So I’m a PASS Leader now

A lot has changed since I took this subject three years ago.

iPhones got bigger, Android got prettier, Facebook got fancier (and slower, thanks to copious amounts of client-side scripting). My Macbook Air, which I used to write all those little blog entries, got stolen in the Central Lecture Block (CLB) building. Planes went tragically missing. Relationships started and ended. New buildings got built at UNSW. Haters hated, potatoes potated, and Taylor Swift became increasingly less country and more urban.

The lecturer-in-charge for INFS1602 changed to the brilliant Eric Lim (who is also my Honours supervisor). My old tutor is now a data analytics consultant.

Oh, and I became a PASS Leader:


With this change I feel the need to include this disclaimer:

This blog represents the personal views of a student who took INFS1602 three years ago, in Semester 1 of 2012. It does not represent the official views of the School of Information Systems, Technology & Management or the UNSW Business School. Where there is any doubt or contradiction, the authority of your Tutor and the Lecturer-in-Charge (LIC) take priority above any claims I may or may not make on this blog.

Have fun folks :)


One more dawn, one more day, one day more.

As of time of writing, we are twelve hours away from the final exam.

Using this blog to study has been a great, insightful experience. I started with the premise that information is not like a traditional resource; its value is not in scarcity but in transfer (cf. Week 1). This is true of the knowledge that I have gained from INFS1602. In this quasi-gift economy of undergraduate studies, there is zero marginal cost – making notes for myself would have been even more effortful, and I wouldn’t have the chance to try to help anyone else (cf. Week 2). My blog as an enterprise has been extremely low-maintenance; as a ‘pure play’ project, there have been very few key resources that I’ve had to acquire (cf. Week 3). Such is the wonder of Web 2.0 and social media, whereby any cramming student can set up a blog in a matter of minutes and gain 431 views in less than a week by linking to his blog on his Facebook (cf. Week 4).

What you see in that picture above was generated by using an intensive BI process that probably involved lots of data warehousing and ETL processes from its web server logs (cf. Weeks 5-7). Goodness knows how difficult that would have been in terms of system development and project management. I wonder if WordPress was built from a Waterfall approach, or a more modern approach such as iterative, RAD, JAD, or maybe even Agile? (cf. Weeks 8-9)

Sure, all this stuff is public on the web. But, where we have compromised confidentiality, we have increased integrity and availability. Security has improved in this form of studying (cf. Week 10). There are some social and ethical issues that may arise from my use of this blog; however, I believe that the many benefits outweigh the negligible costs and tolerable risks. I do, after all, try to use CC-licensed pictures to decorate blog posts (cf. Week 11).

Whatever happens tomorrow morning, this has been a great run. I leave you with the words of the late Steve Jobs. If anyone understood how Business and Information Systems go together, he would have:

“You are already naked. There is no reason not to follow your heart … stay hungry, stay foolish.”

Let’s do this thing.

Peer Production in Practice

So, I discovered that the textbook cites Wikipedia:

This gave me an idea. Why not go straight to the source? Here’s a reading list for INFS1602 – the Wikipedia edition:

Week 1: Global Business

Week 2: Organisational Strategy

Week 3: e-Commerce

Week 4: Web 2.0

Week 5: Enterprise Systems

Week 6: Business Intelligence

Week 7: SCM & CRM

Week 8: System Development

Week 9: Project Management

Week 10: Security

Week 11: Social & Ethical Issues

Most of it corroborates with what the textbook and lecturers have said. Heck, some of the diagrams are exactly what we see in the lecture notes! Any differences should be resolved with your best judgement. Allons-y!

Lists that I should probably know

Rote learning has a bad reputation these days but it seems to be quite useful (if not essential) in this course.

Value Chain Model (5,4)

  • Primary Activities: Inbound, Ops, Sales, Servicing, Outbound
  • Support Activities: Admin, HR, Technology, Procurement

Five Forces (1,2,2)

  • Traditional: Existing Competitors
  • Bargaining Power: Customers and Suppliers
  • Potential: Threat of New Entrants & Substitute Products

Strategic Initiatives (1,3,3,1)

  • Cost Reduction
  • Good: New Products, Product Differentiation, Product Enhancement
  • Bad: Barriers to Entrants, High Switching Costs, Vendor Lock-in
  • Strategic Alliances

Osterwalder Business Model Canvas (1,3,3,2)

  • Value Proposition
  • Externally-facing: Customer Segments, Delivery Channels, Customer Relationship
  • Internally-facing: Key Resources, Key Activities, Key Partnerships
  • Income Statement: Cost Structure & Revenue Streams

Value and Revenue Models (3,3,2)

  • Facilitator: Brokerage, Infomediary, Community
  • Trader: Merchant, Manufacture Direct
  • Content provider: Advertising, Subscription

Topic Outlines Weeks 4-6 (3,3,3)

  • Web 2.0: Peer Production, Crowdsourcing, Open Innovation
  • ERP: Process Management, Value by Integration, Scripting by ERP
  • BI: Decision Theory, Data Warehousing, OLAP & Mining

SCM & CRM (2,3,3,3)

  • SCM purpose: Planning & Execution
  • SCM requirements: Visibility, Analytics, Communication
  • CRM purpose: widen, lengthen, deepen
  • CRM requirements: Operational, Analytical, Collaborative

Development Stages (3,2)

  • Simon Says: Intelligence (requirements), Design, Choice (implementation)
  • Follow-up: Testing (verification), Maintenance

Development Tools (3,2)

  • Approaches: Waterfall, Iterative, RAD/JAD/Agile
  • User Requirements: CSFs, Prototyping

Project Management (3,5)

  • Case: Faith, Fear, Facts
  • Dimensions: Scope, Time, Cost, Quality, Risk

Security (4,2,4,2,3)

  • Attacks: SQL injection, spoofing/phishing/pharming, (D)DoS, Botnets
  • Wi-Fi tricks: Sniffers, Evil Twins
  • Malware: Viruses, Worms, Trojans, Spyware
  • Technologies: SSL, Public/Private Key
  • Policies: AUP, DRP, BCP

Social & Ethical Issues (3,4,5)

  • Spheres of Impact: Ethical, Social, Legal
  • Dangerous Trends: Processing (Moore’s Law), Analysing, Storing & Retrieving (Storage Space), Transmitting & Receiving (Networking)
  • Issues: Privacy/Copyright, Usefulness/Reliability, Globalisation/Structural Change, Teamwork/Communication, Health/Safety

Week 11: Social & Ethical Issues

The final (content-wise) topic is here and Patrick is at the lecture podium. I have refused to call this topic “Ethical & Social Issues” as stipulated in the course outline, because old habits die hard. Social & Ethical Issues were one of the leitmotifs of HSC IPT. Here’s one I prepared earlier:

(Much earlier.)

Patrick’s lecture points are as follows:

  1. Like a pebble dropped into a pond. The analogy here is that we introduce technology and it immediately has an impact at the individual sphere (Patrick calls this the ethical sphere). This ripples to wider society (Patrick calls this the social sphere). Finally, the legal system responds at the political sphere. Each sphere’s reaction is increasingly intense, which is why the legal system tends to overreact to issues created by technology. I actually quite like this analogy and it justifies the order “Ethical & Social” quite well.
  2. Trends to keep an eye on. Firstly, Moore’s Law – computing power doubles every 18 months – means that we can conduct data analysis much more quickly. Likewise, storage space cost is rapidly declining, so there’s more data to be analysed. Finally, communication systems are getting faster, even approaching the speed of light, and so we can share our data and analysis very easily.
  3. Specific issues. Patrick focuses particularly strongly on privacy (freedom from surveillance or interference), giving examples such as cookies, spyware, GPS, corporate keylogging, Google Street View and of course Facebook. He also brings up issues like IS Forensics and Intellectual Property, ending his lecture with a picture that reads, “1 illegal download = 3.3 dead relatives”. Put that into Google and (as of time of writing), you’ll be able to find the picture that he showed us.

The case study for this week has two options: (1) are companies monitoring their employees too much, and (2) are we using too much digital media?

The next Tony Tutorial is held on a rainy day. At UNSW, rainy days have a tendency to trigger the fire alarms (technology). Tony decides to evacuate us, albiet in a relaxed manner (ethical), and so, our tutorial class moves to the School of Information Systems Technology & Management in the UNSW quadrangle building to finish the lesson (social). I wonder if the university administration has a rule about this (legal). Tony has his own way of dealing with S&E issues; he puts particular emphasis on the changing nature of work and its impact on quality of life, the availability of Facebook to underage kids, and the fact that nobody reads the Terms and Conditions before clicking “Accept”.

The textbook has its own way of dealing with S&E issues, too. We’re given a run-down of meta-ethical foundations. Old favourites come up: Utilitarianism, Kant’s Categorial Imperative, The Golden Rule, as well as a few others which are (pardon me) slightly less cool. And, as you’d expect, we get a fairly comprehensive description of the big issues out there: privacy & IP (of course!), data quality, changing nature of work, ergonomics.

I, too, have a way of dealing with S&E issues that evolves out of all this, but it’s a very personal one, based on my interdisciplinary education experience during the past 4 years or so. HSC IPT focused on privacy and intellectual property, just as INFS1602 seems to. I also studied HSC Modern History, which focused on the usefulness and reliability of our sources and the censorship that may have muffled them. In HSC Economics, we looked at the global economy (globalisation) and we were taught a fancy-pants term for the changing nature of work – structural change. And, as my first semester at university draws to a close, I shall think of MGMT1001: organisational structure, change, teamwork, communication, leadership & power, individual thinking. I realise it is incredibly geeky that I’m generating a list of possible discussion points based on the subjects that I’ve completed since senior high school, but you’ve got to find what works for you.

Week 10: Security

We’ve got a guest speaker this week: Shoaib Yousuf, an IT security professional. His speech is insightful. Some of the more relevant (at least to INFS1602) points include:

  • 70% of attacks are from within your organisation, not from outsiders.
  • Hackers no longer hack for fun/vandalism, but rather, for profit/politics.
  • Modern threats arise from integration (Facebook, email, phones link together – great for identity fraud), social engineering (“free USBs”, poor password policies, one dumb user compromises an entire network), de-perimeterisation (physical boundaries are irrelevant).
  • The internet was never designed to be secured – “we will never be able to secure Port 80”, he asserts.
  • “Any organisation that has valuable data has probably already been compromised”. There is an increased interest in the concept of resilience – rather than trying (and failing) to prevent attacks, how can we minimise their damage?

Tony has a different set of key points. Since he is academic staff, I think these are worth focusing on:

  • Types of attacks. SQL injection is a big one, but you should also be aware of the classics and their terminologies. Malware (malicious software) encompasses viruses (spread when triggered), worms (self-replicating), Trojans (disguised as a gift), spyware (including keyloggers). We’ve also got some activities like spoofing/phishing and its bigger brother pharming (enter the right address and you still get misdirected, thanks to a hacked DNS), DoS and DDoS, and botnets. The advent of Wi-Fi has also created troubles like sniffers (monitor traffic) and ‘evil twins’ (set up your own Wi-Fi hotspot, call it ‘Free Public Wi-Fi’, steal data).
  • Security policies. Most organisations have an Acceptable Use Policy (AUP) and Identity Management. In the event of an emergency, the shorter-term Disaster Recovery Plan (DRP) describes how to get your systems back online, while the longer-term Business Continuity Plan (BCP) describes how to restore business operations independent of the compromised systems.
  • Security technologies. Secure Socket Layer (SSL) forms the basis of HTTPS, which provides you with an extra layer of security when you access Netbank, Facebook, Gmail, etc. SSL is 128-bit or 256-bit (see picture below).
  • Public key and private key. One key is used for encrypting and the other one is used for decrypting. Which one is which? That depends on whether you’re trying to prevent eavesdropping (public encrypts, private decrypts) or if you’re trying to prove your identity like a signature (private encrypts, public decrypts). Digital Certificates (see picture below) are issued by Certificate Authorities on the basis of public keys and private keys.

I’ve tried to put as much relevant content from the textbook as possible in my overview of Tony’s Tutorial, but there are a few extra points. The textbook defines security as “the policies, procedures, and technical measures used to prevent unauthorised access, alteration, theft, or physical damage to information systems”. Another mouthful of textbook! I’ll simplify that to, “the measures taken to prevent unauthorised use of information systems”. Replace ‘use’ with ‘read/write’ if you feel like being fancy. The textbook also classifies system availability and uptime as security issues – fair enough.