• Stoned. A very common virus in the late 1980’s it came in many forms, some harmless while others corrupted files by attacking the directories and allocation tables. The main theme of the virus was to legalise the smoking of cannabis and normally the message
“Your PC is now Stoned” would appear on the screen.
• Jerusalem. Deletes all programs that are run on Friday 13th.
• Concept. A macro virus, attached to word processing documents.
• EXEBUG. A nasty little bug that may corrupt your hard drive. This is a systems virus and can infect the CMOS of your PC. Very difficult to find and eradicate as it uses “stealth”
technology to hide from virus checkers.
With increasing globalisation and interorganisational communications, viruses are able to spread faster and further than ever before. Recent examples include Melissa, ILoveYou, and the Nimda virus, which make use of multiple methods of transmission. The real mystery
about viruses is why they exist at all. Some experts suggest that computer hackers are
motivated by the challenge of “beating the system” by writing programs that can bypass virus protection systems and take control of each individual machine. A more likely motive is to induce computer users to purchase legal copies of software. The only real winners in the new world of computer viruses are the companies selling computer software.
In the early 1980’s the illegal copying of PC software, or software piracy was rife as there was no real business advantage to purchasing the software (except a copy of the official reference manual). Today it is estimated that about 50% of the PC software used in the USA has been illegally copied and the situation in South Africa is likely to be worse. One of the major motivations for buying software rather than copying from a friend is that the shrink-wrapped product is guaranteed to be virus free.
The best line of defence against viruses is the regular use of up-to-date anti-virus software, which will scan files for viruses and remove them if found.
10.3 Operational Problems and Errors
Computers are often seen as “super humans” in that they can perform their tasks at high speed and great accuracy. However the computer has its own, very specific weaknesses.
10.3.1 Dependency
Dependency may become a problem at two levels. Firstly, users of on-line, real-time systems are often totally reliant on the computer to perform their tasks. For example, visualise a busy Saturday at the local Pick ’n Pay supermarket when the back office computer malfunctions.
All the point of sale terminals are linked to this machine to obtain price and other information and until the problem is fixed, no sales can be processed. Not a pleasant situation for shoppers and store managers alike. All organisations reliant on their computer to perform critical business activities must have a contingency plan to cover such emergencies, from the simple malfunction of a unit of hardware to a major disaster such as a fire in the computer
installation.
Discovering Information Systems
115
10. Security and Social Issues
Section III
At an individual level, employees who are accustomed to using a computer as a source of
information, may lose confidence in their own judgement or decision-making abilities. When the computer is offline then all business activities grind to a halt, even though many of those processes could have continued based on principles and procedures that are not power-dependent!
10.3.2 Illogical Processes
Most conventional computer programs are made up of simple commands to instruct the
machine (expert systems being one exception). When a computer error occurs, it could be as a result of hardware malfunction or the corruption of data. However this seldom results in an incorrect report or enquiry as the hardware and software are designed to detect this loss of integrity and provide an appropriate response (stop processing or generate an error message).
Computers do not make calculation errors or read the incorrect data. But we have all heard stories of customers receiving telephone bills for outrageous (and incorrect) amounts and banks transferring amounts to the wrong accounts. These problems invariably originate from errors made by computer users or errors in the programs written to control the process. While humans make mistakes, sometimes on a regular basis, they have the advantage of working
intelligently (although this is not always obvious). A clerk in a manual debtors system will probably realise there is an error when the telephone bill is over R1,000,000 and will check the client’s detailed records before dispatching the account. The computer blindly follows the instructions in the program. However we can provide the computer with some sensitivity to problems by adding reasonability checks. For example it could highlight all amounts that appear to be too large (or small) in an exception report for the supervisor to check prior to distribution.
The bottom line is that the information provided by a computer should be more accurate and reliable than output from a manual system, but much depends on the expertise of users and computer professionals in the development and operation of the system. One classic example of a computer error occurred when one of the authors was working in the computer
department of a large oil company. A colleague made a change to the layout of the customer statement to add a place for comments to be included, and tested the change by putting in a
“Happy Christmas and Prosperous New Year” message. Needless to say he forgot to remove
the message for the next monthly run and 25,000 customers were wished “Happy Christmas”
in the middle of July.
In a number of studies focused on threats to computer systems, the largest percentage of financial losses were not from computer crime (20%), disasters (15%) or sabotage (15%) but from employee ignorance or negligence (50%). Management is often focused on external
threats and natural disasters but the threat is from within. The recommendations from this research highlighted the fact that motivated, well-trained and supervised employees will go a long way towards reducing computer problems in the work place.
10.4 Computer Monitoring and Privacy
One of the major advantages of commercial computers is that given a large quantity of data about the organisation’s business activities, it can then analyse the data from many different perspectives and provide management with valuable information as to the status of the
116
Discovering Information Systems
Section III
10. Security and Social Issues
operation. If people are part of this system, either as customers, employees or even operators, the computer can use the information at its disposal to report on the activities and
performance of each individual. The question is, how far can this process go before it
becomes an invasion of privacy?
10.4.1 Computer Monitoring
As transactions are processed in a computer system, the program could store the code of the operator in the transaction to record who performed the activity. At a later date we may want to check on some aspect of the transaction and could check which operator was on duty at the terminal. We could also take all the transactions over the month and summarise them by
operator code to evaluate the amount of work done by each operator. We could also analyse the number of mistakes, and the times when operators logged into the system and logged out.
With the introduction of workflow systems where documents are scanned into the system and routed to various workers, there is some justification for monitoring the pace and progress of activity on the network. However there are negative aspects as well. Monitoring can be
stressful to certain individuals and there is a school of thought that suggests that workers who are being monitored change their work patterns and work quicker rather than better (issues such as customer consideration may be ignored as they appear to waste valuable time).
This all sounds much like George Orwell’s “1984”, a book about a future world where every thought and action were watched by Big Brother. Currently, one of the major issues of
conflict between workers and management in the USA is whether supervisors should be
allowed to read e-mail addressed to their subordinates. When e-mail is transmitted across the country, its privacy is protected by law, but within a business, e-mail is held to be the property of the employer, since it was created during the employer’s time and using the employer’s resources.
10.4.2 Invasion of Privacy
The other side of the coin is where organisations obtain information about an individual and use it for commercial advantage. You may be surprised to find out how much information
about you is stored in computers around the country. Your school and university will hold a lot of personal information. You will have applied for a job or two, opened a bank account, purchased a house and applied for water and electricity supplies. You will have a few
insurance policies, be seeing a doctor and dentist, have an account at a number of stores and own both a regular and cell phone. All these organisations will have information about you, and some of this information could be classed as sensitive such as your overdrawn bank
account and the time you were caught for driving under the influence (mentioned on your
school report).
This information has value. Direct mail businesses would like to post you catalogues and flyers detailing their latest products; and credit bureaux can use the data to assess your credit standing. More sinisterly, bureaux specialising in computer data matching are buying data from many sources to create a complex profile for each individual.
Most countries now have strict privacy laws to protect their citizens. For example the Federal Discovering Information Systems
117
10. Security and Social Issues
Section III
Privacy Act in the USA states that:
• Individuals are free to determine what information is being held by an organisation
• They can prevent the use or distribution of their information to other organisations
without their consent
• They can view, obtain copies and correct their information
• Information can be collected and used only for necessary and useful purposes
• Information must be kept current and accurate
• Safeguards must be provided to ensure the data is secure and not misused
• Individuals can institute claims for damages they suffer as a result of wilful or
unintentional violations of these rights
Similar legislation was introduced in South Africa in 2002, giving all citizens the right to know what data has been stored about them, what it is being used for, and to insist that incorrect data be rectified.
Although many issues have been resolved and the rights entrenched in law, others are very topical, controversial and as yet undecided. One example is the debate as to whether there should be censorship on the Internet. Should the network be an open medium for the free
exchange of ideas and information? Or should legislators take responsibility to regulate content and activities such as child pornography. The debate continues.
10.5 Computers and Unemployment
James Martin calculated that computer processing was about on a par with manual processing in terms of cost performance in 1978. Since then computer processors have doubled in power every two years with little or no increase in cost. If the motor industry had advanced at the same speed as computers over the past 50 years, a Rolls Royce would cost less than R10 and run for a year on a single tank of fuel. Obviously these advances have provided business with cheap, reliable processing power but they have also begun to impact on employment levels.
Early growth in computer processing had little effect on jobs. The introduction of computer systems called for new skills as large amounts of data needed to be captured. While some of the repetitive transaction processing was now automated, clerical workers could now
supervise and control the processing cycle. Computers were hailed as machines to take the drudgery out of work and in most cases this was so.
With today’s widespread use of computers, there are a number of changes to employment
patterns that are credited to the computer revolution.
As anticipated, the clerical workers in many companies are gradually becoming knowledge
workers, requiring new skills to operate and manipulate computerised applications. The
numbers of these employees has shrunk over time as computer applications propagate
throughout the organisation.
The number of blue-collar workers (employees in the manufacturing function) is falling. In some cases this is a result of improved processes and productivity but the impact of
118
Discovering Information Systems
Section III
10. Security and Social Issues
automation and the introduction of robotic assembly is also a factor.
The impact of computerisation is most felt in the area of middle management when
sophisticated MIS and DSS systems have provided top management with easy access to
information without the overhead of layers of supervisors and managers. The outcome of this change is a sharp reduction in the layers of management in most organisations and the arrival of large numbers of middle aged managers at the unemployment queues.
Opinions are mixed about the long-term effects of computerisation on employment. Some
experts predict that job losses from technological advances are always offset by increased demand for skills in other areas. The jobs are there but some individuals may need re-training.
The other side of the coin is that computer technology can improve productivity while
reducing costs, and staff is often the major cost to the organisation. The new reality may be that more and more people will lose their jobs to computers as corporations fight to remain competitive.
10.6 South African Perspective
Spam is the equivalent of junk mail sent via the internet: electronic messages are sent automatically to computer-generated e-mail lists. The recently promulgated Electronic
Communications and Transactions (ECT) Act of 2002 protects individuals against unwanted
spam, by requiring any company that sends unsolicited commercial communications to
provide the recipient with the option of being removed from the mailing list, and to disclose the source from which the his or her details were obtained.
During January 2003 the first charge was laid in terms of this section of the Act, against a marketing company which continued to send unsolicited emails after having been requested not to do so. Companies or persons found guilty of such an offence are liable for a fine or imprisonment for up to 12 months, but the cost to the taxpayer may be disproportionately high. In this case, since the charge was laid at a Johannesburg police station, and the
marketing company is based in Cape Town, a search and seizure warrant would have to be
issued in Johannesburg and sent to Cape Town for approval by a Cape Town magistrate, after which a member of the SAPS would carry out the warrant and obtain a copy of the company’s database to be used as evidence. Although a successful conviction may act as a deterrent to other South African companies in the future, the global nature of the internet makes it
virtually impossible to control electronic communications through legislation.
10.7 Beyond the Basics
Biometrics is the technique of electronically measuring a physical characteristic of an
individual and automatically comparing that measurement with an equivalent value stored in a database, in order to identify the individual. Among the many physical characteristics that have been used for biometric measurement, the three that have given the most consistently successful results are retinal scanning, iris scanning and finger imaging.
Retinal scanning involves bouncing a beam of light off the back of the eyeball, using a scanning device that rotates six times per second to build up a map of the blood vessels that are present. The information is then digitised and stored in an easily retrievable database.
Discovering Information Systems
119
10. Security and Social Issues
Section III
Although this technology requires close proximity of the individual to the scanning device, it provides a unique and stable method of identification. Iris scanning measures the arrangement of structures within the coloured circle that surrounds the pupil of the eye. It also provides a unique and permanent template, but is more demanding than other methods in term of
equipment cost and memory requirements. Finger imaging is the 21st century implementation of the fingerprints that have been in use for decades, and is based on the generation of a unique byte code from the scanned image of a fingerprint. This technology still requires physical contact with the scanning equipment, and the results can be distorted by dirt or skin damage.
10.8 Exercises
10.8.1 Viruses
•
The Nimda worm spread rapidly across computer networks during September 2001.
Use the internet to find out three methods that it uses to infect computer systems.
•
Suggest three precautions that you could take to reduce the risk of your PC becoming
infected with a virus.
•
Read the email message that follows, and then use the internet to find out whether
such a virus actually exists.
From:
Subject: Urgent - Virus alert
Virus Planet!
To those who are using handphone !!
Dear all mobile phone's owners,
ATTENTION!!! NOW THERE IS A VIRUS ON MOBILE PHONE SYSTEM.
All mobile phone in DIGITAL system can be infected by this virus.
If you receive a phone call and your phone display "UNAVAILABLE"
on the screen (for most of digital mobile phones with a function
to display in-coming call telephone number), DON'T ANSWER THE
CALL. END THE CALL IMMEDIATELY!!! BECAUSE IF YOU ANSWER THE CALL,
YOUR PHONE WILL BE INFECTED BY THIS VIRUS.
This virus will erase all IMIE and IMSI information from both your
phone and your SIM card which will make your phone unable to
connect with the telephone network. You will have to buy a new
phone.
This information has been confirmed by both Motorola and Nokia.
For more information, please visit Motorola or Nokia web sites:
http://www.mot.com
http://www.nokia.com/
There are over 3 million mobile phone being infected by this virus
120
Discovering Information Systems
Section III
10. Security and Social Issues
in USA now.
You can also check this news in CNN web site: http://www.cnn.com
Discovering Information Systems
121
Case Study
Section III
CASE STUDY: CREAM ADVERTISING
Cream is a large and well-established advertising company, with corporate clients in all the major South African cities. Over the last decade, Cream has developed a reputation for the creation of avant-garde and witty advertising campaigns, predominantly on television and in glossy magazines, and has scooped several prestigious national awards. Much of their success is ascribed to the diversity of talents and personalities within the company, and a strong ethos of teamwork. A lot of time is spent in meetings and informal discussions between staff, and the pervading culture within the organisation is that work should be not only challenging but also fun.
Information technology is used to support various separate business functions:
• Accounting and administration, including the general ledger, accounts payable and
receivable, and payroll.
• Graphic design for the development of new conceptual material.
• Word processing and presentation software for writing copy and making presentations
to clients
• E-mail for communications and internet browsing to keep up with advertising trends.
Cream does not have an in-house IS department, and relies on the support provided by
vendors and outside consultants to maintain their systems and solve any computer-related problems.
A brief overview of their business activities is as follows:
• The general manager, Jade Smith, contacts existing client by phone at least once a month to check that they are happy with the performance of their current campaigns, and perhaps make suggestions for future changes to content or media.
• All members of staff listen to industry gossip, and if a competitor’s advertising campaign appears to be badly received, Jade is informed and decides whether to contact the client to market Cream instead. If so, she sets up an appointment for the marketing manager, Tim
Mabusa, to give a standard presentation showing examples of previous work. Tim also
provides a glossy brochure detailing the expertise and abilities within the firm, but his enthusiastic personality is a vital ingredient of the sales talk.
• When a new campaign is initiated, Jade will appoint one of her senior staff as project manager, and the two of them will meet with the client to discuss the form that the
campaign should take (content, media, etc), and provide an initial (estimated) quotation.
In many cases this meeting involves travel to other cities, which adds to costs and
seriously impacts their availability for dealing with other business issues.
• A fee of 20% of the initial quote is payable before any further work on a new campaign is undertaken. A project team consisting of the project manager, a graphic designer and a
copywriter will then work closely together to create several alternative ad outlines. These 122
Discovering Information Systems
Section III
Case Study
are presented to the client for discussion and possible reworking before the final quote is submitted and production begins on the advertisement.
• Cream take care of all the liaison with publication media, and confirm to the client the periods and costs involved. The actual account for publication or broadcasting is
submitted directly to the client, and Cream is not involved in the client’s financial
transactions other than the money charged by themselves for work done. Payment of the
final quoted amount less the initial fee is due within 30 days of completion and invoicing.
As the business has grown, so more and more time is being spent on travel, telephone calls and faxes. A lot of coordination is needed to keep track of the various elements of each campaign, and make sure that actual advertising material, publication arrangements and
accounting are all being attended to. Holdups frequently occur because the initial 20% fee has not yet been debited, or else it has been received but the project team have not been informed that they can proceed; and several TV ads have received unsatisfactory broadcast times
because bookings were made late. Staff are tired rather than stimulated, and Jade is concerned that the quality of their work will be affected. She is wondering whether the introduction of additional technology to support the business processes would free her staff to focus more on their creative abilities.
(a) Give practical examples of how information systems could be used to support the
business at each of the management levels.
(b) If you were Jade Smith, what business strategy would you select (low-cost,
differentiation, or niche marketing) and why? How could IS be used to support this
strategy?
(c) What opportunities would there be for the use of groupware, both within and beyond the company?
(d) In what ways could the implementation of e-commerce replace or enhance the existing business activities of Cream?
(e) A network infrastructure that supports e-commerce also exposes the organisation to added security risks. Suggest ways in which these risks could be minimised.
Discovering Information Systems
123
IS Management
Section IV
Section IV: IS Management
Since the birth of commercial computing, organisations have been developing computer
applications to meet the needs of their users. Initially this process was almost entirely machine orientated since the high costs of computer hardware made it necessary to maximise the usage of this scarce resource.
Initially computers were used as sophisticated record keeping devices. As their price
performance became more attractive so more and more secondary applications were found.
Gradually each organisation’s portfolio of computer applications has grown to the point that many could not function without the use of this electronic device. Organisations are using Information Systems to boost competitiveness and growth.
This transition has also seen the evolution of information architectures. Today’s information processing environments tend to be integrated, decentralised and highly complex. They
require detailed planning as to what hardware infrastructure should be established and which new applications should be developed. They require high quality systems to be developed as the maintenance load in some o