Improving the IT Security Infrastructure

Subject: Tech & Engineering
Pages: 83
Words: 58264
Reading time:
203 min
Study level: College


Introduction, Objectives, and Methodology

This chapter introduces the main topic – information technology infrastructure, including various subjects in design, architecture, security and many other topics on information systems, knowledge management, globalization, and other related topics. It is the job of managers to make IT infrastructure of an organization safe to use.

The problem of IT security can be compared to a building that needs fast and effective service to serve its inhabitants. If security is not well in place, service cannot be dispensed with effectively.

The introduction tells about how this long and important paper was conceived and the parts were made. The contents include the thesis, the research questions, and the methodology. The data and information provided in this book are all about information technology and information systems, the different IT and web applications, and their significance and role to organizations.

The target audience for this research is students and academics of information systems and management, prospective entrepreneurs who have planned to open up businesses in multi-diverse cultures in many parts of the world, the business world in general who have thrived and strived in the age of globalization, and organizations who desperately need a secure IT infrastructure.

Managers, employees and all individuals working for and in organizations should know and get involved with information systems and technology because they are less functional without this knowledge. Knowledge of IT should not just be left to IT professionals or technical people. This is the concern of everyone in the organization. Information systems are the operational tools that have to be worked out to compete in the information revolution.

Technology enhanced information systems of organizations. This further produced changes and innovations leading to risks and uncertainties in organizations.

Laws pertaining to information systems have to be improved. Managers are responsible for their security, for example, databases, including hardware should be protected from harm or loss due to natural disasters and theft.

Globalization seems to be a new term although this has been introduced to man’s activities a long time ago. But because of the advent and popularity of the internet, globalization dominates almost all aspects of businesses and organizations.

Literature Review

Organizational theories and knowledge management are some of the important concerns for this chapter. Organizations cannot operate effectively without knowledge management that should be known by the managers. Knowledge management creates value for the organization, its intellectual assets, a product of intellectual capital and years of continuous innovation and improvement. In this age of intense globalization, organizations aim for talents and customers’ focus and loyalty. However, the thrust of organizations is to focus on their employees. They see the relation between contented employees and contented customers.

There are two theories discussed in this section – the resourced-based view and the I/O model of strategy in organizations. The resourced-based view states that organizations have become the focus of a vast resource of knowledge as an outcome of interaction with customers, employees, and competitors. The organization is a concentration of knowledge and experiences which can be a source of strength for its employees.

The I/O model of strategy states that the firm focuses on the external environment and should be the determinant of the firm’s strategies.

The I/O model of strategy is another form of knowledge that sources its strength from external environment and can be the source of organizational strategies.

Tacit and explicit knowledge are two kinds of knowledge that organizations base their information. Tacit knowledge cannot be gained without experience; explicit knowledge is gained in a formal setting. People acquire tacit knowledge through interactions with fellow human beings.

There are four case studies discussed in this chapter – the firms Goodwin Procter, Toyota, Tesco Plc, and Saudi Aramco. Each of these business organizations have its own unique story to tell when it comes to the topic of organizational knowledge and information systems. Without information technology effectively in place, organizations cannot function effectively in the information revolution.

Information Technology and It Infrastructure

This is a continuation of the previous chapter, but has to be separated because of the vast information available. This is about information technology and the vast information and knowledge that organizations need to survive in the technological age.

Information technology can perform countless tasks for the organization like capturing, storing, processing, exchanging, and using information for the company. Some believe that information technology – and the ‘knowledge’ it has possessed – can do it by itself. There may come a time that technology would not anymore need humans to run organizations and the world. But those are myths. People will always be the master of machines and computers.

Information technology involves hardware and software. Hardware is all about computers and equipment – or the hard part. Software and the operating systems and computer programs are stored in databases of computers so that they can operate and be controlled by humans. The infrastructure needs a support staff or people to operate the equipment.

Four powerful changes have affected the business environment: globalization, emergence of the information revolution, evolution of the business enterprise, and emergence of digital companies. All these need knowledge to stay competitive.

Globalization has revolutionized businesses and organizations. Technology has surpassed man’s knowledge. Progress can be seen and felt in the fields of genetic engineering, nanotechnology and computer systems. New inventions and new ‘beings’ have been made, such as cyborgs, transgenic organisms, clones, transformers, etc.

The manager has a new role in this new setting. He/she has to take charge of the operation and the IT infrastructure. The manager has to maintain good and effective rapport with the employees. But the manager has to understand what information technology is and how it works and how it should be maintained and protected.

The manager has to introduce an effective planning. Human resource planning is about identifying resources to the business needs of the organization. The manager has to determine the number and type of employees essential in the team and where labor supply should come from.

Other topics for information technology in this section includes function IT. This refers to information systems that help improve users’ functions and productivity in performing individual tasks. Network IT includes information systems that develop and maximize communication and support collaboration among group members. Enterprise IT provides interactions among employees but includes employees, customers, suppliers and business associates.

The Web or the Internet is ‘hot’ nowadays. This is one of the most important technological discoveries which have influenced the whole world. Most companies or organizations have their own websites connected to the Web.

Other important subjects include e-learning and m-learning. These are computer-enabled learning techniques which use the internet. These also utilize multimedia CD-ROMs, computer-based simulations, etc. E-learning is used by busy bodies that cannot perform their jobs in the office and physically go to a university or college to learn new knowledge. Learning institutions use the Web to communicate and inculcate lessons for the students.

Lifelong learning encompasses many areas that human beings need. It can foster personal development and many aspects of technological learning.

Information Technology Security

The topic on security encompasses subjects pertaining to risks, threats, risk management, and protection of IT infrastructure. Interesting subjects include viruses, worms, malware, cybercrimes and terrorism. Security is an expensive ‘commodity,’ in fact many organizations focus their field of expertise on securing IT infrastructure. Security applications must follow government laws and government guidelines for their proper implementation.

Risk management includes analyzing risks that are expected to happen in the course of using and operating the system. Risks and threats in the use of IT are multiplied because of the endless interconnection of computers through the Internet. Terms associated with IT security include “hacktivists”, information warfare specialists, ‘insiders’, malicious code writers, and so forth.

Security risks pertain to unauthorized access to information. Relative to this topic are the terms leakage, privacy and fraud, etc. A computer virus attack can spread rapidly over the Internet and destroy files and maliciously collect private and confidential information and data. A computer virus refers to all types of malicious codes. The term virus derives its name from the biological virus that penetrates living cells. It is a piece of computer software or programming, disguised as good programming but causes unexpected events inside the computer system with legitimate programming.

Physical risks include risk to the equipment in case of natural disasters like earthquakes, hurricanes or floods. The equipment can be protected through controls like locks, insurance coverage, performing daily backups of the information system and data, disaster recovery procedures, etc.

Cyber crime is one of the worst ethical and security issues with the popularity of the Internet and information technology. Cyber crimes refer to illegal activities of peoples using the Internet. They are a common tool by organized crime syndicates. Organized crime is a billion-dollar business composed of cyber criminals who have the skills of computer hacking. Cyber criminals have no base. They use no weapons except the skill to spread viruses through the Internet.

Worms, on the other hand, are computer programs that reside in active computer memories. They propagate without active human intervention; they can send emails to other computers known as Internet Relay Chat (IRC). Some worms inflect heavy damage by consuming large amounts of system contents, deleting data and installing malicious software. Others inflict heavy damage on an organization’s database, destroy programs, and disturb productivity among the organization’s workforce.

‘Recommender’ systems are another hot topic. Recommenders are created by a software that has intelligence; it was created to record feelings of customers so that a company can determine what customers want. It gets information through the filtering process incorporated in the software. (Setten et al., 2004, p. 13

The trouble with information systems is that they record consumer information.

Recommenders gather the data from customers’ activities in the organization, for example purchases and the kinds of products customers want. Recommenders direct customers to the kind of information and product they want. Customers also ask information from these recommenders and an interaction between software and customer occurs.

Example of a recommender is Tàtari. Tàtari (a New Zealand word meaning filter) is a software which aims to provide information for researchers about certain algorithm used in computing. (Hassan and Watson, 2004, p. 47)

Trust and ethics are other important topics for this section. Trust is defined as ‘the factor that moderates the use of verifiable attributes to form beliefs about unverifiable attributes’ (Konana et al. cited in Graham peace, 2002, p. 46). Ethics, on the other hand, directs businessmen to what is right and wrong. In the words of Reynolds (2010, p. 280), ‘ethical behavior conforms to generally accepted social norms of which are almost universally accepted.’

In the Internet, there are many websites that offer free download of materials and documents, but copyrighted materials are not free and downloading confidential information – through hacking – is an ethical violation.

Designing It for Organizations

This chapter is about the preparations and the processes of adapting to the changes in the infrastructure. Organizations and their people have to implement changes in their infrastructure. These changes range from processes to worker roles and responsibilities and other management styles like reward systems and decision making.

For some IT systems, a few changes might be needed. But for others, a great change can be considered monumental. Some organizations who have implemented information systems fail in their attempt because of the refusal of their employees to adapt to and accept change. Change is a part of human activities, but it is human nature to resist change.

People working for information systems are designers and developers, not to mention the actual users. Implementation and various functions of the information systems are worked by this type of employees. (Córdoba, 2007, p. 910)

Information systems are planned to correspond with the business objectives of the organization. Planners should be creative enough to find new ways and technique for an effective information system. It should focus on the improvement and survival of the organization. Consultation and discussion groups should be formed to create suggestions and guidelines for an effective IT infrastructure.

Planners provide a careful analysis of organizational culture and recommend important suggestions for the good of the organization. Planning is carefully executed with some amount of thinking and brainstorming, and this involves the various stakeholders of the organization. (Midgley, 1996, as cited in Córdoba, 2007, p. 913

Boundary critique is a form of planning that focuses on the available manpower and the knowledge they possess. Based on this theory, planners have to analyze and carefully address their view about a situation, including their assumptions which they have painstakingly formulated before. If their assumptions and theories pass through rigorous discussion and debate, they can pursue genuine improvement on the information system.

Information Technology Architecture

The first portion in the topic of IT architecture deals with the subject on innovation. Successful companies introduce innovations in their products and services. This is true with information technology and the firms whose products are about technology. Leading companies in America survived the recession with their innovative techniques.

Consider Google and Apple whose technologies were never even products of people’s imagination. Google’s technological innovations are now the gateway to the digital world. Millions of users everybody use Google’s web searches. Google has a well-designed infrastructure unmatched by other competitors. Google’s infrastructure ‘consists of a vast array of interconnected computers and software systems hosted by a large number of regional data centers’ (Reynolds, 2010, p. 254).

Enterprise architecture allows users access to the Internet, make use of the contents therein, create ads or do many things for their own respective objectives even without the help of Google’s employees and technical people.

Some very important in-house features include Google Earth which is being used by millions of users. Google Earth is combined with Google Search and satellite technology that creates images, maps, buildings in three-dimensional landscapes.

Enterprise architecture refers to the technical aspect side of information technology. For example, Google’s set-up follows the tenet “form ever follows function”, which means technology has to come first before it can serve its purpose.

Enterprises today face countless challenges that infrastructure architecture is more of a necessity than a luxury. These organizations have to keep pace with the demands of the times or they lag behind and perish.

Globalization has created complexities and in the global economy. Organizations have to introduce a lot of innovations in their products to remain competitive. Employees have to be creative and practice what Reynolds (2010) expounded as high-order thinking. High-order thinking means the ability to introduce creative innovations for the company and for the customers.

Effective enterprise architecture creates a foundation of business process that pave the way for new value propositions. Value propositions provide clear descriptions about the benefits that customers can gain from using the company’s products and services.

Managers and employees should participate in developing their enterprise architecture so they can introduce their value propositions. Successful organizations, or those that have survived in the high-technology globalized world, use technology in introducing value propositions to their customers. (Reynolds, 2010, p. 257)

Styles of architecture include distributed architecture and centralized architecture. These two differ in the function they provide to clients or users. Enterprise architecture also provides mechanisms in case of security threats. If the system has been attacked by a virus, the system provides for recovery priorities and processes. There is a Recovery Point Objective which refers to the ‘maximum desired time period prior to a failure or disaster during which changes to data may be lost as a consequence recovery’ (Scholtz, 2009, p. 34).

The Information Technology Infrastructure Library (ITIL) was formulated by the National Institute of Standards and Technology (NIST) to provide tools on the standards of security to help the general public in their IT security. Evaluating and formulating what these standards have provided can allow organizations to have it all in the area of security. In building the foundation of security, organizations have also to develop some baseline security requirements and successfully produce by-products of their labor. The baseline security requirements have to be built with a significant structure. This must correspond with the business model. Establishing the Business Impact Assessment is a first step in building a secured infrastructure.

The BIA can provide the details about the business model, which gives information about function and purpose; information system boundaries; various types of data and information within the systems; the possible risks and threats of exposure or danger as the case may be; interconnections; recovery priorities; and security types and categories that should be implemented.

The United States’ Critical Infrastructure Protection

This chapter highlights the U.S. government’s critical infrastructure programs – from the various federal agencies to private and public institutions that should be protected from risks and threats. The government’s program is not just about protecting IT infrastructure but including buildings and structures which are part of critical infrastructure. The military point of view emphasizes protection of physical structures like factories and plants.

IT is a part of the U.S. government’s critical infrastructure. It is the government’s primordial concern to protect this infrastructure to include hardware and software. It cannot be denied that IT infrastructure is a primary target of cyber terrorists and organizations, and extremists who want to sow havoc whenever and wherever they want to.

Other parts of this chapter include the Report from the General Accountability Office which is one of the Federal agencies tasked to protect the government’s IT infrastructure. The program and activities are termed the critical infrastructure protection (CIP). The GAO encourages federal awareness in the importance of IT infrastructure security, involving local governments, and the public and private sectors. Multi-cooperative efforts have been encouraged to formulate information sharing and analysis centers (ISAC). (GAO, 2004)

Some other laws are also discussed, for instance, the U.S. Public Company Accounting Reform and Investor Act of 2001 also known as the Sarbanes-Oxley Act (or SOX) which was passed after the controversy on accounting scandals committed by officials of Enron, WorldCom, Tyco, etc.

Privacy issues include the transfer of data and information without the consent or knowledge of persons or the authorities. There are many underlying legal issues in this context, especially when the transfer of information and data involve organizations and nation states. For example, when the transfer of information and data involves satellites in space which are used in retrieving information; the question is which country has jurisdiction over such cases. Governments of countries should meet along these issues and discuss which has jurisdiction over such transfer of information. (Kelly Rainer and Cegielski, 2011, p. 83)

Discussion: Findings and Analysis

Chapter 8 summarizes the entire book/dissertation. It answers the question ‘why’? The ‘whys’ of IT security, the reasons behind, why is there a need or why should organizations protect and secure their IT infrastructure are discussed in this chapter.

Organizations and governments should focus on security. Private and public sectors including home users with computers at risk in their homes should be concerned and involve themselves in IT security. Even the most secured website today is not safe. The most secured government websites can be attacked by a virus. It’s all over the news – government websites are closed because of an attack. The Internet has done wonders to the world but it has done terrible harm.

The chapter also focuses on hardware protection and the software Computrace Agent. The Computrace Agent is a product used as protection in case of computer theft. The software program is embedded in the computer to help the computer owner find it in case of theft. (Prison Planet Forum, 2011)

One of the questions this dissertation has to deal with is: How can homeowners – parents and families – guard their computers (and their children) from dangerous sites? Home users, parents and responsible adults should ensure that their computers are applied with the necessary anti-virus protection.

A software can also be installed in the computer that can filter some functions or websites so that the children cannot access to those suspected websites. Some pre-selected topics can also be programmed on the computer, for instance when the topic touches on pornography, drugs or crimes, the website automatically closes.

Filtering programs can be accessed through websites like “cyberpatrol”, cybersitter, and netnanny. Anti-virus companies such as McAfee or NortonSymantec also have filtering programs that can allow safe web browsing for children and teens at home. (Miller, 2007, p. 157)


The final chapter concludes that this paper can provide the necessary requirements for a book on IT infrastructure and IT security. The conclusion focuses on the important parts of the dissertation including what must be done to improve IT security.

There is emphasis on the ‘dos’ and ‘don’ts’ in the use of computers at home and organizations. There are a few recommendations for individuals and organizations.

The chapter concludes that IT security is a responsibility of both the manager and the user of information technology. Members of an organization should put it in their shoulders the responsibility of securing their IT infrastructure because they are a part of the system and they are the ones involved and will be affected once an attack occurs.


Objectives and Methodology


Organizations apply anti-viruses and aim for the most secure IT system only to find their IT infrastructure full of all sorts of software that have meshed up. Information systems of organizations are also not secured that they find their infrastructure is more of a problem than solution to a problem. Home owners find their computers one of the most dangerous equipments their children can live with.

Generally, this paper contains IT features, solutions to problems in information systems, but most specifically problems in securing IT applications in government and private organizations. (Scholtz, 2009)

There have been many recommendations and solutions about IT security suggested by organizations and well-meaning individuals and experts in the field of Information Technology. Many of these groups have the resources, but they succumbed to the fact that IT security requires continuous improvement and maintenance to make it effective and answer to the needs and wants of owners and clients. The task is just like applying maintenance to a vehicle which requires constant checking to make it safe and comfortable to use.

The problem of IT security can also be compared to a building that needs fast and effective service to serve its inhabitants. If security is not well in place, service cannot be dispensed with effectively. The building should have guards in place, with necessary alarms from possible intruders. More importantly, service must be automatic. In other words, the system should work intelligently with all the amenities of a building with services to offer that should provide the inhabitants quick access to whatever they want to do. Security should not be a problem on the part of the inhabitants therein. The owner should constantly check that the system works well for the security of the people there.

The United States government agencies responsible for the security of IT infrastructure have many programs and solutions to possible problems. The GAO Report (2004) is one of the sources for this paper. But others were sourced from websites, journals, books and databases from government agencies and the private sector. They have the resources and capabilities to provide the necessary security for IT infrastructure.

Another important subject in the literature is knowledge management and information systems management – with case studies – that are recommendatory for businesses and organizations. Further, this paper will also provide a working model for a secured IT infrastructure for organizations to function effectively and securely.


This paper is about IT security. Its aim is to propose recommendations to make IT infrastructure in organizations more secure and safe for owners and customers to use. On the outset, it is a difficult but challenging job. This entails a great amount of time, talent and resources to find out the problems and solutions for the subject matter. But challenging in the sense that to be able to achieve an enormous task and recommend that the contents of this document be part of organizations’ secure IT infrastructure is a fulfilling job.

Research Question

Main Research Question: How can organizations be rest assured that their IT infrastructure is safe and secure?

Sub Research Questions:

  1. What does IT infrastructure mean?
  2. How can organizations secure and improve their IT infrastructure?
  3. What IT architecture is safe – if not the safest – for organizations?
  4. What are the different IT applications available for organizations and the government (the United States of America)?
  5. How can homeowners – parents and families – guard their computers (and their children) from dangerous sites?
  6. What are the guard sites on the web for children, families and everyone to browse and interact with?


Before the start of this research, this researcher had to decide what kind of data had to be obtained. The term data refers to the kind of information the researcher obtains on the subject of the research. The data and information needed are all about information technology and information systems, the different IT and web applications, and their significance and role to organizations. The topic aims to provide secure information systems for organizations and businesses which cover several underlying topics. The first focus is on organizational theories, knowledge management and the role and purpose of Information Technology in organizations. The vast literature consisting of information, data and knowledge on information technology and IT infrastructure were sourced from the library, online and physical libraries, databases and websites. This was narrowed down to designing and architecting a secure IT infrastructure.

The methodologies applied are a mix of descriptive-analysis, the use of case studies, and analysis of the literature and secondary research conducted by authors and experts on the subject of information systems, computer software, security of IT infrastructure, and other topics, subjects and phenomena created out of technology and information systems.

The target audience for this research are students and academics of information systems and management, prospective entrepreneurs who have planned to open up businesses in multi-diverse cultures in many parts of the world, the business world in general who have thrived and strived in the age of globalization, and organizations who desperately need a secure IT infrastructure.

How security is introduced in organizations and government agencies, particularly the U.S. government, is of primordial concern in this dissertation. The literature covered the many aspects of IT infrastructure, installation, security, risks and threats and the laws on IT, the Internet and web-based functions of organizations, and how owners and customers can be protected from fraud and cyber crimes and terrorism.

The research focused on the significant features of IT security as discussed in Scholtz’s (2009) Securing Critical IT Infrastructure, and other books relevant to the subject matter including the book Information Technology Management by George Reynolds (2010), and many other sources. Some of these topics include interconnections, disaster recovery, risk, information boundaries, data types, business model, security history, common criteria, and many more topics about IT security.

Another work to be examined and to become a part of the main source for this dissertation is the report by the United States General Accounting Office (July 2004) entitled Critical Infrastructure Protection: Improving Information Sharing with Infrastructure Sectors. This is a comprehensive paper on the tasks and recommendations for IT security in organizations and government agencies.

George Reynolds’ (2010) Information Technology Management is another major source for this dissertation. James Scholtz’s (2009) article, Securing Critical IT Infrastructure, discusses details about how to secure IT infrastructure, and refers the reader to specified instructions including vast information from the National Institute of Science and Technology. (NIST, 2010)

It might help to think that applying IT infrastructure security is never a done deal. It has to be improved every now and then, and applied changes according to the client’s specifications.

Case Study Research

Case study research provides clear examples and explanations on the subject of IT security. Case study research was first designed by Yin (1981, 1984), and has since then been expounded and perfected by other authors and researchers.

Selnick (1949 as cited in Eisenhardt, 1989, p. 534) introduced case study in the subject on TVA, and other similar studies and researches. Eisenhardt (1989, p. 534) explained that the case study ‘is a research strategy which focuses on understanding the dynamics present within single settings’.

Yin (1981, 1984) used the case study approach also defining it as a research strategy. But other authors have modified and added variations on the case study approach. Sutton and Callahan (1987 as cited in Eisenhardt, 1989) introduced the Warwick group as a kind of devil’s advocate, while another technique by Eisenhardt made use of the cross-case analysis. As a whole, the case study and analysis of the literature have been used in this dissertation.

Use of Literature Analysis

Literature analysis and surveys are an exploratory type, capable of formulating hypotheses based on researches conducted in the past. Literature surveys are quite independent in the sense that they have been conducted by expert researchers but they are considered a part of a larger literature. Literature surveys support future surveys. (Powell, 2004, p. 59)

Literature Review

General Concepts and Theories


This section will talk about the vast literature on knowledge management, information technology, information systems, case studies, and most of all information technology security in the public and private sectors. Information Technology and information systems cover many areas of knowledge management, human resource management, and other underlying topics about organizations.

Organizational Theories and Knowledge Management

Knowledge management is essential in the age of globalization and the Internet. Organizations use emails and the many features of the Internet. Managers must know what knowledge management is and how to handle it.

Knowledge management (KM) is also known as value creation but it is more on the intellectual side of management. KM codifies what everyone in the organization knows, shares these information within the organization and other organizations for best practices.

Reynolds (2010, p. 237) explains: ‘The expansion of the services sector, globalization, and the emergence of new information technologies have caused many organizations to establish KM programs in their Information Technology or Human Resource Management departments.’

Knowledge is both a product and resource. Organizations are now focused on knowledge-based economies, and are more concerned with the knowledge people possess; this is termed ‘people-embodied knowhow’. Firms take care of their workforce and improve their knowledge thereby enhancing resource. Firms invest much on the workforce.

Organizations aim for talents and customers’ focus and loyalty. This is the job of the marketing manager. But firms also see the importance of focusing on their employees because they see the relation between contented employees and contented customers. A remarkable aspect in this situation is that satisfied employees turn their attention to customers who then become satisfied with the service.

Meeting the customer’s needs and wants is a business trend in the age of globalization. Organizations now aim for customer loyalty while keeping cost of production low. This is shooting two birds in one shot but difficult to achieve; difficult because meeting the customer’s needs and wants at the same time minimizing cost of production do not ensure quality product or service.

There is a theory in organizational knowledge which is known as the resource-based view. This theory examines ‘the manner in which organizational resources are applied and combined, the causes which determine the attainment of a sustainable competitive advantage, and the nature of rents generated by organizational resources’ (Rodriguez and de Pablos, 2000, p. 174).

Based on this theory, the organization is viewed as the accumulation of unique resources of a diverse nature. Through customer interaction, employees gain knowledge and the organization is also benefited of the interaction. Each organization gains knowledge as business moves on. Unique resources become the basis for the firm’s strategy.

Resources become an integral part of the organization – people, knowledge and experience. The resource-based model also states that differences in organization’s performances across time are due primarily to their unique resources and capabilities rather than other causes. (Rodriguez and de Pablos, 2000, p. 174)

Resources are of different types and are those that enable the organization to implement strategies leading it to improve its efficiency and effectiveness, and adding an increase in its competitiveness. Organization knowledge is rare because it is acquired during the long years of existence. It can be used for competitive advantage. It is original and not to be commercialized, and can only be developed within the company. The origin of this kind of resource lies in organizational skill and learning, and is linked to the firm but cannot be moved.

I/O model of strategy focuses on external aspect of business. This theory, which became popular during the 1960s through the 1980s, focuses on the external environment as the determinant of the firms’ strategies to become ahead of the competition. The external environment provides pressure and thus constraints on the organization.

There are a number of subjects that can be found in the literature – scientific, practical, and procedural – some are objective and some not. An organization’s knowledge assets also fall under the category of either tacit or explicit (Reynolds, 2010, p. 237).

Tacit knowledge is common in humans – it is knowledge that is a result of experience. Explicit or codified knowledge is passed on through systematic language, like computer program or patents. Tacit knowledge is not independent from explicit knowledge, as there is a tacit dimension to all forms of knowledge.

Knowledge management is developed through long years of organizational activities.

a differentiation between tacit and explicit knowledge

Table 1 shows a differentiation between tacit and explicit knowledge.

An objective of knowledge management is to capture, document, and store in a database all the work-related tacit knowledge acquired by employees and organizations and to be shared by others. The knowledge economy requires that employees continuously learn and adjust to changing environment. Organizations should adapt to new and continuous changes, and spend their time, efforts, and resources for the development of their infrastructure.

Globalization, Technology and Information Systems

This part of the literature review will talk about globalization, technology and the rise and emergence of information systems applied in organizations.

The world is in a stage of intense globalization. Before, globalization was only applied to the economy or to some phenomenal occurrences that refer to colossal or worldwide outcomes. Now almost every organization or business firm is involved in globalization.

Globalization and technology are actually linked. These two have produced phenomena after phenomena, and this is because the world is dominated by people and society. Information systems emerged out of the two.

It is timely to talk first about a few theories on systems and organizations before delving further on globalization and the rise of technology and information systems.

According to Wolfgang Hofkirchner (2007), the world is affected by the dynamic of self-organization. Individuals and society cannot be separated, ‘none of them can be understood without the other’. But they also oppose each other – ‘none of them is fully understandable by understanding the other’. Together – individuals and society – ‘build a hierarchy’ of which society is the dominant party – society ‘takes the dominant role’. (Hofkirchner, 2007, p. 477)

Hofkirchner (2007) cited Bunge’s theory on the definition of systems. It is composed of Composites, Environment, Structure, Mechanism (CESM) model. A system is to be defined by the collection of these elements as expressed in the following diagram.

μ(s) = [C(s), E(s), S(s), M(s)]

A system is not to be defined only by this set of elements but what actually constitutes a system is a combination of these elements along with the processes that work in the system. This can be considered as self-organization, according to Hofkirchner (2007).

There is another theory known as the evolutionary systems theory, a theory about evolving systems. This concept was expounded by authors Ervin Laszlo et al. (1987 cited in Hofkirchner, 2007, p. 478), stating that the evolutionary theory evolved out of theories like the merger systems theory. It applies to the world itself.

The General System Theory founded by Ludwig von Bertalanffy (Hofkirchner, 2007) also refers to the concept of self-organization. It links to ‘a transdisciplinary framework for consilience throughout science thereby positioning social science within the orchestra of disciplines’. (Hofkierchner, 2007, p. 478)

Functionalism is sometimes known as ‘the society perspective’ or the ‘social-system perspective’. The original work of the French sociologist Emile Durkheim links this theory to the existing system at the time, but it was provided further study by the American sociologist Talcott Parsons. This theory was dominant in the United States during the period 1940s to the 1960s. It gained wide prominence but soon waned down although insights for this theory are linked to the existing social issues. According to this theory, human nature is irrational and self-centered. (Willis, 1996, p. 117)

Society has a great influence to the order of things and can prevent the escalation of conflict and war.

Willis (1996, p. 117) describes the tension between society and the individual members:

‘… the civilizing influence of society keeps irrationality in check, and individuals do not actively create social lives but are products of the external society. Individuals can be free and happy only within the confines set up by society.’

In this theory, society has a great influence on the individual members. It can be said that society comes first and the interest of the majority is ahead of the interest of the individual members.

The studies of Frederick Taylor are somehow linked to the society-individual interaction in the functionalism theory. He defined work in terms of the specified tasks designed for the workers to follow, and with no chance of freedom or judgment left on the part of the workers. There is no motivation during those early years of industrialization, which is the basis of Taylor’s theory. (Luecke & Hall, 2006, p. 18)

Another is that of the social scientist Douglas McGregor who formulated the Theory X and Theory Y approach to management. Managers who embrace Theory X have two motivational tools: the carrot and stick – greed and fear. Theory X sees the boss as prodding the employees, exerting too much control in the workplace. Theory Y has the assumption about motivated people: motivated workers produce positive results. (Fournies, 1999, p. 34)

There is also the postmodern social theory. The heart of this modern theory is the belief that society can become a better group of people through a revelation of the hidden processes of the past. According to this theory society is a product of past events which can be said as historical accidents and not intentioned activities by personalities or heroes. This theory has two approaches, the modern and the postmodern. (Turner, 2006, p. 151)

Postmodern focuses on contingency, for instance, skepticism or rejection of universality; rhetoric and a focus on what is irrational. These are emphasized so that it can lead to something which is the contrary, or to lead to some alternatives, and not the usual or traditional methods.

All the social theories discussed above led to what is now the existing order – globalization, computers, the worldwide web and information technology.

Globalization: Definitions and Concepts

In the age of intense globalization, changes and innovations are not a rarity. The world of business is constantly facing new innovations and applications, thus organizations have to cope with constant change. Managing change should be one of the priorities of the new global organization; change is an opportunity for improvement.

Organizations have to adopt and continuously train and improve because of these changes. Adoption and improvement are significant here because outsourcing companies (or those who provide outsourcing services) are a source of competition. This means there is a strong competition when it comes to talents and capabilities and output.

Globalization is now part of human existence and cannot be simply taken away from this reality. It involves systems, technology and processes. Technology on the other hand is a part and tool of globalization which has affected even the smallest community. Global business has penetrated the remotest areas of the countryside. Small organizations have become global organizations, or they operate in a global scale. The changes can be felt in almost every aspect of human activity, for example in construction, in manufacturing and production of almost every kind of product imaginable, and in ordinary community with very little business activities.

Davis and Meyer (cited in Sussland, 2000, p. 6) provided the elements of globalization:

  • Technology and de-regulation led the way to the unprecedented sizes and scopes of markets worldwide. There is increased level competition, mergers and risks that have never been played and imagined before.
  • The world is interconnected in almost every aspect; and aside from that, it is also becoming increasingly interactive and interdependent. This widens the arena of business which has never been so complicated before.
  • There are sudden shifts in the external and internal environments of the organization, and the existence of what is called ‘the unpredictability of dynamic complexity’.
  • The existence of intangible assets has forced the organization to introduce innovations. Intangible assets contribute to the value of the enterprise. Intangible assets enable the dynamic complexity in the organization. Management of these assets requires a different kind of attention because these kind of assets cannot be found in traditional accounting and they are difficult to establish and evaluate.
  • Time has been redoubled because of technology.

In this sense, organizations have to introduce various changes in their marketing strategies, product orientation, employee management, and other organizational strategies. Cultural diversity is a trend in the age of globalization. Marketers have to choose between adaptation and standardization in their products and marketing strategies in order to gain an edge in the competition. The demand for localized products is also growing. Adaptation is one innovation that marketing organizations have to apply in their marketing strategies to adjust to cultural differences.

In this new business environment, some traditional processes have remained but governance and structural arrangements are different. Some aspects of organizational structure are different. Traditional set up has a vertical set up: the CEO or the top management manages the firm. This is the centralized structure.

Traditional multinational corporations are different from global firms. While both the traditional and the new global firm handle a large organization with respect to geographic consideration, their structure is different.

Sussland (2000, p. 2) indicated that ‘It is the characteristics of globalization rather than the territorial dimension that makes a difference.’ This means global firms conduct business differently, with the use of the Internet and other technology. There is a wider scope and things are more unpredictable, faster but more competitive.

Globalization, according to Van der Bly (2005), refers to economic integration. Some aspects include liberalization. There are less restrictions among member states of a particular grouping.

Because of globalization, the importance of borders between different countries is reduced, and similar events and phenomena in countries throughout the world are more easily linked. The identities of cross-border structures are strengthened, and the power of organizations operating only within the nation state is weakened. Much is expected of the human resource manager in the new challenges of the twenty first century and beyond. But expectations can always be preceded by one thing – superior knowledge. As what Gupta and Becerra (2003) stated, ‘In many industries characterized by rapid technological development and intense competition, superior knowledge, rather than market power and positioning, is the key to long-term success.’

In the new global environment, patterns of complexity in organizations have changed tremendously because of the wider scope and the unpredictability of business activities. Technology and aggressive competition drive people to be more innovative and to work faster. The windows of opportunity are getting shorter and shorter while the time cycle to prepare for market-entry is getting longer and longer. It can be deduced here that technology is a driver and an outcome of change.

They also rely on IT to perform organizational functions in marketing, finance, operations, human resource management, and accounting. With globalization, these functions have to be integrated with IT applications.

In knowing how a firm prepares for globalization, the vertical and horizontal linkages within the organization are to be assessed. Global firms however use many different structural forms in preparing for globalization. But this question of centralization or decentralization of the firm mostly depends on the strategy the firm pursues and the type of structure it adheres to.

Globalization has triggered standardization. It became a rallying point of international organizations at the advent of the Internet or the World Wide Web. It has affected the political, economic, social, and even religious life of the peoples of the world (Herbig, 1998, p. 31).

The ‘old world’ is now dominated by information and communication structures brought about by technology and the internet. The ‘world of objectives’ is gradually replaced by ‘a world of signs’ (Bartelson, 2000, p. 189). This is the age of the digitization of the world. In globalization, nation states have lesser roles or in the words of Bairoch (2000), “the diminution of the role of states”.

Globalization is also characterized by mergers and acquisitions and joint ventures of industrial, commercial and financial companies, leading to an increase in the global role of large, multinational companies and to a lessening of the role of nation-states. (Bairoch, 2000, p. 197)

Theorists like Held (2000, p. 55 cited in Raab et al., 2008, p. 597) and his colleagues conceptualize globalization as “a process (or set of processes) which embodies a transformation in the spatial organization of social relations and transactions – assessed in terms of their extensity, intensity, velocity and impact – generating transcontinental or interregional flows and networks of activity, interaction, and the exercise of power.”

Globalization is facing numerous challenges, such as protectionism, neo-liberalism, and complaints by groups against exploitation of human and natural resources by transnational corporations. Present remarkable innovations include the establishment of multilateral organizations such as the World Trade Organization (WTO), the International Monetary Fund (IMF), the World Bank Group, and the rise of regional trade agreements.

Other scholars interpret globalization as the result of plans conceived by certain forces pursuing their selfish objectives. There are skeptics coming from many nationalities. The Russians view it ‘as coined by the modern information media, and is ambiguous, profoundly demagogical and fundamentally misleading’ (Kagarlitski, 2001, cited in Rosanova, 2003, p. 51). In this sense, globalization is an expression of the capitalist view because it attempts to impart objective character to reflect the positions of transnational corporations, which are trying to solidify their dominant position.

With globalization, firms have to adjust to two cultures – local and international. This produced a dual brand of management. It is “… achieving global operation integration, synergies, and economies of scale, while at the same time remaining sensitive and responsive to local business conditions” (Bartlett and Ghoshal, 2002).

Theodore Levitt says that ‘technological, social, and economic developments over the last two decades have combined to create a unified world marketplace in which companies must capture global-scale economies to remain competitive’ (Bartlett and Ghoshal, 2002, p. 6).

With intense globalization, there followed the emergence of multinational companies which has made these times phenomenal, ultra-modern, technology- and globally-oriented. The number of multinational corporations (MNCs) has risen. Triggers of the emergence of MNCs include the removal of trade barriers within regions (Buzzell, 2000, p. 102). Information Technology and the Internet also play a significant role.

Organizations, no matter how big and how small, are affected by other organizations and businesses around the world. The attitudes, values and behaviors of the people within the organization are affected by different cultures. Moreover, products too are affected by the multiplicity of cultures because customers also seek products that have the global or international look and appeal.

Laws pertaining to information systems have to be improved. Managers are responsible for their security, for example, databases, including hardware should be protected from harm or loss due to natural disasters and theft.

Technological Innovations

Technology has affected every possible human activity. One can communicate to anyone whose location maybe in any part of the globe because of technology, the Internet, the emergence of mobile communications, Information Technology, and so on.

Technological changes have brought about innovations and inequalities because of the digital divide in the community setting where there is lack of attention from the government. But organizations with their advanced technology and availability of manpower are more benefitted. Global organizations have their websites and most of them conduct business online. People sell and buy products and services through these websites.

Organizations dominate businesses. But organizations are manned by humans with skills, knowledge and capabilities they never experienced before. Firms value people-embodied knowhow and invest much on people.

Organizations like this produce ‘stars’ in the industry. According to Groysberg et al. (2008), stars are among the best in the industry and are far superior than their colleagues in performance. They usually do “estimates, accessibility and responsiveness, service quality, stock selection, industry knowledge and written reports” (Groysberg et al., 2008, p. 5).

The knowledge that stars acquire include knowledge and experience they acquired within the organization, and it is not good to hire or pirate stars from other companies because they usually perform not quite well in a new organization. Their expertise was attained in the organization they blossomed and therefore it matches with the organization.

When a new technology is introduced, it becomes an active agent in increasing the valuable options but also in choices and possibilities in organizations. Organizations have no other recourse but to welcome this opportunity. Kelly (2011) calls this phenomenon the “technological ecosystem or technium” which forces our imaginations into new versions but also maximizes technology’s benefit. It is just like humans – technology too has needs. Humans have to lead the way where technology wants to go.

How do humans know where technology wants to go? Kelly (2011) further states:

‘If certain aspects of the technium are preordained and certain aspects are contingent upon our choices, how do we know which are which? Systems theorist John Smart has suggested that we need a technological version of the Serenity Prayer.’

This serenity prayer – written and popularized in the early 1930s by theologian Reinhold Niebuhr asks God to help in changing the things which are difficult to change, or ‘courage to change the things I can, and wisdom to know the difference’. (Kelly, 2011, p. 45)

Individuals who have to cope with intense globalization have to increase their awareness of the technium’s long-term cosmic trajectories. The technium is leading what evolution started. Technology has extended this evolution. In the words of Kelly (2011):

‘By placing technology in the context of that evolution, we can see how those macroimperatives play out in our present time. In other words, technology’s inevitable forms coalesce around the dozen or so dynamics common to all extropic, or increasingly intelligent systems, including life itself’. (Kelly, 2011, p. 45).

While people have to perform and do their best in the organization they belong, organizations too have to be strengthened – to be equipped with the latest technology. With technology and fast-paced communication, internal and external security has to be strengthened as well.

Case Study: Goodwin Procter

Goodwin Procter is an example why managers should understand and master knowledge management. Goodwin Procter LLP is a large law firm servicing clients in Silicon Valley, San Francisco, San Diego, and other major cities in the United States and the United Kingdom. The firm’s objective is to provide legal advices and assistances to its clients through innovative solutions. (Reynolds, 2010, p. 236)

It has 900 lawyers on active call anytime with cases reaching more than 60,000 and more than 10 million voluminous documents stored in its data bases including its management system and CRM system. It also has case documents stored in the Nexis system, an online archive of U.S. state laws, statutes, and decided cases.

The way Goodwin Procter (2011) conducts business, accepts cases, assign lawyers for these cases and handle the vast documents at its data bases has got to be reduced and programmed in an information system. It has to reduce the time lawyers and their assistants spent in gathering and processing the data and information for their clients. The firm then developed a knowledge management system known as Matter Pages. This is a web-based system that processes and integrates documents from different sources and incorporates them into an easy-to-read format.

Says Peter F. Lane, chief information officer at Goodwin Procter: ‘The Matter Pages system places client information at their fingertips, which means attorneys spend less time compiling information and more time focusing on their legal practice.’ (Reynolds, 2010, p. 237)

The word matter refers to all circumstances of a particular case. All documents in the Matter Pages have identification that includes the client number and the matter number. It uses a Microsoft software programmed known as SharePoint which integrates all the data and information of the different cases. SharePoint is responsible for creating web pages with the use of an intranet. When a user selects a matter page, the pages with the needed information are generated automatically and dynamically with a tabbed menu. (Reynolds, 2010, p. 237)

Case Study: Toyota

Another example of good, careful, and deliberate knowledge management is that of Toyota. Like any other business, Toyota went through the ups and downs of business, but mostly it stayed on top, a remarkable example of knowledge management sharing, team working, continuous improvement and the use of information systems to the full.

Toyota Motors is a knowledge-based, global firm, leading the world in the car manufacturing industry. It has been the world’s leading car manufacturer, with branches worldwide, but recently a controversy has hounded its worldwide operations and colorful past, probably putting its leadership in the car industry in question. Problems over the hybrid Prius’ quality lapses that included braking problems and sticking gas pedals forced a global recall of 8.5 million vehicles, 6 million of them from the United States.

Toyota’s long history of knowledge management started from its humble beginnings in Japan. Toyota used simple, traditional strategies to improve production.

A remarkable figure of the early years of its founding was Taiichi Ohno; he introduced a new concept of production – the Toyota Production System and the concept of kaizen. Kaizen refers to a concept in product which actually connotes continuous improvement. (Gourlay, 1994, p7, cited in Lynch, 2008, p. 773)

Toyota has survived through the years. Its programs, strategies, and plans of the future are as strong as ever. The past can build a future for Toyota. Its management is institutionalized as well as the personalities behind the founding and operations. Toyota is a long tradition of management from its original founder down to a long line of car builders and business innovators. Included in this success is its management of IT infrastructure and knowledge. To mark it all, Toyota has not recorded operating loss since the 1940s.

Its strength is its operational and production strategies and the people behind the system. Its workforce is composed of well-trained engineers and technicians who are trained inside not outside the company thereby maintaining their unique way of building cars. Toyota does not believe in firing employees; it trains its own work force and not in a university or from other outside sources. This could be one of the reasons why despite the Prius problem, management has maintained that quality has always been a Toyota trademark.

Moreover, Toyota has been able to integrate the process design and business functions effectively. Orta (2001) gives a summary of Sobek et. al.’s (1998) article “Another look at how Toyota integrates product development”:

  1. The company still uses written communication.
  2. Supervisors are chosen from among the employees whose role is as facilitator and mentor and not as boss.
  3. The chief engineer or leader has broad expertise over a particular department.
  4. Employees are better trained inside the company, and they don’t get much training or expertise from outside source.
  5. Toyota has standardized its processes and minimized the steps in the routine procedures.
  6. Checklists are still in use inside Toyota manufacturing plants.

Toyota’s own leadership model says, “Never fail to reward merit, but never let a fault go unremarked.”

Watts (2003, cited in Lynch, 2008) argues: “The small world network properties enable the coexistence, even in a sparse network, of a high degree of clustering, and of short average path lengths to a wide range of nodes.” Through interaction in the network, with the aid of the internet and Information Technology, people and firms input data and information, along with their knowledge, expertise, and wisdom.

It has used information systems and knowledge management that have become the source of its strength and successes despite challenges and calamities.

Case Study: Tesco Plc.

Tesco Plc. is one of the most celebrated companies in the UK, a leader in the retail industry. This is a unique story involving knowledge management, one of a kind that deserves to be a subject in the annals of retailing.

Tesco is one of the major competitors in the British grocery market, and now believed to be the largest retailer in the UK, currently employing more than 260,000 people in the United Kingdom, Continental and Eastern Europe and Asia, and operating 2,762 supermarkets, superstores and convenience stores.

Tesco has its own format, a feature of careful knowledge management: Tesco Express, Tesco Metro, Tesco Extra and Tesco Superstores. Without adequate knowledge management and a secure IT infrastructure involving a large enterprise, Tesco would never have succeeded and functioned smoothly even up to this day with hundreds of thousands of employees, hundreds of branches, and millions of customers worldwide.

This fast-growing company is also involved in financial services, and has introduced the Tesco Personal Finance, which is now averaging 5 million customers for its 11 products, and in 2004 made profits of £200 million. It has lent £1 billion in personal loans, 500,000 customers have insured their cars using it, and more than 250,000 pets have also been insured from their supermarket’s bank. Other services include savings account, online banking, and insurances. (Tesco Financial Highlights, 2008)

Today, Tesco has stores throughout the world, in the cities of Warsaw, Hong Kong, Seoul, Bangkok and Taiwan. There are also Tesco supermarkets in the Republic of Ireland, the Czech Republic, Slovakia Hungary, and in 2006, Tesco announced its entry of Tesco Express stores in the world’s most competitive grocery market, the United States. (Humby, et al., 2007, p. 4)

The size and complexity of this firm requires an effective knowledge management and information systems. Its IT infrastructure has to accommodate the many stores and branches worldwide.

The firm has expanded all of its grocery stores to include non-food items, such as books, software, electronics and music. Realizing that e-commerce is becoming a business trend, it has a site with over 500,000 regular users in the U.K. alone. The site facilitates grocery deliveries to 30,000 homes weekly. The website offers books (more than 1 million titles of them), CDs, video and DVDs. The firm also operates the Tesco Direct catalog and the Tesco BabyClub. (Plunkett, 2007, p. 10)

In early 2006, Tesco Telecom began offering a cost-effective, easy-to-use Internet phone. Other online businesses include a self-branded software, and an office suite retails for roughly $35, well below Microsoft’s. Tesco is also a share holder (35 percent) of Safeway Grocery Works, a grocery store chain in the United States. Tesco is now competing with the grocery business in the U.S. in its opening of six convenience stores in Southern California during November 2007. (Plunkett, 2007, p. 10)

Tesco’s journey started from its modest origins, established by Jack Cohen who operated as a street-market barrow-trader financed by his war pension. He founded Tesco 70 years ago in the stalls of London’s East End markets, which later made him one of retailing’s truly amazing characters, earning him the sobriquet ‘Slasher Jack’. (Seth & Randall, 2001, p. 23)

Jack Cohen was born in 1898, the son of a first-generation East European Jewish father, Avroam. Jack learned his trade the hard way and in unforgiving company in the rough and tumble ways of the street markets of East London, in Hoxton, Hackney, Whitechapel and the Caledonian and Essex Roads. (Seth & Randal, 2001, p. 24)

Tesco’s subsequent growth is attributed to Cohen’s merger-and-acquisition moves and the programs entitled: ‘Pile It high, Sell It Cheap’ supermarket chain, public ownership, expansion through Home ‘n’ Wear, the involvement with Green Shield stamps, to today’s massive food retailing empire. (Channer & Hope, 2001, p. 31)

Jack was joined in by a number of well-known figures in the business. There was Hyman Kreitman, Cohen’s son-in-law, who was a thinker with an eye for innovation. He would clash fiercely with ‘Slasher Jack’ who was prone to cut prices. And then there was also Daisy Hyams, another formidable personality in a period when women were not too trusted in the art of business. Jack and Daisy got along together.

By the mid-1950s, Tesco had 150 small stores but most of them had their own self-service formats. Then in 1956, Cohen opened his first Tesco supermarket. However, big trouble lay ahead. Cohen ran it all alone refusing innovation, but products were cheap, bargain price. (Seth & Randal, 2001, p. 24)

Ian MacLaurin took charge of the company when Jack Cohen was becoming sickly. There were a lot of problems. Tesco had a number of significant problems in the marketplace, which were hampering growth – Tesco was not considered by many as the retailer of choice; instead it was Sainsbury or Marks & Spencer. Tesco was regarded a ‘retail cowboy’.

In 1975, Ian delivered the first of the company’s Occasional Papers to establish Tesco’s credentials. He argued that planners and retailers had to collaborate to deliver to the customers what would best serve their interests. He argued for consultation and agreement. This was the beginning of Tesco’s new development. It was a significant step in changing the management philosophy and practice of the organization, signaling a move towards a new rational approach and a new beginning.

Also in 1976, Ian commissioned the agency McCann Erickson to undertake a major piece of research to understand the consumer view and what was really happening in the marketplace. The results were that: on price, Tesco’s image was better than the reality, and on quality, the reality was better than the image. This required more innovations on part of the management.

Ian MacLaurin decided to spend of his time in the field, round the stores, to make himself closer to the customers than anybody else. Tesco was struggling, Ian could feel it, as its rivals Sainsbury’s and Asda were powering away. Ian felt they had to change the real challenge. (Channer and Hope, 2001, p. 40)

Ian and his people instituted major innovations to the company, and this was changing the traditional way of doing business. There were positive changes, including introduction to knowledge management and IT infrastructure. Weaknesses were exposed in most of the major operational areas. Ian and his team saw that they had to reposition, close down some of the stores they could not manage. They had to break with the past – stores were operating separately, managers were only looking after themselves, and stocking pretty much what they wanted to. All in all, they have to introduce the modern ways of marketing and management. Individualistic enterprise still ruled the stores. (Channer &Hope, 2001, p. 43)

Ian and his team had to do something, and do it quick or time was running out. The program ‘Check-out’ was introduced, and centralization was a key strategic priority. The method was centralized buying, with all that implied for suppliers and for line management. Centralization led to a loss of power for line managers, and the priority was to provide these with service. Teamwork was needed, and professionalism was also important. The changes were reinforced with information technology which hastened progress in the development of out-of-town hypermarkets. Then, Tesco developed a reputation as the thinking retailer. (Channer & Hope, 2001, p. 44)

Over the next decade the company underwent a fundamental change in its attitude towards itself. Tesco started to become a quality retailer operating in modern stores. They built teams composed of effective and talented individuals, people who had the ambition to achieve and to share in their vision, and who each brought a different perspective to the business.

Step by step, Tesco continued to professionalize both its operation and its image. In 1985 Ian Maclaurin took over the chairmanship of the company. He changed the running of the corporation. They would not take a vote on any issue but would have to reach agreement through discussion and reasoned debate, in contrast to the traditional way of doing business. Ian MacLaurin concentrated on identifying and nurturing the talent for the future, and retired at the age of 60, leaving Tesco in 1997.

In MacLaurin’s words:

‘Having laid down rules and regulations that we would retire at 60 regardless of position, the other great thing I think we did was to identify and groom our succession. Those guys have now been in charge for over two years, and Tesco has gone from strength to strength. That’s brilliant. You know, for me to sit here and see Tesco consolidating its position and going to Thailand and developing, that is tremendous. It’s tremendous.’ (Channer & Hope, 2001, p. 45)

Most of Tesco’s employees now have become shareholders, while a number of them have become millionaires as a result of the success of the business. Today Tesco remains significantly ahead of its competitors in performance terms, after having introduced a range of innovations from supply chain management through employee involvement. It cares for its customers by constantly introducing innovations and quality to its products, and most of all, conducting corporate social responsibility through sustainable development and environmental programs, including community involvement.

Globalization in the 1990s and early 21st century saw major changes and challenges for organizations, particularly huge organizations like Tesco. Tesco internationalized late and concentrated primarily in Europe. Tesco acquired Power Supermarkets with its own way of management in logistics like only a portion (12 percent) was centralized; doing the high stockholding levels in the stores for about 2 weeks but 4 plus weeks at depot; and unknown supply chain costs. (Fernie, 2004, p. 55)

Tesco’s ‘customer service’

Around the mid-1990s, Tesco decided to introduce innovations and IT applications inside the organization. The objective was to encourage responsiveness, be it coming from the buying public or from the people inside the organization. There was tremendous enthusiasm from the employees and middle management, simply because embarking on some culture change was something new.

A consultant was invited for discussion with senior HR staff and very senior line management. The consultant was hesitant to embark on culture change in the organization. Calling it ‘culture change’ might force middle-ranking managers to back up, that would make the project difficult to accomplish. The project called for a more detailed approach on customer service. Tesco then embarked on customer service that would involve some changes in the employees and staff, and rules of engagement for more open and effective meetings. (Grundy & Brown, 2003, p. 171-2)

Tesco is competing on customer loyalty and customer experience. It allows the company to have a close relationship with their customers. Tesco measures and monitors what matters to customers, including items already out-of-stock, how quickly its delivery vans make it through traffic, and how it performs relative to various Internet service points across the country. (Schuster & Dufek, 2004, p. 146)

In 1977, Tesco Direct was still primarily a call centre-based operation. The model being used was the in-store fulfillment model, an online store for customers, producing the same price for the items, but this was possible for regular customers who used to purchase in their shops. The prices became competitive. The customers could order online items which were available in the shops. It was known as the “basket mix” of Tesco’s online shoppers and which proved to be very effective. Online stores became popular and are now commonly practiced by many companies.

The Tesco Direct team takes the customer experience very seriously. They monitor on-time deliveries, accuracy of orders, and customer satisfaction. They simulate customers’ online shopping experiences to proactively monitor the state of the end-to-end customer experience. This constant monitoring of the conditions that customers are facing helps Tesco proactively sort out problems as they occur. (Schuster & Dufek, 2004, p. 146)

Moreover, the customer’s taste, to include personal information and data, are stored in the website’s database.

Tesco’s Multi-Format

Tesco operates a multi-format operation designed to cope with customer demands and preferences wherever they may be:

  • Tesco Direct – internet orders delivered direct
  • Tesco Express – local convenience stores
  • Tesco Metro – city centre convenience stores
  • Tesco Superstores – for weekly shopping

Tesco has the quality-price for their products here. All their products are sub-categorized and available at an easy format for customers. Tesco Organics is a category of organic foods that range from cookies to sausages. Other categories include Tesco Free From which is composed of 150 products available for customers with allergies on certain products. The Tesco Healthy Living category includes over 500 products which are health products with little fat, sugar and sodium.

The Tesco Carb Control is for customers who want a low-carb diet. They also have Fair Trade products program which promotes fair trade meaning fair price for countries from the developing world buying their products. (Lincoln and Thomassen, 2008, p. 45)

‘Tesco literally gives us everything from birth to the grave,’ says Lincoln and Thomassen (2008, p. 46). Their employees clearly go out of their way to understand their shoppers. Tesco slogan is written down as “we are a company for all seasons” (Hawkes and Seib, 2008).

the Tesco variants
Figure 1 shows the Tesco variants

Tesco insights can be encapsulated to provide a dynamic range of products, from tangible to intangible.

The Introduction of the Club-card

Before the Club-card program, Tesco was stuck as the UK’s second-ranking supermarket. Today, not only is it the UK’s largest grocer, it is the world’s most successful internet supermarket, one of Europe’s fastest-growing financial services companies and arguably one of the world’s most successful exponents of what the term Customer Relationship Management, or CRM, really mean. It is now the UK’s largest private employer, and one of its fastest-growing businesses overseas (Humby et al., 2007, p. 3).

Tesco was not alone in its massive transformation. The last 10 years of the 20th century were as dramatic a period of change in high-street retailing as any period in the 90 years before it. During this period, there were vast mergers and acquisitions, downsizing and rightsizing, while other big ones made new formats of stores, created new categories of product, and new ways to sell them. From all these challenges, Tesco has emerged the strongest. By 2005, it had been the biggest of the ‘Big Four’ – Sainsbury’s, Asda and Safeway (now part of the Morrisons group) are the other three – for 10 years, and it had increased the margin of its lead in each of those years. (Humby et al., 2007, p. 3)

But it was the Tesco Clubcard team under Tim Mason, who first identified the opportunity for Tesco to sell financial services successfully to millions of card-carrying members. Customers were offered fresh food and chilled meals. It was also Clubcard that provided the inside and the data to identify in which households those customers lived. (Humby et al., 2007, p. 3)

There are many benefits in having a Tesco Clubcard. By having points, one can use it in other establishments, such as the Euro Disney in Paris. Having a Tesco Clubcard helps a lot in one’s travel deals. £2.50 in Clubcard vouchers gives £10 worth of Clubcard deals tokens, says Griffiths (2009, p. 195).

Case Study: Saudi Aramco

Saudi Aramco, a state-owned oil company in Saudi Arabia, is another example of a large company working with a secured IT infrastructure. The company’s strength is divided into five major categories, namely: energy, innovation, partnership, performance, and reliability. The organization focuses on energy, which is the lifeblood of the country’s economy, and which also drives the company’s workforce. Aramco also focuses on innovation, which refers to changes, creativity and productivity for the organization’s objectives and for improvement of the entire workforce. Innovative solutions are also introduced to many aspects of their business. (Saudi Aramco, 2011)

Saudi Aramco is the symbol of the oil industry in Saudi Arabia, and as such the oil industry cannot exist without Aramco. A greater and bigger plan can be devised for a bigger move for the Kingdom of Saudi Arabia.

Aramco does not consider their employees and the entire workforce as working force but as partners. They do partners with their suppliers, clients and communities for a wholesome work environment. The work performance of employees and everyone involved in the business count a lot. The organization follows the highest standards of excellence for their workforce in all their areas of operation, including safety and environmental standards, so that their clients and the general public can rely on. (Saudi Aramco, 2011)

The global village is now becoming a reality, and the workforce is composed of diverse cultures. Saudi Aramco realizes the importance of diversity in the workplace. It is important that employees value the diversity of organization and accept the multi-ethnicity in the workplace.

The company encourages its workforce to become creative, to submit their suggestions and ideas to the human resource department, for the improvement and success of the organization. Diversity in the workplace allows the organization to value people; their managers and supervisors are encouraged to get out of the office, talk and mingle with the members of their teams. Aramco emphasizes team-working and clustering for its people. (Saudi Aramco, 2011)

Creativity spawns new ideas, suggestions and variations. Employers want employees who are creative because they can positively contribute their ideas and their inner thinking to the team and the organization. Creative employees help formulate the vision and objectives of the organization. Companies evolve, organizations have to change and introduce innovations. And creative people are needed in this kind of scenario. Employees should “think outside the box”. Creative people are productive and work for the fulfillment of the organization’s objectives.

Saudi Aramco’s growth means Saudi Arabia’s major development and improvement in its business cycle. One of the largest oil companies of the world, Aramco uses technology which allows it to pre-qualify and approve existing projects or soon-to-be projects. Foreign companies can sell directly to the company or through an intermediary or agent. This is an opportunity for Aramco and its suppliers, even small suppliers or companies. (USA International Business Publications, 2009)

Saudi Aramco is a global organization with many subsidiaries in the Middle East and around the world. It operates a network of companies and branches of refining, distribution and processing of petroleum products. It operates using the latest technology coupled with software and Information Technology. It supplies liquid hydrocarbons which include fuel and feedstock products.

Aramco’s marketing has been revolutionized with the advent of high technology, the internet, and consequently, globalization. Its organizational set up reveals its being a global organization. Being a global organization motivates it to fulfill the processes of globalization. It has to adapt to the changing times, and the application of technological tools for operations and fast-paced communication.

The use of IT infrastructure allows Aramco to smoothly conduct multiple operations simultaneously. Without a secured IT, its operations would have become a mess. It operates a network of companies and branches of refining, distribution and processing of petroleum products by using the latest technology coupled with software and Information Technology. (Saudi Aramco, 2011)

This large organization conducts market intelligence using information technology software. Market intelligence tracks and studies the activities, moods and changes of the domestic market, the demand and supply, and the many facets of market intelligence for inputs into the organization’s database. The data and information which their teams had gathered and provided the main office formed into a stimulus for decision making.

Aramco commissions its own people to conduct market research. With this, it has a module or template in the carrying out of the objectives of the market research. It has its own definition of market research which is a bit synonymous with the present definition of the AMA.

Market research, according to the Domestic Sales & Logistics Department, Demand Forecasting and Market Intelligence Group of Saudi Aramco, is the systematic collection and analysis of collected data and information about the company’s products, clients’ demands and suggestions, and the whole business environment of Aramco. The objectives of a market research always link the company to the customer, on how the company can satisfy the customer, what are his/her needs and wants, how should the product/s be made and how are they delivered and presented to the customers. The performance of the product or service is also a significant part of the market research.

Saudi Aramco has maintained a product-development process using Information Technology. Marketing intelligence is continuously being implemented by the company’s thousands of engineers, geologists and competitive managers. It operates the largest oil fields in the world.

Market research for the company cannot be conducted without the use of a secured IT software. The company uses a sales force automation system in responding to the big demand coming from the different oil companies throughout the world. The GIS installed in Aramco is one of the most secured IT infrastructures worldwide.

Ford Motors

Ford Motors has been rated the second motor vehicle manufacturer according to Standard & Poor’s. But Ford encountered external and internal problems which hampered its growth. Ford Motors was started in the United States with Henry Ford as its founder. Henry Ford introduced many innovations in manufacturing. One of these is the best-known Model T of mass production, the moving assembly line – which is actually composed of conveyor belts – where time of work was reduced. Ford further revolutionized the car industry, paid higher wages to factory workers, and made cars affordable to anyone.

The company became a multinational corporation in 1970 but was predominantly operating in North America with subsidiaries in major markets in countries like Britain, Germany or Australia. These subsidiaries however have their own manufacturing plants. With intense globalization, the Ford organization started to restructure internationally. In the Asia Pacific region, Ford was consolidated with further product development and designs which were originally Asian.

Ford is best known in the United States for its cars, trucks, crossovers and SUVs (Ford, 2010). In 2008, it was adjudged by Standard & Poor’s (2009) as the world’s second largest motor vehicle manufacturer, producing cars and trucks, including plastic and glass parts of the cars they make, and replacement parts. Financial services included Ford Motor Credit (automotive financing and insurance) and American Road Insurance. Ford has a big share in the world market. It has a 33% stake in Mazda Motor Corp. It has ventured in many countries, trying to feel its presence even in China, which is the fastest growing market in the automobile industry.

Ford has planned to grow and expand in Asia, particularly in Thailand and other emerging markets in Asia, as announced by CEO Bill Ford. (Business in, 2005)

Quality Imperatives

One reason why Ford Motors declined in sales and has lost a considerable place in the competition is due to lack of quality in many of its cars. Quality imperatives for Ford Motors have to be discussed in the light of the present decline in customer loyalty and therefore sales.

The Economic Imperative: Automobile industries around the world have a great part in the nation states’ gross national product (GNP), accounting for at least ten percent or more. These industries have evolved and encountered many changes over the years. Economic imperatives can cut down the quality of a firm’s products.

Ford Motors was once the world’s leader in vehicle manufacturing but with the recent global economic downturn, there are doubts as to its leadership and the quality of the cars that it once manufactured and delivered to its loyal customers. Recently, Ford Motors needed government bailout in order to survive and stay in the competition. The U.S. government had to reinforce financial losses because of the purported mass layoff of customers. The automobile industry is a labour-intensive industry, and if one car-manufacturing company closes down, it will have a great impact in the economy. In the Asia Pacific region, Ford Motors has made its mark by addressing the demands of the riding public or the growing interest of customers to Ford products, including parts and services.

Ford Motors is a knowledge-based, global firm, the world’s second in the automotive industry. General Motors was once the world’s leader in vehicle manufacturing but with the recent global economic downturn, there are doubts now to its leadership since it needed government bailout.

Ford has a reputation of high sales in new light vehicles, but its leadership has been threatened by the increase in competition by Asian companies, the Tata Motors from India, and the merged companies in China. There is also a shift from the large SUV to smaller crossover utility vehicles (CUVs). In 2008, Ford has to introduce its own CUVs. In 2010, Ford has diversified some of its vehicle designs, such as the CUVs.

With market shares down, Ford started to restructure plans so that it could lower down the costs of production and operations. Ford made a shabby performance for its corporate strategy in 2008-2009. The reason for this is that it received some obligations out of its partnership with Visteon Corporation, the parts manufacturing firm to whom Ford had some obligations that had to be ironed out. It had to face additional expenses at a time when it was struggling to reduce costs of production and operations. Out of these transactions, Ford acquired 23 manufacturing plants from Visteon which were considered additional obligations and not real assets. Standard & Poor’s (2009) says they were money-losing plants delivered to them by Visteon Corporation. Ford had to provide financial assistance to this company in exchange for warrants for company shares of Visteon. It was not a good deal after all.

Social Imperative: Quality is as important to the company as to the community and the loyal customers of Ford Motors. In some countries, public services particularly the transportation sector is being held by government-controlled corporations. There is discontent and lack of quality in this kind of service. Governments are trying to decentralize or liberalize transportation to infuse quality in public service. (Beckford, 2002, p. 6)

Since the beginning of the industry, stiff competition has always been a big challenge for Ford. One of the fiercest competitors is Toyota, a fast growing company and a threat to American car manufacturers. Toyota strategies involve innovations in production, marketing, sales and promotions, and branding. But to top it all, it has been able to handle knowledge management like it is a part of ordinary business. Toyota introduced the kaizen and kanban concept of production. This was discussed in the early sections on knowledge management.

Western companies have to adapt to the emerging markets in Asia or what are now called the “Tiger economies of Asia”, like Singapore, Hong Kong and Taiwan. Emerging China and India are a temptation for the industry players. Organizations that want to penetrate these markets have to infuse quality in their products and services.

Ford also has a problem of dealing with labor unions, and this is one big challenge in the years ahead. The automobile industry is one of the most labor-intensive industries in the world. Labor unions have to be dealt with squarely and provided affordable benefits.

Environmental Imperative: Ford has to adapt to technological advancement and continuous innovations; this sacrifices the environment. In many parts of the Asia-Pacific region, Ford has manufacturing plants and production facilities. However, it also outsources many of its parts from mainland China. Outsourcing and in-house manufacturing both have repercussions on the environment; but it all depends in the management and the programs and policies of the organization. This is one of the challenges of Ford Motors Asia Pacific. Environmental degradation is one of the outcomes of manufacturing.

Moreover, cars of all sorts produce carbon dioxide emissions which are harmful to the environment. Greenhouse gas emissions have been the topic of various international groups to reduce climate change and global warming.

The automobile industry has been characterized by intense competition, lower market share, and there are many products coming from different competitors. Other environmental forces include high prices of gasoline and a sudden change in the demand for Ford’s pick-up trucks. Ford’s sales were down during the period 2008-2009. (Standard & Poor’s, 2009, p. 211)

The rising costs of manufacturing have forced car makers to find ways and implement innovative solutions. Outsourcing of parts and car components is now a trend, and many of them have merged or used companies in China which manufacture cheap parts.

Strategic Importance of Quality

The operational and administrative functions of a corporation should reflect the quality policies of a corporation. The other important levels include strategic and normative levels which must also reflect quality policies as significant as the operational and administrative levels. (Beckford, 2002, p. 15)

During the initial period of the 2009 recession, Ford’s products were becoming less in demand; it needed successful products to be on the competition again. This is one of the most important needs for Ford. According to Standard & Poor’s (2009, p. 211), Ford lost market shares in 2008, the problem, quality.

On supplier development, Ford management has realized the importance of supply chain. Some of its automotive parts are being outsourced from China. The role of IT infrastructure is lost in Ford at that time. Ford Motors has realized that supply chain management excellence is crucial for customer satisfaction. Understanding customers is critical to their satisfaction and loyalty. Product innovation is one of the solutions. Supply chain learning should be a part of the firm’s strategy.

As stated earlier, Ford had practiced outsourcing in production and manufacturing. Many of the of a Ford vehicle are outsourced from China. The process of outsourcing has reduced the quality of a product. The level of operational management has reduced the quality of Ford’s cars and vehicles. This was also affected by the processes of supply chain that Ford has practiced all through the years. In the Asia Pacific Region, Thailand is one of the center points or the source of Ford cars. Cars are assembled in the Philippines and shipped to Thailand. (Business in, 2010)

This is because majority of the orders from customers are coursed through the Thailand branch of Ford Motors. Parts come from China and the Philippines but assembly is done in the Philippines. This process hampers quality in the operation. Parts pass through many barriers before they can become functional in the core product. Quality is sacrificed in order to reduce cost. The level of administration which defines the control and allocation of operational resources affect the quality or the outcome of the product. There is lack of balance in the level of administrative management at Ford Motors Asia Pacific.

They rely much on technology, such as the Internet and Information Technology, and other tools such teleconferencing into order to communicate with employees. There is still vertical set up or integration, and decentralization is not yet an option, making the operational process a hindrance to produce quality products for Ford Motors Asia Pacific.

The level of strategy is also disadvantageous. Ford’s vehicles are not anymore the quality-oriented vehicles that it used to be. During 2008, revenues fell and it was not yet clear when it was going to go up. This has been made complicated by the supply and demand scenario. Up to 2010, there has been a weakening demand of cars in the United States and Europe. (Standard & Poor’s, 2009 p. 212)

This is one of the reasons why Ford Motors Asia is pushing for growth and expansion. The management believes the emerging markets of Asia can drive the growth of the company.

The level of normative management which is responsible for the ethical issues and the expectations of the community on the organization’s programs and actions, also affect the performance and the quality of its services.

Ford Motors Corporation made some mergers and acquisitions which were quite not sure if the company and the community benefited at all. Globalization impacted on the automobile industry which resulted in mergers and acquisitions of well known car brands. Ford acquired Jaguar and Volvo and also partnered with Mazda Motor Corporation. (Plunkett, 2006, p. 18)

But these acquisitions produced negative results to the general public in the sense that the quality had to be sacrificed. Many of the cars which were the results of mergers were not performing well.

Quality Philosophies

W. Edwards Deming

Philosophies on quality centered on Deming’s failure to convince the American manufacturing sector in his ways of quality and methods. Deming’s quality methods were rejected by the American industry strategies. He wanted that management should focus on manufacturing processes that should have constant variations. Quality, according to Deming, can have common and special problems. Examples of special causes are the ones which are caused by machines that need special attention. Common causes are systems causes and which should be looked upon by management. (Beckford, 2002, p. 66)

Deming’s philosophies were widely accepted in Japan; that is why he was considered a hero in that country. His methods became the basis for Japan’s quality processes. The Deming Prize was formed to determine and define quality in production and manufacturing. In 1960, Deming was honoured with the Second Order of the Sacred Treasure, an honour bestowed upon him by the Imperial Majesty. (Beckford, 2002, p. 67)

Philip B. Crosby

Crosby stressed the importance of quality in the design of a product. There are organizations that should first solve its own troubles before they can infuse quality in their products. Crosby (1984) outlined the characteristics of troubled organizations:

  • One common defect of a product that reflects a problem organization is that the product deviates from the normal requirements, including the announced or published ‘make’ of the product. There are inconsistencies in the product that when it goes to the customer, the latter finds it difficult to use or adapt.
  • The company employs dealer networks that try to infuse some corrective actions on the product. This occurrence will result in the product being introduced with many innovations. It may result in the dissatisfaction on the part of the customers.
  • The company does not have a clear program for quality allowing the employees to provide their own quality standards on the product. The job is supposed to be the job of management but employees are forced to do it for the management.

Ford Motors Asia Pacific has its own standards that it cannot be said that its cars declined because of lack of quality standards. As said earlier, there have been some factors that resulted in the dwindling of the quality of Ford vehicles.

Quality Tools and Strategies

Statistical Process Control

Deming advocated the use of a tool called statistical process control (SPC) charts which can be utilized to identify the special and common causes of quality problems. Deming wanted to identify and eradicate the so-called ‘outliers’. These are the problems in quality that can identify special causes. Some of the remedies include training and good maintenance of machinery and equipment, and other possible means for improvement. Other problems can be considered common problems or causes and can be pinpointed to the system which is the production process.

Statistical process control literally means bringing the processes “under control”; that means the production processes or other activities involving product quality should be controlled in order to find solutions to problems.

Pareto charts are used to diagnose the problems in the production processes and identify the problems, and find solutions to the problems.

The Malcolm Bridge Award

The Malcolm Baldridge Award is a set of criteria that provides guidelines for the effective operation of an organization. It was originally intended for the manufacturing processes but later it evolved and is now applied to other service organizations including educational, health care and non-profit organizations. The military also uses the Baldridge Award in infusing quality in their branches or to assess the different departments. Federal governments also use the Baldridge to assess the different agencies of the government. States of the federal government have made Baldridge-inspired awards to remind personnel and organizations of the importance of instilling quality in their jobs and services. (Brown, 2006, p. ix)

Human Resource Management

Human resource management must be a major activity of an organization because it was created to promote and pursue the aims and objectives of the organization. It also aims to have a quality human resource that will sell its products or serve the customers. HRM was not a regular part of management personnel a few decades ago; the job of HRM was performed by personnel management.

Human resource management is the proper handling or management of the organization’s most valued asset, the people working as a team. It is the responsibility of management and the people working there to work as a team for the promotion or furtherance of the organization’s objectives. In HRM, there is the central involvement of middle and low level management in order to have a good relationship with everyone working in the organization. Emphasis is on people management, from top to middle- and low-level employees, and a division of labor in the handling of people in the workplace and in the field.

Management of Quality

In order for a workforce to be effective, there has to be a careful and deliberate workforce planning and employee development. Workforce planning is the initial stage of training and development and is an important aspect of human resource management.

Total Quality Management

Total quality management is a management framework that encompasses different areas that ensure the benefits of business are delivered to the fullest. There are six concepts developed over the years by experts in the field of management, some of which are inter-related and connect to the concept of quality management as expounded in the previous sections related to Deming and other quality gurus of the century. The six concepts are mentioned by Hakes (1991), and these are:

  • Customers – the concept related to customers include external and internal; internal because there are customers inside the organization that need or patronize the product, while external are those not belonging to the organization that buy or patronize the products. The organization should focus along these two customers.
  • Never-ending improvement – This refers to continual improvement on the product and the workplace.
  • Control of business processes – There must be control of the production to ensure quality.
  • Preventive Management – This may refer to upstream or looking for possible problems that may come along the way.
  • Preventive action – this is done to institute corrective measures while the problem is about to occur.
  • Leadership and teamwork – The leader and his team should be able to work together to provide quality product and service for the organization.

ISO Quality System Standard

The International Organization for Standardization is a standardization body that verifies the quality standards and compliance of organizations. The ISO 9000 certification is issued by the Standards Body to firms and organizations that comply with the procedures of the Body. This is not a compulsory certification, but organizations adhere to the procedures and submit for certification in order to raise their standards of quality and excellence. Organizations which are issued with this certification improve their performance and raise their competitive standing to their particular industry.

Ford Motors’ Quality Problems

Mergers and acquisitions (M&A) should be properly planned and executed. There are many requirements and preparations before the actual execution of M&A. M&A should not be executed for the sole purpose of expanding (because this is now the age of globalization) or to fulfill the goals of some ego-boasting managers. Careful study and preparation can minimize financial losses and prevent the flight of significant and top talents of the organizations. There are long-term benefits that a firm can attain, not just market share gains. One is the vital core competency as a “Great Acquirer” with benefits such as financial, managerial, and reputational aspects of M&A moves. Great Acquirers are approached by competing companies if they have such reputation.

Ford had also trouble reaching an agreement with the labour union, UAW. It was crucial and one that involved life or death, and it still is a question whether Ford chose the former. In Asia, some labour problems occurred in China because of the big demand of labour in the automotive industry.

Intense competition, a lowering of the market share, and gas hikes have characterized the dilemma in the automobile industry in the different areas of the globe. Some of Ford’s cars were no longer selling. With the recession, car and vehicle lovers wanted affordable cars, but full of quality. For instance, in India when there has been a desire for cheaper cars, Tata Motors manufactured the world’s cheapest car, the Tata Nano, but it was not selling. Ford penetrated the India market, made some acquisitions, and introduced its own small cars at a time when Tata Motors was not reaping the gains of the cheapest cars in the world. Ford announced to build a new model, the Figo. (Canis, 2011, p. 49)

Ford Motors follows the present trend in global organizations, the horizontal structures of business organizations. The traditional structure uses the vertical set up where top management takes the reins of power from the top down to the low level employees. Ford Motors have subsidiaries worldwide, a characteristic of multinationals. However, these subsidiaries have their own independence. They manage and rule themselves and manufacture their own products.

Information Technology

And It Infrastructure


Information technology performs the tasks of capturing, storing, processing, exchanging, and using information for a company’s products and services (Reynolds, 2010, p. 29). The emphasis is to enable these activities to support the organization’s decisions and control (Laudon & Laudon, 2009).

The field of IT involves hardware and software. Hardware refers to computers, laptops and servers, and other related equipment, while software refers to operating systems and other applications for various functions. A combination of hardware and software is called IT infrastructure.

This infrastructure needs a support staff or people to man the equipment and operate the different functions. The support staff is called the IT support organization which is responsible for implementing, operating and supporting IT. An organization’s IT infrastructure is supported and operated by employees and procedures that will build and operate the IT. These systems allow the firm to meet its primary objectives, such as acquiring profits, minimizing unnecessary costs, improving functions, enhancing customer loyalty, and fast tracking supply chain. (Reynolds, 2010, p. 17)

Most organizations have installed several information systems in their infrastructure. Information systems are divided into function, network, and enterprise IT. The relationship among IT operators, infrastructure, and the different types of information systems is shown in Figure 1.

The Importance of Information Technology in Organizations

This is now the age where computers and the Internet play a major role in people’s lives. There is hardly any activity without the use of a computer. People conduct business and any sort of activity with all the amenities of technology. Computers and Information Technology have come to shape the world and peoples of different cultural background.

Four powerful changes have affected the business environment: globalization, emergence of the information revolution, evolution of the business enterprise, and emergence of digital companies. All these need knowledge to stay competitive.

Businesses and organizations today have become global in a sense. Globalization has revolutionized businesses and organizations. Companies now are expanding abroad, and have to expand both as an organization and as a business. Businesses have to introduce more new products and services.

When it comes to technology, it can be said that there are good and bad sides to technology advancement. It seems there are no limits. There has been progress in the fields of genetic engineering, nanotechnology and computer systems. Then, new terms – or ‘beings’ – have also emerged, like for example cyborgs, transgenic organisms, clones, etc.

 IT infrastructure support functions, network, and enterprise information systems
Figure 2 shows IT infrastructure support functions, network, and enterprise information systems

The Role of the Manager in IT Applications

The role of the manager is significant to the attainment of the organization’s goals and objectives. The manager has to maintain good and effective rapport with the employees. The employees too have to establish a good communication with the customers. Meeting the needs and wants of customers is the job of both the manager and employees.

Moreover, the manager has to understand what information technology is and its role in the ever changing world of business. One of the important responsibilities of the manager is to manage the information system. New business opportunities, both involving IT and the different functions of business are coming at a fast pace. A manager has to understand it and determine ‘what IT to invest in and how to use it most effectively’ (Reynolds, 2010, p. 16).

It is in line with his focus in using knowledge and capabilities to run the business and with identifying and selecting persons capable of implementing the organization’s information systems. Along with this responsibility is the task to maintain employee morale and good performance, to nurture customer goodwill, and control costs.

Motivation is also a part of a manager’s job, for without motivation employees cannot function well. He should continually check the people in the office and in the field for their performance, and execute other HRM functions like job analysis, appraisal, performance standards, and other functions.

Effective management focuses on people. The manager and the workforce must work as a team and as a cohesive force, and should be flexible in satisfying the customers’ needs and wants. (Gulati & Oldroyd, 2005, p. 92)

With flexibility, the focus is shifted to human resource. Effective management looks at managing people in many angles by answering questions like: How do employees work effectively? How can they be motivated? How can they work as a team? How can they accept system change?

This first objective is on managers, so that they can deliver the necessary management techniques to the employees. The next line of concentration is on the people or employees. Both managers and employees have to be prepared, and their preparation stems from the basic knowledge of their jobs and the organization’s objectives. They must be prepared for the multitude of changes that will occur later on as the situation progresses.

Another responsibility of the manager is to introduce an effective planning. Human resource planning is concerned with identifying resources to the business needs of the organization. It meets human resource both in quantitative and qualitative approach by answering the questions: how many are needed in the organization, and what particular skills and capabilities should the people possess? (Armstrong, 2006, p. 363)

Other common and round-the-clock responsibilities of the manager include determining the number and type of employees essential in the team and where labor supply should come from. S/he must see to it that recruitment, training and development, and assignment of people are all in accordance with the organization’s objectives. Existing employees can be trained, developed, redeployed, transferred or promoted for future skill needs. New recruits should be carefully selected to ensure suitability for future positions. The labor force should be equipped with the necessary IT knowledge and skill to operate computer hardware and software.

The organization’s objectives play a critical role in the staffing process. The manager should see to it that recruits meet the qualification standards of the organization. Specification of the qualifications, identification of persons possessing those skills, and moving people into the jobs should be emphasized in the organization’s staffing strategy (Miller, 2007, p. 58).

HRM emphasizes the integration of traditional personnel functions including recruitment and selection and their management towards the strategic goals and objectives of the organization. Human resource management must be a major activity of an organization because it was created to promote and pursue the aims and objectives of the organization. It also aims to have a quality human resource that will sell its products or serve the customers. HRM was not a regular part of management personnel a few decades ago; the job of HRM was performed by personnel management. Now, an organization cannot function well with human resource management. This function and part of the organization identifies the organization itself. If the people are not well trained, then that organization is not an effective organization.

Function IT

This refers to information systems that help improve users’ functions and productivity in performing individual tasks. This important feature includes applications like computer-aided design (CAD) software, spreadsheet, word processors, and other e-learning tools and systems.

One case study that is important to mention here is Care Rehab (cited in Reynolds, 2010). This company manufactures traction, electrotherapy, and biofeedback products, which are valuable tools in physical therapy and rehabilitation. What is special in this company is that its engineers and scientists constantly introduce product innovations every now and then – a possibility of every six months – while older devices are upgraded every couple of months. The product designers utilize CAD software, creating virtual products without making physical product prototypes. This way they can directly proceed into manufacturing new products without the extra time of making physical prototype of the new products. (Reynolds, 2010, p. 18)

The case study of Care Rehab is an example of a company using Function IT. Without the software, the company would have spent more in creating prototypes. Or, they would have to eliminate their strategy of continuous improvement or making product innovations every six months and every couple of months.

Network IT

This includes information systems that develop and maximize communication and support collaboration among group members. Businesses and organizations now have the opportunity of improved communication through teleconferencing and other features brought about by the Internet such as wikis and electronic corporate directories.

Web conferencing is one of the advanced features being used by organizations where business partners, connected through the Internet, conduct meetings or conferences. What is more astounding is that this can be conducted at lesser costs. Only a computer connected through the internet can do the job.

Enterprise IT

Enterprise IT is a type of information system that organizations use to provide interactions among their own employees, including customers, suppliers and business associates. (Reynolds, 2010, p. 20)

These systems make it important to redesign the work processes while new processes provide automation for some work. The aim is primarily to design the internal processes including the support activities with external customers and suppliers. There are three models for enterprise systems, which are: transaction processing, enterprise resource planning, and inter-organizational systems.

A transaction processing system (TPS) processes data for company transactions and other underlying activities; it also updates and records these transactions while recording them in the company’s database. Each TPS supports a particular transaction of the firm, and all activities are geared towards supporting the entire business transaction. Some organizations have many TPSs to support specific activities such as order processing. It includes areas in ‘order entry, shipment planning, shipment execution, inventory control, and accounts receivable’ (Reynolds, 2010, p. 21). This is shown in the Figure 1.

TPS Systems Supporting Order Capture and Fulfillment
Figure 3: TPS Systems Supporting Order Capture and Fulfillment

Inter-Organizational Information Systems

This application supports data flow among organizations with the objective of sharing information. The present business environment allows organizations to share various kinds of information like for example purchase orders, invoices, and payments. Other kinds of information include information about suppliers and financial institutions. The process provides speed of functions and flow of material and the processing of payments, information among organizations. (Reynolds, 2010, p. 22)

In the sharing processes, organizations agree in advance on the way the information sharing is to be conducted including compatible technologies. Companies also agree on important functions and technical issues of data definitions and formats, designs of software and databases, to ensure a quality outcome of data and network infrastructures.

Electronic data interchange (EDI) is a type of interorganizational system which functions well on a computer-to-computer set up where transfer of information is done with well defined electronic documents. EDI standards require a certain format for each document and dictate which can be optional. The sequence of data presentation is also specified, including length and type, whether numeric, alphabetic or alphanumeric. (Reynolds, 2010, p. 23)

An example of an EDI that works is when a product order is sent through EDI advance shipment. The notification is sent from the shipper to the receiver, which contains the detailed information of the shipment.

According to Reynolds (2010), there are two commonly used EDI standards: first is the United Nations/EDI for Administration, Commerce, and Transport (UN/EDIFACT) which is used for international standards under the United Nations, and the other one is widely used in North America, the ANSI ASC X12 which has been in use since the 1980s.

The Web

The term is short for the World Wide Web or the Internet. This is one of the most important technological discoveries which have influenced activities of people, countries and organizations. Businesses use this to promote and advertise, to expand and to improve their business, to acquire more data and information for their databases, and for research and development or to build more products. Most companies, especially the global ones, have their own websites connected to the web. Customer and business interaction with the use of the Internet is common business activity.

Advertisements are all over the Web pages and on different websites. This is because the Internet is one of the most visited virtual places on earth. A newly graduate student can find a job using job sites in the Internet. Social networking sites are also very common and have occupied activities of many people around the globe, particularly the young. People who are apart from each other around the globe can chat through networking sites.

Customer relationship marketing (CRM) systems or the use of the Internet to support and answer customers’ needs and complaints provide fast service for customers. Paper billing is minimized through online billing. The company can use their website’s customer service to provide interaction with customers and company representatives.

Organizations who want to attain customer satisfaction and loyalty offer 24-hour service, seven days a week over the Internet. If they can do this on their websites, with an employee to answer to customers’ queries, that’s a lot of savings for the company that will result to customer satisfaction. Customers can also pay their bills through the websites by means of credit cards. This process saves time and cost of going to the company’s billing office. Invoice-to-payment cycle is shortened from more than a month to about six days with online invoice and payment. Other companies also use instant messaging (or text messaging) to answer to customers’ complaints and feedback of their products.

Social networking which is a by-product of networking through the internet has produced a new way of socializing and communicating. Through networking, people who are from the farthest corners of the globe can communicate and exchange ideas, materials and products, and new way of bonding among friends, students, and strangers have occurred, even without leaving their places and homes. Some of these networking cites are so popular being a member has become a status quo, for example Facebook, Flixter, Twitter, and many more.

Web 2.0

More changes in technology are introduced with Web 2.0, more on sharing and collaboration and Internet functions. Web 2.0 changes the way companies interact with their customers, with a lot more changes in websites. Other innovations introduced by Web 2.0 include recommenders and emerging technologies of Apple, like i-Tune, i-Pod, i-Pad, etc. Business-to-business organizations can take advantage of Web 2.0.

Networking and Collaboration

The telecommunications industry is a competitive world. This has to include the Internet, the communications companies and other related businesses. Companies in this sector strive to gain whatever competitive edge they can take hold of. Scientists and those involved in research and development (R&D) for these companies are in constant pressure to create and introduce the latest next-generation services. A critical success factor points to the companies’ ability to identify new services. A model for this is Apple Inc. (p. 52) which has been in the forefront of innovations by introducing new services every now and then.

Another model for innovation is a company formed by IBM, the Innovation Factory which collects software and services from the international organization IBM. It designs innovation from the time of R&D to commercialization. Features include social networking and information discovery capabilities, and such other web-based features like blogs, wikis, tagging, surveys, and so on.

Another company in the forefront of innovation is Sprint Nextel (Reynolds, 2010, p. 138), which provides voice, data, and other important Web services. Sprint Nextel’s services include mobile data, walkie-talkie services, and many other wireless network capabilities. The firm also subscribes to IBM’s Innovation Factory by launching some R&D on services like bringing service providers closer to subscribers and clients through interaction.

Sprint Nextel’s systems can access IBM’s Innovation Factory, connect with R&D people, consult and collaborate in the making and introduction of new innovative products.


Collaboration is important to people, countries and organizations, especially in the age of globalization. This is true in building relationships and in securing organizations. Humans started with simple beginnings – first smoke signals, then signs using flags (remember the boy scouts’ signals), the telegraph, telephone, and now Internet chat and instant messaging. The availability of fast and effective communication systems enable people and organizations to participate in networking and collaboration or alliances. At present, this is known as collaboration tools using electronic communication. Present collaboration tools are shown in the table below.

Common Users

  • Blog, bloggers, and blogging – upon accessing a website, contributors called bloggers, are asked of their opinion or comments on particular issues or suggestions about the website. A blog is a contribution opinion to the website. Contributors or users of the website use the webpage to write their ideas. Organizations also use “blogging” to promote and expose products and services. They write about branding and marketing. Marketing and public relations personnel use it to attain a realistic discussion relating to their products and services. Organizations are careful not to open a biased discussion in order not to create a negative feedback from the public.
  • Calendaring – pertains to a software which allows people to calendar their activities, for example meetings and important corporate events that automatically remind users on such events. Software that provides calendaring includes Google Calendar, IBM Lotus Notes, Microsoft exchange, and many others. (Reynolds, 2010, p. 142)
  • Desktop sharing – this technology allows remote access and collaboration on someone’s computer. Users can log-in to the computer remotely or while being away from the computer. Software like GoToMyPC, made by Citrix, allows the user to connect to a computer with the use of the Internet using another computer.
  • Instant Messaging – is also known as text messaging where text messages are typed and sent instantly through cell phones. IM is used through synchronous communication, with people sending and receiving messages in real time. IM is considered less demanding than phones because users need not respond to the messages right away. IM is one of the easiest ways to send communication.

There are a number of risks in instant messaging. IT professionals warn that businesses should be extra careful about the use of instant messaging as there are threats of worms and viruses which have been launched by unscrupulous individuals. The viruses are named Bropia, Kelvir and MyDoom. This was reported by security firm Akonix which warned that they had they registered at least 79% increase involving worms and viruses attacks during the period January 2007 to June 2007. (Reynolds, 2010, p. 142)

Another risk to instant messaging is releasing private information which can be damaging to the one sending or receiving the messages. An example is the case of Representative Mark Foley of Florida, an incident that happened before 2006. Foley sent messages with sexually explicit connotations to underage boys serving in congress. Instant messaging is almost the same as email in the delivery of unethical and damaging messages.

  • Web Conferencing – is the new of meeting or conferencing using the Internet. In this type of activity, each conference participant uses a computer to connect to other participants of the conference via the Internet. Web conferencing also uses application sharing: the participants share applications like documents or spreadsheet which are passed on to other participants. Web conferencing products are software like GoToMeeting, Live Meeting, Netviewer, Skype, etc. They provide support like: vast media presentations, live video through Webcam, active speaker indicator, personal recordings, etc. (Reynolds, 2010, p. 145)
Social Networking

Social networking is “an association of people drawn together by family, work or hobby” ( Facebook is a social networking site over the internet that is so popular and visited by millions of people throughout the world. Other popular sites include twitter, LinkedIn, YouTube, and many others.

Berkman (2008), who did some studies on social networking, indicated that “…social relationships and affiliations have powerful effects on physical and mental health.” Berkman cited a study in 1982 in Tecumseh, Michigan where men and women ‘who lacked ties to others were 1.9 to 3.1 times more likely to die than those who had many contacts’. The study indicated that social networking for people is a necessity and is one of the basic needs of man.

Social networking before the advent of technology and the Internet was confined to face-to-face encounters. Now, social networking is provided by the Internet, with people communicating even when they are not in one location. Internet users socialize when they are in the opposite ends of the globe. This is the new-age social networking through Facebook, Twitter, LinkeIn, YouTube, etc. – websites that are visited by users with the just the click of their fingers.

Facebook is an example of a social medium which allows peoples to interact, communicate, and know each other. There are features that are also available in other networking sites, but what makes Facebook more popular and sought after social network? Stone (2007) described it as “one of the fastest growing and best-known sites on the internet today”.

Facebook is an online social networking, connecting people of diverse cultures from all over the world through the power of the internet. It was started in 2004 by a Harvard student, Mark Zuckerberg, whose first objective was to cater in to Harvard students. This was later expanded to all high school and college students. Now, teenagers and even adults from around the world who patronize the internet use Facebook. Stone (2007) says that “like other social networks, the site allows its users to create a profile page and forge online links with friends and acquaintances”.

As the user logs in to the site – i.e., after registering – the user is introduced into many options. The profile is personalized; one can upload pictures which can be viewed by anybody the user authorizes. There are many features of networking to friends, connecting to people from around the world, blogging, and news in and out of campus. Facebook is marked by some controversies however in its initial stage. Some students claimed that they were the first to own the idea and that Zuckerberg just copied it. Popular things are always marred by controversies.

Levenson (2008) explains it clearly that three students started the idea but that they had little knowledge of computers which compelled them to hire Zuckerberg. They just learned later on that Zuckerberg launched Facebook. However, this case has already been settled with Facebook giving a certain amount to Narendra and the Winklevoss twins, the three students who had the original idea about it.

One of Facebook’s fascinating but controversial features is the News Feed. This feature broadcasts changes to other friends of the user. Students like this feature because it delivered news or gossip about friends. At first some students did not like it because of the privacy issue, meaning everyone seems to know what was going on. Zuckerberg decided to stick to it and then everything turned to normal.

Thompson (2008) says, “Social scientists have a name for this sort of incessant online contact. They call it ‘ambient awareness’.” With this feature, the user can have access to other people’s activities, which can be intriguing and fascinating for people. Students are thrilled by this kind of ‘power’, so to speak. The user is just in the confines of his/her room and with the push of the button, they can have some glimpses or peeks of other students’ activities.

What does Facebook have for other disciplines? Politicians, actors and actresses, young and old, the rich and famous, are logging in to Facebook. Virginia Heffernan (2008) on The New York Times Magazine (online) revealed that John McCain’s Facebook page “featured a martial semi-profile of the candidate emblazoned with the slogan, ‘Country First: The Official Home of John McCain on Facebook’, and then replaced in September with ‘The Ticket for America’” (Heffernan, 2008).

Barack Obama has a sound feature in his page; both candidates exchange some “pleasantries” in the site, and use it to forward their platforms (McCain started blogging in the site since February 2007).

Despite all its popularity, Facebook hasn’t found a business model yet. Ives (2008) says in an article, that it “has been testing an interactive product that draws willing consumers into the advertising itself”. Ives further adds that other companies have used it like MTV who promoted the video music awards posting clips of popular artists and musicians. The results had been very positive for the site. Now, almost everyone has a Facebook account, or without it seems one is not well informed of the latest news.

Ms. Sandberg further revealed that the site has a new feature added known as “Facebook Connect” which brings Facebook contacts into other sites. With the site’s new innovations and remodeling, some people have complained, but Facebook is still going forward.

The question is, “What does Facebook need for a new face?” The answer to that is none actually. It has good features that have been tested. Now, it has to survived financially. According to some reliable information, like that from Ms. Sandberg, Facebook needs ad revenues. This is where how the owners and managers of the site have to test their mettle and expertise. And how their loyalty and expertise can make Facebook, as a social medium and business, survive in the “smaller and bigger” world of the internet?

Over the past years, Facebook has survived. Mark Zuckerberg is now one of the richest young people in America. The obvious reason behind is because Facebook is now visited by not only millions but billions of users from around the world.


Outsourcing has been in the forefront of business for decades. With globalization and popularity of the Internet, it has become a business trend. International companies outsource to other companies coming from the developing countries for lower costs but with effective and positive results. Outsourcing has revolutionized processes in the workplace, provided tools and valuable data and information to managers and employees, shortened workloads, and has done many things of great importance to businesses and organizations.

Outsourcing has produced a distinct kind of industry. It is the result of the Internet’s emergence as a primary provider of service for organizations. The popularity of information technology that started in the 1990s spawned outsourcing. The internet makes it easier for companies to manage outsourcing, because almost everything that a company needs, from management skills to the human-resources department, can now be bought from outside sources.

The term outsourcing is defined as “the transfer of a commercial function to an outside service provider, subject to the customer’s retained authority and responsibility to third parties and shareholders for continued success of the customer organization’ (Springsteel & Kuan, 2004).

Outsourcing is not like the mercantilism practiced by European countries in the 18th century. “Mercantilism used large, government-supervised companies to gather resources from around the world, like cotton, sugar, and gold, and then return them to the home nation or a third country to manufacture finished products.” (Eltschinger, 2007, p. 2)

Outsourcing can be done in another country, or inside the country where business is being conducted by the company who needs the services of an outsourcing company. Since the 1960s, the United States has been using outsourcing. American car makers such as Ford and GM used this to be more competitive with Japanese car manufacturers. They would source non-vital parts, for example carburetors, from specialty sub-contractors.

Japanese counterparts also used the same method. Toyota and other car manufacturers outsourced their car parts from outside sources as an operational strategy to lower the cost of manufacturing. These companies have been successful in outsourcing that their finished products are mostly composed of outsourced products or components from their own valued suppliers. (Lynch, 2008, p. 765-767)

Production costs have forced business organizations to adapt the services of outsourcing companies that offer lower prices. Outsourcing companies usually come from developing countries like India, the Philippines, Thailand, etc. Companies benefit from outsourcing IT functions, especially from the expertise provided by outsource IT experts at a reasonable cost. Organizational functions that can be outsourced include human resources (operations or payroll), financial transaction processing (for accounts payable), procurement, distribution and logistics, and clinical data management Outsourcing offers quality service and performance. The client is assured that the provider can provide the necessary quality products at affordable costs.

The Philippines is one of the leading host countries for outsourcing companies, focusing on business process outsourcing (BPO) and call centers. Call centers are emerging in many parts of the country, in urban centers like Metro Manila but also in the countryside. Call centers cater to service companies in the United States and many countries in Europe and the UK.

Most of the business functions can now be outsourced through the use of the Internet. India is also another outsourcing destination but the Philippines has the edge over other countries when it comes to BPOs because of the workforce’s proficiency in the English language. English is the second language spoken in the country. Young college graduates, or even undergraduates, now work in call centers in Manila and other cities.

According to a recent study by consulting firm AT Kearney, the Philippines is one of the top ten outsourcing destinations in the world because of its large college level workforce with good command of the English language. Filipinos fare better than Indians in spoken English ‘as they need no accent neutralization training to be able to talk with English-speakers from Western countries’ (Springsteel & Kuan, 2004, p. 58).

Call centers provide support to different business areas, such as telemarketing, sales confirmation, account reinstatement or reactivation, credit and collection, and other customer support services with the use of the Internet. Inbound call servicing includes technical support, customer service or product inquiries, and many other services.

India is another country that allows outsourcing to flourish. Its population has reached the one billion mark and so it has a large workforce. Outsourcing provides employment to millions of young workers who are also expert in the English language like the Filipinos. Information technology enabled services (ITES) spawned the growth of exports which reached $4 billion in 2005. (Raman and Watson, 2004, p. 268)

China is another emerging market with a large workforce. Outsourcing companies are sprouting in the world’s most populous country. In the 1980s, China opened its doors to business and organizations coming from capitalist orientation. Foreign firms took advantage by using the existing physical and IT infrastructure in special economic zones.

With cheap labor available at the disposal of the communist government, China joined the band wagon of mass production of clothes, toys, basic electronics, and many other common items which were believed to be standardized products. It has been said that almost everything now has the mark, “Made in China”. Companies from the United States and many other countries from the European Union that want cheap supplies have gone to China to establish companies there. Technology and the Internet have made outsourcing so easy and affordable.

Auto makers, appliance manufacturers, toy makers, and other consumer goods now look up to China for their outsourced products. China now is a primary outsourcer of common components and parts to businesses from the United States, Europe and countries from North America. U.S. companies have ‘infiltrated’ China for suppliers of their products, while in turn China has ‘invaded’ retail industries around the world.

Outsourcing involves servicing clients or companies whose customers are asking information about products and product warranties. These companies use Call Centers stationed in Asia, and operators reply to clients’ call. Companies in the United States and other European countries also outsource supplies from China and other developing countries. Companies lower costs of manufacturing and production through outsourcing.

One disadvantage is with the present economic downturn in the United States and all throughout the world, unemployment is aggravated by this process of outsourcing, although this refers only to buyer countries. This is therefore no answer to mass layoff of employees of many businesses.

As an outcome of outsourcing, many organizations have improved much in their operations and have soared to new heights in their operations. But with the present recession as a result of the global economic crisis, the chaotic start initiated by Wall Street companies, and the collapse of big insurance and investment companies, outsourcing has been affected but not in the process of outsourcing per se. Some countries may have been affected because their respective businesses have done outsourcing even before the outbreak of the present recession. But it doesn’t mean companies doing the outsourcing have been at fault.

Outsourcing is still the trend, helping international companies, and a source of employment in developing countries. Developing countries on the other hand have benefited from outsourcing. Companies doing BPO, call centers, and other outsourcing processes, have continued to do so in spite of the recession. There might be negative effects but they are minimal.

E-learning and Mobile Learning

This refers to learning with the use of computer-enabled learning techniques with the aid of the internet. It also includes multimedia CD-ROMS, computer-based simulations, and also mobile learning.

E-learning is in big demand because employees – or the entire workforce in the organization – have to continuously upgrade their talents, skills and capabilities. Educational institutions are targeting business firms for their employees to go on lifelong learning. These institutions work like business-oriented organizations with their promotional gimmicks such as billboards, signs, propaganda materials and commercials everywhere, and on the Internet with their various artistic websites, portraying an atmosphere of a boom in the knowledge-based economy.

New terms have emerged for the new knowledge-based economy – lifelong learning, distance learning and the virtual classroom. Lifelong learning is a process of individual learning and development that is on-going from across the life-span, from cradle to grave – from learning in early childhood to learning in retirement (OECD, 1996 cited in Tuijnman, 2002, p. 7).

Lifelong learning is broad and encompasses such areas as education policy, learning theory, human resource management, information technology etc. This can also foster the personal development of the individual, counter risks to social cohesion, develop civil society and promote democratic traditions, and enhance labor market flexibility.

These are challenges of the new and emerging economy. Corporations and organizations which have turned global have to exert some pressure but in the form of encouragements on their employees to acquire continuing education and lifelong learning as they go along in their jobs, because with this, they can help improve the organization and themselves. As a result of the digital revolution and globalization, skill requirements for many professional, technical and administrative jobs have risen. Some jobs have become obsolete, whilst many have been created. The new jobs require more and more skilled people. Firms which feel the demand of continuing education on their employees offer short-term courses, trainings, seminars and workshops.

Difference between e-learning and m-learning

The difference between e-learning and m-learning (mobile learning) is that e-learning may or may not be mobile, but both use the tools of the Web and Information Technology in the conduct of learning and education. Mobile learning can allow access to ‘learning materials and information from anywhere and at anytime. Learners will not have to wait for a certain time to learn or go to a certain place to learn. With mobile learning, learners will be empowered since they can learn whenever and wherever they want’ (Ally, 2009, p. 1).

Mobile learning is learning that happens anywhere using mobile communications, connected through the internet. This means being mobile as one learns or studies. It is not the ordinary teacher-student interaction in a traditional classroom, but the students are away doing their other jobs or chores at home, but still studying and learning through the internet.

The term refers to learning while one is not in a situated classroom; one can be at home or at work. The concept of mobile learning promises users new and/or advanced user experiences, which are quite often markedly different from those afforded by conventional desktop computer-based learning systems (e-learning). (Ryu and Parsons, 2002, p. 3)

It is also revolutionary in the sense that learning is not the ordinary teacher-student interaction in a traditional classroom, but the students are away doing their other jobs or chores at home, or whatever, but still learning through Internet connection.

Mobile learning uses mobile phones, smartphones, palmtops and handheld computers (PDAs), tablet PCs, laptop computers and personal media players. A mobile learning educational process can be considered as any learning and teaching activity that is possible through mobile tools or in settings where mobile equipment is available (Andronico et al., 2004, p. 91).

The concept of mobile learning promises users new and/or advanced user experiences, which are quite often markedly different from those afforded by conventional desktop computer-based learning systems (e-learning). In some educational institutions, mobile learning has been integrated in their educational system for such courses as distance education. This has more benefits for the faculty who can teach the ‘physical class’ and the virtual class at the same time.

Perceived benefits or advantages of m-learning

The following are some of the perceived benefits or advantages in the conduct of mobile learning:

  • Using laptops, students or those involved in continuing education can access to the vast knowledge and information through databases and web library from a given website;
  • Students can also conduct online searches using the resources of the library or a scholarly website;
  • Work through problems using spreadsheet software;
  • Others can take online quizzes;
  • Conduct experiments in virtual science labs;
  • View online images and video clips.

An example of mobile learning is when train commuters, using third generation (3G) mobile handsets, can access a multimedia-based English language learning tool supported by location software services. This attractive pilot service, done by Koreans involved in lifelong learning, “holds out the promise of unlimited access to educational resources beyond the traditional institutional boundaries, amalgamating currently separated learning activities into one with an integrated technical platform” (Ryu and Parsons, 2008, p. 2).

Mobile learning is concerned with learner mobility, in the sense that learners should be able to engage in educational activities without the constraints of having to do so in a delimited physical location. However, the concept of mobile education or mobile learning is still emerging and still unclear. How it is eventually done with perfection will determine its success in the future.

The case for mobile learning is clearly driven by the imperative that it must deliver local efficiency gains and cost savings in a short period of time. There are prospects of strong return of investment for looking at how cell phones and other mobile technologies can provide business functions and improve competitive advantage. The use of technology, especially networked computers used by distance learning students, has provided increasing support and richness for the oral element of learning.

The idea of e-moderating naturally leads the researcher to examine the idea of ‘m-moderating’, i.e. moderating for mobile learning. The goals and objectives are comparable but the different technologies may transform the nature of the interactions. Some mobile technologies, mobile phones and most PDAs, support peer-to-peer communications that are similar to e-mail and not necessarily visible to any moderator. (Kukulska-Hulme & Traxler, 2005, p. 34)

At the Pennsylvania State University at Delaware County Geoscience students now use PalmOne PDAs to enter field data straight into a spreadsheet for analysis rather than using paper. This is one of the important developments of technology use. The virtual paper replaces the real paper. But as to how this changes education and the concept of people to technology has still to be seen. More and more empirical studies have to be conducted.

In specific forms of guidance, for example careers guidance, mobile technologies can take their place in the learning technologies used to deliver content and support discussion on careers topics. Some work for careers guidance with the aid of m-learning such as:

  • Field work for career education which can be supported by e-mail or voice phone.
  • Individual assignments for specific occupations, with the use of videophone or cell phone to interview occupational experts.
  • Creating a vocational portfolio using picture messaging and text messaging.
  • Job search skills and other practices using videoconferencing. (Kukulska-Hulme 2005, p. 39)

Universities and colleges now accredit students’ experiential and professional experience in the web. Work-based learning is a growing component of many courses.

Studies on the use of assistive technologies in education have been conducted. The objectives focused on three main areas, namely: finding effective models for mobile learning; the evaluation of learning processes in mobile learning environments; and the focus on the technological aspects of mobile learning, and on their integration with e-Learning systems, and more generally, with the information systems of the academic institutions. (Andronico et al, p. 90)

The study sought the adoption of a well tested e-learning platform adapted to the usage of mobile devices; implementation of mobile computing services in a university setting; study of learning models linked to mobile technologies; and study of learning evaluation models based in an m-learning environment. It also investigated the context of lifelong learning.

Distance education can also benefit lifelong learning and continuing education. Lifelong learning is a process of individual learning and development that is on-going from across one’s life-span. It is broad and encompasses such areas as education policy, learning theory, human resource management, information technology etc. Since most of the learners of lifelong education are mobile, many of them are employed who need further knowledge and training in their job.

In the research, the electronic device was used to measure the knowledge level of the students and find and adapt the learners’ speed in learning. The study showed positive results on learning. It also found out that introducing new forms of teaching such as using a standard tool for drawing on PDA or laptop, make students spend more time on working on that subject, compared to the other subjects; the researchers thought that PDAs and other mobile devices should be seen more like extension rather than replace existing learning tools; and that not all kinds of learning content and/or learning activities are appropriate for mobile devices. (Andronico et al., 2004, p. 91)

There are positive results in the application of technology in education, particularly mobile education. The new application in education can be beneficial to many sectors, particularly to anyone involved in the so-called continuing education, and to the sector requiring accessibility, or the disabled. This revolutionary trend in education should be encouraged. M-learning, which is conducted with the use of handheld computers such as PDAs can be beneficial to both learners and educators, and also to commerce. The way education and learning are imparted allows speed and accessibility to anyone. It ignores distance and time.

The teacher, both as educator and learner, can have many benefits. As to the question whether he/she is ready to use these assistive devices, the answer is quiet obvious. Nowadays, it is normal for a teacher or student to have a laptop or PDA to assist him/her in education and learning, and in doing daily business. In the world of intense of globalization, the use of assistive technologies in education is already implemented in most universities and schools of learning all throughout the world.

E-commerce and e-business

E-business is the newest trend in the high-tech world of business and in the age of intense of globalization. It is a term that applies to business using the virtual world of computers and the Internet. Ebusiness uses several applications in order to be effective like enterprise resource planning (ERP), the Internet or its private version, the Intranet.

While there is e-learning, there is also e-business application of small and medium-sized organizations. Some examples are stated below:

  • Customer to Business (C2B). In this kind of business relationship, customers buy, sell, and receive business services from other businesses or firms; examples are “.com” companies. There are also consumer information services that provide information to the customers.
  • Business to Business/Government (B2B or B2G). Businesses interact with each other for activities such as order processing, purchase systems, inventory management, billing/payment, shipping/receiving, and supply chain management.
  • B2B direct. Business activities are conducted directly between trading partners.
  • B2B indirect. Trade partners use emarkets as intermediaries; also known as business to network (B2N) interactions where partners interact with a trading network.
  • Business to Employee (B2E). This is an internal service of an organization, and involves applications that have been known as “back-end” applications like payroll, material requirement planning, marketing information systems, and so forth.

B2b and ebusiness growth have been hampered by the issues which involve privacy, ethical, legal and security issues. Barriers to b2b ebusiness success and growth can be summarized in the following:

  • Privacy – there are countless ways to retrieve information from customers using websites of companies;
  • Security – cyber crime is being committed anytime and ‘anywhere’; cyber criminals don’t need sophisticated tools but just a computer with an internet connection and a skill to hack computer programs;
  • Trust – b2b ebusiness can be built with trust in mind between companies and organizations, but trust is difficult to develop and hard to attain.
  • Legal – Almost all information shared by organizations should be protected under the law.

The Internet influences almost every organization in the world, big and small. There is a common saying that the world is now confined to a global village. With the emergence of high-technology, the Internet, and globalization, operations in organizations have tremendously changed.

Advantages of the Internet are the following:

  • Distance is no longer a problem, and there is increased mobility.
  • Business organizations are free to locate many screen-based activities wherever they can find the best bargain of skills and productivity.
  • The world is having access to networks that are all interactive.
  • Large networks enable consumers to order and receive what they want to buy – where and when do they want these things to go.

IBM first introduced the word e-business in its advertising campaign in the 1990s. E-business is defined as the ‘transformation of key business processes through the use of Internet technologies’ (Li, 2006, p. 9).

E-business encompasses internal and external transactions, processes and activities conducted electronically, while e-commerce is a part of e-business. E-commerce is commercial transactions conducted electronically between and amongst organizations and individuals. Out of the introduction of the terms e-commerce and e-business, other terms evolved, such as e-government, e-public services, e-learning, and so forth, and their connotations are that they are activities conducted electronically. E-business has long been popular since the 1990s, but its origin can be traced back before that time. It has been a process of governments and organizations throughout the world that involves the use of the Internet and other related technologies. (Li, 2006, p. 10)

There are various definitions by different authors and researchers, but they don’t agree on one definition. Some interchange e-commerce with e-business, but others are definite. E-business has a much broader meaning because it involves buying and selling, servicing customers, collaborating with business partners, and conducting electronic transactions within an organization’ (Li, 2006, p. 9).

Emphasis in e-business includes activities and transactions conducted internally. Internal activities of employees, such as functions of the different departments, are linked through what is called Intranet. This way of internal networking improves sharing, facilitates knowledge dissemination and support management reporting. E-commerce is a subset of e-business; it deals with the facilitation of transactions and selling of products and services online, either via Internet or any other telecommunications network.

Another branch or subset of e-commerce is mobile commerce or m-commerce which refers to online activities similar to e-commerce, but this one uses mobile telecommunications networks, for example hand-held devices like mobile phones, hand-held computers or personal digital assistants (PDAs) (Li, 2006, pp. 9-10).

Personal Digital Assistant (PDAs)

A personal digital assistant (PDA) is a computer-based handheld device that incorporates personal organizer tools. It has the ability to exchange information easily with a desktop PC. PDAs were originally designed to act as electronic equivalents of diaries and personal organizers, but most can now perform a variety of additional functions (Trinder, 2005, p. 9).

A laptop is actually a computer but can be carried anywhere because of its size. It has the same features with a desktop computer.

Through a PDA or a laptop, the user can view through the LCD display, write notes, do word searches, record one’s voice, or listen to recordings, browse pictures and video clips through the Internet. Laptops have speech recognition technique that converts speech into text, and vice versa. Such speech functionality can make laptops or PDAs more accessible to users with visual disabilities.

Table 2: Examples of Information Systems

Examples of Information Systems

Information systems do not only store data, they convert data into information and useful knowledge. This is the input-processing-output model.

A PDA is a computer-based handheld device that incorporates personal organizer tools. It also has the ability to exchange information easily with a desktop PC. PDAs were originally designed to act as electronic equivalents of diaries and personal organizers, but most can now perform a variety of additional functions. (Trinder, 2005, p. 8)

A PDA is designed to perform a specific activity, such as music, photography, or writing. It can share information with other computers or data bases. (Norman 1998, p. 53, cited in Trinder, 2005, p. 9)

Some features of a PDA: Viewing through the LCD display, one can write notes, do word searches, record one’s voice, or listen to recordings, browse pictures and video clips. In short, a PDA is a handheld computer; at its early stage it had limited memory in its operating system, but with the introduction of more innovations on nanotechnology, PDAs have higher memory now.

Most PDAs do not have a physical keyboard and instead use some form of handwriting recognition. Handwriting recognition can be broadly divided into those that recognize cursive handwriting, and those notational systems that require each letter to be input in isolation.

Notational systems require the user to learn special strokes to represent each character. The most widely used is the Graffiti system found on PalmOS PDAs. PDAs using Graffiti have a special screen area for entering the strokes, divided into two input areas: one for entering number, the other for entering letters and punctuation. Graffiti is quite easy to learn, as most of the shapes are very similar to the character they represent. (Trinder 2005, p. 12)

PDA Features for Users with Visual Disabilities

PDAs use speech recognition technique allowing words spoken to be read as text messages, and vice versa. Such speech functionality can make PDAs more accessible to users with visual disabilities. There are also special Braille PDAs. Text-to-speech conversion enables a device to speak the contents of the display screen or file, e.g. a PDA could read an-ebook. Many entry-level PDAs can be used as simple voice recorders or Dictaphones but do not have adequate processing power to provide speech recognition. (Trinder, 2005, p. 7)

Other uses of PDAs include:

  1. facilitate quick feedback of reinforcement and deliver interactive demonstrations and quizzes;
  2. provide immersive experiences (for example, foreign languages);
  3. enrich learning outside the classroom (for example, data collection in the field); and
  4. share information (Davis, 2009, p. 298).

Present PDAs can mimic PC-based technologies, the features include: notes and presentations, delivered with a PDA-enhanced or PDA-specific document reader such as Adobe Reader for Palm including Flash animations and sound files, or indeed just a PDA-based word-processor; eBooks, such as the Mobipocket library, including textbooks and reference books; and websites and Virtual Learning Environments (VLEs) customized for PDA presentation, such as AvantGo, Blackboard-To-Go or FirstClass. (Kukulska-Hulme and John Traxler, 2005, p. 33)

The input-processing-output model – transforms data into knowledge
Figure 4: The input-processing-output model – transforms data into knowledge

The transformation process from data to knowledge occurs as inputs are classified into categories. For example in a retail store, inputs are entered into the computer with classifications for expenses at fixed and variable costs. The software installed will sort and rearrange the data. Employees’ names, and even information about customers, can be sorted alphabetically or through departments. The data are then summarized ready for download and browsing anytime by the owner.

Information Technology

Risks, Threats, Crimes and Other Security Issues


The topic on security is a broad subject. Security in IT infrastructure encompasses areas pertaining to risks and threats and how to conduct risk management and protect IT infrastructure from threats of viruses, worms, and different types of malware.

Security is an expensive ‘commodity’ when speaking in terms of technology and IT infrastructure. It ought to be expensive because it involves safety and the organization’s future. It is a challenging task that requires a lot of creativity and painstaking efforts which have to be continuous. Continuous improvement – like any other product in the age of globalization – is the term that applies here. There should be no loopholes; checks and audits for possible threats and risks must be done every now and then.

Security applications must be in accordance with the present government guidelines and should also correspond with the requirements of the one buying or asking for such applications into their IT systems and processes. What is important is to apply the basics of IT security and the ‘dos’ and ‘don’ts’ of IT applications.

Information Security Awareness

Employees’ security awareness is significant in information systems’ security management. Employees of an organization can be risk or assets to information security. In fact, some commentators consider the employees of an organization as the weakest link to information security. But some studies found that employees can be assets in reducing risk to information security.

Most organizations depend on technology-based solutions in reducing risks to information security (Ernst & Young, 2008 as cited in Bulgurcu, Cavusoglu & Benbasat, 2010, p. 524).

This should not be the ultimate solution in reducing IT security risks. Organizations have to rely on people, particularly their employees to ensure IT security. Some studies reported that risks pertaining to IT have been increasing even if organizations spend much for the protection of their IT infrastructure. According to Bulgurcu, Cavusoglu and Benbasat (2010, p. 524), success in this security endeavor can be achieved through a coordinated effort involving technical and socio-organizational factors.

Socio-organizational factors can refer to people and employees. The focus therefore is ‘to shift to employees’ compliance with information security policies (ISPs)’ (Boss and Kirsch, 2007 as cited in Bulgurcu et al., 2010).

Employees, who are considered insiders in an organization, can pose a security challenge to an organization ‘because their ignorance, mistakes, and deliberate acts can jeopardize information security’ (Durgin, 2007; Lee and Lee 2002; Lee et al., 2003 as cited in Bulgurcu et al., 2010, p. 525).

Employees who have the tendency to abuse and misuse information systems can jeopardize security. Bulgurcu et al.’s (2010) study focused on preventing inappropriate behaviors of employees in their use of information systems. Straub and Nance (1990 as cited in Bulcurcu et al., 2010) suggested that organizations should provide a punishment mechanism for erring employees who abuse organizations’ information systems. This can serve as a deterrent to others with the same behavior.

On the other hand, Willison (2006 as cited in Bulgurcu et al., 2010) suggested that behaviors of offenders in an organization should be studied in order to establish controls or safeguards and reduce employees’ misuse and abuse of information systems.

IT Risk Management

The world has been plagued with risks and uncertainties since time immemorial. From the time humans set forth on earth, they have met so many accidents and calamities. Most of these accidents are outcomes of inventions and innovations. But an almost equal number can be said as natural accidents or catastrophes.

Biblical history relates how early people encountered risks to attain their goals. They avoided these risks by making tools and learning to invent new things. In short, they learned to plan their activities. From this theory, it can be said that risks can be managed through careful planning and examination of the possible areas or problems that may happen in the future. Though early people did not have formal training, they learned from experience. They managed their lives; to live normally means managing risks.

With the advancement of time, life became complicated. New inventions came in – technology, along with the industrial revolution and human needs and goals became complicated too. Risk management went along the flow of modernization and has become complicated too.

A new kind of management has to be applied – risk management. Risk management in the midst of intense globalization has to be well planned and well studied. Experience can help in the process of planning to minimize risks.

The industrial revolution was characterized by major events which introduced a lot of changes in the workplace and organizations. Modern capitalism emerged after a transition period over several centuries, during which the conditions needed for a capitalistic market society were created. Risks account not only in physical terms, but also in abstract terms like financial and economic outcomes. Environmental problems, accidents and deteriorating health of workers were some of the risks. Workers who were not provided adequate basic necessities performed poorly and injured themselves.

Risk management involves analyzing risks or surprises that are expected to happen in the course of undertaking a project and the management of the possible outcomes of such a project. Risk managers have to be expert in using laws and theories that have already been tested, for example, the laws of probability which utilize statistical measurement, regression, and the utility theory.

When it comes to IT management, risks are not uncommon – risks are its ‘daily bread’. These risks can be caused by natural occurrences or man-made causes. The question that should be answered here is what kind of risk management is suited for an IT infrastructure. The question is posed because of the many risks involved in maintaining an IT infrastructure.

The table below shows the various examples of IT risks.

Table 3: Risks in IT

Risks in IT

Risks and Threats

How secured is the world in the age of computer and the Internet? How secured is an organization’s IT infrastructure? How secured are homes and offices and organizations’ databases?

The following section will emphasize on risks and threats of IT security in homes, organizations and governments. Risks and threats are multiplied day in and day out because of the endless interconnection of computers via the Internet. While before computers’ connections were confined to a few other computers by way of cables, now it is endless. And as risks and threats are multiplied, ways of countering it through anti-viruses have got to be endless too. This means programmers and IT security experts have to apply continuous protection and constant maintenance to the IT infrastructure.

Technological innovation has always been a feature of social change. Information technology is for everyone. Whenever there is a new feature or ‘invention’, people find it in everyone else’s computer. Word spreads rapidly. Technology itself is a virus that spreads so rapidly from one computer to another.

A human activity that is difficult to deal with now is ‘security’; security in the sense that there seems to be nothing secured in the age of technology and globalization. Because of computers and new technology, organizations can store as much knowledge and data. But the more data and information are stored in computers, the more risks and threats there are from hackers, computer saboteurs, criminals and terrorists. Risks are multiplied if computers are continuously connected online.

Security has become a lucrative business. Tech people who can program secured databases and information systems find ‘easy’ money with their programming tools. But this programming business has to be updated every now and then. If there is one programming software to secure computers and databases, another software comes in to destroy the code. Therefore, the technique organizations employ is to continuously upgrade – and ‘audit’ – their systems. Continuous improvement and maintenance is the key.

As said earlier, there are advantages and disadvantages in this new technological advancement. While communication is fast and effective, terrorist and terrorist organizations find this a tool to advance their evil intentions. They can use the internet to advance their cause by recruitment and sabotage, or to find new sources of funding. Criminal activities find haven in the Internet. In the comfort of the homes, illegal activities can find safe haven. Drugs, pornography, prostitution, cyber-sex – they are inside people’s homes and offices – if no extra precaution is enforced.

This paper aims to analyze the voluminous information and data on security of IT infrastructure in organizations. While the information and data are so vast, the analysis has to be effective and fast too. Viruses are faster than people’s thoughts. One analysis can lead to another virus in the making. There has to be a way out of this ‘cyber mania’.

Terms Pertaining to IT Security

Hacktivists are those who conduct politically motivated attacks on websites and servers.

Information warfare specialists work to develop information programs and strategies to fight cyber terrorism.

Insiders are disgruntled members of organizations, who have access to restricted information; they become a source of cybercrimes when they pass on information like passwords and other confidential data or trade secret that might be of potential use by other organizations or competitors.

Malicious code writers are those who program secret codes for critical infrastructures. They seriously pose a serious threat to enterprise IT infrastructure. (Erbschloe, 2005, p. 2)

Kinds of Security Risks

Information security is an important strategic issue. It is a major concern of governments and most private enterprises and organizations. Threats of cyber terrorism, increased dependence of the Internet, rising tide of globalization, and government pressure and regulations for companies and organizations to protect their IT infrastructure, have all increased awareness to require organizations effective management of information security. (Kayworth & Whitten, 2010, p. 163)

Security risks pertain to unauthorized access to information. This is also linked to data leakage, privacy and fraud, and other forms of security risks. Computer virus is a security risk. A virus attack can spread so rapidly over the Internet and can destroy files and maliciously collect private and confidential information and data. Security risks have caused about $17 to $28 million for every occurrence of attack, according to a study by Ernst and Young. (Suduc, Bizoi, & Filip, 2010)

According to an annual survey of IT executives conducted by Dataquest in San Jose, California, security ranked on top of all IT priorities for manufacturers. The survey indicated that security is more critical than ‘…building on existing IT investments and solutions, such as ERP, or piloting new applications and technologies, such as Web services’, said a statement by Geraldine Cruz from Dataquest (Seewald, 2003).

A survey conducted that showed the extent of damage of computer viruses. The survey, which was conducted in the United States, found that computer viruses had penetrated majority of the respondents’ computers. Other risks involved insider abuse by employees and users within the organization (44%), followed by simple theft of laptops and cell phones. (Suduc, Bizoi, & Filip, 2010)

IT security is a necessity in these times of intense globalization. For it can be deduced that what good is putting on a lot of investments, upgrades and other Web service features if security is not well in place and good? IT infrastructure is in danger without an updated and effective security. Factors that drive IT security include pressure from clients and customers or even trading partners. Cybersecurity projects are in demand with the growth of Web services. (Seewald, 2003)

Physical risks and logical risks are two problematic areas in IT infrastructure. Physical risks refer to the equipment which has to be protected from natural disasters like earthquakes, hurricanes or floods. Man-made disasters include bombings, theft, power surges, etc. The equipment can be protected through controls like locks, insurance coverage, performing daily backups of the information system and data, disaster recovery procedures, and so forth. (Suduc, Bizoi, & Filip, 2010, p. 43)

Key type of incidents
Figure 5: Key type of incidents

There has also been an increase of misuse in Information Systems practice in organizations.

A study in a university in Romania found a great percentage of misuse of information system, a notable 46%. Motivation of misuse ranged from curiosity to intellectual challenge to personal gain. This is shown in Figure 5.

Motivations for IS misuse
Figure 6: Motivations for IS misuse

According to surveys, approximately 90% of organizations face information security investigation almost annually (Siponen, Pahnila, & Mahmood, 2007, p. 133). To counter these security threats, there have been recommendations to improve information management systems and policies. Many of these organization managements seldom comply with information security processes and techniques. Organizations’ IT infrastructure, both physical and virtual, is jeopardized. Physical assets are also at risk. (Siponen et al., 2007, p. 133)

There is also the concern of privacy. Information technology was only used as an aid or tool in business, but now it is the mainframe because of the complexity and interconnectedness of businesses and organizations. But hackers and programmers with malicious intent continue to find ways to illegally penetrate vulnerable websites. There is no ‘safe’ or ‘trusted’ network in organizations. The ‘untrusted’ network which refers to the external connection of organizations will continue to expose the privacy of peoples and organizations. (Kelly Rainer & Cegielski, 2011, p. 83)

A security issue is that with the rapid growth technology, it is now easier to steal or hack information. This can be done with just computer storage devices such as flash drives or USB. High-tech devices are available to ordinary individuals and organizations.

The Proliferation of Cyber Crimes

The World Wide Web is one of the weakest spots where terrorists penetrate and use it to promote their programs of actions – to recruit, raise funds, and attack government and private websites through computer hacking, sabotage and cyber crime and terrorism.

Cyber crime is one of the worst ethical and security issues that emerged upon the introduction of the Internet to businesses and organizations. Cyber crimes refer to illegal activities of peoples using the Internet.

There is one company website known as iDefense whose primary objective is to protect governments and top businesses in the United States. But it is not enough. Criminals are more powerful than websites.

The growth of organized crime that uses Internet as a tool to raise funds, to penetrate other organizations, or to wreak havoc upon a great number of people, is one big security risk that governments should take extra efforts to combat this growing menace. Organized crime is a billion-dollar business composed of cyber criminals with the skill of computer hacking or software developing. This criminal network has been earning hundreds of thousands of dollars, contrary to ordinary criminals who earn only a few hundreds or thousands of dollars. Criminals of this sort have no base; they have no weapons and can be found anywhere in the world with a computer and an internet connection. (Kelly Rainer & Cegielski, 2011, p. 84)

Another security issue is a scenario known as ‘downstream liability’. This particular situation occurs between organizations using Information Systems that are attacked by criminals or skillful hackers. For example, if Organization A’s software has been attacked and used to attacked another, say Organization B’s information system, under the law Organization B has the right to file for damages against Organization A. Also under the law, plaintiff B has to prove that A’s information systems had been used to attack B’s information systems. The rationale behind this law is that any organization has the duty to keep its information systems secure so that they cannot be used by criminals or hackers. (Kelly Rainer and Cegielski, 2011, p. 85)

Prevention from risks and security threats must be incorporated into the system and should identify the environment and the boundaries of the system. An honest-to-goodness security examination should be provided taking into account the probability and possibility of the threat. Evaluation should also be administered on the possible threat from the inside of the organization since there might be risk from malicious users who can be employees of the company. A trusted employee can be one of the biggest threats to a well-secured infrastructure. Competitors can buy the most trusted employee who may want a few dollars in exchange for information about the system.

The grim reality and one of the biggest headaches facing companies with their Internet-based computers is dealing with software programming malicious codes that attack their computers. Anti-virus systems protection is the best way to deal with it.

These malicious code attackers are criminals. They violate the law by penetrating organizations’ websites, or even government websites. Once attackers are able to penetrate, like any other criminal who has penetrated a domicile, they can do what they want to do – steal or destroy the owners’ information systems. But there is one other grim reality that organizations have to face – conscience stricken criminals such as those malicious code writers counter and air their ‘grief’ by saying that big organizations they attack are those greedy capitalists. Governments and organizations unite – on the other hand – to fight cyber criminals so they can have a hand on the ‘global war on terrorism’. (Erbschloe, 2005, p. xvi)

According to Reynolds (2010), cyber criminals are of various types and are classified according to objectives. This is shown in the next table.

Classification of Perpetrators
Table 3

Viruses, Worms and Malwares (Malicious Codes)

President Barack Obama is dead!

This came out as news feed in one Twitter account belonging to Fox News. It was falsely reported that the President of the United States had been shot. Immediately, Fox News acknowledged the hack and so it ran another story to inform the public of the ‘false tweets’. (Bisaerts, 2011)

It was caused by a computer virus spread by somebody. The term virus derives its name from the biological virus that penetrates living cells. The behavioral pattern that biological viruses execute, as in copying and degenerating in living cells, is what is referred to in the computer virus.

Levels of threats are given to different kinds of viruses and malicious software. They are classified as “no, low, medium, and high threat”. The no-threat refers to a malicious software that is not functioning at all – it could be a hoax, created just to fool anyone. The low-threat requires human manipulation in spreading the virus from computer to computer. The medium threat is of low-infection effects or little damage. The high-threat can provide big damage at great speed. (Erbschloe, 2005, p. 18)

A computer virus refers to all types of malicious code. Technically, this is a piece of computer software or programming, disguised as good programming but causes unexpected events inside the computer system with legitimate programming. A virus is usually attached to a file or a document. When this file is opened, the virus makes its move. Other viruses penetrate the computer’s memory, so that when computer opens or makes or creates files, the virus attacks.

Viruses create an act which is malicious (or criminal in nature). A virus executes an act like displaying a certain message on the computer monitor, delete documents, or worse, copy files or passwords. However, viruses do not spread by themselves; they propagate through emails. When they are attached through emails, they can spread like wildfire. It is the computer user that spreads the virus. (Reynolds, 2010, p. 291)

The virus that hacked Fox News and reported the president’s death was apparently done by a group of youths – script kiddies (SK) – who hack computers using simple scripts. (Bisaerts, 2011)

The most common type of virus is the macro virus which is created with the use of macro language (e.g. Visual Basic or VBScript). This kind of virus is programmed to be attached on documents and templates so that when the templates are used, the virus wreaks havoc by inserting words, number or phrases on files, and also by altering various functions of the computer being attacked.

The virus that attacked twitter accounts first gained access to a free account using a login user and a password, and once inside it introduced a malware as in the case of Fox News’ twitter account.

Worms are also computer programs that reside in active computer memories. They are different from viruses in that they can propagate without human intervention. By themselves, worms send emails to other computers, or what they call Internet Relay Chat (IRC). The damage that can be done by worms depends on the codes programmed into the worms. Some are so harmful that they consume large amounts of system contents as they go on and wreak havoc from computer to computer. Other worms delete data and install malicious software on computers without knowledge of the owners. (Reynolds, 2010, p. 291)

Some worms create considerable damage on an organization’s data base. It consumes data and programs, and most of all disturbs productivity among the employees of the organization. It has been estimated that a billion dollars were lost on damage done by worms named Code Red, SirCam, Melissa, and ILOVEYOU. (Reynolds, 2010, p. 291)

Distributed Denial-of-Service Attack (DDOS) is a type of computer attack that is executed via the Internet. It creates countless demands for data that legitimate users cannot get in. It is just like having a phone with many callers doing it simultaneously, so callers hear a busy signal.

Case Study: Hannaford Brothers

Hannaford Brothers is a supermarket chain which experienced a security breach costing millions of dollars for the owners. The company’s employee strength is 27,000, and has 167 stores that operate in 5 northeastern states and Florida. (Reynolds, 2010, p. 279)

The security breach involved customer credit and debit card data. Before the breach was uncovered, customers kept on complaining of fraudulent transactions. Investigation was conducted and the breach was contained after two weeks of careful planning and management. Criminal elements of this kind have their own equipment with corresponding software that secretly captures legitimate data. This being done while cards are swiped at the check-out line.

Some factors that have led to security breaches are the use of wireless technology in transmitting unencrypted data. But the findings showed that Hannaford Brothers met the standards for data collection as prescribed by PCI, the payment card industry.

One thing with PCI procedures was that it did not require card data to be encrypted once a customer would swipe his/her card. At Hannaford, the procedure was conducted this way: the unencrypted card data passed through a network reaching a server where the process of encrypting took place, after which it was routed to the card company for complete approval. One possible scenario that appeared in the investigation is that an employee who had access to the administrative network allegedly planted a malicious software on Hannaford’s stores. The malicious software took hold of the customers’ encrypted card data and transferred it to the employee’s accomplice. A class suit has been filed against Hannaford, filed by thousands of customers. This can cost tens of millions of dollars for Hannaford. But it may also take millions for PCI considering that many of its business clients have been implementing their unsafe data protection standards.

Privacy Issues

There are companies which collect information from website guests. Majority of the websites of business firms collect information from their customers. There are complaints that a customer cannot really know how much of the personal information he/she has provided via the internet or other means using IT tools has been passed on to others in exchange for money or something. Sharing of information amongst organizations is not impossible. Spam emails, which are hacked information, are appearing everywhere through everybody’s private email databases. In the information revolution, sharing of information is the most common occurrence. (Pride & Ferrell, 2009, p. 92)

Recommender Systems

Technologies such as iPod, iPhones, and other Mac products provide features called ‘recommenders’ or recommendations to consumers. Consumers can have access to so many items on sale over the internet and recommender systems are installed to enable customers to make the right choice of product and service according to their taste after having provided personal information. This feature can become invasion of privacy since personal information is shared to other databases. Recommenders are intelligent systems which employ prediction techniques to determine what is and is not interesting by learning from the user and sometimes other users. The techniques used are information filtering, social filtering, item-filtering, etc. (Setten et al., 2004, p. 13)

Recommender systems provide recommendations on items to consumers. Consumers can have access to so many items on sale over the internet and recommender systems are installed software to help them make the right choice according to their liking after they have inputted their data in the system. When consumers purchase items, they provide data according to their purchases, product ratings, user profiles, and likes or dislikes of items, goods, and other consumer products. This information is then processed for comparison in the systems’ data bases by a software which uses a type of algorithm.

Recommender systems have become a popular technique to prune large information spaces so that users are directed toward those items that best meet their needs and preferences. They are also used by when customers use their system to find books and other products. In spite of the recommenders’ usage and practicality to both consumer and business, there are negative sides to the sharing of information.

Recommenders help users locate and choose items on sale. In the Amazon store for example, as users browse for books, they are guided by a recommender phrase that says: Customers who bought this item also bought… A push of the button can lead the customer choose and pick other items of the customer’s liking. There are hybrid recommenders too which are combinations of two or more recommender systems and which work by combining collaborative and content-based algorithms.

Recommenders are more beneficial if organizations share their resources (i.e. products and customer database) and recommendations boundlessly (i.e. apply recommendation systems on to inter-organizational level), and more importantly, great business value might be generated during the resource sharing process among the organizations (Weng et al., 2006, p. 32).

Whilst there are always the negative sides of new applications, especially on technology, and emerging technologies for that matter, recommender systems have aided both consumers or users and the implementers which are the big businesses.

Recommender systems and corresponding software have been the subject of various talks and conferences worldwide. This is because of the benefits they generate for both the business organizations and consumers who are seeking the right products for them.

Recommender systems are tools for researchers and consumer/users. They aid users in their choice of products and also help researchers seeking technological advancements. However, improvements and innovations have still to be implemented on the technology.

Example of a recommender is Tàtari. Tàtari (a New Zealand word meaning filter) is a software which aims “to provide an open source tool that researchers can use to develop and evaluate recommender algorithms without the need to create an entire recommender system from scratch” (Hassan and Watson, 2004, p. 47).

Tàtari provides all the background functionality leaving the researcher free to concentrate on implementing and evaluating their recommender algorithm. Thus, Tàtari will minimize the programming effort required and will maximize the time available for evaluating algorithm performance. Tàtari is recommended for researchers seeking advancement in the technology.

There can be ethical aspects that we can discuss here. In spite of the recommenders’ usage and practicality to both consumer and business, there are negative sides to the sharing of information. Technology has always been ethically questioned in the long run, and recommenders could be another bad side that can be cited.

Concepts on recommenders can be taken from successful researchers. One is that which combines three prediction techniques to arrive at a recommender or prediction.

One weighted hybrid TV recommender also combines three prediction techniques: a stereotype-based technique, a technique based on explicitly provided interests from the user, and a technique that employs a Bayesian belief network that learns from implicitly gathered user behavior data. The weights used to combine the predictions are based on confidence scores provided by the individual techniques. (Setten et al, 2004, p. 14)

Switching hybridization is another technique (Setten et al, 2004). This is the prediction strategy whereby “the decision is based on the most up-to-date knowledge about the current user, other users, the information for which a prediction is requested, other information items and the system itself” (p. 13).

On the other hand, Wei (cited in Weng et al, 2006, p. 32) proposed a multi-agent based recommender system in which a recommender system is considered as a marketplace consisting of one auctioneer agent and multiple bidder agents. There is a proposed distributed recommender system which consists of multiple recommender systems (or recommender peers) of different organizations (Weng et al, 2006, p. 32).

It works this way. When anyone of these recommender peers receives a request from a user, not only does it generate recommendation from its own resources, but it also consults (and interact) with other recommender peers for suggestion in order to improve its recommendation quality to the user.

Some say that recommender systems can cause fragmentation; meaning users will choose only the products they like and each and every user will have unique preference, or they will not have common choices anymore. The opposing view is that recommenders will have homogenizing effects, which means users are being pushed to choose on the same items or they can share information with one another.

While fragmentation is a negative result for recommender systems, homogenization counters this and is said to produce a network wherein users are more similar or are using the same items and products.

It can always be said that there are negative sides to this application. But in the long run, recommenders can be very helpful and reliable for consumers and businesses. Recommenders have been in use for decades now, even before the popularity of the internet. Now, with everything interconnected, data bases are filled with so much information for users and businesses. Recommenders can be limited when businesses do not share their data bases. The vast information can be very useful, as experts say, if those information stored by various businesses can be shared for the advantage of the users. Of course, there are limitations to their sharing.

As to their validity, it all depends on the information stored therein. Recommenders still depend on the users. It’s still man against machine.

Trust and other Ethical Issues

Trust is defined as ‘the factor that moderates the use of verifiable attributes to form beliefs about unverifiable attributes’ (Konana et al. cited in Graham Peace, 2002, p. 46).

In traditional business, many of the so-called attributes of business can be verified; not in e-business. In traditional exchanges, business is conducted face-to-face, or business people and partners meet and deal with themselves personally, or even through letter and telephone. When people go to a supermarket to buy goods and other personal needs, they can verify what they are buying.

In e-business, communication is being done through emails and Internet chat. The seller and the buyer meet in the virtual world. Trust is very important. B2b business which involves millions and millions of dollars prospers and grows with trust. For two business firms to agree there has to be a level of trust. Tan and Thoen (1999 cited in Graham Peace, 2002, p. 45) argued that the elements of transaction trust consist of “trust in the other party and trust in the control mechanisms that are in place”.

Ethics, on the other hand, directs businessmen to what is right and wrong. In the words of Reynolds (2010, p. 280), ‘ethical behavior conforms to generally accepted social norms of which are almost universally accepted.’

Ethical decisions in the field of information technology are no different than in any other businesses. For example, in the Internet there are countless websites that offer free download of materials and documents. But what about copyrighted materials? These are not free and ‘entering’ into the websites, downloading confidential information is a matter of ethical violation.

Ethics in the office can be taken for granted. When people are busy with their job, focusing on increased profitability in business, they usually forget simple things that are needed in ordinary business dealings, or common conversations with office mates. Being in one organization, they have to respect everyone as equal in this world of emotional humans. They also have to minimize negativity in the office in order to have a pleasant atmosphere while focusing on profits. They have to ask their fellow employees and managers if they approve of some behavior by others and if they are not then they have to correct it.

Most businesses and organizations have their own code of ethical conduct of ordinary employees in line with the organization’s mission and objectives. But these codes of conduct usually point to the particular morality and religious beliefs and culture of the people. In the United States, codes of conduct in the different offices and organizations coincide with their Christian beliefs and attitudes.

The codes and practices can make employees and managers live harmoniously and understand each other as well. Workplace becomes productive, including a valuable work and life balance. Ethics in business and in the office involves judgments or decisions of what is right and wrong. People have to be careful about it because it is the standard of morality that is always taken for granted. Since business people emphasize money and profits in business, they sometimes ignore the morality of what they are doing. The emphasis on ethics and social responsibility is to always reduce or minimize negative impact of business to society. If they talk about environment, they have to minimize the impact of business to the environment.

A true-to-life experience happened some years ago when a salesman (whose name is confidential) was involved in the real estate. It was one of his first jobs that allowed him to experience dealing with different kinds of customers. As a real estate agent, he was trained to convince people to buy this and that property. Business ethics though was still out of his mind. He was a new job seeker who wanted to get his commission, and he was struggling to make both ends meet. To make a long story short, he found something that changed the course of his life. There was one instance that his manager asked him deal with a piece of property. She said it would be worth their effort if they could sell it as soon as possible. But there is a catch. The manager knew that this salesman knew something about information technology. He had to do something about it – retrieve information from the files of the company they were dealing with.

The property was rather huge and expensive, and if he could deal it with less amount of time and effort, all their financial problems in the office would be solved right there and then. She asked for the services of this salesman because she said he was a good sales person, he had exceeded his quota, and she believed that he could do it because he was good in working with computers. Before embarking on looking for possible buyers, the salesman examined the papers for the property. He concluded that there was really something wrong, something lacking with the property – but if only he could download some information from the company’s website, that lacking information could be solved right there and then.

Later, the salesman found it one night as he was about to conclude one of his biggest deals that he could not do it. He did not push through with the deal as he knew it would lead to other mistakes in life. He was just starting his career, life in the business world was really hard. But he could have many opportunities that would come along.

He went to her boss and told her that what she was doing was wrong, against the law and against moral standards. She tried to reason out, but he did not give her a chance. He submitted his resignation at a time when he was trying to meet both ends meets. But that experience gave him peace of mind.

Not too long ago, business scandals and controversies hounded the business world, in particular, Wall Street. Major corporations like Enron and WorldCom were put into the spot light due to accounting scandals. Financial institutions were leading themselves – including top business executives – to downfall due to unwise unethical decisions on ‘the approval of mortgages and lines of credit to unqualified individuals and organizations’ (Reynolds, 2010, p. 280).

CEOs who are involved in the art of dealing with people should be able to impart their social responsibility and ethical standards in business. Training is an initial step in managing human resources. They train people regularly. New and old employees have to be trained and developed into good and efficient employees and leaders. Training involves imparting to office personnel and employees the code of conduct of employees, some of which include preventing sexual harassment, racial discrimination, sexism, stealing classified documents, etc.

Training and development is very important in handling human resource. This is where people start. Training is one of the key steps in the success of business. Managers and employees should regularly involve themselves in such an activity in order to be good leaders and employees. Training is an important step in teaching business ethics to employees and managers. Training does not stop in the training center; it goes all the way up to the workplace or office. Managers and ordinary employees should know how to respect each other, no matter of sex and age.

The unethical decisions of a few people have led to serious negative consequences and contaminated the business world. It had serious global impact. Moreover, corporate officers and top CEOs are going to prison due to unethical behavior which is considered a crime. Many organizations have reconsidered and reviewed their corporate laws and ethical standards so that their managers and employees are guided and work in a manner according to ethical norms. When using technology, they should do it in an ethical manner.

Case Study: Apple Inc.

Apple is one of the leading innovators in computer and emerging technologies. Awarded the Guinness world record for being the most popular technology marketplace in the world, the Apple features in its website is one of the most unique technology innovations in the twenty-first century. Another award was also bestowed on App Store’s video game store with catalogs such as ‘Beating Android, Xbox Live Indie Arcade, Steam and Wii Virtual Console’. (International Business Times, 2011)

Listen to this intriguing remark of Steve Jobs, one of Apple’s founders:

“The trouble with Apple is it succeeded beyond its wildest dreams. We succeeded so well, we got everyone else to dream the same dream. The rest of the world became just like it. The trouble is, the dream didn’t evolve. Apple stopped creating.” Steve Jobs was ousted by the board many years after he helped found Apple, but later came back to resurrect it.

When Apple Computer started its vision, everything then referred to technology; hence the name. But its makers and founders realized it has to be more than just technology. Apple has to survive as an organization to meet the needs of its customers not just in technical ways. It changed its name to Apple Inc., a more accurate and competing name. It is a leader when it comes to products and services. It makes use of the Internet a lot. (Linzmayer, 2004)

Apple started its humble beginnings in a garage, met ‘turbulences’ and tests along the way as an organization, and now it is a leader in the marketing of PCs, iPods, iPhones, and other high-technology materials of the new century.

Apple is a success story. In 2007, Apple was Number 1, 3rd year in a row, in the Top 50 Innovative companies in the world. Google Inc. (NASDAQ: GOOG) was Number 2, while Toyota was Number 3. (Dalal, 2007, p. 1)

Initially, it was named Apple Computer. How it got its name, and how it reached into the present state after all the turbulent years of competing with the electronics and computer business, is a story of the ups and downs of business. Apple was started by some young entrepreneurs such as Stephen Wozniak along with the other boys. Wozniak was an engineering student but withdrew from college and partnered with Bill Fernandez. They started to build computers in the Fernandez garage from parts rejected by local companies. They also recruited other computer enthusiasts at that time and so came Steven Paul Jobs. Jobs was more of a businessman than an engineer or technician at that time. But during the latter years up to today, he has remained with the company and led the company and its engineers in introducing new products such as the iphone, iTune, and other emerging technologies.

One time, Jobs needed parts for a class project, so he called up Bill Hewlett, founder of Hewlett-Packard. He got the parts and also a job at HP assembling frequency counters. Wozniak and Jobs got along together and soon the two peddled “blue boxes” designed and built by Wozniak. The handheld electronic boxes allowed “illegal phone calls to be made free of charge by emulating signals used by the phone company” (Linzmayer, 2004, p. 1). It is illegal, but it earned him some money and some reputation.

Wozniak was employed as a technical man at Hewlett-Packard. It was here that he gained experience in inventing new things for their new business venture. After dropping from college, Jobs worked at Atari, earning $5 per hour working as a technician. Atari’s Pong, a simple electronic version of ping-pong, became so popular in arcades and homes across the country, and Bushnell, Atari’s founder, wanted to come up with a successor. He wanted a variation on Pong called Breakout, and he wanted Jobs to design the circuitry. But then, Jobs asked Wozniak to do the job for him in four days. Wozniak was so happy to do the job, and after finishing it, gave it to Bushnell. Jobs paid Wozniak a check of $350, but then Wozniak discovered that Steve Jobs was actually paid $5000 by Bushnell, to his great dismay. But it was settled; the two didn’t just part, and for many a time their paths would meet.

Wozniak said that it was actually the character of Jobs – a business-minded character – who had worked in surplus electronics. Wozniak says of Jobs: “Steve had worked in surplus electronics and said if you can buy a part for 30 cents and sell it to this guy at the surplus store for $6, you don’t have to tell him what you paid for it. It’s worth $6 to the guy. And that’s what his philosophy of running a business” (Linzmayer, 2004, p. 4).

For Jobs, that is business. And that is how they started Apple. Wozniak and Jobs regularly attended Homebrew Computer Club or Amateur Computer Users Group, in Stanford Linear Accelerator Center auditorium in Palo Alto, whose young members were hobbyists who dreamed of building their own computers. They focused around the $175 Intel 8080 chip at the heart of the Micro Instrumentation and Telemetry Systems (MITS) Altair 8800, the world’s first kit computer. Intel’s microprocessor was impressive but expensive.

Jobs thought of the name Apple for their new computer company, for he was still involved with a farm. They now named their partnership Apple Computer, but they thought of Apple Records, the music company of the Beatles, for which they could have a problem with copyright infringement. They sought the help of Ronald Gerald Wayne, the Atari video game maker’s chief draftsman. Jobs offered Wayne ten percent to become a partner in Apple; Jobs and Wozniak split the remaining 90 percent of the shares.

Wozniak improved the original Apple Computer by solving the data entry problem with a simple card worth $75. This was plugged into the computer’s sole expansion slot, and also allowed the loading of programs stored on standard audio cassettes. Wozniak successfully worked on an improved Apple II. However, this was more expensive than their original computers.

Apple Marketplace

The many complexities of selling and buying and downloading movies, iTunes, and other features of App Store, have been simplified by this one of a kind virtual marketplace. Apple’s website has several stores; one is the iTune Store that leads to different sections. The customer can also use mobile gadgets to search the App Store. The iPhone and iPod Touch are linked to the Store.

As per record from its database, in 2010 there were over 10 billion apps downloaded from the Apple Store. The download actions emanate from approximately 160 million owners of iPhone, iPod and iPad. The App Store has more than 350,000 downloadable apps available to 90 countries. There are more apps added. Categories range from games to business, news, sports, travel, and so on. (M2 Communications)

There are downloadable games, tunes and music, productivity tools and whatever there is at the App Store. Many customers, if not all, find the App Store amazing. There are many active Apps in the App Store and more are added every day. The App Store is quite easy to navigate and also enjoyable. With the right connection, a Wi-Fi or 3G, one can connect quickly to the App Store.

The Home Page has soft keys and one can scroll down like the way in the iTunes. An App can be interesting but there are ways to find out if a customer really wants it. By touching and flipping, customer can find what he/she is looking for. There are categories, and a choice has to be made which to prefer, whether it is for Games, Finance, Photography, and many other categories, or any kind one can choose from. After having picked the right app, one can download it right on to the iPad. A button will tell whether the app is free or a price is displayed. By touching the button, one can install the program quickly.

The Genius Bar is one of the most important and fascinating features in the App Store. It can enhance music and video. The Genius feature in the website can be accessed by doing the following steps:

  • In the navigation bar, the Genius feature can be turned on by clicking on the button;
  • The Genius can provide the playlists and go over the songs one may have downloaded and currently present in his/her library;
  • Next is to log on to the iTunes store.
  • The Genius will ask the user to agree to the license agreement.
  • One can also choose to ‘Update’ the Genius when he/she has already downloaded many songs and videos in the library.

All product-related questions and problems are addressed by the Genius Bar who is actually a staffer or a trained employee of the Apple Stores.

Apple’s website is a state of the art that showcases some of the best desktop video in the world. Individual customers, major studios, and permanent customers go to their websites to preview million-dollar movies. From the Apple website, trailers of some of the sci-fi blockbusters like the ‘Star Wars: Episode One’ and the ‘Lord of the Rings’ have been downloaded for over 25 million times and 1.7 million times in a single day, respectively.

Investigating Apple’s website, one can see an enormous array of products for the taking: iPhone 3G, iPod shuffle, iPod nano, iPod classic, iPod touch, Apple TV, and the Mac family. They also have Staff Picks, various accessories, CDs, etc.

The Mac family, the iPod family, iPhone, and iTunes, are relevant in the present generation. What is important is Apple’s choice of demographics. These kinds of products are important to the young who value music with accompanying video. Apple has tapped the emerging market with emerging technologies powered by the Internet. There is no other more important innovation than this. And it has given Apple billions of profits.

What is important in Apple is the internet. Downloading, buying apps and various products through online store is a new technological innovation. This researcher can just imagine how secure the Apple website and its online store. How secure is buying and downloading? How can a customer be sure that his/her personal information in the App Store is secure from hackers? What virus protection software is Apple using?

These questions are still hanging in the air simply because most answers are left for the customers to guess. The question of privacy is one of the unanswered questions. It is a fact that once Apple’s systems keep records of customers’ data and information. In fact, most organizations that have the capability to keep records of customers in their systems do it as part of customer service, or to improve their service-oriented business.

How safe are the information records of Apple? How safe are customers’ emails from spam messages as an outcome of sharing their personal data and information to Apple?

Yes, there are safeguards. But while there is ‘good’ technology, there is always the ‘bad’ one. In a recent news from the Web, Apple has been described as a victim. It was reported that stores selling Apple products are found in China, but the stores are described as ‘fake’. China is known for counterfeit products in many parts of the world. (Associated Press, 2011)

Case Study: Sony Corporation

Sony Corporation is another organization which is technology-based and has technology as the life-blood of the organization. Based in Japan, its roots can also be traced back to the traditional concepts of kaizen. It has gone global, penetrating global markets and almost every corner of the globe. Its use of information systems is another model worthy of scrutiny and investigation.

The company considers their employees as “the most valued asset” (Pattanayak, 2005, p. 3). The employees are considered a part of the organization. Founder Akio Morita says that their company treats the employees fairly and that they are very valuable to the organization. The magic is in how they treat their employees.

Sony’s recruitment and selection of personnel follows the ethnocentric orientation. The top management of Sony prefers to appoint parent country nationals (PCN) to managerial positions at their branches and subsidiaries. Lower level positions and jobs are being filled up by local employees. This set up is being followed by the US Sony Corporation. For example, the Sony Corporation of America, which is owned by Sony Corporation of Japan, takes care of local HRM functions, but international operations are being handled by top Japanese executives. (Aswathappa and Dash, 2008, p. 138)

This kind of set up has both advantages and disadvantages. An advantage to this set up is that PCNs have the knowledge and familiarity of the organization’s goals and objectives, along with the home country’s orientation and background. But a disadvantage is the PCN’s lack of knowledge to cultural needs of the local population. The manager who comes from Japan will have difficulty in responding to the problems of employees. This manager has to undergo cross cultural training in order to be responsive to the needs of the local population.

The strategies of Sony are rooted in the Japanese skilful management of human resources. Sony focuses on its valuable asset, the people who commit themselves to pursue the goals and objectives of the company. Sony empowers it employees who in turn give back by serving their customers to the best of their ability. This could be one of the reasons why they choose the PCN model, or the parent country national. Managers are Japanese nationals who know the objectives and the psyche of the Japanese people for service and quality. Managers of this type do not deliver low cost and products with less quality. These managers are used to quality products and quality service. They have the ability to make good and precise decisions in problematic situations. They ensure that the interests of the company are protected.

The case studies, Apple Inc. and Sony Corporation, are two contrasting management models; contrasting in the sense that Apple Inc. is an American company while Sony is a Japanese management model. But what makes the two an interesting topic for discussion is that they are both successful in management, the American and the Japanese.

During the early stages of the practice of HRM and later the immergence of international HRM, there were clear differences between American and Japanese personnel practices that led to a more integrated strategically oriented system for managing employees. (Cray and Mallory, 1998)

Before this time, during the early years of the post-war development of the modern international corporation, organizational structures evolved slowly in response to geographical and market diversity. It was easy for management to change structures incrementally. But now changes in the organization are based on complex environmental factors. International human resource management has a big role to play in the new global setting. By making full use of human resource, a firm will attain competitive advantage.

Human resource management seems to point its origin to the American concept. But like quality management, the Japanese have perfected it, or at least, made it a part of their operational practices. Due to rapid growth in industrialization and the emergence of globalization, there’s a renewed interest on this phenomenon. Organizations and businesses have become global as a result of technological innovations, and the introduction of more development in communications and transportation. Companies need personnel and departments in order to grow in this so-called global village. But companies and organizations also have to belt-tighten, lower operational costs and minimize wanton spending. What they need are more personnel with less costs for the hiring and training of these personnel.

Most of the business functions and responsibilities cannot anymore be performed by existing departments with their limited personnel. Companies have to create more departments, recruit more personnel, and add more duties and responsibilities. They need middle- and low-level managers and staff to answer to customers’ demands.

In the business world today, outsourcing is almost ordinary as any other function of business. Advancement in communication has allowed everyone and every business organization to be connected to the world anytime. The world has never been tightly interconnected as it is today. These connections have been realized at almost no cost to the customer and at a reasonable cost to the supplier.

HRM is continuously challenged with the operational activity of the organization. Firms have to hire and employ personnel with the necessary expertise. There are changes, paradigm shifts, new industries formed in the process, and more challenges occur as new culture in the workplace is introduced. Human Resource strategy plays a more significant role in the implementation and control of the international firm.

Apple and Sony have both technology as their product but they also use their product to care for people. They use HRM to further their objectives. Although they have different management perspectives, styles and ways of handling human resource, both global organizations have been successful in their own right. Sony Corporation under the Japanese model is said to be way behind the United States who first started it all. However, the Japanese have implemented strict guidance which allowed their businesses to succeed in the age of globalization. This can also be related this to the concept of total quality management (TQM). The Japanese learned it from the Americans, but they are now leading in the implementation of TQM in business and manufacturing.

The Need for Security Audit in Organizations

Over the years, information security has been much improved but many information systems are still vulnerable to attacks from outside sources. Advances in security include applications of subject/object access matrix model, users’ access control lists, multi-level security with the use of detailed information flow, public key cryptography, and many more. Application of security set up needs time and has nothing to do with the output needed from the IS application and, therefore, if the set up has not enough security measure, no one will notice that an attack has been committed unless an audit is executed. In this case, a regular internal audit is required for information systems in each organization.

Security audit is best practice and a requirement for ISO certification. This is defined in ISO/IEC 18028-3, which has a subject on IT network security. Audit is defined as:

“… formal inspection and verification to check whether inspection and verification to check whether a Standard or set of Guidelines is being followed, that records are accurate, or that Efficiency and Effectiveness targets are being met. An audit may be carried out by internal or external groups.” (ISO 2700 Directory, 2009, cited in Suduc et al., 2010, p. 45)

Security check should be constantly monitored on these three areas: user access control, audit trail, and monitoring of system activity. The steps required for implementing security are:

  • Authenticating principals, to answer questions on “Who said so?” or “Who gets the information?”
  • Authorizing personnel who have access for such information (“Who has the authority to do it?”
  • Auditing the actions of people. (Suduc et al, 2010, p. 45)

The function of the user access control is to maximize productive computer time, eliminate error and fraud and unauthorized downloading of confidential information. There is also the necessity to monitor the system regularly as there is a chance of attack, like sabotage and fraud, if the system is too permissive.

Questions to ask to anticipate possible areas of risk are:

  • Is this possible here?
  • How is it possible?
  • What are the security measures? How can security measures prevent and detect the attack?
  • How can system security be improved?

These measures have to be applied permanently and regularly, while prevention and detection must be implemented at the soonest possible time. A significant security measure is to maintain a record of personnel who are doing activities in the computer system. The system auditor has to know all possible information in order to institute the necessary security measures.

Objectives of a security audit:

  • Check the existing security measures, standards and policies;
  • Determine what inadequacies and security loopholes are in place and examine the effectiveness of such standards and policies;
  • Identify and determine the possible vulnerabilities on the system;
  • Review security measures that are in place with respect to the different functions of management and ensure that these functions follow security standards;
  • Provide remedies and solutions to existing security problems.

Security techniques should be applied in accordance with the type of risk threatening the system. To protect the system, the effectiveness of security measures must be determined through a security audit.

Security Audit Process
Figure 7: Security Audit Process

Computer Forensics

This is a term that applies to computer investigation and analysis to gather potential evidence in the fight against computer crimes. The FBI has been in the forefront of establishing computer forensics laboratories throughout the country and is continuously training and building up more agents who can be experts in the field of computer crime prevention. (Erbschloe, 2005, p. 2)

According to Haggerty and Taylor (2007), computer crimes may be classified into three types: the computer is the subject of the attack, the computer is being used in committing a crime, or it is being used as a repository to the commission of a crime. Investigation of computer crimes is therefore wide and complex. It takes a lot of time in analyzing the data and evidence gathered in the investigation.

The internet is also being used by criminal elements. Criminal activities made easy with the use of the internet involve drugs and pedophile activity. Children are made to pose naked on some pornographic websites. While legitimate business can be conducted on the internet with the whole world as the marketplace, criminal elements can also do with ease, speed and comfort. This is a major challenge to law enforcement agencies. Investigation and analysis of the big volume of evidence is an enormous task. But analyzing evidence may not be a problem; finding real and substantial evidence can be a problem. Criminal elements have some of the best creative minds, and so law enforcers have to find them and be creative too in finding the trail of the crime.

Searching for evidence in the hard drive is an investigation technique. This takes time and being done manually. The investigator takes an image of the hard drive and tries to retrieve a copy of the original evidence. A logical structure of the file is created. A forensic analyst is able to view the files – even deleted files can be viewed. These files are properly recorded to be made as evidence, and information on time of investigation, investigator’s name, and file information are properly labeled and recorded for court evidence. (Haggerty & Taylor, 2007, p. 2)

There have been attempts by law enforcers to improve the process of investigation in retrieving data from computers because the process described above is laborious and time consuming. Some attempts involved a comparison of existing MD5 file to the file on the hard drive. But the process still needs further improvement. The speed of investigation in the search for evidence in the hard drive has to be improved much. The forensic investigation can be improved by automation, and this needs software to do the trick. (Haggerty & Taylor, 2007)

Designing Information Technology

For Organizations and Government


Fifty percent of capital spending is devoted to IT-related expenses (Reynolds, 2010, p. 24). Because of this reality, organizations demand and have high expectations for a good return of investment on their IT systems. For one, organizations spend about one to six percent from their entire revenues on IT related activities and equipment.

IT spending based on industry
Table 4: IT spending based on industry

Based on the findings shown in Table 4, the industry sectors in financial services, telecommunications, and professional services got the highest percentage spending on IT, followed by health care, insurance and utilities, with retail and construction having the lowest in IT spending. The overall average in percentage spending on IT was 3-6 percentage.

IT spending based on size of firm
Table 5: IT spending based on size of firm

Table 5 shows percentage of revenue spending on IT with respect to size of firm. Small firms have higher percentage of revenue spending on IT, followed by medium firms, while large firms only spend 3.2% on IT.

Smooth Introduction and Adoption of IT

Designing means implementing first a smooth transition and adoption of an IT infrastructure. This means adjustment and accepting changes from the traditional to a more technical job of the voluminous work involving paper work, copying and editing of documents, and/or coping with the new processes in the workplace.

Organizations and their people have to implement changes in their infrastructure with the advent of the information revolution and globalization. These changes range from processes to worker roles and responsibilities and other management styles like reward systems and decision making. For some IT systems, a few changes might be needed. But for others, a great change can be considered monumental. Some organizations who have implemented IT infrastructure in their systems fail in their attempt because of the refusal of their employees to adapt to and accept change. Change is a part of human activities, but it is human nature to resist change.

Human nature is complicated – it is filled with emotions and feelings. In an organization, there are complexities, errors, and successes, because organizations are manned by humans. Activities and phenomena create theories. But theories are formulated by humans who commit errors. In the course of time, these theories seem to rule over their behavior and activities.

Experience in life is filled with change – positive, negative, environmental factors, genetic make-up. All are changes; all change. Scientific evidence has proven that people change over a course of time because of mere genetic considerations. What more with ideas and experience? They change over time. People may agree today, they could be opposites tomorrow.

Change occurs inside and outside organizations. Technological advances, political factors, laws, social and cultural influences all contribute to change and create ambiguity in organizations. Leaders have devised all sorts of ways on how to manage change, and so do managers. The one and innovative way managers and leaders have devised to counter change and ambiguity is to effect strategic change. This technique is a step by step process in business organizations that tend to define the circumstances, peoples and leaders, and various aspects of the business environment.

People who tend to like change are those who may have changed the world. Many of them are not the ones who are popular, but quite a few effected change and their inventions became more popular than their personality. They are leaders in their own right, quiet and unpopular, but effective.

There is Malcolm McLean who introduced containerization or the shipping of voluminous loads and cargo through containers. It was the start of containerized shipping. Henry Ford and his ‘Model T’ started the mass production of cars. Ford pioneered in the concept of the assembly line in the automotive industry. He installed conveyor belts, allowing workers to stay in one place. He shortened the working hours of workers, and his factories operated round the clock. With his innovations, the company was able to mass manufacture cars. His innovation and leadership changed the traditional concept of production. (Maxwell, 2008)

Change in organizations is inevitable. People encounter, introduce, and cannot avoid change enforced upon them by time and situations. The most reasonable thing that can be done is to manage change. To manage change, organizations prepare their employees and workers in various ways: orientation, on the job training, training and development, and so forth. Some of these methods are institutionally programmed, but change is sometimes spontaneous, difficult to penetrate and encounter.

Employees and workers have to be well-equipped in the knowledge economy with the necessary mental, physical and psychological abilities. Employees equip themselves with lifelong learning in the midst of the knowledge economy. Individuals should be ready for battle and their weapons are their knowledge, talent, capabilities, and experience to combat the multiple forces of modernity and technology. Organizations depend much on the workers; workers depend on organizational knowledge.

Change management does not have any particular correct way of doing it, though it includes a number of social science disciplines and traditions in theory and practice. It is also difficult to find out the origin of change management. (Burnes, 2004, p. 261)

Managing change is explained by a philosopher of life, the Greek philosopher Heraclitus. He related the anecdote about one’s stepping on the river twice. Heraclitus said that one can never step on the same river twice. There is more than one interpretation to what philosophers or common people think and say. One interpretation to Heraclitus’s words is that the river is always changing and when the person steps on it the second time, the river has changed. Another is that the one who steps on the river is surely a changed person the next time around even if the lapse of time is just a few moments. Life is not always the same – a second or a minute from now. The world revolves and we go along with it. Simple life has changes every time, the more with organizations with its complexities and compositions.

Technology has brought about related phenomena, activities, a new form of industry, and of course changes. ‘We are now living in a globalised world’ seems to be a favorite catchphrase among authors and writers, and applicable to businesses and organizations because transactions can be conducted at an instance.

Companies need personnel and departments in order to grow in this so-called global village. But companies and organizations also have to belt-tighten, lower operational costs and minimize wanton spending. What they need are more personnel with less costs for the hiring and training of these personnel.

Most of the business functions and responsibilities cannot anymore be performed by existing departments with their limited personnel. Companies have to create more departments, recruit more personnel, and add more duties and responsibilities. They need middle- and low-level managers and staff to answer to customers’ demands. Because of this, downsizing comes to the aid of organizations struggling in their finances.

There is a lot of challenge put on the shoulder of the manager which puts his expertise to the test. Along with this line of thought is the concept on comparative human resource management that explores the extent to which people differ between different countries or between areas within a country or different regions of the world.

There are more changes when the organization begins to expanded to other countries. Managers and employees have to adjust to an organization with different cultures. An organization in another environmental setting will create a culture by itself that will have to cope with the existing culture of another country.

There are various reasons why people resist change. Some resist for parochial self-interest reasons. According to Reynolds (2010), people feel the effects of change on themselves than how change affects or can improve the processes in the organization. Another reason is misunderstanding. People do lack the knowledge associated with change. Third reason to resist change is low tolerance to change. Some people are insecure in their job. And the last reason is different assessment of the situation. Some employees do not really support the process of change. (Reynolds, 2010, p. 25)

Planning Strategies

Information Systems Planning has been used by organizations to transcend from the old ways of functioning to new technological means. This is planning information systems and technologies by involving IS designers, developers and users. It is a process of defining the goals of using information systems and identifying the most appropriate areas and applications for the implementation of information technologies (Earl, 1993; Galliers et al., 1999; Lederer and Salmela, 1996; Piccoli and Ives, 2005; Robson, 1997; Córdoba, 2007, p. 910).

The focus is on the critical issues of planning and designing. Technology is a tool and a part of the worker’s lives in the workplace; thus this has to be properly and meticulously studied to enable the organization to function smoothly, and answer the needs and wants of the customers.

During the late 1990s, IS planning started to emerge focusing on organizational capabilities in using systems and technologies. The thrust was not on achieving advantages (Ward and Griffiths, 2002 as cited in Córdoba, 2007, p. 910).

Information systems are planned in accordance with business objectives of the organization. Information System planners have become ‘more involved into developing skills and competencies in people, so they can make better use of their systems’ (Piccoli and Ives, 2005, cited in Córdoba, 2007, p. 910).

Planners should be creative enough to find new ways and technique for an effective information system. IS planning is focused on improvement and survival of the organization. Activities in the planning process include dialogue among employees who plan and conduct researches and strategies. Finding meaning of value opportunities is also another activity.

An important feature in the planning process is critical analyses. It involves strategizing plans and visions which are a part of organizational culture. Critical scholars ‘find ways to uncover the ‘what is’ of situations (e.g. how individuals are being limited in order to work towards ‘what it should be’ for them via securing a more rational and democratic workplace’ (Alvesson and Willmott, 1996, as cited in Córdoba, 2007, p. 910).

Planning also involves Critical Systems Thinking (CST). CST is defined as ‘a research perspective that encourages stakeholders’ understandings prior to the selection and implementation of systems methods’. CST involves a continuous dialogue between researchers and practitioners who are concerned with generating ideas and concepts to improve social design (Midgley, 1996, as cited in Córdoba, 2007, p. 913).

There are two main aspects of critical systems thinking perspectives:

  1. One aspect concerns with methodological pluralism and ‘critically informed practice which has found ‘rigour’ (Tsoukas, 1993; Willmott, 1997, as cited in Córdoba, 2007, p. 913); and
  2. Another aspect is termed ‘boundary critique’.

According to Churchman (1968, 1970 cited in Córdoba, 2007), a system boundary is ‘a social construct that defines the knowledge and people to be considered relevant in a social design” (p. 213).

Information boundaries have to be clearly identified. This is one of the most challenging tasks of IS applications. Corporate information systems should have definite boundaries and there should not be an overcrowding of the system, like too many hardware or software.

When boundaries are shifted, even the understanding of who constitutes a genuine decision maker in a situation can change. Based on this idea, planners need to challenge their views about a situation, including their most cherished assumptions. This is sort of brainstorming, but is actually more than brainstorming. However, the situation maybe the same if the aim is to find a solution to a problem, or improvement of a given situation or scenario. Planners may find themselves debating, but they have to find improvement. Churchman, who termed it boundary critique, argued that the process requires that people ‘sweep in’ different views from different groups of stakeholders, to foster dialogue and mutual understanding. This way, viewpoints for the organization and future generations could be attained.

Critical thinking can be used on system boundaries by encouraging those involved and affected by a situation to reflect on a diversity of views or knowledge sources, and to debate about sustainable improvements. The emphasis on processes of inclusion, exclusion and marginalization can help planners to consider the implications that plans and the process of generating them could have for a variety of stakeholders, including those which are not really a part of the original ideas and discussion. Midgley (2000, as cited in Córdoba, 2007, p. 915) provides the approach to boundary critique, with the following questions to be asked to support critical reflection in a process of IS planning:

  • “What is the purpose or end of IS planning? Are there other purposes being marginalized?
  • “Which level of analysis and intervention is/ought to be chosen?
  • “What and whose values drive/ought to drive the definition of plans?
  • “What about certain values being marginalized?
  • “What and who is/ought to be included? What/ and who is/ought to be marginalized from the process? Why?
  • “Which methods are/ought to be privileged during the process? Which methods are/ought to be marginalized during the process? Why?
  • “What could be the consequences of any action for groups of stakeholders in the wider society?
  • “What possibilities for action are/ought to be available?
  • “From whose point of view are we/ought we to be answering the above questions?” (Córdoba, 2007, p. 913)

From the questions above, the strategist can develop opportunities to reflect on wider concerns that need to be addressed in the planning process. This should lead us to ‘push out’ what is known as boundary judgments about IS planning and account for potential implications that judgments could have for the implementation of initiatives. With these ideas on boundaries, exclusions and marginalization, critical questions can be developed in IS planning with a view of making it more inclusive and reflective.

Critical Systems Approach to Information Systems Planning

This is known as critical systems approach because it provides emphasis on the different aspects and ideas about information systems, on the different ideas and other conflicting notions that run counter to these ideas. This encourages debate and reflection on the issues at hand, and of opportunities for improvement.

The approach allows stakeholders to be involved with their own concerns and the organization’s. The approach can also include the use of a variety of systems methodologies like soft systems methodology (Checkland and Poulter, 2006, as cited in Córdoba, 2007, p. 913), or any other used for organizational inquiry.

It also includes examining boundaries that are adopted when using them. Some boundaries can be adopted by following a methodology as a ‘neutral’ set of guidelines; others define who is to be involved and affected and thus, critical reflection on the impacts on their adopting should be exerted.

A theory that involves this aspect is the theory of autopoiesis, which aims to foster mutual respect, openness and learning among different stakeholders (including researchers themselves) which can then help them in dealing with potential conflicts throughout the planning process. According to Córdoba (2007), the word ‘autopoietic’ is roughly defined as ‘self-producing’ (Mingers, 1995), and ‘an autopoietic system is one that seeks to maintain itself as a unity with a particular organization that gives the system its identity.’ The environment can trigger changes in a system but it cannot cause them. (Córdoba, 2007, p. 916)

There are two main orientations in the approach: distinction and dialogue for improvement. Distinction means to identify a variety of issues of concern held by participants in the planning process. A possible way to start this enquiry is to ask people how they would like to live in society, and how organizations can contribute to support them in achieving this. (Córdoba, 2007, p. 913)

Software Planning

Software architecture planning is a major activity in software architecture. There are many features and so-called dependencies in software architecture that many things depend on planning. Planning is a part of software development.

Early planning of software projects is described in the IEEE Standard Glossary of Software Engineering Terminology as further elaborated in Software Engineering Body of Knowledge (SWEBOK). SWEBOK has been applied in the curriculum of software engineering courses, both for undergraduate and graduate levels. (Greer & Conradi, 2009, p. 356)

The SWEBOK guide provides: ‘determination and negotiation of requirements, analysis on feasibility of the framework and process in which the review and revision of requirements is conducted’ (IEEE Computer Society, 2011). The SWEBOK guide also assumes that the software project has already been started as the software planning activities have already been started.

As in traditional approaches, systems analysis includes feasibility stage. Feasibility studies are a part of the methodology portion. The dynamic systems development method has a description of the feasibility study including such topics as unified process (UP) which relates about the ‘inception’ phase; while the extreme programming planning provides description of areas like ‘user stories’.

To state it plainly, software planning is influenced by the kind of software process chosen for the organization and how much planning should be done is determined by the organization and the planners themselves.

Feasibility Study

Feasibility study is conducted to determine the viability of the project and to obtain planning data for the software project implementation. Feasibility refers ‘to an assessment of the product/project against technical, operational, financial and social/political criteria’ (Greer & Conradi, 2009, p. 356).

Feasibility study therefore is assessment of the various factors that will affect the project in its future operation. In this stage, there may be reasons or decisions that will lead to an early cancellation of the project and so minimal costs will be attained. But if the project is decided to proceed, an estimation of the various parts can be conducted while opportunity for more planning is obtained.

Planning also involves determining the software scope (Pressman, 2004 cited in Greer & Conradi, 2009, p. 357). Once the scope is determined, cost estimation can easily be conducted and attained (Putnam and Myers, 1997 cited in Greer & Conradi, p. 357).

Once the scope has been given, it is now imperative to decide the type of software process to be used for the organization. This includes what development methods and tools would also be used. This part of the planning – the selection of the software process models has been considered a problem by planners and programmers. Sadraei, Aurum, Beydoun, and Paech, (2007 cited in Greer & Conradi, 2009) argued that empirical studies have shown that ‘there is a non-conformance between defined software process models and enacted software processes’.

What are the deliverables?

To determine what the deliverables are means to look at the design of the IT infrastructure. Some existing in-house software could still be used, or components of commercial-off-the-shelf (COTS) can also be made use. Selecting or choosing the parts to make a whole of the software package can surely impact the planning of the software project. Determining the architectural composition is one of the proposed software is one deliverable. (Greer & Conradi, 2009, p. 357)

Another aspect of planning is the so-called release planning. This is the time when a functioning software is ready to be delivered to the customer. Release planning is also an important activity of the planning efforts.

Risk Management in Software Development

Risk management in software development involves dealing with the possibility of failure in the development of the software architecture, or the possibility of failure.

As discussed in IT Risk Management (Chapter 4), risk management involves analyzing and controlling risks in software development.

Greer and Conradi (2009, p. 358) argue that: ‘When deciding upon a software project, risks are highly relevant since, by definition, they may negatively impact upon the development cost and therefore threaten the validity of any cost-benefit analysis carried out.’

The six stages of risk management in software development include:

  1. ‘Identification
  2. Assessment
  3. Prioritization
  4. Management planning
  5. Resolution and
  6. Monitoring’ (Boehm, 1989 cited in Greer & Conradi, 2009, p. 358).

Boundary Critique

Another theory associated with IS planning is ‘boundary critique’. It was first introduced by Ulrich (1996) which relates to the work of Churchman (1968, 1970 as cited in Córdoba, 2007, p. 913) which states that ‘a system boundary is a social construct that defines the knowledge and people to be considered relevant in a social design’. What makes an improvement for a particular group of people might not be called improvement if the boundaries of analysis are ‘pushed out’, meaning they are not analyzed and recognized. Based on this theory, Churchman relates that planners have to analyze and carefully address their view about a situation, including their assumptions which they have painstakingly formulated before. If their assumptions and theories can pass through a rigorous discussion and debate among peers and other individuals who are also involved in that situation, then that’s the time they can pursue on genuine improvement.

From this time on, the work of Churchman has been considered seriously and taken to different directions, and an important development was the introduction of dialogical methods to provide more debate on systems boundaries including the different assumptions on it (Mason and Mitroff, 1981; Ulrich, 1983 as cited on Cordóba, 2007, p. 913).

Some other ideas related to systems boundary include value judgments and individual assumptions. Theorists adopt critical theories to facilitate dialogue and debate on boundaries to involve other stakeholders. System boundaries include several stakeholders, for example those who should be involved in the plan; those who will be affected; and those who are considered experts, and considered decision makers. This makes the plan sustainable in the long run. (Ulrich, 1983, 1993 as cited in Cordóba, 2007, p. 913)

Information Technology

Enterprise Architecture


American innovation is the name of the game. This is what Americans were famous for, and this is what Americans should focus on after combating the recent world economic crisis and the recession. This too was the focus of Obama’s State of the Union address last January of 2010. (Zakaria, 2011, p. 40)

Everyone seems to suggest that innovation is the key to America’s coming back to life again. Leading companies in America that survived the recent recession have been considered leading innovators of the twenty first century. Consider Google and Apple. Google’s mission is to be in the forefront in information revolution. It is now the main gateway to the digital world making knowledge available to the world. Its name has become a noun and a verb – “Google it!”; meaning one can use it and search the meaning and the uses of every known and unknown word in the world.

An example of successful enterprise architecture, Google has proved that it can handle billions of searches over the Internet every single day. It has surpassed its rivals Yahoo! and Microsoft in the field of information technology. Google uses advertising based on a combination of ‘web page ranking mechanism’ and target advertising. (Reynolds, 2010, p. 253)

Using Google web searches is free but advertisers pay Google to match consumers’ important products and services. Targeting audience is effective. Google’s powerful web platform rests in its well-designed infrastructure architecture which ‘consists of a vast array of interconnected computers and software systems hosted by a large number of regional data centers’ (Reynolds, 2010, p. 254).

Google’s architecture enables it to run its core business processes, and receive and dispense with huge amounts of data in its vast databases. This database stores information about customers, searches, emails, and many other activities.

According to Reynolds (2010, p. 254), ‘The enterprise architecture is designed to access new Web content continuously, index the content, and manage the advertising business, thus freeing up Goggle employees to perform high-order thinking and pursue other innovations.’ This is the reason why Google can continuously go for other activities like innovation – its employees are not so preoccupied with the normal flow of activities.

Google’s important in-house features include Google Earth. This is combined with Google Search and satellite technology that produces images, maps, buildings and other landscapes presented in a three-dimensional platform. The world’s geographic information is then easily put to the clients’ usage for free. YouTube, a popular site for video clips and frequented by millions of viewers as a sort of entertainment, is one of the many Web features acquired by Google.

Enterprise Architecture

This refers to a set of models describing the technical aspects of an organization’s strategies and processes. Google’s architecture, for example, involves a connection of about half-million servers. Google’s set-up follows the tenet “form ever follows function” which defines the organization’s form or architecture and the customer’s need for functionality. This functionality is all about “purpose, utility, and desired value”. (Reynolds, 2010, p. 254)

Challenges confronting an Enterprise
Figure 8: Challenges confronting an Enterprise

The organization’s desired business processes should meet the customer’s functionality. The business processes provides the form as organizations should provide the necessary and proper architecture that satisfies customer demands.

Enterprises today face countless challenges that infrastructure architecture is more of a necessity than a luxury. These organizations have to keep pace with the demands of the times or they lag behind and perish.

As previously stated, organizations, such as the enterprise, are confronted with many challenges as a result of globalization, emergence of technology, and the countless changes occurring in the new century. Enterprises want to survive in this new global setting. Agility is a required trait for new enterprises. This means they have to quickly adapt to the global environment where adaptation and standardization sometimes overlap.

There are many barriers and problems enterprises have to cope in this new business environment:

  • Being unaware of the qualities and nature of their own products and capabilities, and their own internal infrastructure,
  • Agility was not very much demanded in the traditional sense, for what traditional organizations focused on were efficiency and effectiveness,
  • There is no common understanding among different stakeholders of the organization,
  • Organizational structures are more focused on the technological, social and cultural aspects of the environment – or the external factors,
  • There are duplications in the IT infrastructure. (Op’t Land, 2009, p. 7)

Clients want more of their money, they demand so many things. Customers have become ‘powerful’. The new paradigm shift is to satisfy customers in order to attain loyalty. The new trend of business today is to satisfy the company’s customers.

Enterprises also see growth in size – or, to grow means to become big. Therefore, many organizations resort into mergers and acquisitions. Many of these organizations collapse in their quest to become big.

Developing enterprise architecture requires a big plan just like building a city. In developing a city, the planner needs to layout the streets, schools, public buildings and structures, highways and airports. The plan includes layouts, blueprints of the highways and public buildings, and many other models. Computer simulations are needed in planning a city.

Enterprise architecture utilizes a software known as the Unified Modeling Language which has features that refer to planning, specifying, constructing and documenting. It can be applied with other web-based systems available from Google such as three-dimensional models. UML is for specification and documentation of client instructions and preferences. After this, the builders and programmers can use it and the architecture can start. In the words of Reynolds (2010, p. 263), ‘The key objective of enterprise architecture is to build a foundation that will enable change and meet the next generation of needs.’

Case Study: The Boeing Story

The Wright Brothers invented the first airplane, fixed-wing and were the first ones to fly it. After years of experimentation and several test flying, they finally made their first airplane known as the Wright Flyer in 1905. The basics of building an airplane during the years of the Wright Brothers until today are almost the same but the methods used and the parts and assembly are very different. New airplanes and jet planes are built with more sophistication, added with IT and software to enable builders to make precise parts.

Around the year 2009, Boeing planned to build the 787 Dreamliner, a high-performance and low-emissions airplane. This project of Boeing needed a great amount of planning in the design and actual building. The Dreamliner was designed to use 20 percent less fuel than other airplanes, using two engines from General Electric and Rolls-Royce. Its fuselage would be made of lightweight composite material with a simplified assembly. Boeing can assemble one plane every three days. This is an example of innovation on a complex product. (Reynolds, 2010, p. 246)

Information technology provided the tool and resource for Boeing with the same level of sophistication. Information technology provided the tool to build enterprise architecture and enable the assembly of sophisticated components. Without enterprise architecture, Boeing could never have done such a great task of building a sophisticated jet like the Dreamliner.

Case Study: JetBlue Airways

Enterprise architecture that is not properly implemented and effectively managed can result in service outages, a lot of failures and problems in the processing of products or in the supply chain. Security is also of paramount importance in this enterprise architecture.

An example of enterprise failure is the case of JetBlue Airways. The fault of the managers and officials of this company was not implementing adequate enterprise architecture. In February 2007, the airline company was forced to cancel a large number of flights due to extreme weather condition – severe ice and snow storms. A big mistake was committed by JetBlue Airways officials when they did not provide advance information on the cancelled flights, forcing the passengers to wait for as long as 11 hours in grounded airplanes. This problem was the result of wrong implementation of enterprise architecture, or an architecture that was not properly in place. Proper passenger and crew rescheduling should have been done by the system. Schedules of off-duty crews including pilots and flight attendants were properly programmed. (Reynolds, 2010, p. 255)

Moreover, the company’s reservation system was a mess: employees were not trained to conduct reservations of passengers. There was no baggage tracking system capable of dealing with the problem. CEO David Neeleman’s public apology was later posted on YouTube. It was a disaster for the company. Other airline companies were able to cancel their flights earlier and were able to take solve the problem of congestion beforehand. Baggage tracking systems were also in place by other airline companies. (Reynolds, 2010, p. 256)

With the many problems in running businesses and organizations, a viable enterprise architecture is a necessity. Through enterprise architecture, companies can increase employees’ effectiveness by motivating them to be creative and dedicated to their jobs, and aim for customers’ satisfaction in the short and long run.

The Microsoft Experience

This is focusing on the Microsoft experience, especially on its launch of Windows 7 and the almost ‘failure’ of Windows Vista, two of Microsoft’s series of operating systems that are now in use by millions of its customers especially the demanding global market of Singapore.

Before focusing on the technical aspects of Microsoft’s successes in its products, more important is given to Microsoft Singapore’s website, WORK + BALANCE, a striking yet attractive term in the age of globalization, for it involves work-life balance. This is something many firms have missed in their quest for so-called excellence and competition. Microsoft makes its presence in Singapore with more emphasis on work and life. Microsoft Singapore focuses on business productivity and personal productivity, using the latest in technology and what Microsoft products can offer. (Microsoft Singapore, 2009)

Microsoft Singapore places much importance on IT because it is where their mission is aimed at and what customers and organizations are in dire need. Two of the links in their website states: Business Productivity and Personal Productivity. These are both focused towards work-life balance initiatives. Work-life balance is about employees, family, and the firm. The firm promotes the welfare of the individual employees. The employees have to find satisfaction in their job and happiness with their respective families.

The firm has never been more focused on marketing than ever; in fact Windows Vista and Windows 7 could have been planned all for the purpose of a unified and effective marketing. The two operating systems were implemented with careful yet discreet research and planning before they were introduced to the market. All throughout its existence, Microsoft has maintained a market position, sometimes in conflict with Apple Inc.

But how does Microsoft fair with the home and small business sector? In a research, it was found that Microsoft had a potential problem in one particular market sector – the home and small business sector (those with less than 50 PCs). This segment felt neglected by parts of the software distribution chain. They are always overlooked because their spending power was small when compared with large corporate buyers. (Berry, 1998, p. 107)

Windows is an operating system of Microsoft. Fehily (2010) says that it is a launching platform for programs such as Microsoft Word, Photoshop, etc. (p. x). Mueller (2007) argues that the reasons why Microsoft released Windows were to allow users to run more than one application at a time and to “provide a friendly interface that made using a computer easier” (p. 4).

But the fact is it has introduced its Windows 7 after the launch of Windows Vista. Vista wasn’t well received although Microsoft’s intention of releasing multiple editions of its operating system was to target different segments of its user base with different features at different price points. Doing so confused the market; many users urged Microsoft to come up with one simple, all-encompassing version of the operating system; thus the long-awaited Windows 7. (Lee, 2010, p. 1)

Vista was sort of a preparation, and it has many features that Windows 7 has made use of. Some of them include the Windows Defender, Microsoft’s answer to the spyware threat. This is an easy-to-use and effective tool that can detect and deal with spyware both in real time and by means of on-demand scanning. Because Windows Defender is native to the Vista OS, it is a tool to deal with this growing problem without the need to purchase expensive third-party products.

Microsoft’s strategy pushed (or forced) consumers into buying Windows 7. Consumers are dragged into Windows 7 without a choice. Their new computers came with Windows 7 already installed. It was possible too that their companies switched to Windows 7, and everyone has to learn it. Because people buying new PCs automatically already receive Windows 7 preinstalled on their PC, Microsoft is targeting two other groups: people using Windows XP and people using Windows Vista. (Rathbone, 2009, p. 11)

In Windows 7, Microsoft has attempted to address this problem with the concept of Libraries. Conceptually, Libraries are a central repository of all the various folders on the computer. To search for files, one can go to the Libraries and navigate the various subfolders contained within it. One can still create an assortment of folders, but he/she can avoid the chaos by adding a folder to one of the libraries. (Lee, 2010, p. 26)

The Aero Peek feature allows a user to preview windows without switching to them. And Jump Lists allow you to jump to a specific destination or task by simply right-clicking an application icon.

File Sharing has been one of the features common to all Windows operating systems. Besides sharing files with other Windows computers the File Sharing feature in Windows also allows users to share files with other non-Windows computers, such as Mac OS X and Linux users. In Windows 7, file sharing has been further simplified with the new HomeGroup feature.

In Windows 7, Microsoft has made file sharing very simple with HomeGroup. Using, HomeGroup, you can easily share files as well as your digital media (such as music and video) with other users on the same network. HomeGroup also allows you to share one or more USB printers connected to a single computer with the rest of the users on the network. (Lee, 2010, p. 37)

When you call Microsoft for help, they automatically charge you $50. Microsoft uses Windows to plug its own products and services. Internet Explorer’s site is stuffed with Microsoft’s Web sites. We say that marketing strategy should put the customer first on top before the product.

Innovations in the Age of Globalization

Globalization has created complexities in the global economy. Organizations have to introduce a lot of innovations in their products to remain competitive. Employees have to be creative and practice what Reynolds (2010) expounded as high-order thinking. High-order thinking means the ability to introduce creative innovations for the company and for the customers.

Clayton Christensen (cited in Reynolds, 2010, p. 256) introduced two broad categories of innovation:

  • Radical innovation, also termed disruptive technology, which creates great changes in the organization that it can produce new industries. Innovations of this kind are about new set of performance features, or improvement of performance, and reduction of costs. (Reynolds, 2010, p. 256)
  • Incremental improvement, also termed sustaining technology, which is a process of introducing continual small enhancements but steady improvements. The Japanese “kaizen” is similar to this type of change – continual improvement.

Organizations employ many strategies to improve competitive advantage. Group dynamics and team building are concepts of continual improvement. Group dynamics influence individual behavior. (Firth, 2002, p. 23)

Team building is one of the many innovations which benefited workers. In team building, workers are formed in teams or clusters and function through teamwork and motivation. Each team is given independence, the members are allowed to function at their own utmost capacity, and are trained in the process, becoming multi-skilled, while each member is responsible to the team. A cluster competes with other clusters when it comes to skill, but they are all working for one organization. As individuals mature in their job, and become accustomed to it, they significantly improve their skill and organizational knowledge, becoming more professional and expert in their own respective fields.

The philosophy behind teambuilding is that when individual workers are allowed to work at their own pace and given the responsibility as part of the team, they become well motivated. The motivation is that each individual works for improvement and advancement of the organization. A member becomes like a part owner of the business. Each cluster works like an independent body but each member is multi-skilled that allows the cluster members to be flexible. Cluster methods provide improvement not only as workers but as developed individuals. Teamwork can develop individual flexibility and learning. This concept is like that of motivation. The purpose is to motivate the workers into aiming for the success of the organization. (Jenkins, 1994, p. 852, cited in Contu, 2007, p. 126)

Many organizations in the private and public sector have their workforce ‘subdivided’ into teams. They have recognized the great significance of this concept. This can be seen in many of the Fortune 2000 companies and in many other successful businesses throughout the world. (Knights and Willmott, 2007, p. 118)

Creating teams require some skill and real talent. It requires some determination to put the individual talents into a single force to work for change or introduce ideas that can provide further innovations, progress and success for one objective.

The purpose is somehow linked to the organizational mission and objectives. By having clusters and groups, talents and capabilities of members are maximized. This is known as the centralized kind of management. With globalization, the technique is to manage the organization horizontally. Team working can best be enhanced with use of the internet, Information Technology, and teleconferencing. Mobile communication such as cell phones, lap tops and other similar high-technology tools can help in team building work. Communication is fast and effective.

Team formations are considered special features for improved organizational performance. Introducing principles of team formations in the workplace is like implementing total quality management concepts. They present a strong foundation for global organizations in the present century, and they can be an effective way of providing work and life balance which is very much needed by the people. (Knights and Willmott, 2007, p. 125)

This is also known as the lean factory. Womack et al (1990, p. 90, cited in Knights and Willmott, p. 126) narrated in their book the five-year research on the status of the organization of work in the automobile industry around the world. They called it the ‘lean design’ or ‘just-in-time’ because it defies traditional criteria of organization of production and management thinking. Its aim is to avoid waste, slack and redundancies. This application of the supply chain management can reduce cost on the part of the suppliers and owners because there is less surplus inventory. The demand from customers is the only supplies that have to be delivered. The system is fast and efficient, with few errors, and this is what lean design aspires to achieve.

The Japanese continual improvement concept is a step-by-step approach that is effective in business and in production and operations management. It is inspired from the old Chinese maxim ‘step by step walk a thousand times’. This was later introduced to the West, but for the most part companies have limited their kaizen efforts to delegating to operators the continuous improvement of manufacturing processes.

The kaizen method is very popular in management nowadays. It is an innovation in management that says, ‘Go on work, improve… improve… work… work… make innovations.’ This is a Japanese original idea, but more managers have been injecting their original ideas to produce further innovations.

Toyota, the world’s top auto-maker, is a part of the knowledge economy. Its people are knowledge-based, who are dedicated for continuous improvement. They train their people in-house and not in a university or a formal school of learning. They form them into clusters and each team functions independently from the others, but work for the objectives of the organization. (Lynch, 2008, p. 767)

Three Levels of Innovation
Figure 9: Three Levels of Innovation

Innovations and new products enhance a company’s sales. In a study conducted on 147 companies during the period 1998 to 2002, it was found that 24% of a company’s sales were the result of new products. One third of the companies surveyed attained 50 percent of total sales from new products. This was aided by Information Technology, meaning digitization of the new products.

Developing New Value Propositions

Effective enterprise architecture creates a foundation of business process that pave the way for new value propositions. Value propositions provide clear descriptions about the benefits that customers can gain from using the company’s products and services.

Managers and employees should participate in developing their enterprise architecture so they can introduce their value propositions. Successful organizations, or those that have survived in the high-technology globalized world, use technology in introducing value propositions to their customers. (Reynolds, 2010, p. 257)

Successful companies are those that are most innovative, examples are Apple, Google, Toyota, Microsoft, etc. Those with cheap products are Wal-Mart, southwest Airlines, JetBlue; companies with best quality products, like Procter & Gamble, UPS; and companies with familiar brands, like McDonald’s, Coca-Cola, Harley Davidson, BMW, etc.

Enterprise architecture aims to provide a strong foundation for an organization so it can attain higher profitability, quick market availability, and lower costs for the IT infrastructure.

Software Architecture Styles

According to Reynolds (2010), there are two categories of architecture styles: centralized and distributed. The commonly used software application is the distributed which provides lower cost and overall higher value. There are styles which are a mixture of several architecture or packaged solutions with architecture styles complementing each other.

The figure below shows several software architecture styles.

History of Computing Styles
Figure 10: History of Computing Styles
Centralized Architecture

This is used mainly to process high volumes of transactions, examples can be those that process credit cards, customer billing, or ATM transactions. Centralized architecture uses a mainframe computer that supports several local remote devices which may include terminals, printers and workstations. The mainframe computer controls the software applications that run on it.

IBM is an international organization that has developed a technology that supports centralized computing. They are mainframe operating systems, transaction systems, middleware and databases. An example of transaction system made by IBM is the Customer Information Control System (CICS). (Reynolds, 2010, p. 259)

Distributed Architecture

In distributed architecture, functions and data can stay on anyone of the computers in the network or the Internet. In this type of architecture organizations and individuals share in the processing, formatting, and storage of information. The software is open to clients and users and do not focus on proprietary software. The processing depends much on servers which are continuously upgraded to provide faster uses or services. Upgrades of this type are simple and do not require high costs. Using web-oriented processing is gaining popularity because of its simplicity and inexpensive processes.

Client-Server Architecture

Client-server architecture is a type of distributed architecture with the following parts: client request services; server that provides services within a network; the network that connects the server and the client; and the database that creates, reads, updates the values and contents of both client and server.

In this set-up, a client processes his/her request through a server and the server performs a request to the database that processes the request. ‘Client-server architecture provides for a separation of responsibilities and enables the application to be organized in layers’ (Reynolds, 2010, p. 260).

The Process of Disaster Recovery

The business model and purpose provides for some guidelines for recovery priorities which may depend on how long the data has been lost. In the system, it is termed Recovery Point Objective (RPO), which may refer to the “maximum desired time period prior to a failure or disaster during which changes to data may be lost as a consequence of recovery” (Scholtz, 2009, p. 34). Changes can be preserved by recovery; Zero refers to “zero data loss” requirement.

Recovery Time Objective (RTO) refers to the duration of time and a service level to restore the business process after a disaster in order to minimize possible business losses as a result of the interruptions. (Scholtz, 2005, p. 34)

The activities mentioned above are based on the business model and are based on the customer’s (the buyer of the software) perception, or what he/she wants of the process. They are all included in the BIA as the recovery priority.

Document for a Formal Flow of Events

The following are steps of the NIST Special Publication (SP) 800-26 that are included in the methodical procedures and encompass the managerial, operational, and technical aspects:

  • Policy – this tells that the organization has a documented proof with requirements
  • Procedures – tells of the processes and the steps to follow
  • Implementation – how the technical aspect is implemented
  • Tested – policy and implementation have been tested to be working
  • Integration/maintenance – the whole process has been reviewed to cover the managerial, operational, and technical aspects, including an update and review of the entire process.

The Business Impact Assessment (BIA)

The BIA includes aspects such as the business continuity plan development, training for the staff, drills and exercises, and evaluation and monitoring of the program. It helps to identify IT systems and parts.

Within the BIA, there are various subjects that are identified, such as the business model which specifies the function and purpose of business; the information system boundaries; the various data types inside the systems; risks and threats that include exposure, possibility and probability; interconnections; recovery priorities; and security classifications. (Scholtz, 2009, p. 34)


Interconnections are one of the important parts of the information service applications. This is usually done with the aid of the Internet. For example, a client might want to interconnect with the bank to verify balance of accounts. This can be done with web-based enabled applications, which have to be secured and cannot just be hacked. Customers are always busy with different things involving business, and so they just want to log into the bank server that holds their account and have access to the database system.

The infrastructure has to identify the interconnection, including its role in the business model, and the security apparatus installed for this interconnection. This security detail is developed, for example in the federal sector, by some security officers and placed in a manual known as the “Trusted Facility Manual” (TFM).

The interconnection can only be accessed by privileged users. The manual has some information like the following:

  1. Details of configuration, installation and operating system;
  2. Details of the security features and how they can be used to the optimum
  3. Security vulnerabilities on the configuration and other administrative functions.

This manual is updated periodically since there are new vulnerabilities that appear during the operation. The details should be incorporated in a document management system. The public sectors are encouraged to provide updates and should be available to the end user company.

Business Model

The business model can get meshed up when there are many departments or agencies using and handling the system. To avoid confusions, the system should be managed through the so-called interservice/agency support security agency (ISSA/ISA) which identifies the different functions and management systems to be instituted. In this set up, the document identifies the various departments who will handle the software; another will manage the hardware, and another to handle the security responsibilities. The management functions will be guided by the technical department.

Common Criteria

Common Criteria is a framework wherein computer system users can formulate and specify their security requirements. Software vendors can implement the security attributes of their products, and laboratories can test the products if they have such claims. Common Criteria can assure the user that what is programmed on the product with respect to specification and evaluation of a computer security for the product has been programmed in a standard manner.

The system assigns an Evaluation Assurance Level (EAL), which state whether the product is functionally tested (EAL1), structurally tested (EAL2), methodically tested and checked (EAL3), methodically designed, tested and reviewed (EAL4), semi-formally designed and tested (EAL5), semi-formally verified design and tested (EAL6), and formally verified design and tested. ‘Common Criteria’ is a software program linked with CMMI and Six Sigma.

Information Technology Infrastructure Library (ITIL)

The standards of building security processes in IT have been formulated by the Information Technology Infrastructure Library (ITIL). The National Institute of Standards and Technology (NIST), along with Rainbow Series, has also provided valuable tools on these standards of security, making consumers and the general public do it with ease and comfort in providing security for their very own IT infrastructures. Scholtz (2009) says that evaluating and formulating what these standards have provided can allow organizations to have it all in the area of security.

In building the foundation of security, organizations have also to develop some baseline security requirements and successfully produce by-products of their labor, like “asset management, configuration management, change management, incident management, capacity management, and financial management” (Scholtz, 2009).

First, the baseline security requirements have to be built with a significant structure. This has to correspond with the business model. Establishing the Business Impact Assessment is a first step in building a secured infrastructure. The BIA can provide the details about the business model, which gives information about function and purpose; information system boundaries; various types of data and information within the systems; the possible risks and threats of exposure or danger as the case may be; interconnections; recovery priorities; and security types and categories that should be implemented. (Scholtz, 2009, p. 34)

There are security categories that are defined in the function and purpose of the system and the possible recovery priority which are linked to processes on financial procedures like payroll and invoices of company accounts. This particular procedure may need high rating capability because of the confidentiality, integrity, and availability. More details of these processes are provided by the Federal Information Processing Standards (FIPS).

ITIL is a logical process in the management of a secured IT infrastructure. It includes a Business Service management (BSM) aspect with security as one of its features. According to Scholtz (2009), metaphorically, the client should look at the foundations of a building and examine how they have been implemented to support the building. In making the infrastructure, there should be a plan to be followed.

The NIST requirements can help in building our infrastructure with much secure support and lead us to an ITIL. The process involves service management. This is obtained through a step in the IT Portfolio which is the Capital Planning and Investment Control. It is complicated because the requirements are to be stated, including the cost and the level of service that one has to perform, whether as a provider or as a customer.

Financial Management refers to Capital Planning and Investment Control of the IT infrastructure and deals with the system about labor and equipment, to include software and hardware.

On the other hand, capacity management is a normal part of the system lifecycle. Engineers identify the requirements for the infrastructure. Capacity management is the basis for the IT. In this aspect, the contingency plan is stated. The “what ifs” scenario is mentioned in detail in the NIST SP 800-89, Guide for Developing Performance Metrics for Information Security. (Scholtz, 2009, p. 37)

Information Technology Infrastructure Library (ITIL) was first introduced at the Office of Government Commerce, a government agency in the United Kingdom, in cooperation with consulting organizations. But in 2005, the OGC passed it on to a non-profit organization, the IT Service Management Forum. (Verghis, 2006, p. 67)

ITIL is a framework for IT management. It is called a library because it is a set of books for guidelines to improve IT service management. This framework contains best practice guidelines for IT operations and management that include change, management on the different configurations, risk and problem management, costs and capacity, and all others which pertain to financial management.

The practices are flexible and can be suited to the needs of individual organizations. ITIL provides guidance and description, but not detailed description as this varies from organization to organization. The processes are continuously improved and updated, and it is this constant update and maintenance that makes it effective. It is an ongoing process for as long as the IT infrastructure is needed by the organization. Like a vehicle, if not enough maintenance is applied, its various parts become clogged and dysfunctional.

ITIL has been adopted by more than 15,000 organizations all throughout the world, including such large and established organizations like Barclays Bank, British Airways, Hewlett-Packard, IBM, and many others.

Distinct volumes of ITIL include ITIL Service Strategy, Service Design, Transition, Continual Service Improvement, and much more. (Reynolds, 2009, p. 136)

Control Objectives for Information and Related Technology (COBIT): This pertains to a set of guidelines whose objective is to strategically link IT resources and processes with the objectives of the business firm. It also includes quality standards, financial controls, and other security matters. The agency handling this process is the IT Governance Institute. Among the features provided by this agency include metrics and best practices and other critical success factors for COBIT application in IT procedures. COBIT’s best practices are a recommendation by expert IT professionals. (Reynolds, 2009, p. 136)

Information Technology Laboratory

The Information Technology Laboratory is within the National Institute of Standards and Technology whose aims are for development of tests, test methods and other technical aspects in information technology. The responsibilities of this sector focus on the technical, physical and management and administrative aspects, and the setting of guidelines for the security of Federal computer systems and the voluminous data and information inputted therein. (Quinn, Waltermire, Johnson, Scarfone, & Banghart, 2009)

The Security Content Automation Protocol (SCAP) is a standards regulation provided by the NIST for software product configuration. This is a multi-purpose model that checks, controls, and secures some aspects of the information and imbedded in the software. The SCAP provides standardization on ‘system security management’, including ‘promoting interoperability of security products, and fostering the use of standard expressions of security content’ (Quinn et al., 2009, p. ES-1)

The Special Publication 800-126 of the NIST, authored by Stephen Quinn et al. (2009) provides technical specifications for SCAP Version 1.0. It provides a format and nomenclature for software products which should be followed by organizations in their information systems applications.

Enterprise Resource Planning: IT Application in Firms

This is the age of the information revolution. A new paradigm shift has emerged, and the organization’s trend is to implement Office Information Systems solutions like groupware and enterprise applications. IT applications have entirely changed the functions in organizations. The latest innovations allow individuals and groups to communicate wherever and whenever. Advancement in technology is fast and competition between organizations continues to be stiff. Organizations are struggling to integrate new systems, introduce different ways to compete, and acquire the latest strategy possible.

Information revolution has spawned numerous technologies geared towards automating the office. The trend is to implement Enterprise Resource Planning and Information Systems solutions such as groupware and enterprise applications, for example databases or shared repositories, intranets, workflow, imaging systems, and other customized applications.

Technological advancement and continuous innovations have motivated organizations and businesses to react to changes in the global competition. Organizations have to reorganize, reevaluate and reprogram outdated functions and activities, and realign them to the present trends for improvement and competition. Personnel and field people, ordinary employees, including middle-level and top management have to refocus along the line of technological innovations. IT applications provide easy handling of strategic operations and other supervisory and managerial functions of the organization.

External and internal environments in organizations are becoming complex; thus they are handled with a globally-oriented brand of management, with the aid of Information Technology. Corporate management is now handling a global-scale brand of management, requiring a different kind of strategy, much distinct from traditional management.

Changes in the system demand new ways to integrate functions in the organization. Successful system integration efforts provide competitive edge. Globalization has also motivated organizations to introduce innovations in their operations. Organizations however have limited options, and have to apply new technologies (Mische, 2000, p. 3). With ERP, activities with corresponding data/information are made available to almost every function of the organization.

According to Lipsey (1999, p. 6), new products have been invented as a result of technological advances and new ways to produce them. The role of IT has become demand in the strategic and operational aspects of organizations (Jenson and Johnson, 2000, p. 29).

Enterprise Resource Planning (ERP) is an Information Technology tool applied to the different functions in an organization. ERP systems involve processes that begin with planning and installing the project team who embarks on a series of phases. There are many benefits for implementing ERP systems. Organizations implement this because of the loosely linked transactions between organizations.

An ERP is ‘a set of core software modules that enable organizations to share data across the entire enterprise through the use of a common database and management reporting tools’. A group of computer programs are linked to a common database that plan and manage and control the different operations and business functions of the organization. (Reynolds, 2010, p. 22)

ERP aims to simplify business data and work processes within the organization. In this set up, a single database is created which can be accessed by multiple software modules. Key business functions are supported within the different areas of the organization. The shared database helps solve common problems in organizations. Some problems like lack of or inconsistent information which are common in multiple transactions in organizations, are solved right away.

Through ERP, processes in the organizations are made easy and fast, but these benefits – speed and accessibility – also make the system vulnerable to fraud, sabotage, and other malicious software (NSAA and GAO, 2001 cited in Suduc et al., 2010, p. 43).

Basic ERP Sharing of Data Across an Enterprise
Figure 11: Basic ERP Sharing of Data Across an Enterprise
ERP Background

Enterprise resource planning started around the 1960s on the onset of technological advances and new systems used by industries in their inventory. During the 1970s, automation was introduced in production and inventory, scheduling and planning.

Other new ERP features were added which emphasized material requirements and focused on more functions in production and the processing of products. (Sammon & Adam, 2004, p. 2)

ERP became very useful in automation and in making the product processes faster and effective. It was extended to cover other functional areas and departments including activities on financing and human resources management, and with many aspects of project management. Further, MRPII systems became less relevant for various reasons, thus was born the ERP which differs largely from MRP.

Management then evolved into new software packages, requiring studies and analyses on materials management technique in order to view the merits of using combinations of the techniques (Grabski, Leech, & Lu, 2003, p. 1991).

According to Oliver and Romm (2002, p. 44), ‘the general question of how organizations shift from one technology to another is addressed by both economic theory and the theory of innovation.’ We can consider this shift as motivated by the company’s desire to lower cost and to go forward, although such lowering of costs is also questionable.

O’Gorman (2004, p. 22) traced the development of materials management techniques from the industrial revolution to present day ERP systems. He examined the role and function of the more significant materials and inventory control techniques. There were initial attempts at optimizing industrial activities and the need for materials control.

During its early stages, ERP was used for manufacturing and production systems, while providing weak support in “less data-intensive” areas such as supply chain planning, customer management, marketing, and sales (Chen, 2001, as cited in Adam & Sammon, 2004, p. 7).

ERP expanded to include functions for small details, such as operations, logistics, finance, and human resources, and other functions which were nontransactional. (Davenport, 1998, and Chen, 2001, as cited in Adam & Sammon, 2004, p. 7)

The inclusions resulted from the emergence of Supply Chain Optimization (SCO), or SCM and CRM strategies and systems (Chen, 2001).

ERP systems have different make and architecture and the design is used for functions in business. The system is also different from other industrial softwares. (Adam & Sammon, 2004, p. 6)

ERP Diagram
Figure 12: ERP Diagram

The need for a systematized production and processing of goods began in England. Producers made use of manufacturing and innovation – instead of exporting their wool and grain they processed these materials to gain more. Machines and steam-powered engines soon were invented to process more goods. Industrialization produced a lot of commodities in substantial quantities. The market was endless with reduced prices; commodities became more affordable to the masses. (O’Gorman, 2004, p. 25)

Enterprise Resource Planning started with the integration of production systems and other functions in management, purchasing, financial, human resources, and so forth (Shi and Halpin, 2003, p. 214).


Enterprise resource planning is an IT system that provides the system running. It includes a data base where various tasks requiring different inputs from all departments and functions of the organization, are systematically arranged and allowed to function well with the personnel. Management functions are shortened: it helps management to efficiently and effectively use the company’s resources for integration and simplification of the different functions of the industry. This is an IT tool for information processing and communication in the different functional areas of the organization. (Nah, Zuckweiler, & Lau, 2003, p. 5)

ERP can be configured to make the functions or job of the different department manageable and simplified. Its implementation requires the entire organization to reengineer and change; provides capability to share data and information; and aligns IT and e-business projects.

ERP systems integrate various transactions that carry voluminous data and information of business all throughout the organization. The system involves internal and external aspects to include firm-customer functions, relations, and interactions.

The roles and functions attributable to ERP are so vast that it seemed this was impossible decades ago. The areas in the industry covered by ERP encompass functions like planning, or while a product is still in the process of being manufactured, and then comes accounting and financing. Human resource and the many aspects of management are also covered. (Rashid, Hossain, & Patrick, 2002, p. 1)

ERP systems can examine and compare the inputted data and transform them into valuable information so that companies would be carefully guided in their management. Industries now find it inevitable to apply ERP in their systems. The purchase and strategic use of ERP systems by organizations has been offered as the solution to surviving in the emerging e-based economy. (Alvarez, 2002, p. 63)

Problems with ERP

During its early years of implementation of the ERP systems, insurmountable problems were encountered by organizations. Most IT projects encountered problems in the course of the operation, but in the case of the ERP systems, the problems were noted as abnormal. (Parr & Shanks, 2000, p. 289)

Examples of ERP application failure are illustrated in some case studies. Fox Meyer Drug, a multi-billion dollar drug company, filed a multi-million dollar lawsuit in 1996 against SAP, the company who implemented the ERP into its systems, and announced that the cause of bankruptcy was the failure of the ERP system to deliver the necessary benefits the company was supposed to attain.

Mobil Europe was another ‘victim’ of possible wrong implementation of ERP; it implemented millions of dollars and had to abandon it afterwards. There were many other improved and successful companies that experienced problems as a result of their ERP implementation projects. (Sammon and Adam, 2004, p. 2)

One of the reasons for failure in ERP use is because of long use of the software package and low maintenance. The software becomes more unserviceable with age (Oliver and Romm, 2002, p. 47), which means it’s a question of maintenance. IT applications, to include software and hardware, have to be continuously improved and maintained to attain positive results.

Some organizations report success and significant process gains in ERP implementations. However, others agree that ERP implementation is no easy task, while others have found out that implementation of ERP can become a recipe for disaster. (Grabski et al, 2003, p. 1991)


Implementing an ERP system involves a lot of processes that begin with planning, followed by the formation and installing of a project team who is tasked to enforce the project stipulations. (Parr and Shanks, 2000, p. 290)

Industries can look to various models in the implementation process. There are doubts and questions that have to be clarified in the implementation process, more so if the company is applying it for the first time. There has to be meticulous examination or investigation of the situation if is a transition from the traditional to the new ERP systems. Implementation is problematic for many organizations, despite the software’s potential and relevance for learning and company strategies (Holland and Light, 2003, p. 1986).

The implementing process involves several phases that have to be followed step by step and by a trained team of qualified staff. The team has to be meticulous and must deviate from the standard settings provided by the supplier. There has to be some compromises on how to fit the system into the organization. (Holland and Light, 2003, p. 1987)

Management approaches have to be distinct from the other processes as previously enforced by other MIS projects. Some issues have been raised by Sumner (2003, p. 1995) that have to be answered by the supposed user: What problems did they encounter in using MIS? What should be avoided and what should come out in this new program? What are the major problems associated with implementing IT to a huge industry?

The ‘Bancroft et al. model’ has five phases which apply terms like “focus” (to focus on a particular subject); next is the “as is” (to retain some aspects); this is followed by “to be” phase; the next is “construction and testing”; and the last is “actual implementation”. (Parr & Shanks, 2000, p. 290)

To explain further these five phases, the “focus” phase is done with key activities being implemented for the selection of the committee to monitor the operation and success of the project, and development of principles and creation of the plan. This is the initial stage that can be summarized here as the preparation.

  • The “as is” phase includes the installation and mapping of the ERP and allowing the project team to get oriented with the new features of the project. This is preparing the team who are in charge of implementing the plans for the ERP systems.
  • The “to be” phase includes the different designs that are being implemented to correspond to user specification, and communication with other functions.
  • The “construction and testing” phase involves the putting together of a configuration that can hold the interface, the reports, and other data in the project, and testing all installed configuration.
  • The phase on the “actual implementation” covers the other complex structures to include networks and desktops and possibly allowing the user to be familiar with the new system. (Parr and Shanks, 2000, p. 290)

Another implementation model similar to the ‘Bancroft et al model’ is the Rose (1998) model which also involves five phases. The five phases are: “design”, “implementation”, “stabilization”, “continuous improvement” and “transformation” (Parr and Shanks, 2000, p. 290).

Included in the design phase are the planning aspects of the model which also include critical steps and decisions for implementation. Markus and Tanis (1999) created another model of four phases, namely “chartering, project, shake-down, and onwards and upwards”.

Advantages of ERP application
  • ERP allows flexibility to users because they possess superior data retrieval capabilities because of the integration principle and a common relational data model.
  • ERP systems are primarily based on the client/server architecture which includes a modern desktop user interface.
  • ERP systems are used for Business Process Reengineering, which incorporate an increased capacity for electronic processing of data in comparison with that available in legacy systems. Other users have found the application of ERP opportunities to create new procedures that may eradicate inefficiencies. Moreover, ERP systems are agents of changed processes.
  • With the IT package and the Internet, customers can have easy access to the websites and air their suggestions and queries on company products and services.
  • Maintenance of this particular software package is not so difficult.
  • ERP systems have received favorable reviews from journals and publications. Larger organizations are implementing information systems that link the supply chain to other organizations’ data bases, or what we call data base sharing. More businesses are integrating processes. (Oliver and Romm, 2002, p. 47)

According to Jenson and Johnson (2000, p. 30), there are enterprise systems integrator such as SAP AG (Waldorf Germany) with approximately 30 percent of the ERP market. Some of the major players with software products are from Oracle, PeopleSoft, Baan (now wholly owned by Invensys plc, London, England), and J.D. Edwards.

Over the past years, ERP system adoptions have become popular due to many reasons.

Factors critical to successful ERP implementation:

  • Organizations and businesses apply strategies such as reengineering best practice. This is because in the ongoing globalization, they encounter pressures from respective industries and so they hurry to make changes in their core practices to meet customer demands, but also find ways to lower costs in their operational activities. (Nah et al., 2000)
  • Globalization has altered many of the businesses’ activities. Companies have to find places or countries that offer lower costs in labor and capital. In other words, globalization has offered many challenges and even opportunities for firms. Jenson and Johnson (2000, p. 30) says that ‘ERP software has been designed to multicurrency and value-added tax issues… and provides integrated, centralized database that can accommodate distributed transaction processing across multiple currencies.’
  • According to Michael Hammer and James Champy (Jansen & Johnson, 2000, p. 31), one of the causes of broken systems is process fragmentation, which means many of the organizational processes are spread across functional boundaries. With this scenario, employees and departments interact to complete a transaction, or that coordination is not attained. No one knows the status of a transaction, and there is duplication in the data entry and databases. Because of such a situation, some individuals and departments attempt to impose control on their portion of the transaction. ERP corrects this situation by imposing order and discipline in the system. (Jansen & Johnson, 2000, p. 31)

Additionally, with ERP solutions, integration across departments are greatly improved; this includes core business processes, proven and reliable software support, and over-all enhanced competitiveness. And upgrading to industry standards may not be that difficult because usually ERP vendors would not hesitate to help their customers (Jenson & Johnson, 2000, p. 30).

Doyle and Adam (2004, pp. 47-49) have illustrated the importance of a reliable IT software in the development and success of modern businesses. They made mention of a longitudinal analysis conducted in 1995-2001 involving Topps Ireland Ltd., a subsidiary of a large U.S. company that has tapped the children’s segment of the European market. Topps acquired Pokemon-branded products, which made the company successful in the business.

The emphasis of the business changed substantially from a manufacturing-focused organization to importation of products from Asian countries such as China and Thailand. This was a change, due probably to globalization and outsourcing. With IT, they made use of outsourcing, and their sales growth skyrocketed.

The company Topps acquired an ERP system, which was described as state-of-the-art ERP, the purpose of which was to accelerate the operations and aid in formulating decisions for the company’s strategies and aims. Topps then evolved into an internationally successful company as aided by the ERP system. (Doyle & Adam, 2004, pp. 47-49)

Colgate Palmolive Company, a global business with a huge sale of consumer products applied full ERP integration. The company extended its branches up to North and South America, the European countries, parts of Asia and the Pacific, and South Africa. In 1993, the company introduced the ERP systems by using the SAP R/3 that helped the company simplify its operations especially in the inventory and delivery of consumer products, which was now reduced from 12 to five days. The company attained tremendous increase in international sales. (Wang & Nah, 2002, p. 6)

Bueno and Salmeron (2008), in their paper entitled “TAM-based success modeling in ERP, voiced concern that ERP systems are complex tools thereby providing negative impacts to the users. They focused their paper on the various studies that identified the reasons why ERP was acceptable by different companies and organizations. Technology Acceptance Model (TAM) was a program to test ERP.

Bueno and Salmeron (2008) used critical success factors identified as top management support, communication, cooperation, training, and technological complexity. The Technological Acceptance Model (TAM) tests the user’s behavior toward the applied IT system, based on the ‘perceived usefulness (PU), ‘perceived ease of use’ (PEU), ‘attitude toward use’ (ATU) and ‘behavioral intention of use’ (BIU) (Bueno & Salmeron, 2008, p. 516).

These factors are further explained.

‘PU’ refers to the perceived belief of the user that he has improved his/her performance due the benefits brought about by the system, while ‘PEU’ refers to the user’s belief that he/she has exerted less effort in using the system (Bueno & Salmeron, 2008, p. 516).

TAM is improved IT applications. Moreover, there are positive effects on the user’s behaviour. The results and findings of the study revealed the applicability of TAM in relation to the user’s acceptance of ERP systems. The factors enumerated all contributed to the success of ERP systems. Potential users should be actively involved in the introduction of the ERP systems. Training is another important factor for this reduces the ERP’s complexity, while top management support is a key factor in the ERP system’s successful implementation.

Assessment of success in ERP systems can be measured in different dimensions, according to Markus et al (2003, p. 24):

  • There was success because a new technology had been introduced and running successfully.
  • There was success because of the benefits incurred economically, financially, and strategically.
  • Success was perceived because the operations had been running smoothly.
  • Success was seen by the organization’s customers and stakeholders.

Furthermore, users have to accept the technology. An ERP system is being introduced to an organization; it is revolutionary, it replaces old methods, and old methods involve culture and the usual things people do in the organization. A system that meets the needs of its users naturally generates system satisfaction. Likewise, a system that does not generate user satisfaction cannot provide positive results and may not be used at all. (Holsapple, Wang, & Wu, 2005, p. 325)

Success in IT often depends on people’s point of view. It often comes up again and again because of the cost in the entire process. Success has many connotations and sometimes becomes controversial. The people whose job is to implement ERP systems, like for example, the project managers, consultants, and other middle managers, often refer to the completion of the project plan as success itself. But others who are in charge of adopting ERP systems and use them to achieve business results, define success as having done a job that has made their operations easily accessible to everyone. (Markus et al, 2003, p. 24)

ERP’s successes and failures can be attributed to many factors, but some are mere perceptions or beliefs. However, it is noteworthy that these factors are for real, as described in the details and discussion described in the early stages of this paper. More specifically, failures can be attributed to the implementation and the planning process of the ERP systems. We have provided three models for implementation and they are almost similar in the implementation.

Application of Sales Force Automation System (SFAS)

A sales-force automation system is applied for marketing, customer service, product processing and order-taking in firms. Applications also involve contact managers, which means the automation of calendar and address book programs, databases, and workflow engines. (Boehm and Jain, 2007, p. 777)

The applications can be connected web-enabled products connecting mobile workforce, composed of marketing analysts and customer sales representatives who can provide information about the customers, products and competitors.

Automation will minimize paperwork-intensive processes, for instance recording and logging of sales and service, or placing orders by customers. Automation can also enhance targeted marketing, minimize costs, and enhance sales. SFAS can minimize the use of tiresome paperwork or loads of paper ledgers and brochures.

Moreover, this will provide the use of PCs and laptops and mobile communication, and the use of the latest technologies. Sales people can have close interactions with customers. They can record customer interactions and input all the needed information to the system. Advantages for the firm using SFAS range from cost-savings to more customers for the firm.

Sales-force automation systems usually require salespeople or representatives of the firm assigned in the field, to make use of notebook computers which store information for the customers and all valuable data in the field. Laptops also have installed software for manipulating information and forms that can be easily filled up by salespeople. Personal digital assistants (PDAs) are handy assistants that connect organizational information systems by means of the internet. The sales rep in the field can easily connect online to the company’s information systems, thereby information and data are automatically stored. Product information which the customer and the sales rep would want to discuss right in the field is readily available. Salespeople can input all the necessary information to the company’s system and main office, pass this information to the order-processing department, or to the manufacturing unit if the customer wants a custom built product, and the people in the manufacturing unit can get the product ready at the shortest time possible.

With the use of PDAs and other mobile communication technologies, sales people can connect to the internet and check prices, confirm the availability of products which the customer wants to buy, and place an order right away. Sales people can remain in the field without going back to the office to place the order.

Example of a Data Flow Chart for a small-and-medium enterprise (SME)
Figure 13: Example of a Data Flow Chart for a small-and-medium enterprise (SME)

The strength of this data flow diagram is that it shows the overall structure of the system without the details of the various steps and processes. This is very significant in the vertical set up of the company when the top echelon of the company is directly controlling the system, including the sales people or those people in the field. It is more important in presenting the systems to management and other business people or partners.

The process starts with the customers who make the ‘orders’ of products to the company through the company website. It flows to the process of receiving the orders from the customers (which is one of the stores), and this is validated as ‘valid or invalid orders’, meaning the system will validate if the order correspond to the products available from the stock inventory or products manufactured by the company.

It goes to another packet at rest. The details of the order flow contain the billing information which flows to another process named ‘invoices’. The ‘receive orders from customer’ process has some other detailed information like the customer information and order details, which may result into delivery of the product. From ‘receive orders’, the next process goes to manufacturing or warehouse. The process of delivery has an input coming from the warehouse that has a detail of shipping. It goes to the process of delivering the product, then onto the customer. From the process of ‘invoices’, it goes to collecting payment to and from the customer.

There are many advantages to the application of an SFAS compared to the traditional way of doing business without IT application. The invoice-to-payment was not shortened; the customer was obliged to go to the branch office to pay for the product they purchase. This new system provides payment process for parts or components and vehicles through order processing by way of the Internet. Customers can pay using their credit cards.

SFAS offers simplification of the processes for the company. At first glance, this seemed to offer complexity in the processes, a lot of work, training, and more expenses for the company. However, the complexity can turn out to be a simplification and easy work on the part of the salespeople. Out there in the field, salespeople can immediately input a lot of information about the customers, the environment, problems which might still be not existing but the salespeople can see it beforehand. Moreover, inside the company, the staff and management can analyze the operation, market behavior, and the unforeseen problems. Management and staff can institute measures and provide immediate solution. This is risk management in effect. SFAS has a lot more to do in the global business.

Information Systems for Effective CRM

Customer relationship management (CRM) systems or the use of the internet to support and answer customers’ needs and complaints provide fast service for the customers. Paper billing is minimized through online billing. The use of the internet through the company’s website is one way of saving millions of dollars for the firm and less efforts for the customers. The company can use their website’s customer service, and there will be more interaction with the customers and company representatives. Customer service provides a 24 hour service, seven days a week. That’s a lot of time and savings for the company and more customer interaction that will result to customer satisfaction. Customers can pay their bills through the websites by means of their credit cards. This process saves time and cost of going to the company’s billing office. Invoice-to-payment cycle is shortened from more than a month to about six days with online invoice and payment. Other companies also use instant messaging (or text messaging) to answer to the customers’ complaints and feedback of their products.

A data flow diagram (DFD) shows the overall structure of the system without the details of the various steps and processes. This is very significant in the vertical set up of the company when the top echelon of the company is directly controlling the system, including the sales people or those people in the field. It is more important in presenting the systems to management and other business people.

DFD diagram Context Level for an improvised SFAS
DFD diagram Context Level for an improvised SFAS

The process starts with the customer who registers online and makes the order of product. It flows to the process of receiving the orders from the customers (which is one of the stores), and this is validated as ‘valid or invalid orders’, meaning the system will validate if the order correspond to the products available from the stock inventory or products manufactured by the company. (Holden, 1992, p. 164)

If the order is valid, or if the product is available in the stock, the company’s database will validate and send a letter of approval to the customer.

Example of a DFD diagram at level 0
Example of a DFD diagram at level 0

A detailed process is stated at Level 0 wherein the customer submits a hard copy of the Order form. The customer will fill up the form which contains the description of the product that he/she wants to order. The order then passes through the customer service of the company. The order is then verified by a company staff, whether it is a valid or invalid order. If the order does not meet the requirements, for instance, the product is not in the stock or warehouse or the customer has existing credit, the order is rejected and goes back to the customer and the process is stored in the ‘rejected customer database’. If the order is valid, a letter of offer is sent to the customer, informing the latter that the order is approved, and the process is stored in the customer database.

Example of a DFD diagram of level 1
Example of a DFD diagram of level 1

The process at Level 1 involves the inside mechanics of the processing of the order. The customer service inputs the order to the database where it is verified. If it is, the order is accepted and a letter of offer to the customer is sent to the customer, further informing the latter that the order is approved. If the order is not valid, an order of rejection is sent to the customer. The process is stored in the customer database.

The details of the order flow contain the billing information which flow to another process named ‘invoices’. The ‘receive orders from customer’ process has some other detailed information like the customer information and order details, which may result into delivery of the car. From ‘receive orders’, the next process goes to manufacturing or warehouse.

SFAS offers simplification of the processes for a business firm. At first glance, this seemed to offer complexity in the processes, a lot of work, training, and more expenses for the company, as what the previous management thought of. However, the complexity turned out to be a simplification and easy work on the part of the salespeople.

Geographic Information System (GIS)

Geographic Information System refers to “an organized accumulation of data and procedures that help people make decisions about what to do with things. Location is an important part of what they are.” (Harmon and Anderson, 2003, p. 1)

GIS platforms were first introduced in the 1980s but since technology at that time was not yet as developed as it is today, their popularity gradually waned. At present commercial GIS platforms with applications such as virtual globes are becoming popular, mostly used by organizations that offer three-dimensional features representing the real world’s surface. The reconstruction of these images is applied with a combination of aerial and satellite photographs. Data are then stored in databases and calibrated by a software. (Zhang et al., 2007, cited in Yiakoumettis et al., 2010, p. 106)

GIS is used by Google Earth, NASA, and Microsoft’s Virtual Earth 3D. The images include information about the location like the streets and 3D models of structures and buildings. Google allows users to provide information and images. It is also an interactive site.

GIS involves people who are the users of the system; applications, the processes and programs to allow the systems to work; data and the information needed to support the applications; the software which is the core of the GIS program; and the hardware which include the physical components on which the system runs.

The figure shows a diagram of an enterprise GIS.

Diagram of an enterprise GIS
Figure 14: Diagram of an enterprise GIS

Information systems provide support to people or employees in an organization; in fact, this sprang out of the needs of the people. This innovative system allows people to interact with the world, inside and outside. The primary aim of information systems is to make life easier in the workplace, and to provide high levels of confidence in the output. People are the most important component of a GIS. It begins with people, including their needs and ends up with applications in the hands of people who do the work. The application supports the needs of the people and the system.

Applications also required data necessary to create the type of output. The tables are stored in a database which will be run by a software to access manage, and manipulate the data. The data support the application.

Virtual Globes enable 3D graphics. One can explore the features and then sort of “fly” inside or among the barriers in the scenes. This is done with the use of keyboard and mouse. However, the scenes in the interface are quite big and complex making it difficult to navigate. (Yiakoumettis et al., 2010, p. 106)

Information Technology for the Federal Government and Agencies

The United States’ Critical Infrastructure Protection: Programs and Strategies


Critical infrastructure – in the military point of view – includes physical structures such as factories and plants and all those that need to be protected by the U.S. war-fighting machine. Critical infrastructure involves hardware and software, not just pertaining to IT. (Forest, 2006, p. 1)

However, IT is the best tool and resource for control and operations of an infrastructure. When there are buildings and structures to be operated or taken care of, technology is always there and should be the best resource. As mentioned in many part of this dissertation, IT involves hardware, software, and people to man the equipment and machines.

This section is included in this dissertation in that IT is a part of the U.S. government’s critical infrastructure and a factor in the whole spectrum of homeland security. The creation of the Department of Homeland Security was triggered by the 9/11 attacks. Its job is management of all matters pertaining to internal security of the United States including IT and critical infrastructure.

The GAO Report

The United States General Accounting Office has been in the forefront in the protection of the government’s IT infrastructure. This is mandated by federal policy and law. The program and activities surrounding this endeavor are called the critical infrastructure protection (CIP). This government agency encourages federal awareness in the importance of IT infrastructure security, involving local governments, the public and private sectors. Multi-cooperative efforts have been encouraged to formulate the information sharing and analysis centers (ISAC). (GAO, 2004)

The 9/11 attacks on the World Trade Center and the Pentagon have made it all too clear that terrorists and terrorist organizations have all the capability to wreak havoc on the innocent population with weapons of mass destruction (WMD). The threat of annihilation is brutally clear if the government remains unaware of what these groups can offer. It is also clear that there is a wide spectrum of potential threats that do not involve the threat of overt attacks by states using long-range missiles or conventional military forces. There are more ways to inflict heavy damage on the people by terrorist groups.

In defending the lives and properties of the people, the government is faced with serious problems as security and liberty are sometimes in conflict, or there seems to be an exchange of liberty and security in the pursuit against the war on terror. This exchange has been seen by many countries as needed and must be done in order to save lives and institute the rule of law.

The threat of cyber terrorism is very real, in fact these groups, particularly Al Qaeda, have been finding every possible opportunity to penetrate government and private-sector websites. The death of the infamous al Qaeda leader Osama bin Laden did not stop his followers to fight against governments and organizations. In fact, many believe they have been strengthened by bin Laden’s demise. And if they were given the chance, they could create havoc and chaos on the Web. Before they kill thousands, or as many as they wanted, they want to destroy everything the civilized world has created. They use the Quran to justify their murderous desire. They can also use IT to destroy their enemy.

But the U. S. government did not lay low after this incident. It is continuously improving its IT infrastructure with emphasis on ISACs and other information sharing functions and activities. The Department of Homeland Security (DHS) is also spearheading various security-related activities to pre-empt and defend the government, the public or private, from any possible attacks by terrorists and Muslim extremists who are aiming to sabotage or inflict damage on files and websites.

Some of the identified challenges pinpointed by the ISACs include building positive relationships among departments within the government along with private sector initiatives, facilitating information flow among the different sectors, collectively solving problems and overcoming barriers to improvement, and identifying responsibilities of the different sectors involved in securing critical IT infrastructures.

A law that has been passed right after the September 11 attacks is the Homeland Security Act of 2002 which provides, among others, strict measures to protect the land from cyber attacks or to secure physical and virtual infrastructures. Among the federal policies formulated since then included encouragement on the different sectors to voluntarily create their own ISACs and for the private sector to participate and cooperate with the government on this line of activity. It was imperative therefore that a close relationship between the government and private sectors be initiated and continuously encouraged. (GAO, 2004, p. 2)

Information sharing among the different federal departments and agencies has long been a policy of the government in its efforts to strengthen its critical infrastructure projects. With this, the US General Accounting Office reported to the US Congress the creation of a number of ISACs in order to enhance information sharing and improve CIP. But there are problems and challenges along the way. (GAO, 2004, p. 3)

The GAO Report proposed key steps to improve information sharing among ISACs. It stressed that the ISAC community had already pinpointed measures to improve information sharing by developing an information sharing plan that should emphasize the various roles and responsibilities of the different sectors. This plan should also formulate criteria that could be a basis for providing incentives in improving their activities.

The Department of Homeland Security was created after the September 11 attacks on the United States main architecture of defense – the Pentagon and the twin towers of the World Trade Center. The law creating this agency of government is the Homeland Security Act of 2002, and a department supporting it with respect to information systems is the Information Analysis and Infrastructure Protection (IAIP) Directorate. This department oversees the function and security of information sharing within the different branches of government.

IAIP’s primary responsibilities are:

  • Direct access to information pertaining to security, intelligence data and information, and other possible threats from the different agencies of the government and the private sector;
  • Identify and assess information of possible terrorist threats;
  • After analyzing and classifying the information, disseminate them to the different agencies and private sectors.

IAIP was also tasked to develop a comprehensive national plan to secure the IT infrastructure of the country and recommend important steps and activities to protect the government’s IT infrastructure.

On the other hand, the Department of Homeland Security has worked to provide more careful examination on vulnerabilities. The Office of the Infrastructure Protection has focused its IP programs and activities on vulnerability issues and analyses. It was also responsible for the creation of the Government Councils and Sector Coordinating Councils to provide and acquire collaboration across levels of government and the different sectors of society. The thrust is to encourage owners and operators (85 percent of them are in the private sector) to continuously institute measures to secure their IT infrastructure by conducting risk assessments and determine the range of threats in those assessments. Vulnerability assessment and determining the risks beyond physical security is also one of the IP recommendations. (National Research Council of the National Academies, 2010, p. 61)

Another IP creation is the Protective Security Advisors (PSA) program which acquired the services of vulnerability specialists and assigned them in the field to help in assessing site-based vulnerabilities in local communities. This is actual or physical examination and assessment of facilities, including protection of such facilities and how to improve site security. In these activities, each site was afforded at least 40 hours of assessment in order to collect enough data and to provide a detailed risk assessment with the site owner-operator. (National Research Council of the National Academies, 2010, p. 62)

DHS’s IP says that the thrust is not just on physical security because vulnerability assessment includes a complete systems activity and process involving exposure, coping capability and adaptation. Before, vulnerability analysis involved only the systems’ exposure to threats or attacks, now these several dimensions have been taken into consideration.

Laws on IT

The terrorist attacks against major cities in the United States on September 11, 2001 produced mixed reactions and deep concerns in countries throughout the world about their own security against terrorism. The United States and countries around the world are under constant threat of terrorism, not only by physical means but through clandestine operations and through other means like using the Web and information technology. Despite the death of al Qaeda’s top leader Osama bin Laden and capture of some terrorist leaders, the United States and the federal agencies continue to be vigilant against any form of terrorism including computer hacking, frauds and other privacy issues.

In defending the lives and properties of the people, the Government is faced with serious problems as security and liberty are sometimes in conflict, or there seems to be an exchange of liberty and security in the pursuit against the war on terror. This exchange has been seen by many countries as needed and must be done in order to save lives and institute the rule of law. Enacting laws to protect the public against terrorism carries a price which is the curtailment of individual freedom.

Laws must be enforced, but they have to be properly defined. Special measures should be taken to make these vast information and control mechanisms withstand the strict scrutiny so as to provide the needed security. Human rights must be protected.

The First and the Second World Wars spawned many atrocities against humanity and violations of human rights. People and governments of many nations were asking how all those ever happened. The term human right was not even included in the dictionary. But governments and leaders started to picture what would happen next if they didn’t do something to prevent or minimize more man-made catastrophes.

In 1941 when President Roosevelt enunciated the Four Freedoms, human rights became an official war aim, even before the US had officially entered the conflict. Nevertheless, it was only as a result of successful lobbying by NGOs attending the San Francisco conference, which formed first the United Nations in 1945, that there were many references on human rights, at first coming from the UN Charter. (Greer, 2006, p. 9)

The Preamble of the UN Charter reaffirms ‘…faith in fundamental human rights, in the dignity and worth of the human person, in the equal rights of men and women and of nations large and small’. A passage in Article 1 pushes for the promotion of ‘human rights and fundamental freedoms for all’. The UN should cooperate to promote such rights. This is in support to Article 55 of the same Charter that proclaims the UN’s support and endorsement for ‘universal respect for and observance of, human rights and fundamental freedoms for all without discrimination as to race, sex, language or religion’. (Greer, 2006)

This is emphasized because of the multi-culture and multi-ethnic nature of the United Nations, which was then starting as a world body after the war. For example, the United Kingdom already introduced many anti-terrorism laws before the September 11 attacks against the United States. These laws were focused on the terroristic activities of the Irish Republican Army (IRA) forces. More laws were passed in support of the antiterrorism laws. Some of these laws pushed for detention without trial of suspected terrorists. The particular provision gives power on the Home Secretary as he certifies an individual as suspected terrorist or is suspected to be a threat to the national security. (Greer, 2006)

In the face of mounting problems and regulations against terrorism, laws on human rights are important for the protection of individuals’ inherent and inviolable rights as embodied in the European Commission for Human Rights and the other provisions of the UN constitution, some of which promote individual and people’s rights.

The main function of international human rights law according to the United Nations is to obligate governments to act in certain ways and/or stop them from acting in a certain way in order to promote and protect human rights and fundamental freedoms of individuals or groups

While laws protect innocent civilians, organizations and people in their homes have to be protected from cyber terrorism and cyber criminals. The United States, the United Kingdom and many countries in Europe enforce stringent measures and control requirements in providing accurate record keeping for organizations and government agencies.

Some of these laws include the U.S. Public Company Accounting Reform and Investor Protection Act of 2002. This is also known as the Sarbanes-Oxley Act (or SOX). The law was passed after the controversy over accounting scandals committed by officials of companies like Enron, WorldCom, Tyco, Adelphia, Global Crossing, and Quest. Section 404 of the Sarbanes-Oxley Act specifically stipulates that reports submitted to the SEC must be certified correct, and the information therein is accurate, by the organization official submitting the report. (Reynolds, 2010, p. 29)

The law is also strict pertaining to physical IT assets. Managers are responsible for their security, like for example applications, databases, including hardware which should be protected from possible harm or loss due to natural disasters and calamities. If calamities should happen (force majeure) there should be measures undertaken that would ensure business continuity and operation. Management has also the responsibility to ensure that data assets are not lost, altered and that privacy rights are also protected.

Privacy issues include the transfer of data and information without the consent or knowledge of persons or the authorities. There are many underlying legal issues in this context, especially when the transfer of information and data involve organizations and nation states. For example, when the transfer of information and data involves satellites in space which are used in the retrieving information; the question is which country has jurisdiction over such cases. Governments of countries should meet along these issues and discuss which has jurisdiction over such transfer of information. (Kelly Rainer and Cegielski, 2011, p. 83)

The United States and the European Union have almost the same privacy protection laws, although there are some slight differences. There has been a move from both governments as to privacy approaches; this was called the “Safe Harbor” framework. This provides a regulation on the transfer of information and personal data of European citizens. (Kelly Rainer and Cegielski, 2011, p. 83)

Another legal issue is that government legislation, particularly in the United States, states that almost all types of information must be protected under the law. For example, the Gramm-Leach-Bliley Act provides that companies conducting business should provide consumers of their organization’s privacy policies. The law further states that consumers should be provided with a way in which they can be protected in case they do not want their personal information be divulged to others, especially outside of the organization which holds the information. Medical records and other health information of persons are also protected by a law known as the Health Insurance Portability and Accountability Act (HIPAA).

Critical Infrastructure Sectors

The GAO identified the following infrastructure sectors and agencies of the government, including the private sector, which should be protected from terrorist threats and be involved/subject in the information sharing:

Critical Infrastructure Sectors

The GAO Report stated that ISACs were created to enhance information sharing and analysis among members, to minimize risks and threats, and for the government to response to adverse situations or events, including attacks against computer software, physical attacks, and natural calamities. ISACs were created for critical infrastructure protection to all sectors and branches of the government, including private and public sectors. All areas are covered by ISAC concept – food, energy, communication, transportation, and all other areas.

DRAFT Cloud Computing Synopsis (NIST Special Publication 800-146)

Cloud computing is a topic for discussion for organizations. Managers, C-level executives, analysts, and IT security experts should not just have basic knowledge on it but adequate knowledge for it is used by big companies like Amazon for services like Elastic Compute cloud, Simple Storage Services, etc.

By 2012, cloud computing research will have reached $42 billion. Revenues for could services reached $56.3, according to Gartner Inc. (Velte, Velte, & Elsepenter, 2010).

According to Badger, Grance, Patt-Comer, and Voas (2011) authors of “Draft Cloud Computing Synopsis and Recommendations”, NIST Special Publication 800-146, cloud computing enables individuals and companies to use computer applications, such as software development and other computer processes and data storage. Badger et al.’s document reviews NIST guidelines and concepts on cloud computing.

Cloud computing is adaptable to different technologies with their own configurations. Organizations should know the characteristics of clouds including the deployment models, the kinds of services they can offer their clients (service models), the financial side or the economic risks, the technical aspects, the terms of usage of the system, and, above all, the security aspect of using clouds.

  1. Deployment Models – Cloud computing systems can be set up or deployed in the territory of another cloud customer, or it can be shared with co-customers and can be hosted by other cloud customers. There are various kinds of deployment models and customers can have choices as to how he/she can control the system depending on the resources at hand. (Badger, Grance, Patt-Comer, & Voas, 2011)
  2. Service Models – A cloud can make use of emails and other software applications, even the traditional software resources. Examples of service models include “Software as a Service” (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). This last one is more preferable and can offer services which are well-defined for customers. (Badger et al., 2011, p. ES-1)
  3. Economic Considerations – Cloud computing servicing offers several payment schemes that allow customers to pay only minimal like service charges. Customers can request and receive resources depending on the services they want.
  4. Operational characteristics – Cloud computing can provide applications that can be subdivided into small parts. Networking is one of the major activity of cloud computing.
  5. Service Level Agreements – this refers to the terms of service which must be clearly understood by organizations and customers.
  6. Security – Like any other computer resource application, cloud computing is affected by security risks. It involves networking and thus its vulnerabilities are constantly exposed. Cloud providers should be able to protect and isolate their customers by providing ‘robust security controls’. (Badger et al., 2011, p. ES-2)

Security and Privacy in Cloud Computing

Security in cloud is complicated and challenging for security experts considering that most public clouds and their infrastructure and resources are owned by private companies who sell them to the general public.

The emergence and popularity of cloud computing has great impact on the systems of organizations and government agencies. There are features in cloud computing that are not in conformity with the traditional model of computing and controls.

Jansen and Grance (2011), authors of “Guidelines on Security and Privacy in Public Cloud Computing”, an NIST Special Publication (SP 800-144), provided recommendations to federal departments and agencies. These are enumerated below.

  • The security and privacy aspects of cloud computing should first be planned carefully.

The approach should take into consideration the sensitivity of data to be incorporated. This is true with other emerging IT, but with cloud computing utmost care is to be provided. This can be done with careful planning because planning ensures security and privacy of the data. The agency can have full benefit of the IT spending. In outsourcing IT services, security is primary important.

  • The cloud computing environment should be carefully analyzed and understood with the aim of determining whether the computing solution satisfied regulations and requirements on security. (Jansen and Grance, 2011, p. vii)

Organizations should apply the necessary configuration, deployment, and management in public cloud computing in order to meet the necessary security and privacy requirements. Terms and conditions, and the normal legal agreements for public cloud computing should be followed, although there are instances of negotiated agreements. These negotiated agreements are sometimes necessary in that it can help provide the needed security and privacy requirements for organizations. The data required may include ‘data encryption and segregation, tracking and reporting service effectiveness’, among others. (Federal Information Processing Standard 140 as cited in Jansen and Grance, 2011, p. vii)

NIST Information Security (NIST Special Publication 800-53 Revision 3)

Federal standards require that organizations state there IS security category in compliance with FIPS 199 which is the “Standards for Security Categorization of Federal Information and Information Systems”. Organizations can flexibly adopt the baseline security controls that correspond to the guidelines set by this special publication.

This publication along with FIPS 200 provides the necessary security requirements and controls applied to all information systems in the multiple federal agencies of the United States. First, there should be an organizational assessment of risk which determines the necessary security control to find out if there are still lacking security requirements to protect organizational operations, including the various assets of the organization, or the country in general. This also establishes the required level of security for the organization.

Security control is defined by this publication as:

‘…the management, operational, and technical safeguards or countermeasures employed within an organizational information system to protect the confidentiality, integrity, and availability of the system and its information.’ (NIST Special Publication 800-53 Revision 3

In determining the security requirements of their information systems, organizations should be able to answer the following questions:

  • What security controls should be installed and incorporated into the system to adequately address the risk associated with the implementation of the information systems’ operations of the organization?
  • Is there a realistic and reasonable plan in the selection of security controls already in place in the organization’s information system?
  • How effective are the security controls incorporated into the system?

Organizations should provide an effective information security program that should put in detail the various aspects of the operation, for example identification, mitigation and monitoring of the risks involved in the operation. The security controls provided by the special publication should be applied in conjunction with the organization’s own security controls.

This NIST special publication includes risk management in the operation of the information systems of organizations and the country in general. Risk management – as discussed in the earlier sections of this paper – is a significant aspect in information security programs of organizations.

The following Risk Management Framework activities described in this special publication should be implemented by organizations:

  • Categorize – the process of categorization should start within the organization in accordance with the FIPS 199 impact analysis.
  • Select – select means choosing the appropriate baseline security controls based on the FIPS 200 security requirements. This includes applying ‘tailoring guidance’, and putting in place the appropriate security controls based on the risk management processes implemented by the organization.
  • Implement – this means applying the security controls and describing how they work in the information system.
  • Assess – this means assessing the performance of the installed security controls by using the necessary assessment procedures to determine how the controls have been implemented and whether they produced the desired results in securing the information systems.
  • Authorize – the operation of the information system in accordance with the risk management processes already in place and implemented.
  • Monitor – the security controls regularly to make sure they are effective. Monitoring also includes assessment of control effectiveness and documenting changes to the system’s operations.

The National Strategy to Secure Cyberspace

The National Strategy to Secure Cyberspace was created by Presidential Decision Directive 63 (GAO, 2004, p. 30) to support the foundation and development of the critical infrastructure project approach of the government. The primary agency mandated to carry on the policies and provisions of the directive was the National Infrastructure Protection Center (NIPC), which is under the FBI.

This program of government provides guidelines for the protection of the United States’ cyberspace. It provides policies for the different departments and instrumentalities of the government whose functions involve cyberspace security, and identifies steps and activities that individuals and organizations should take to protect cyberspace. (GAO, 2004, p. 22)

It is part of a nationwide strategy to protect every aspect of the United States infrastructure, both public and private. This strategy is an implementing part of the National Strategy for Homeland Security. The primary aim of this document is to involve all Americans and empower them to secure the parts of Information Systems that they have at their disposal and those they control or interact with. In its Introduction, the document recognizes the difficulty in accepting the challenge because this requires coordinated effort from all aspects of society including the federal government, all local governments and the entire American people. (The National Strategy to Secure Cyberspace, 2003, p. 2)

The United States government recognizes the fact that global economy and national security have become dependent upon information technology with its corresponding infrastructure and with the Internet as the core of this entire infrastructure. The Internet was originally invented for scientists to share their unclassified research information. But today it is used by millions of connected computers with all the risks and threats present. (The National Strategy to Secure Cyberspace, 2003 as cited in Schell & Clemens, 2004, p. 78)

The threat of organized attack through the Internet and information technology is very real; it will cause a serious disruption to the country’s critical infrastructure including security of the nation and of the economy. The perceived enemy of the United States – the terrorists and their organizations – has the potential to strike with technical sophistication. They are going to strike the so-called vulnerabilities. (The National Strategy to Secure Cyberspace, 2003, p. 6)

Enemies of the United States may conduct espionage activities on the government, including U.S. educational institutions and research centers, and public and private firms. They may prepare attacks through the Internet by mapping information systems, finding out what targets to strike, and accessing the country’s infrastructure through every possible means available. The enemy too can intimidate the country’s political leaders through cyber attacks.

Cyber attacks can disrupt public life and the government’s critical operations and can cause loss of revenues for the government, even loss of lives and properties. Countering these attacks should force the country’s defense department or those in charge of IT security, to build robust capabilities in order to reduce the perceived vulnerabilities. Through cyber attacks, the enemy can strike the country even at a distance. (The National Strategy to Secure Cyberspace, 2003, p. 7)

The problem of IT security should be addressed on several levels:

  • Level 1: the home user or small business organization

Internet users at home can become a part of computer networks to attack government and private infrastructure. Most homes and private organizations today are connected to the internet. Many of them have digital subscriber lines (DSL) connections which can be vulnerable to attacks by professional hackers. Terrorists can conduct denial-of-service (DoS) attacks to these users.

  • Level 2: Big Enterprises

Big corporations, government agencies, educational institutions and research facilities can be targets of attacks. In fact, terrorists could be aiming for these particular targets due to the magnitude of damage that could be inflicted once success is attained by cyber attackers. Most of the above-mentioned organizations are part of critical infrastructures.

  • Level 3: Critical Sectors

Some institutions and enterprises form groups to address common problems in security. Small enterprises can join in these groups which conduct best practices and evaluate technological problems. It is important to note that forming groups can also have vulnerabilities because these groups share information and mechanisms. Information Sharing and Analysis Centers (ISACs) are a way of monitoring cyber attacks. They also conduct best practices and reducing vulnerabilities. (The National Strategy to Secure Cyberspace, 2003, p. 8)

  • Level 4: National Issues and Vulnerabilities

Cyber security problems are usually national in scope. All sectors share information through the Internet, and so they are all at risk if their systems are not secure. Some software and hardware components are not well secure making problems spread up to the national level. Also, there should be more trained and qualified personnel to manage and operate their respective information systems.

  • Level 5: Global

The worldwide web is an information system that involves a planet-wide scope and grid. The interconnectedness of computers allows more vulnerabilities on the part of those connected to the grid and creates a problem in case of an attack. There should be more cooperation in the international context by sharing information about criminals and their activities so that apprehension and subsequent prosecution in proper courts can be done. (The National Strategy to Secure Cyberspace, 2003, p. 8)

Roles and Responsibilities to Secure Cyberspace
Table 6: Roles and Responsibilities to Secure Cyberspace

The figure above shows the roles and responsibilities of the different sectors of society in securing cyberspace. As can be gleaned from this scenario, everyone has a role to play in the safety and security of the world’s cyberspace.

The home user and small businesses have the responsibility to reduce the threat and vulnerability in cyberspace security. They also have to be aware of the threats and continuously train for security awareness program.

On the other hand, large enterprises should be committed to the five priorities. They have a bigger role and responsibility in securing cyberspace. This is along with the other critical sectors and infrastructures.

Discussion: Findings and Analysis

Why do organizations and home users apply security measures on their computers? Why do they apply anti-viruses? Why should they be aware of IT security? Why do governments spend so much money to protect critical infrastructure?

The answer to these endless questions is only one – the world is interconnected by way of the Internet. Inside an organization, computers are connected via the intranet. They are in the same way connected to the world where there is nothing safe. Viruses, worms, all kinds of malware roam around this ‘small world’ – this global village. If there are no security measures, the IT infrastructure becomes contaminated.

Even the most secured website today is not safe. The most secured government websites can be attacked by a virus. It’s all over the news – government websites are closed because of an attack. The Internet has done wonders to the world but it has done terrible harm.

Hardware Protection from Theft

The Computrace Agent is a product used as protection in case of computer theft. It is embedded in a computer to help the computer owner find it in case of theft. (Prison Planet Forum, 2011)

The computrace agent has two components, the “Application Agent” and the “Persistence Modul”. The Application Agent is installed in the computer’s OS (operating system) through an installer. Connected through the Internet, it calls up the Absolute Monitoring Centre providing location information and other valuable data to the owner upon the Agent’s call. The Application Agent helps in the recovery of the computer once it is stolen. The Persistence Module is also another software installed in the BIOS (basic input-output system) of manufactured laptops only to be activated once the Application Agent makes a call to the monitoring center. The module makes a move by reinstalling the Application Agent once it is removed. The computrace is protective mechanism for theft. (Prison Planet Forum, 2011)

However, it is not absolute protection yet. The Persistence Module has to be installed by the Application Agent. The Computrace is activated only by the Absolute Software. When this is installed the Application Agent calls the Monitoring Centre to communicate with the Persistence Module. If the computer is stolen, the BIOS module will make the necessary repair of the computrace agent. (Prison Planet Forum, 2011)

One of the questions this dissertation has to deal with is: How can homeowners – parents and families – guard their computers (and their children) from dangerous sites?

Home users, parents and responsible adults should ensure that their computers are applied with the necessary anti-viruses. Managers should have constant contact and dialogue/discussion with anti-virus firms. These companies aim for secured IT infrastructure. It is not only their job to secure computers and IT infrastructures of organizations and homes, they aim for best practice. Along with organizations, these firms would take pride in securing cyberspace.

Aside from prayers and constant checking on children, especially teens, parents can install software that guards dangerous websites. They should establish house rules for Internet use. Continuous bonding with family members to avoid teens to focus on websites used by criminals and drug syndicates is one way of safeguarding children from cyber criminals.

Berndt (2007) suggests that computers should be placed in a common location of the house where everybody can see and not in a very private place where children can have access to pornographic websites. Parents should be alert and take notice when children are in danger signs, such as when they suddenly shut down the computer when someone watches them.

A software can also be installed in the computer that can filter some functions or websites so that the children cannot access to those suspected websites. Some pre-selected topics can also be programmed on the computer, for instance when the topic touches on pornography, drugs or crimes, the website automatically closes.

Filtering programs can be accessed through websites like “cyberpatrol”, cybersitter, and netnanny. Anti-virus companies such as McAfee or NortonSymantec also have filtering programs that can allow safe web browsing for children and teens at home. (Miller, 2007, p. 157)

Another question to be answered here is: What are the guard sites on the web for children, families and everyone to browse and interact with?

Securing IT Infrastructure of Enterprise and Large Installations

SCADA (Systems Control and Data Acquisition) has been the dominant model for data acquisition/monitoring and disaster control for the last fifty years, and modern day wireless technology has seriously challenged its vulnerability to hackers and cyber-attacks.

Systems Control and Data Acquisition (SCADA) is a model for data acquisition and monitoring and disaster control used in industries, particularly pipeline industries and manufacturing plants. This is used in modern day wireless technology to challenge hackers and cyber-attacks.

SCADA should be continuously monitored and upgraded and security processes of technology maintained. The emergence of new technology has made systems vulnerable to cyber attacks. The primary purpose of SCADA is to collect real time data. Industries and plants using this are those from the waste water facilities, electrical companies, oil manufacturing plants and refineries, railways, nuclear facilities, and many more industries.

SCADA has been in use since the 1960s, but originally it was used for oil monitoring systems. The term became popular when a U.S. ad agency used it to link Intellution’s FIX software during the period around 1994 (Babb, Michael 2004).

SCADA has come to emerge as a generic term for a computer infrastructure in a plant or enterprise, to collect and monitor data and provide emergency alarms. The general term for data acquisition has been called Industrial Control Systems (ICS), and SCADA is a part of this, along with Distributed Control Systems (DCS), and Programmable Logic Controllers (PLCs). (Stouffer et al., 2006)

Over the course of a few decades, SCADA has been modified and provided various improvements to respond to data acquisition and monitoring, and a consequent damage control but the infrastructure since the time it was invented remains the same.

Basically, SCADA is one computer systems whose primary purpose is to gather data spread out over a wide area, and not just in a room or office. It can remotely monitor a wide area of computers.

The Infrastructure: How SCADA works

A complete infrastructure is composed of three major parts: the HMI (Human Machine Interface); the terminals known as the RTUs (Remote Terminal Units or Remote Telemetry Units); and other communication units such as alarm systems. The composition of these systems in a SCADA would enable personnel to monitor remotely the machine functions and processes in the different departments, stations and work areas without personally going to those areas which could a few miles away. This makes SCADA very cost efficient.

The following are the specific functions of the major parts of a SCADA:

Human Machine Interface (HMI)

This portion is the main station and main terminal unit (MTU) where the collected data from far-flung divisions are assessed by humans, the personnel of the plant. The HMI has connections to RTUs which are spread out to the fields and work areas, or the various work sites, even thousands. Data is collected through sensors, but the latest trend is by digital images.

Underground cables, fiber optics and wireless technology are used to transmit data from the RTUs to the MTU. The data transmitted to the HMI is already a graphical representation or graphical trends. A deviation of the graphical trend will tell the personnel that there is something wrong. The SCADA will pinpoint the defect or spot an attack. The sensors will shut down the troubled areas, preventing an escalation of the damage and will give enough time for the personnel to remedy the situation.

Remote Terminal Units (RTUs)

These are the parts of SCADA directly connected to the Master Station. They are also known as brains of the SCADA because they read the gathered data through the sensors. They can detect leakages and read high or low temperature, including humidity, dust, pollution, etc.

Other functions can be added to the SCADA through a software configuration.

The SCADA is like a giant PC with many functions but simple to operate. SCADA has customized products and software now available in the computer markets. The parts for RTUs are available through PLCs (Programmable Logic Controllers). Small industrial computers have also replaced big computers.

New software is applied to make SCADA safe from hackers. The number of computers has also been reduced with local area network more confined to safer ‘rooms’, and the wireless technology has been made safer. Cables are connected underground.

The Evolution of SCADA

The first generation SCADA had a computer mainframe and was not connected to any other system. It was costly and redundant which made it vulnerable to hackers.

The next generation provided for a network of mini-computers with a server connected by Wide Area Network (WAN). Each mini-computer had its own specific function. Since the stations are connected through LAN, it has to be on-line all the time. LAN allows for a local area connection.

The next generation SCADA used a Wide Area Network, interconnecting RTUs scattered in a wider area in the fields. Communication is carried out through the Internet, making it vulnerable to attack by hackers.

The SCADA system for pipeline industries has to be very effective in monitoring defects and attacks because any security threat can wreck havoc on the systems of unimagined proportions if the threat is not addressed right away. The application of new software has been the direct solution to this with products introduced by Microsoft, Siemens, Novus, etc.

SCADA in pipeline industries, for example those in water systems, waste water facilities, oil, etc, makes use of pipes in securing cables. Those in broadcast companies physically protect their systems by embedding pipes and tubes in walls, or underground.

Wi-Fi Technology

The word Wi-Fi comes from the words ‘wide’ and ‘fidelity’. The other term for Wi-Fi is Wireless Ethernet. The principle behind the Wi-Fi technology is the use of radio signal to distribute computer data. There are three elements used in the wireless transmission of data – the signal, the data format and the structure. The elements work and cooperate with each other to make a Wi-Fi function. The network structure includes the sender and the receiver of the radio signals. Wi-Fi is intended for wireless connection in a limited local area network. In other words, Wi-Fi is useful for limited area coverage. WiMAX is for a wider coverage.

A Wi-Fi connection can have the speed of 54 MPBS for the standards 802.11a and 80211b. This later connection is capable of transmitting signal up to 11 Megabits per second. More modifications or improvement are being introduced on the Wi-Fi technology with faster signal transmission. Wi-Fi connections however can be used to transmit broadband signal.

Wi-Fi Security

A software known as Wired Equivalent Privacy (WEP) is used to protect physical and data link layers. This type of software has a distinct characteristic of protecting data while it travels through the air from transmitter to receiver. Wi-Fi works in contrast to LANs because the latter is restricted within the premises of a building. It is different with the Wi-Fi connection. This one travels through radio waves and data could be intercepted and hacked while in transit. In using WEP, a continuous monitoring and maintenance have to be instituted because they could pass into the wrong hands with ulterior motive.


This is a comprehensive paper on information technology. Other topics discussed include security, risks and threats, and protection of information technology infrastructure. Emphasized in this dissertation are the many applications of information technology in organizations and the government in particular, including the use of computers and IT at home, in small and big organizations and businesses. Underlined are the different aspects of IT infrastructure in organizations. It is hoped that readers will find this book or manual useful in the use of information technology.

IT security is a responsibility of both the manager and the user of information technology. Members of an organization should put it in their shoulders the responsibility of securing their IT infrastructure because they are a part of the system and they are the ones involved and will be affected once an attack occurs.

Attacks are not targeted on the system alone. Attacks are directed towards people. Members of an organization are the target, thus they should be concerned. Cyber criminals and terrorists aim for panic and fear of the target. Hobbyists or those who enjoy by sowing fear on their victims are one of the most creative people who can inflict damage on computers connected online. The greatest damage that they can inflict is destruction of the files of computers and ultimately the hardware and software.

The United States government, along with its various federal agencies in charge of securing critical IT infrastructure, has programs and activities aimed at securing government infrastructures including public and private offices with their respective infrastructures. It is highly recommended that the various topics on IT security with respect to the government’s programs and activities, as discussed in the literature, be taken seriously and be a part of the programs and activities of firms and organizations.

The government’s programs are highly commendable. Some of these programs include the National Strategy to Secure Cyberspace which was created under Presidential Decision to provide a foundation and development of critical infrastructure project approaches of the government. This program is a government effort to secure cyberspace. Its primary aim is to involve all Americans for the security of the various parts of information systems and organizations IT infrastructures.

The NIST programs, activities and its many special publications on IS security should be studied and be a part of organizational programs and strategies. Organizations should not take this for granted but instead encourage their employees and members to study and implement the recommendations in the various special publications.

An example of an important publication discussed in the literature is the NIST Special Publication 800-53 which provides the necessary requirements and controls applied to all information systems in the government.

The laws on IT are also another important point in the discussion. The rights of the American people are first and foremost in the discussion of human rights. The U.S. government also recognizes and upholds all people’s rights regardless of nationality and race.

The Preamble of the UN Charter reaffirms and emphasized human rights because of the multi-culture and multi-ethnic nature of the United Nations.


Ally, M. (2009). Mobile learning. Canada: Athabasca University Press.

Alvarez, R. (2002). The myth of integration: a case study of an ERP implementation. In F. Nah, (Ed.), Enterprise resource planning solutions & management. London: IRM Press.

Armbrust, M., et al., 2009. Above the clouds: a Berkeley view of cloud computing. Technical Report No. Web.

Badger, L., Grance, T., Patt-Comer, R., & Voas, J. (2011). DRAFT cloud computing synopsis and recommendations: recommendations of the National Institute of Standards and Technology. NIST, US Department of Commerce. Web.

Andronico, A., Carbonaro, A., Colazzo, L., Molinari, A., Ronchetti, M., & Trifonova, A. (2004). Designing models and services for learning management systems in mobile settings. In F. Crestani, M. Dunlop, & Mizzaro, S. (Eds.), Mobile and ubiquitous information access. Berlin Heidelberg, Germany: Springer-Verlag. ISBN 3-540-21003-2

Armstrong, M. (2006). A handbook of human resource management practice. London: Kogan Page Limited.

Associated Press (2011). Fake Apple stores in China. Web.

Aswathappa, K. and Dash, S. (2008). International human resource management: text and cases. London: McGraw-Hill Publishing Company Ltd.

Badger, L., Grance, T., Patt-Comer, R., & Voas, J. (2011). DRAFT cloud computing synopsis and recommendations: recommendations of the National Institute of Standards and Technology. NIST, US Department of Commerce. Web.

Bairoch, P., 2000. The constituent economic principles of globalization in historical perspective: myths and realities (trans. by M. Kendall and S. Kendall). International Sociology June 2000, Vol 15(2): 197-214.

Bartelson, J., 2000. Three concepts of globalization. International Sociology 2000; 15; 180-193.

Beckford, J. (2002). Quality: a critical introduction. London; New York: Routledge.

Berkman, L. F. (2008). Encyclopedia of Public Health: Social Networks and Social Support. Web.

Berndt, J. (2007). Praying the scriptures for your teenagers. Grand Rapids, Michigan: Zondervan.

Berry, M. (1998). The new integrated market direct marketing. United States of America: Gower Publishing Limited.

Bisaerts, D. (2011). President Obama is dead, says Fox News through their (hacked) twitter account. Web.

Boehm, B. W. & Jain, A. (2007). An initial theory of value-based software engineering (2005). In R. Selby (Ed.), Software engineering: Barry W. Boehm’s lifetime contributions to software development, management, and research. New Jersey: John Wiley & Sons, Inc.

Brown, M. G. (2006). Baldridge award winning quality. United States of America: Productivity Press.

Bueno, S. & Salmeron, J. L. (2008). TAM-based success modeling in ERP. Interacting with Computers, 20 515-523

Bulgurcu, B., Cavusoglu, H., & Benbasat, I. ( 2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. Retrieved from MIS Quarterly Vol. 34 No. 3 pp. 523-548.

Burnes, B. (2004). Managing change. 4th edition. Pearson Education Ltd.

Buzzell, R. (1968). Can you standardize multinational marketing? Harvard Business Review, Vol. 46, pp. 102-103. Cited in Vrontis, D. et al., 2009, International marketing adaptation versus standardisation of multinational companies, International Marketing Review, Vol. 26 Nos 4/5 [e-journal]. Web.

Business in (2010). Ford to make Asia a focus: and Thailand to be central pillar of Ford’s Asian strategy. Web.

Canis, B. (2011). U.S. motor vehicle industry: confronting a new dynamic in the global economy. United States of America: Diane Publishing.

Channer, P. & Hope, T. (2001). Emotional impact: passionate leaders and corporate transformation. New York: Palgrave.

Córdoba, J. (2007). Developing inclusion and critical reflection in information systems planning. Organization 2007, 14(6), 909-927.

Davis, B. G. (2009). Tools for teaching, second ed. San Francisco, CA: John Wiley & Sons.

Doyle, E. & Adam, F. (2004). Chapter 3: Investigating the rationale for ERP: a case study. In F. Adam, & D. Sammon (Eds.), The enterprise resource planning decade: lessons learned and issues for the future. Hershey, PA: Idea Group Publishing.

Eisenhardt, K. (1989). Building theories from case study research. Academy of Management Review, 1989, Vol. 14. 532-550 [e-journal], Retrieved from City University London Library.

Eltschinger, C. (2007). Source code China: the new global hub of IT (Information Technology) outsourcing. New Jersey: John Wiley & Sons, Inc.

Erbschloe, M. (2005). Trojans, worms, and spyware: a computer security professional’s guide to malicious code. Oxford: Elsevier Butterworth – Heinemann.

Fernie, J. (2004). Retail logistics. In M. Bruce, C. Moore, and G. Birtwistle (Eds.), International retail marketing: a case study approach. Burlington, MA: Elsevier Butterworth-Heinemann.

Fehily, C. (2010). Microsoft windows 7: learn Microsoft windows the quick and easy way. Berkeley, California: Peachpit Press.

Ford (2010). The Ford story. Web.

Goodwin Procter (2010). Founder’s workbench. Web.

Grabski, S., Leech, S., & Lu, B. (2003). Enterprise system implementation risks and controls. In G. Shanks, P. Seddon, & L. Willcocks (Eds.), Second-wave enterprise resource planning systems: implementing for effectiveness. Cambridge, UK: Cambridge University Press.

Graham Peace, A. et al. (2002). Ethical issues in ebusiness: a proposal for creating the ebusiness principles. Business and Society Review 107:1 41-60 [e-journal]. Web.

Greer, S. (2006). The European convention on human rights: achievements, problems and prospects. United Kingdom: Cambridge University Press.

Greer, D. & Conradi, R. (2009). Software project initiation and planning – an empirical study. The Institution of Engineering and Technology 2009, Vol. 3, Iss. 5, pp. 356-368.

Groysberg, B., Nanda, A., & Nohria, N. (2005). The risky business of hiring stars. Harvard Business Review.

Grundy, T. and Brown, L. (2003). Value-based human resource strategy: developing your consultancy role. Burlington, MA: Elsevier Butterworth-Heinemann.

Gulati, R. and Oldroyd, J. (2005). The quest for customer focus. Harvard Business Review [e-journal], Available from City University London database.

Gupta, A. K. & Becerra, M. (2003). Impact of strategic context and inter-unit trust on knowledge flows within the multinational corporation. In B. McKern (Ed.), Managing the global network corporation. New York: Routledge.

Haggerty, J. & Taylor, M. (2007). FORSIGS: Forensic signature analysis of the hard drive for multimedia file fingerprints. In H. Venter, M. Eloff, L. Labuschagne, J. Eloff, & R. von Sohns (Eds.), New approaches for security, privacy and trust in complex environments (p. 2). United States of America: Springer.

Harmon, J. & Anderson, S. (2003). The design and implementation of geographic information systems. New Jersey: John Wiley & Sons, Inc.

Hawkes, S. & Seib, C., (2008), “Tesco puts the world on notice after ringing up record profits of nearly £3bn”, Times Online, Web.

Heffernan, V. (2008). Facebook Politics. The New York Times Magazine. Web.

Herbig, P. (1998). Handbook of cross-cultural marketing. New York: The Haworth Press, Inc.

Hofkirchner, W. (2007). The quest for a unified theory of information. The Netherlands: Gordon and Breach Publishers.

Holden, S. I. (1992). A knowledge based technique for the process modeling of information systems: the object life cycle diagram. In: P. Loucopoulos (Ed.), Advanced information systems engineering: 4th international conference CAiSE ’92, Manchester, UK, May 1992 Proceedings. Manchester, UK: Springer-Verlag.

Holland, C. P. & Light, B. (2003). A framework for understanding success and failure in enterprise resource planning system implementation. In G. Shanks, P. Seddon, & L. Willcocks (Eds.), Second-wave enterprise resource planning systems: implementing for effectiveness. Cambridge, UK: Cambridge University Press.

Holsapple, C. W., Wang, Y., & Wu, J. (2005). Empirically testing user characteristics and fitness factors in enterprise resource planning success. International Journal of Human-Computer Interaction, 19 (3), 323-342

Humby, C., et al. (2007). Scoring points: how Tesco continues to win customer loyalty. London: Kogan Page Limited.

IEEE Computer Society (2011). Guide to the software engineering body of knowledge (SWEBOK). Web.

International Business Times (2011). Apple’s App Store Awarded the Biggest App Store by Guinness World Records. Web.

Ives, N. (2008). Facebook COO: Web needs new model, new metrics. Advertising Age website. Web.

Jansen, W. & Grance, T. (2011). Guidelines on security and privacy in public cloud computing: draft NIST special publication 800-144 on computer security. National Institute of Standard and Technology, U.S. Department of Commerce, Web.

Jenson, R. & Johnson, I. (2000). Chapter 3: Enterprise resource planning system as a strategic solution. In J. M. Myerson (Ed.), Enterprise systems integration (second edition). Florida: CRC Press LLC.

Jones, D. (2007). Profits from The Lean Business Model. In: Editor Robert Heller’s The Thinking CEO. Web.

Kayworth, T. & Whitten, D. (2010). Effective information security requires a balance of social and technology factors. MIS Quarterly Executive Vol. 9 No. 3.

Kelly, K. (2011). Understanding technological evolution and diversity. Web.

Kelly Rainer, R. and Cegielski, C. (2011). Introduction to information systems: enabling and transforming business. United States of America: Quebecor World Versailles.

Knights, D. & Willmott, H. (2007). Introducing organizational behaviour & management. London: Thomson Learning.

Kukulska-Hulme, A. & Traxler, J. (Eds.) (2005). Mobile learning: a handbook for educators and trainers. New York: Routledge.

Laudon, K. & Laudon, J. (2009). Essentials of business information systems. 8th ed. London: Prentice Hall.

Lee, W. (2010). Windows 7: up and running. United States of America: O’Reilly Media Inc.

Levenson, M. (2008). Facebook, ConnectU settle dispute. Web.

Li, F. (2006). What is e-business?: How the internet transforms organizations. Great Britain: Blackwell Publishing.

Lincoln, K. & Thomassen, L. (2008). Private label: turning the retail brand threat into your biggest opportunity. London: Kogan Page Limited.

Lipsey, R.G. (1999). Globalization and national government policies: an economist’s view. In J. H. Dunning (Ed.), Governments, globalization, and international business. United Kingdom: Oxford University Press.

Luecke, R. & Hall, B. (2006). Performance management: measure and improve the effectiveness of your employees. United States of America: Harvard Business School Publishing Corporation.

Lynch, R. (2008). Global Automotive Vehicle – Strategy in a Mature Market and Toyota: What is its Strategy for World Leadership. In Strategic Management, 5th edition. Financial Times/ Prentice Hall.

Maxwell, J. (2008). A leader’s way: The challenge of change. Philippine Daily Inquirer. Web.

Microsoft Singapore (2009). Work + Life, All about optimizing technology. Web.

Miller, M. (2007). Absolute beginner’s guide to computer basics, fourth edition. Untied States of America: Que Publishing.

Mische, M. A. (2000). Chapter 1 Defining systems integration. In J. M. Myerson (Ed.), Enterprise systems integration (second edition). Florida: CRC Press LLC.

M2 Communications (2011). Ten billion apps downloaded from Apple’s app store worldwide. Computer Products News.

Nah, F., Zuckweiler, K., & Lau, J. (2003). ERP implementation: chief information officers’ erceptions of critical success factors. International Journal of Human-Computer Interaction, 16 (1), 5–22

National Research Council of the National Academies (2010). Review of the Department of Homeland Security’s approach to risk analysis. United States of America: National Academy of Sciences.

NIST Special Publication 800-53 Revision 3 (2009). Information Security: recommended security controls for federal information systems and organizations. Web.

O’Gorman, B. (2004). The road to ERP: has industry learned or revolved back to the start? In F. Adam & D. Sammon, The enterprise resource planning decade: lessons learned and issues for the future. Hershey, PA: Idea Group Publishing.

Oliver, D. & Romm, C. T. (2002). Chapter III: ERP systems in universities: rationale advanced for their adoption. In H. Liaquat, J. D. Patrick, & M. A. Rashid (Eds.), Enterprise resource planning: global opportunities and challenges. London: Idea Group Inc (IGI).

Op’t Land, M., Proper, E., Waage, M., Cloo, J., & Claudia, S. (2009). Enterprise architecture: creating value by informed governance. Berlin, Heidelberg: Springer.

Parr, A. & Shanks, G. (2000). A model of ERP project implementation. Journal of Information Technology, 15, 289-303

Pattanayak, B. (2005). Human resource management, 3rd ed. New Delhi India: Prentice Hall.

Plunkett, J. (2006). Plunkett’s automobile industry almanac 2007 (e-book): automobile, truck and specialty vehicle industry. Houston, Texas: Plunkett Research, Ltd.

Plunkett, J. (2007). Plunkett’s retail industry almanac 2008. Texas: Plunkett’s Research, Ltd. Web.

Powell, R. (2004). Basic research methods for librarians, third edition. United States of America: Ablex Publishing Corporation.

Pride, W. and Ferrell, O. (2009). Foundations of marketing, third edition. United States of America: Cengage Learning.

Prison Planet Forum (2011). Computrace agent – oh really now? Web.

Quinn, S., Waltermire, D., Johnson, C., Scarfone, K., & Banghart, J. (2009). NIST special publication 800-126: The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0: Recommendations of the National Institute of Standards and Technology, National Institute of Standards and Technology, U.S. Department of Commerce.

Raab, M., et al. (2008). Global Index: a sociological approach to globalization measurement. International Sociology 2008; 23(4); 596-631. Web.

Raman, A. and Watson, N. (2004). Managing Global Supply Chains. In J. A. Quelch & R. Deshpande (Eds.), The Global Market: Developing a Strategy to Manage Across Borders, United States of America: John Wiley and Sons.

Rashid, M., Hossain, L., & Patrick, J. (2002). The Evolution of ERP systems: a historical perspective. In L. Hossain, J. D. Patrick, & M. A. Rashid (Eds.), Enterprise resource planning: global opportunities & challenges. Hershey, PA: Idea Group Publishing.

Rathbone, A. (2009). Windows 7 for dummies. Indianapolis, Indiana: Wiley Publishing, Inc.

Reynolds, G. (2010). Information technology management. Singapore: Cengage Learning.

Rodriguez, J. & Patricia Ordonez de Pablos (2002). Strategic human resource management: an organizational learning perspective. International Journal of Human Resources Development and Management, Vol. 2, 2002

Rosanova, J. (2003). Russia in the context of globalization. Current Sociology, 2003, Vol. 51(6): 649-669 SAGE Publications.

Ryu, H. & Parsons, D. (2008). Innovative mobile learning: techniques and technologies. United Kingdom: Information Science Reference.

Sammon, D. & Adam, F. (2004). Chapter I: Setting the scene – defining and understanding ERP systems. In F. Adam, & D. Sammon (Eds.), The enterprise resource planning decade: lessons learned and issues for the future. Hershey, PA: Idea Group Publishing.

Saudi Aramco (2011). Company’s story. Web.

Scholtz, J. A. (2009). Securing critical IT infrastructure. Information Security Journal: A Global Perspective, 18:33–39, 2009, Copyright © Taylor & Francis Group.

Schuster, C. & Dufek, D. (2004). The consumer… or Else!: Consumer-centric business paradigms. United States of America: The Haworth Press, Inc.

Seewald, N. (2003). Security tops year’s list of IT priorities. Retrieved from Chemical Week.

Seth, A., & Randall, G. (2001). The grocers: the rise and rise of the supermarket chains (2nd edition). London: Kogan Page Limited.

Setten, M. van et al. (2004). Case-based reasoning as a prediction strategy for hybrid recomender systems. In J. Favela, E. Menasalvas, & E. Chavez (Eds.), Advances in web intelligence: second international Atlantic web intelligence conference.

Siponen, M., Pahnila, S., & Mahmood, A. (2007). Employees’ adherence to information security policies: an empirical study. In H. Venter, M. Eloff, L. Labuschagne, J. Eloff, & R. von Sohns (Eds.), New approaches for security, privacy and trust in complex environments (pp. 133-134). United States of America: Springer.

Sobek, D., Liker, J., & Ward, A. (1998). Another look at how Toyota integrates product development. Web.

Springsteel, I. & Kuan J. S. (2004). Offshore business sourcing special report on law & strategy. USA: World Trade Executive, Inc.

Standard & Poor’s (2009). Standard & Poor’s 500 guide 2009 edition: America’s most watched companies. United States of America: The McGraw-Hill Companies, Inc.

Stone, B. (2007). Facebook. The New York Times. Web.

Stoufer, K., Falco, J., and Kent, K. (2006). Guide to supervisory control and data acquisition (SCADA) and industrial control systems security: recommendations of the National Institute of Standards and Technology. In: Special Publication 800-92, National Institute of Standards and Technology, Gaithersburg, MD.

Suduc, A., Bîzoi, M., & Filip, F. G. (2010). Audit for information systems security. Informatica Economica vol. 14, no. 1/2010. Retrieved from: Business Source Complete database.

Sussland, W. (2000). Connected: a global approach to managing complexity. London: Business Press.

Tesco Financial Highlights (2008). Tesco plc. Web.

The National Strategy to Secure Cyberspace (2003). United States of America: Morgan James Publishing.

Trinder, J. (2005). Mobile technologies and systems. In A. Kukulska-Hulme & J. Traxler (Eds.), Mobile Learning: A Handbook for Educators and Trainers. New York: Routledge.

Tuijnman, A. (2002). Lifelong Learning: Evolution of a Conceptual Map and Some Implications. In: Cribbin, J. and Kennedy, P. (Eds.), Lifelong Learning in Action: Hong Kong Practitioners’ Perspectives (pp. 3-10). Hong Kong: Hong Kong University Press.

Turner, J. H. (2006). Handbook of sociological theory. United States of America: Springer.

Vance, C. M. Strategic upstream and downstream considerations for effective global performance management. International Journal of Cross Cultural Management 2006, Vol 6(1): 37–56.

Van Der Bly, M. C. E. Globalization: A Triumph of Ambiguity. Current Sociology 2005, 53 (875).

Velte, A. T., Velte, T. J., & Elsenpeter, R. (2010). Cloud computing: a practical approach. United States of America: McGraw-Hill.

Verghis, P. (2006). The ultimate customer support executive: unleash the power of your customer. United States of America: Silicon Press.

Wang, B. & Nah, F. (2002). Chapter 1. ERP + E-business = A new vision of enterprise systems. In F. Nah (Ed.), Enterprise resource planning solutions & management. London: IRM Press.

Weng, L., Xu, Y., Li, Y., and Nayak, R. (2006). A Fair Peer Selection Algorithm for an Ecommerce-Oriented Distributed Recommender System. In Y. Li, M. Looi, and N. Zhong, (Eds.), Advances in intelligent IT: active media technology 2006. Fairfax, VA: IOS Press, Inc.

Willis, E. (1996). The sociological quest: an introduction to the study of social life. New Brunswick, New Jersey: Rutgers University Press.

Yiakoumettis, C. P., Bardis, G., Miaoulis, G., Plemenos, D., & Ghazanfarpour, D. A GIS platform for automatic navigation into georeferenced scenes using GIS scene explorer (GIS-SE). In D. Plemenos & G. Miaoulis (Eds.), Intelligent computer graphics 2010. Berlin Heidelberg: Springer.