Free Strategic Information Systems Essay Sample
The concept of competitive advantage is extremely essential to business organizations that have a common objective. In response to this idea, organizations have developed Strategic Information Systems to facilitate the implementation of this business initiative. This implies that the development of Strategic Information Systems has the primary goal of fostering competitive advantage in any business organization that adopts the strategy. Strategic Information Systems place the business in a position to provide a product or service at a lower cost; they concentrate on a market share and innovations (Boddy et al. 2009). SIS is an integral element of the broad concept of Information Systems, which refer to the blending of information technology with people’s activities to provide positive decision-making and management in any organization. A broad description of Information Systems incorporates people’s interaction, organizational processes, and technology (Gwebu et al. 2010). This description surpasses the information and communication technology deployed by the organization and includes individual interactions with technology to stress business activities. Information Systems entail the ICT concepts, but it does not fully coincide with it. This vividly distinguishes computer systems from Information Systems. Some researchers have also argued that an Information System is a type of a work system, which is a system that employs resources to accomplish a task. According to these researchers, the system is committed to processing. In relation to this, the goals of this paper are threefold: to review information theories and assess their significance in understanding the role of Information Systems in organizations; to investigate relevant laws controlling the use and latest enforcements of Information Systems in the UK; and to do a review of Information Systems control.
- A. Communication Theories and Their Significance in Understanding the Role of IS in Organizations
Communication theories are ideas that explain the technical process of human communication and the technical process of information. Various theories attempt to elucidate the importance of adopting Information Systems by business organizations. Such theories include actor-network, adaptive structuralism, agenda setting, cognitive dissonance, communication accommodation theory, confirmation bias and face negotiation theories (Pearlson & Saunders 2009).
Qu et al. (2010) point out that the actor-network theory suggests that human and non-human factors are likewise significant in the success of scientific knowledge creation and technological innovation in any business organization. According to the theory, organizations need to create networks to contribute to success, which implies that organizational success is collective, and no single element can thrive on its own. Additionally, people and the established network are accountable to the success. The actor-network theory clearly helps in understanding the role of Information Systems in business organizations through people’s cooperation, interaction, and the available technology to form well-structured entities (Currie & Parikh 2006). The significance of this theory in understanding the role of Information Systems is that it stipulates the formation of mutual relationships among individuals to accomplish goals. According to scholars, the adoption of the theory can lead to technological innovations.
The second theory is the adaptive structuralism theory, which suggests that business organizations have to introduce regulations, commonly defined as structures. Gable (2010) affirms that regulations are responsible for the formation of social systems that exist on their own. The quality of the rules and regulations in social systems influences the decision-making process, which also has an effect on the groups’ structure (Currie & Parikh 2006). The theory depicts organizations as communication systems in which individuals form groups to improve communication among them. The theory has proven handy in understanding almost each instance of the organizational structure. Such companies as Apple Inc and Redbook Magazine have experienced the efficacy of the theory through evaluation of group decision-making and organizational communication. The theory helps in understanding the role of Information Systems by examining the structures introduced to groups by advanced technologies (Levy & Powell 2000). In addition, adding cognitions to the existing cognition has proved to be efficient in reducing dissonance.
The agenda setting theory is another communication theory that provides insight into the strategic role of Information Systems in business organizations. According to Gwebu et al. (2010), the mass media have considerable influence on what the public perceives newsworthy. The theory primary puts forward salient transfer, which is the media’s capability to convey agendas to the public. The media’s daily news selection and display focuses on the attention of the public and aims to influence their opinions on weighty issues (Galliers 2009). The primary role of this theory is to create and promote social consensus and bring about a sense of community among people of the organization. However, this social consensus is vulnerable to challenges of the increasing number of media channels, which results in fragmented media systems (Tallon 2007). The organizations’ dependence on the media to disseminate information apparently reveals the strategic importance of Information Systems to business enterprises.
Another communication theory is the cognitive dissonance theory, which refers to a mental conflict caused by two disagreeing or incompatible ideas, beliefs or attitudes (Qu et al. 2010). A vivid example of this theory is when an individual likes a person but totally disagrees with their behavior, belief, religion or race. According to this theory, people should establish a balance in beliefs, attitudes or ideas to achieve compatibility. A business organization might experience dissonance especially when two incompatible choices emerge, and one of the choices must be chosen to solve a problem (Peppard & Ward 2004). This can pose communication challenges and even lead to disagreement in the involved group. Proper knowledge of Information Systems becomes useful in such circumstances to reduce dissonance. Through computer-based or manual gathering and processing of information, compatibility of opposite ideas and opinions in an organization can be achieved (Pearlson & Saunders 2009).
The communication accommodation theory is another communication theory suggested by Howard Giles. The theory is evident when individuals in an organization adjust or accommodate their communication approaches to suit others (Levy & Powell 2000). The theory argues that during people’s interaction, they control their speech, vocal patterns and gestures to create consistency and facilitate efficient communication. Through the theory, Howard focuses on the connection between language, context and identity as interpersonal and intergroup contributors to accommodation. This communication theory approves that power, micro- and macro-contexts influence communication behavior, which in turn affects accommodation. The theory elucidates two essential processes of accommodation including divergence and convergence. The convergence accommodation process refers to the adaption of an individual to other people’s communication conducts (Gable 2010). On the other hand, the divergence process is the accentuation of one’s non-verbal and speech variations. This theory assumes that individuals incorporate their experiences and backgrounds during interactions resulting in the manifestation of similarities in behaviors in every conversation.
The confirmation bias theory, which is an example of the communication theory, clarifies the reason why individuals perceive the world selectively (Leigh-Pollitt & Mullock 2002). A popular characteristic of people having confirmation bias is that they agree with or reinforce what they believe. Such people disrespect those who disregard their ideas and tend to challenge their own beliefs (Gable 2010). The confirmation bias theory also suggests that people have a tendency of remembering information or data that suit or emphasize their own perceptions. One factor that results in confirmation bias is that people are likely to overvalue ideas to match their beliefs and underrate things that diverge from their beliefs. It is remarkably easy to comprehend an idea or information that coincides with the already established conclusion. It is also much easier to disregard an unproven idea. It is possible for confirmation bias to creep into Information Systems, which results in crippled business operations. As a result, the organization might rely on technologies that have been positively recommended while disregarding latest inventions in their Information Systems.
The constructivism theory states that cognitively complex people are successful communicators because they have the capability to develop customized and complex messages that can accomplish various communication and business objectives (Galliers 2009). This theory shows how to be the smartest communicators, communicate professionally and skillfully to achieve stipulated objectives. Areas encompassed by the theory include social, cognitive, linguistic and behavioral aspects. Linguistic competence means perfect grammar and syntax use, and the ability to understand messages from other communicating parties. The sociolinguistic aspect deals with an individual’s ability to conform to social norms, which guide different contexts of communication (Gwebu et al. 2010). With regard to Information Systems, the theory clearly shows that skillful communication results in an improved, efficient and broadened understanding of social interactions.
- B. Laws Governing the Use of Information Systems in the UK and Their Recent Enforcement
Information Systems are extremely essential in modern business and require ultimate care, since IS involve people’s interaction with sensitive data and technologies. Through enacting efficient legislation to govern the use of Information Systems, the UK government plays a vital role in ensuring the adherence of proper standards and practices regarding the use of Information Systems. Some UK laws include Data Protection Act, Copyright, Designs and Patents Act, Computer Misuse Act and Regulation of Inventory Powers Act (Tallon 2007). All business organizations are required to adhere to the laws and ensure that users of the adopted technologies are aware of the constitutional obligations. The collective role of the regulation mentioned above is primarily to govern the storage, use, transmission and collection of computer information in organizations.
Data Protection Act of 1998
The Data Protection Act of 1998 is a fundamental legislation governing the use of Information Systems in the UK. The Act describes the UK legislation concerning data processing by identifiable living individuals. This legislation administrates the security of personal data or information in the United Kingdom (Levy & Powell 2000). The European Directive of 1995 spurred the enactment of the directive in the UK as required by member countries. The European Directive of 1995 emphasizes the protection of individual deep-seated rights and freedoms, and especially data privacy and security.
According to Currie & Parikh (2006), the legislation offers a method of controlling information about people. However, the application of the legislation does not include the domestic use such as preservation of a personal address book or diary. The applicability of this legislation entails holding private data for other purposes with few exceptions. The term personal data excludes anonymous or aggregated data (Carey 2004). According to legislation, identification of individuals is by their address, telephone number, email address and preferably the name. With regard to systems, the Act applies to computer-based data storage or relevant filing systems storage.
Under the Act, there exist some data protection principles, which also aid in governing Information Systems. The first principle points out that processing private data must be lawful and fair when acquired for single or more specific and constitutional purposes (Qu et al. 2010). The act guarantees the discontinuation of processing of information upon infringement of the first stipulation. Other key provisions in the Act include an individual’s right to delete or accurately update personal data and take legal actions upon unauthorized and illegal processing of private data.
Copyright, Designs and Patents Act (CDPA)
CDPA is the UK’s parliament Act that was introduced in order to reformulate the constitutional basis of copyright legislations (Levy & Powell 2000). The Act includes an unregistered design right and various modifications to the constitution of the UK. With regard to Information Systems, the act applies to organizational transmission of information by wireless technology intended for public members (Tallon 2007). However, the basic Internet use is an exception and subject to modification by the Order in Council. According to this Act, the copyrights for wireless broadcasts and cable programs last for a maximum of fifty years after the first transmission. This Act is helpful for business organizations because it prevents copying and duplication of the organization’s information or product without proper authorization (Qu et al. 2010).
Computer Misuse Act of 1990
This Act was introduced to decide on the R v Gold & Schifreen lawsuit in 1988. The adoption of the Act spread to other countries such as Ireland and Canada to enforce information security legislations. The Computer Misuse Act introduced three criminal offenses. First, there is unauthorized access to computer information or material, which warrants a six-month sentence (Gable 2010). The second criminal offense is unauthorized and intended access to facilitate participation in other illegal activities, which is also punishable by six-month imprisonment (Levy & Powell 2000). The third computer crime is unauthorized modification of computer information, which is also punishable by six-month imprisonment. The Act has the main objective of inhibiting criminals from accessing vital information concerning any organization stored in computer systems, which form part of Information Systems. Additionally, computer hackers who pose the threat of data insecurity violate constitutional laws (Qu et al. 2010). According to the law, it is illegal to use another person’s username or identifier and password to log on with or without intent of accessing, copy, move, and delete information without having proper authority.
Regulation on Investigatory Powers Act
The passing of this Act had the main objective of controlling the authority of public bodies to perform inspection and investigation by intercepting communication channels (Pearlson & Saunders 2009). The adoption considered recent technological advancements such as the expansion of the Internet and increased data encryption. Currie & Parikh (2006) point out that the legislation authorizes public organizations to perform mass surveillance of communications in transit. Other public bodies have the mandate to demand keys or passwords to protected information. According to the law, business organizations can monitor their employees’ browsing behavior to adopt an efficient Information System (Pearlson & Saunders 2009).
C. Understanding of IS Control (Strategy and Governance)
The infusion of Information Systems into the global market, operation and management of businesses has resulted in emphasizing security measures to avert the associated dangers of globalization (Galliers 2009). Information Systems security is accountable for safety and reliability of systems resources, and it plays a significant role as a systems control mechanism. The applicability of Information Systems security goes beyond the business operation. Presently, the use of Information Systems security is evident in Intensive Care Units and air traffic control systems in the health and transport department respectively. This shows the diverse importance of Information Systems security. In businesses, it is highly employed by financial institutions in Electronic Fund Transfers to handle immense sums of money processed electronically (Carey 2004). With respect to this, Information Systems face various threats that demand control mechanisms to provide security. The most encountered threat is computer crime and abuse.
Boddy et al. (2009) define computer crimes as illegal activities that use computers as a crime tool. Computer crimes are the most feared forms of crime because of the billions of dollars that it costs the world economy. A computer abuse is an unethical use of a computer. The aims of the alleged hacking of data and Information Systems are vandalism, governmental and commercial spying, theft of financial or consumer data, cyber war and sabotage (Carey 2004). Phishing and infecting of computer systems with malware such as viruses are the most recognized forms of computer crimes. Phishing is the acquisition of a genuine log in information and password by deceiving a trustworthy entity such as banks and government agencies. The success of phishing activity is evident by identity theft, which is the imitation of the legitimate user to gain an unauthorized access to the user’s resources. Computer viruses are software, which find their way into computer systems to perform malicious actions (Carey 2004). Computer viruses embed themselves in systems and infect the entire network system. Worms are similar to viruses, but their replication through telecommunication networks distinguishes them from viruses. The ability of viruses and worms to spread can result in immeasurable damages to Information Systems and databases. They can hamper the operation of the system and steal a lot of important data such as credit card information (Levy & Powell 2000).
Organizations need to implement technological measures and procedures to have an efficient operation of Information Systems. There are general techniques that apply to the organization’s Information Systems operations (Leigh-Pollitt & Mullock 2002). Such control measures regulate access to computer systems and the data or information stored and their transmission over various networks. The most popular general control is the employee’s restriction on certain processes that are irrelevant to their area of duty. This restriction deters employees from messing up with other critical processes. Application control is another method that is used to ensure the security of Information Systems. Application controls are applicable to defined areas of application such as input data and login accesses validation to the computer system (Tallon 2007).
To secure information or data, legitimate users should have a unique login identifier and constantly change passwords. As much as the Internet and Wide Area Networks (WAN) are emerging as inherent in business operations, they have profoundly hindered the access controls to Information Systems (Pearlson & Saunders 2009). Computer users can have unauthorized access to systems from other computers with the network or virtually over the Internet. Through constant changing of passwords and password policies, illegal access to Information Systems will reduce drastically because no single individual with a fraudulent intent will know their colleagues’ login details.
Data encryption is another form of curbing the threats of information insecurity (Gable 2010). This method has gained dominance in electronic commerce, which uses the public key encryption. In this case, only the addressee having a private key can decrypt information encrypted by the addressee’s public key. In electronic commerce, the possibility of validation by the involved parties is through the issuance of digital certificates by a trusted third party to the parties. Additionally, the message includes two codes to denote the source and detect corruption of data (Carey 2004). Organizations are continually monitoring their Information Systems through intrusion detection mechanisms to identify abnormal events and get necessary information, which establishes sources of intrusion.
Employee education is also vital in alleviating phishing and social engineering threats to Information Systems. Through education, employees are equipped with information on possible causes and outcomes of these threats (Levy & Powell 2000). Social engineering frauds are exceedingly easy because an attacker can impersonate a helpdesk employee and ask other employees about their passwords and login information. Instilling such knowledge into employees will substantially help in curbing such threats.
The research has reviewed theories of communication including actor-network, adaptive structuralism, agenda setting, cognitive dissonance, communication accommodation and confirmation bias theories. It has also reviewed various relevant legislations, which govern the use of Information Systems. The legislations discussed include the data protection act, the copyright, designs and patents act, the computer misuse act and the regulation of inventory powers act. The data protection act defines data processing by identifiable living individuals. The Copyright, Designs and Patents Act (CDPA) applies to organizational transmission of Information by wireless technology intended for public members. The Regulation on Investigatory Powers Act controls the authority of public bodies to perform inspection and investigation by intercepting communication channels. Various methods can help to mitigate threats that hinder the efficiency of an Information System. Such methods include data encryption, employee education and constant changing of passwords and password policies.