in one
location; others are stored at other locations
• eg: customers banking out of a particular branch
• Advantages:
– efficiency
– local optimisation
– security
• Disadvantages:
– inconsistent speed access
– backup vulnerability
© Frederic Adam, 2000
Vertical partitioning
• some columns are projected into base
relationship at different sites
• all relations share a common domain so the
full table can be reconstructed
• Advantages:
– tailor-made support for functional areas
– same as horizontal partitioning
• Disadvantages:
– some queries might be very slow
– users must understand some design issues
© Frederic Adam, 2000
Combinations of the three
methods
• most of the time, companies will use different
methods
• each method is efficient in certain situations +
some other security requirements
• eg: local customers, information originating at
a certain site, shared processes that require the
same data at all sites
• it is a design issue to try to identify the
optimal distribution - data at the sites where it
is used most
© Frederic Adam, 2000
Distributed DBMS
• additional roles to play in the case of a
distributed DB
• determine the location where data to be retrieved
is located
• translate the request into the language used by
the local DBMS
• deal with normal data management functions,
security matters, locking, query optimisation...
© Frederic Adam, 2000
Heterogeneous Distributed
DBMS
• a different DBMS running at each site
• a master DBMS controlling the interactions
amongst the parts
• not practical today (compatibility)
• more often, each DBMS follows the same data
architecture
© Frederic Adam, 2000
Problems with global
transactions
• DBMSs can be radically different - relational
versus network
• only some state-of-the-art commercial
products have translating capabilities
• one alternative solution is to put some
essential data and the directory of the data
locations on a central server
• Real distributed DBMS solve these problems
for the users with the help of the NOS
© Frederic Adam, 2000
Commit Protocol
• to ensure the integrity of the data in update
operations
• well defined procedure based on the exchange
of messages (“ok” or “not ok”)
• each global transaction can either be complete
(and completed) or aborted
• Two-phase commit:
– site originating the transaction sends requests to all sites
involved in the update
– all sites attempt to process their part of the transaction
without committing the data (temp files)
– they notify the first site whether OK or not
– the first site collects all OKs and sends order to commit the
data
© Frederic Adam, 2000
Timestamping
• Alternative to locking (possibility of deadlocks)
• ensures that transactions are processed in serial
order so locking in not needed
• All updated records carry the timestamp of the
transactions that modified them
• if new transaction attempts to update a record
with an earlier timestamp = OK
• If new transaction ...with a later stamp, update
access is denied, the transaction is re-stamped and
is re-started
© Frederic Adam, 2000
Example:
Record in a DB
Record update: 170
168
OK
Updated record
170
Record Update: 165
Denied
Record Update: 170
Transaction re-started (ie: do it again)
Updated record
170
+++: costly deadlock situations are avoided
----: transactions may sometimes be restarted even though
they did not conflict with previous ones.
© Frederic Adam, 2000
Effect of design on speed
• how to design fast queries
• simple example with two sites in relational DB:
– supplier (Supplier#, ...,City): 10,000 records stored in Detroit
– part (part#, .., colour): 100,000 records stored in Chicago
– Shipment (supplier#,..., Part#): 1,000,000 records stored in
Detroit
– each record is 100 characters long + there are 10 red parts
– data transmission is 10,000 character/second, 1 second delay
in any communication
– data processing negligible
• Write the SQL statement
• Imagine how the query can be carried out between
© Frederic Adam, 2000
the two sites
SQL statement
select supplier.supplier#
from supplier, part, shipment
where supplier.city = ‘Cleveland’
and supplier.supplier# = shipment.supplier#
and shipment.part# = part.part#
and part.color = ‘Red’
© Frederic Adam, 2000
Conclusions
•
•
•
•
Reasonably easy to optimise query with two tables
Very complex with more than two (try with 30!)
Rules:
Queries must be broken down into components
isolated at different sites (minimise communication
time and traffic)
• Determine which site has the potential to yield
FEWER selected records
• Move preliminary results to site where rest of the
work can be performed (ie: try to move as few
records as possible)
© Frederic Adam, 2000
Managing the IS department:
• Dilemmas in managing IT:
– limited to the administration of systems
– searching for new opportunities to develop the use of IT
• Success of the IT function is often measured
based on the operation of existing systems
• Adaptability and creativity are not assessed
• Neither is the efficiency of resource usage
© Frederic Adam, 2000
Tasks of IS
• IS delivers a service to the rest of the
organisation - it is a support department
• IS is in charge of managing the computer
resources and the technology
• IS must plan for future needs on behalf of the
whole organisation
• IS must develop the new systems that will be
help the organisation in the future
© Frederic Adam, 2000
Tensions in IS department: Why
IS departments are short of staff?
IS Staff
Hardware
1960’s
1990’s
Total costs of running the IS function
© Frederic Adam, 2000
Tension in IS Departments: Entropy
of System’s Development
Obsolete system
= need new system
Systems
Planning
New related problem or requirement
Systems
Support
New solution to existing requirement
Systems
Analysis
Bugs and errors
in execution
Systems
Implementation
Systems
Design
© Frederic Adam, 2000
IS as a service department
•
•
•
•
supporting end-users - answering their requests
training users
provide a secure environment
providing advice on how to tackle problems in
the future
There are a number of strategies to fulfil this role
© Frederic Adam, 2000
Different philosophies of
Network Management:
1
•
•
2
•
3
•
•
•
- Centralised DP:
one company = one computer
one department does all the processing
- Decentralised DP:
each individual function has own computer with home
made rules and procedures
- Distributed DP (DDP):
somewhere in between
various computers available throughout the company
all linked together
© Frederic Adam, 2000
+/- of the different
philosophies:
1
•
•
2
•
- Centralised DP:
easy to maximise use of computer and to control usage
flexibility for user is restricted
- Decentralised DP:
difficult to maintain and share corporate data
(compatibility of software, hardware...?)
3 - Distributed DP (DDP):
• more difficult to manage
• does address the difficulties of both philosophies
© Frederic Adam, 2000
Traditional IS
• computing is a centralised activity managed by
the IS department
• functional areas have no freedom in relation to
the selection or the usage of IT
• functional areas have no budget for computing
• the IT architecture developed in the
organisation is centralised as well
© Frederic Adam, 2000
End-user computing
• Users / managers are active in determining the
systems they require
• They are active in specifying the requirements
for these applications
• They may even develop the applications
themselves (if skilled enough)
• They have a specific budget within their
functional area to accomplish this
• They may be supported by the IS department
through an Information Centre
© Frederic Adam, 2000
Problems with EUC:
• less transparency in the IS spending (up to
50% in “hidden” costs)
• more difficulty in integrating interdepartmental systems
• possibility that individual buyers make wrong
choices
• Loss of economies of scale
© Frederic Adam, 2000
Problems with EUD
• No overall view of business systems
• no standards for development and
documentation
• likely duplication of efforts and data
• likelihood of loss of critical knowledge
• risk of local users “re-inventing the wheel”
© Frederic Adam, 2000
Advantages of EUC
• faster application development / implementation
• increased chance of getting requirements right
• users become more expert at using computing
resources
• productivity increases at individual user level
• reduction of the “application backlog”
© Frederic Adam, 2000
Outsourcing
• Transfer the responsibility for IS to an outside
organisation (various degrees)
• Use a computer service provider for one or more
applications
• outsource some development work
• Do without an IT department and depend entirely
upon outside specialists
• Saves money but with major consequences for
control and strategic developments
© Frederic Adam, 2000
Historical evolution of IS
•
•
•
•
Stage of growth model (Nolan)
All organisations go through similar stages
EUC emerges in stage 2
EUC must be carefully managed through the
other stages
• Failure to manage EUC means organisation
does not go into later stages
• Evolution is basically a cycle of phases of
control, EUC and outsourcing
© Frederic Adam, 2000
Dealing with IT costs
• Allocating or charging out costs
• Seen as an administrative or accounting
procedural matter
• can influence the selection of and management of
IT investments and budget
• Who pays for IS projects and who is responsible
determines how applications are cost justified
• Also accountability for failure and over spending
© Frederic Adam, 2000
The Chargeback system
• Unpopular at the best of times
• users see it as a pricing mechanism: how
expensive should IT be?
• Transfer pricing for buying and selling IT products
and services
• All boils down to status of IS department and
whether functional areas have access to a free IS
market
© Frederic Adam, 2000
Free Market?
•
•
•
•
Have functional areas their own budget?
Is IS an independent profit centre?
Is IS in competition with other suppliers?
Can IS refuse unprofitable work?
• Who prepares the IS budgets?
• What cost drivers to use?
© Frederic Adam, 2000
Calculating IS usage
• Traditionally, CPU time and other very technical
parameters
• More fair to the user to use more visible and
business-like measures:
– number of transactions
– number of screens viewed per session
– …
• Matter of business policy!!
© Frederic Adam, 2000
Vision of the status of IS
• Earl argues that charge-out system must reflect the
role of IS as component of the business:
• service centre: IS service not chargeable
• cost centre: users are charged with costs
representing the resources consumed (IT costs are
recovered)
• Profit centre: users pay a market price (IS
department can have its own revenues + bid for
outside work)
© Frederic Adam, 2000
Implications for charge-out
system
• Cost centre: charging method based on
average/standard costs (e.g. network)
• Profit centre = open market - players can accept /
refuse work based on availability of better offer
• First step to outsourcing??
• Hybrid method may offer best solution,
– charges determined by the nature of each application
• but is difficult to implement
© Frederic Adam, 2000
Protection of Information
Resources
• Modern network-based environments require
the application of basic security principles to
distributed environments.
• “An open, secure system is a contradiction in
terms” (datapro, 1994).
• any data flowing through a network or cached
temporarily is vulnerable
• as security is implemented, freedom is
reduced
© Frederic Adam, 2000
Basic principles of security
•
•
•
•
Confidentiality
integrity
authenticity
utility - fitness for a purpose
© Frederic Adam, 2000
Steps in protecting Distributed
Resources
• Identify what you want to protect
• evaluate and determine all possible
weaknesses / sources of risk
• constantly review access to IT resources and
IT audit procedures
• routinely conduct / update risk analysis of the
operation
© Frederic Adam, 2000
Priorities for the Protection of
Computer Resources
• Prevention of computer crimes - ie ensuring that
information resources are only used as prescribed
and by authorised personnel
• disaster planning - pro-actively envisaging what
might happen in order to minimise risks
• disaster recovery or “business continuation” - ie
ensuring that consequences of crime and accidents
will also be minimum so business can resume
immediately
© Frederic Adam, 2000
Computer crime:
• using computer resources to engage in unauthorised
or illegal acts
– stealing money from a bank
– copying and using programs without required licence
• as technology spreads, opportunities for crime
increase
• still very loose legal framework means few people are
prosecuted
• 80% of crimes are insiders’ jobs (employees)
• most instances are not reported (banks!!!)
© Frederic Adam, 2000
Types of computer crime:
• a very large number of different ways:
– data diddling: unauthorised modification of data
– the Trojan Horse technique: a block of code hidden in a
program
– the salami technique: shaving minute amounts to each
transaction
– Trapdoor routines: special programs used in the
development phase sometimes not removed
– Eavesdropping: spying of data communication between
LANs and mainframes for important info
© Frederic Adam, 2000
Recent survey
• security problems resulting in financial loss:
–
–
–
–
–
–
–
•
•
•
•
•
24% software failure
12% network failure
12% virus
11% computer failure
7% stolen data
5% sabotage
4% network break-in
Nearly 50% have lost valuable info in last 2 years
20 respondents have lost info worth more than £1 million
70% say security risks have worsen
80% have hired a full time info security director
67% have faced viruses in the last year
© Frederic Adam, 2000
Computer related crime
•
•
•
•
•
•
•
credit card fraud 96%
telecommunication fraud 96%
staff use of corporate computer for personal use 96%
unauthorised access to company files 95%
cellular phone fraud 95%
unlawful copying of copyright software 90%
theft of information regarding:
–
–
–
–
–
clients 81%
trade secrets 80%
new products 75%
confidential employee information 75%
money 72%
© Frederic Adam, 2000
Hackers and Bandits:
• most prolific types of unauthorised activities on
computer systems
• a hacker is someone who breaches
communication and network security to gain
unauthorised access to a central computer
• Hackers are supposed to do it for the fun
• very often not classified as computer crime and
not prosecuted
• They can however be tricked by Bandits who give
them “bad ideas”
© Frederic Adam, 2000
Requirements for identification of
computer crime:
A number of conditions have to be demonstrated to
enable prosecution of the crime:
– knowledge: criminals must have competent knowledge
about the act and be aware of the consequences
– purpose: the must have an underlying purpose,
specific intent otherwise, browsing may be merely
“electronic trespassing”
– malice: they must be motivated by malice and wish to
do harm in some way.
© Frederic Adam, 2000
How to make it easier to trap
Hackers:
• have investigation procedures ready to be
implemented
• they will aim at freezing the situation and
preserving the scene of the crime
–
–
–
–
–
prevent further damage to data and programs
limit the losses incurred
find out what went wrong
identify the perpetrator (if any)
preserve evidence in view of legal action
• in the case of internal threats, publish an internal
code of conduct for employees (included in work
contract??)
© Frederic Adam, 2000
Why are computers so
vulnerable?? - DATA
• data can be stored in pocket size forms (floppy
disks, disks, tapes, DAT...)
• electronic data is invisible
• data can leak (electromagnetic waves = tempest)
• data is accessible (can be copied without trace or
authority)
• data can get left behind
• centralised data stores can reach high value
© Frederic Adam, 2000
Why are computers so
vulnerable?? - COMPUTERS
• computers are mythical: users do not behave
rationally
• technology is changing faster than companies /
people can adapt
• communication and networking are compounding
factors
• systems and networks are more and more
integrated (open systems)
• processing is more and more distributed
• security standards are still very low
© Frederic Adam, 2000
Consequences of security
breaches
• damage is sometimes unexpected and subtle:
– loss of business
– damaged reputation
– compromised organisational secrets
• Primary costs - replacement of destroyed /
stolen property
• secondary costs - lost business / revenues
• incidental costs - legal and detrimental costs
resulting from damage or settlement
© Frederic Adam, 2000
First step is risk analysis:
• Some general threats to all companies, but each
setting is unique => specific analysis
• identify specific worth of organisational assets
• From list of sensitive assets a specific security
plan can be designed
• this is best done by an outsider (taking some
distance is required) by way of an inquiry:
– talking to people
– learning about the company
– writing a report that will convince top management
© Frederic Adam, 2000
steps in security: assessing
risks:
• a number of “models” are available for
assessing risks
• one example is:
Risk
=
Threats
+
Vulnerabilities
+
Assets values
where:
– threats are events which cause harm
– vulnerability is the degree of openness of the org.
– asset value is the worth of the assets in danger
• If one component decreases, risks decreases
and vice versa
© Frederic Adam, 2000
Risk analysis techniques:
• Subjective analysis = group method where all
competent staff review:
–
–
–
–
the role of the computer systems
the nature of the business and the org.
the history of the company (for previous problems)
no longer sufficient because not systematic enough
• Quantitative analysis: come up with a figure that
should be spent every year by:
– computing the likelihood of each threat
– computing the costs of damage resulting from each threat
– multiplying frequency and impact to obtain the maximum amount that
should be spent on protecting the company against each threat
– there are obvious limits to that method too
© Frederic Adam, 2000
Security policy matrix:
Impact
Plan
(What-if?)
10
Avoid/Escape
(What!!!)
Expectancy
0
10
Accept Risk
(So What...)
0
Control
(What to do...)
© Frederic Adam, 2000
Components of the the
security Plan
•
•
•
•
•
physical security
document security
personnel security
hardware security
software security and logical access control
© Frederic Adam, 2000
Example - physical security
• Plan is aimed at deterring intruders from trying
• efficiency of the barrier is measured by:
–
–
–
–
the time and cost needed to breach it
the speed with which intrusions are identified
the accuracy with which the intruder is identified
its non-interference with the life of the organisation
• it involves the protection of:
– the computers (location, layout of computer centre)
– the services of the computer installation (air conditioning, power,
water...)
– fire protection
© Frederic Adam, 2000
Example - document security
• there are a number of documents specific to
computer use that are important:
– blank pro-formas
– “handle as if..” documents (ie: drafts, mistakes...)
• magnetic documents (ie: disks and tapes) must
be registered in an inventory
• tapes must be purged before being re-used
• the life of every computer document should
end by its destruction (shredded)
© Frederic Adam, 2000
Who is in charge:
• security is still viewed as an MIS issue
• Co-ordination of security strategy is an MIS issue
• but co-operation is required from all departments /
users
• if procedures are not followed, the best strategy is
worth nothing
© Frederic Adam, 2000
Security of Networks:
• Security is much easier to implement in M/F
environments - ie centralised
• risks increase in LANs and even more in
interconnected LANs (WANs)
• Remote access is a great source of risk - eg
workstations are left unattended
• Remote access market = $2 billion in 1997
• how to make a network of notebooks safe
© Frederic Adam, 2000
Security with EDI:
• organisations share their IT infrastructure
• paperless nature of transactions requires double care
- legal aspects
• prevention, monitoring and recovery must be shared
and co-ordinated between the partners
• liability and responsibility could be difficult to
establish
• all parties involved must agree on common code of
security to ensure “end-to-end” security
© Frederic Adam, 2000
Security with CAD:
• attempt to shorten the value chain of an org.
• design office is linked to outside organisations to
contract out work
• design office is on-line to the manufacturing systems
• Integrated system also involves inventory control,
finished goods stocks, shop floor control...
© Frederic Adam, 2000
Security with Document
Image Processing
• Paperless organisation means documents are
scanned as soon as they come in
• copies of all documents always available from
anywhere
• over-reliance on such systems (inability to
handle paper documents) can lead to disaster
• editing facilities make it too easy to “fabricate”
documents for fraudulent purposes
© Frederic Adam, 2000
Added difficulties in multivendor environments
• most organisations no longer rely on one single
platform
• integration means emphasis is on linking these
rather than separating them
• password protection can mean that users must
remember many different passwords
• encouragement for users to weaken security by
using same password or obvious passwords
© Frederic Adam, 2000
Recovery Planning:
• perfect security cannot be achieved and no single
countermeasure is completely effective
• security is about reducing the risk to an acceptable
level and coping with the consequences
– provision must be made for accidents despite countermeasures
– recovery mechanisms are as important as protection
• so security measures should:
–
–
–
–
operate in conjunction with the corporate life
be simple and easy to implement
be cost effective as £££ are scarce for security
be introduced over a period of time, progressively
© Frederic Adam, 2000
Potential gain from a suitable
security strategy:
• improved image:
– competitive advantage can be obtained
• enhanced customer confidence:
– ensure service continuity
– accuracy and privacy of service
– safeguard of customer assets
• new products and services:
– novel security devices and strategies can be marketed and
sold to other companies
– security projects may generate new ideas
• new security features for existing products
and services:
– can give new life to an old line of products
– market opportunities may be lost if security is not up to the
© Frederic Adam, 2000
standard
A Strategic Role for IS
• IS as a contributor to organisational value added
• Helping functional areas to develop their
contribution
• contributing to developing new specific activities
• e.g. Electronic Commerce
© Frederic Adam, 2000
IS Strategy
• IS strategy must be consistent with:
• The organisation’s corporate plan
• its management’s view of the role of IS in the
organisation
• its stage of maturity of use and management of IS
© Frederic Adam, 2000
Example of questions that must
be addressed
• Where does the IS strategy fit in the wider set of
corporate strategies
• what has been the history of IS strategy planning
• what circumstances demand major re-assessment
of IS plans
• who might be employed to do the actual planning
• what might an IS strategy contain
© Frederic Adam, 2000
Different organisational
circumstances
•
•
•
•
Maturity (Nolan)
Information intensity
Strategic Importance
Special circumstances demand extra planning:
– major corporate changes (BGE)
– external competitive opportunity or threats
– evolutionary change in IS maturity
© Frederic Adam, 2000
From Planning to Implementing
• Improving IS strategic Planning is primary target
of IS and non-IS managers
• Contents of plans improved over 80s and 90s
• But many IS plans have been left aside
nevertheless
• Lack in commitment to implement them especially top management
© Frederic Adam, 2000
Barriers to implementation
• Lack of top management’s awareness (DP era)
• Credibility gap between between hype and real
benefits
• Lack of vision (information not an asset)
• Difficulty in judging / evaluating IS proposals
• Short term focus militates against planning
© Frederic Adam, 2000
Evaluating IS investments
• Tangible versus intangible benefits
• Quantifiable versus unquantifiable
• Accounting rules: return on investment often
militates against IT and technology at large
• Prioritising proposals
• IS investment versus non-IS projects - eg:
automation on factory floor
© Frederic Adam, 2000
Threats resulting from lack of
planning
• Loss of control of investment in IT
• Incompatible / inconsistent development of IT
usage - eg: UCC
• Conflicts between functional areas
• Systems’ life shorter + greater need for upgrade /
maintenance
• Decreasing return on investment
© Frederic Adam, 2000
Good IS planning?
• Impact not instantaneous (2 / 3 years delay in
getting benefits)
• Benefits depend on:
– starting point (current system’s portfolio)
– opportunities sought
– top management support (champion)
• Proper organisational culture and good
relationship between IS and other areas must be
developed (eg: BGE)
© Frederic Adam, 2000
Mintzberg’s Grass Root Model
• Planning for IS is everyone’s business
• Balance between formalised strategies and
emergent strategies
• Planning process should not only pre-conceive
strategies, but also recognise their emergence and
intervene when appropriate
• Knowing when to promote change for the sake of
adaptation and when to resist it for the sake of
internal efficiency
© Frederic Adam, 2000
Adaptive approach to IS planning
• Best opportunities for IS development are often
linked to unique assets or resources
• Firms must learn to identify and exploit these
• Hayes (1985):
“Firms should acquire technologies and techniques so
that workers and managers gain experience with them
and come to understand their capabilities and
constraints”
• Organisational structure should be modify in order
to foster this process
© Frederic Adam, 2000
Roles in Hayes’ Model
• Wizards - corporate experts and librarians for new
technologies
• Marriage Brokers - designed to act as intermediaries
between users and wizards
• Rich Uncle - manager who pays for seeds so users can
develop prototypes
• Weed Puller - top executive who re-evaluate
investments and projects and stops or encourage them
• Teacher - educates users about the possibilities offered
by technologies and other about the organisation and
its products
© Frederic Adam, 2000
Advantages of the Adaptive
Approach
• Bottom up process - ideas come from users in close
contact with organisational processes
• Top-down approaches are less satisfactory as senior
strategists may be unaware of technical possibilities
• Adaptive approach enables focus on specificities of
the firm => yield long term edge
• Development of an informal structure of actors
involved in strategic idea generation may prove a
competitive advantage in its own right
© Frederic Adam, 2000