Porter's Value Chain Model

According to Michael Porter (1985), there are two kinds of activities can be conducted from any organization. They are primary activities and support activities.

The five primary activities deals with material are purchased, processed into products and delivered to customer. These activities form in the chain from manufacturing to servicing afterwards. The work progresses according to the sequence, value is added to product at each activity.

1.      Inbound logistics: the value chain starts from this point with adding value by processed for incoming materials (receiving, storage...).

2.      Operations: the materials are used, which adds important values to process by  bring raw materials to products or services.

3.      Outbound logistics: the delivery (packaging, storing, shipping) for products adds more value to the process.

4.      Marketing and Sales: this step tries to sell products to customer and adds value to process by increasing demand of market to products.

5.      Service: such as warranty service or upgrade notification is performed for customer to adding after-sale values to process.

These primary activities are supported by the following support activities:

1.      Organizational infrastructure

2.      HR management

3.      Technology development

4.      Procurement

            Each support activities can support to any or all primary activities, they also can support to each other.

The value chain model can be used in difference ways. The first one, company analysis can apply it, by systematically evaluating the company's key process and core competencies. A second one, an industry analysis can identify various activities then search for specific information system to handle these activities. Finally, the value chain can be used either individual company or industry by overlapping different types of information system to support activities.

Improving the legacy systems by Re-engineer

Re-engineering in IT means extracting the business logic and data from current systems then moving to new system. The term “re-engineering” have different meaning with the term “business process re-engineering” or “BPR”. The “system re-engineering” refers to software only while BPR refers to redesigning the business processes.

People thinks existing systems as a debt that have to be maintained, and avoid developing the new, exciting systems. That thinking way is the main problem in IT management. Instead, management team needs to understand the existing systems as asset. When developer can reverse engineer a system, to extract the underlying business logic, they can forward engineer that logic to new system.

Charles Bachman proposed a new system development life cycle, which can include all four basic activities: maintenance, enhancement, new development and migration. This life cycle presents on circular.

As in case study of GTE Directories, a company in advertising industry with Yellow Page product, they have four legacy systems/databases. These databases were designed application-by-application at original, so they didn't have any business relationship to each other. The management team decided using reverse engineering tools to help them improve databases. A designer modelled existing database to graphical then made changes by manipulating icons. The reverse engineering tool helped to draw complete and consistent relationship diagrams. Once new databases design had been created, the designer forward engineered the database design to generate database statements.

Security’s Five Pillars

There are five pillars of security techniques nowadays. They are:

1. Authentication: means verify authenticity of users. It depends on three basic factors: knowledge factor, ownership factor, and inherence factor. “Knowledge factor” or “something they know” means things only they know, e.g. password or first pet’s name. “Ownership factor” or “something they have” means things belong to them, e.g. the token or digital certificate. “Inherence factor” or “something they are or do” means a physical characteristic, e.g. fingerprint or retinal eye.
2. Identification: means issuing and verifying access privileges. In principle, identification is certified able to do certain things. Identification has moved to application level, where people have an authentication at every application. Because identification at application is inconvenient for user, so companies are moving to single-sign-on technique.
3. Privacy and Integrity: means keeping information from being seen (privacy) and changed (integrity). The most common method of protecting data is encryption. Two common types of encryption are public key and secret key. DES is an example of secret key, while RSA is an example of public key.
4. Nonrepudiation: it can prove that communication between sender and receiver is secure and there is trusted third parties can monitor their transferring data. This technique prevents man-in-middle attack or phishing.