Enterprise Information Systems Strategy and Planning
Joseph O. Chan, Ph.D.,
Roosevelt University,Schaumburg, IL

ABSTRACT

In order to gain competitive advantage in the knowledge-based economy, businesses are focusing on the value creation along the demand and supply chains. Information systems strategies have also evolved from the focus of automation of
discrete transactions to the enablement of the optimization of the value chain. The new paradigm requires the alignment of information systems strategies with business strategies across the entire value chain. An integrated model is required to allow the coordination of activities and sharing of information amongst differentorganizations and systems through various processes across the extended enterprise. This paper proposes an enterprise framework for the development of information systems strategies and plans. It further presents anapproach for IS planning that has been practiced and refined through many IS/IT planning projects.

INTRODUCTION

Information systems (IS) have long played a critical role in the creation of competitive advantages for businesses. They range from automation to business process reengineering to the paradigm shift of creating completely new business models. Notable examples include the automation of production processes using computer assisted manufacturing systems and robotics, the streamlining of business processes by electronic work flow systems, and the creation of new business models in vendor-managed inventory using the extranets. While technology helps improve efficiency and reduce transactional costs, disparate systems across an enterprise are inadequate to support business strategies of the new economy in the 21st century where the focus of production efficiency is replaced by the value creation throughout the demand and supply chains. Porter (2001) described the five overlapping stages in the evolution of technologies in business: automation of discrete transactions, functional enhancement of activities, cross-activity integration, integration of the entire value chain, and the optimization of various activities in the value chain in real time. In order to facilitate the integration and optimization of the value chain, information systems strategies need to incorporate the extended enterprise view to include the firm’s y the business requirements of integration and optimization of the value chain. NOT JUST TECHNOLOGY While technology is a key factor in any information systems strategy, it is a means to the end. An effective IS strategy must be driven by organizational goals that can sustain the change of technologies over time. Aligning information technology strategy with business strategy is a critical objective of IS planning (Lederer et at. 1998 and Lilley 2004). Information systems strategies need also take into consideration an integrated view of information and business processes across the extended enterprise.

THE VALUE CHAIN PERSPECTIVE
The new paradigm of value creation in the knowledge-based economy requires business strategies that integrate and optimize the value chains in the extended enterprise. Businesses need to be adaptive and responsive to the rapidly changing customer demands. Effective management of the movements of materials, information andcash along the demand and supply chains is critical to the firm’s competitive advantage. Doonan et al. (2002) pointed out that the new IT strategy that spans across the buy-side procurement and sell-side customer interface creates a paradigm shift in the process of optimizing business operations and drives fundamental organizational transformation. The use of IT in the support of various stages of a firm’s value chain can be characterized by the value chain information intensity (Teo et al. 1997, Busch et al. 1991 and Porter et al. 1985). An effective information systems strategy that supports the value creation paradigm needs to consider the various entities in thevalue chain as an integrated system that share critical information and business processes.THE INTEGRATED FRAMEWORK
Chan (2004b) described a conceptual enterprise model for the demand and supply value chains that ties business processes and technologies across the extended enterprise. According to Chan (2004b), the extended
The Journal of American Academy of Business,Cambridge * Number 2 * March 2005 148 enterprise along the value chain can be described by its external view, conceptual view and the internal view. The external view of the enterprise consists of user applications, operational and analytical processes, and organizational structures. The conceptual view of the enterprise consists of conceptual data and function models supportingoperational and analytical requirements. The internal view of the enterprise consists of the technical implementation of data storage, software modules, hardware platforms and telecommunications networks. These layers are logically connected through the construct of the enterprise information roadmap, which consists of the mappings and rules of associations between different components of the enterprise model. Figure 1 illustrates Chan’s construct of the enterprise model for the value chain. The enterprise model serves as the blue-print for the construct of processes and technologies across the value chain, tying information technology strategies to business strategies.

ENTERPRISE INFORMATION SYSTEMS PLANNING APPROACH

An effective information systems strategy can be developed to support the value chain leveraging the enterprise model framework. In the following, an approach to IS planning is presented. The approach summarizes key concepts that have been practiced and refined by the author through many IS/IT planning projects. The keyphases include:
-Identify business objectives and strategies
-Establish and evaluate the baseline architecture
-Develop the conceptual enterprise model
-Develop the target architecture
-Develop the migration strategy and implementation plans
Business Objectives and Strategies
The notion of business strategies driving systems strategies has been supported throughout the literature(Teo et al. 1997, King 1978, Reich et al. 1996 and Zviran 1990). For example, Schaffir (1985) described the transformation of the business objectives of cost leadership, quality and product differentiation to IT strategies of automation of the manufacturing operations, the mechanization of drafting engineering functions, linking the company’s information processing to those of customers and suppliers, and enhancing the company’s production
planning and control systems. While practitioners may adopt different techniques, the fundament concept has been well accepted in the industry. During this phase, business objectives are identified and consolidated with senior management. These goals are described in measurable terms with performance metrics defined. SWOT analysis may be conducted to evaluate the company’s strengths, weaknesses, opportunities and threats. Strategic solutions are developed that may include areas in information technologies, training, process enhancements, organization or cultural changes. The metrics defined for each business objective can be used for the measurement of performance and ROI for subsequent implementation of these solutions. While different techniques can be deployed in this phase to consolidate business objectives and strategies, the author has found in his practice the use of an objective matrix to facilitate the discussion with senior management very useful. The first dimension of the matrix consists of the stated business objectives. Typically three to five key objectives are listed. The other dimension consists of the definition of metrics, the respective current measurements if any, and the target measurements for the future. It also consists of the identification of issues and obstacles that would prevent the firm to achieve these goals. Strategic solutions are identified. These strategic solutions can be grouped and prioritized in the implementation phase.
Figure The Journal of American Academy of Business, Cambridge * Number 2 * March 2005 149
2 provides an example of the use of an objective matrix to document business objectives, performance metrics, issues and strategic solutions.

The Baseline Architecture The baseline architecture represents the current state of the enterprise in various dimensions including organizational structure, business processes, and technical architectures for databases, software, hardware and networks. During this phase, the effectiveness of organizations and processes are being evaluated and documented. Design tools may be used to document process diagrams. It is recommended that the 80/20 rule be applied in process evaluation to avoid over documentation of detailed processes which may not be improvement opportunities. The priority is focused on the solutions to the top 20% of critical issues that can yield 80% of the benefits to the organization. Cycle time, the number of hand-offs from one business entity to another, redundancy, the level of systems support, and other metrics can be used for process evaluation. Organizational issues and deficiency of systems support are identified. Figure 3 illustrates the use of the “swim lane” process diagram to facilitate current process evaluation. Each lane in the diagram represents a business entity and the rectangles represent activities in the process performed by the respective business entity. The bottom lane represents system support. Evaluation of the process effectiveness can be done by using various metrics across the diagram. For example, cycle time evaluation can be done by examining the horizontal flow of the activities. The number of hand-offs can be evaluated by examining the vertical flow of the activities. Manual processes, the lack of system support and process bottlenecks can be identified. Notice that the same technique can be deployed to design the new and enhanced process. The process diagrams can be used for the comparison of old and new processes illustrating the areas for improvement. The baseline technical architectures can be developed in conjunction with respective IT personnel. A portfolio should be developed describing the types, configurations and usage of these technical components. For example, a detailed application portfolio should consist of the identification of the application, the technologies used, the hardware platform, functional descriptions, data requirements, interfaces, usage, and other relevant statistics. Architectural diagrams can be used to illustrate the various technical components and their relationships. The baseline architecture is used to evaluate the effectiveness of the current state of the enterprise. It also provides the baseline for the development of migration strategies to the future state.
The Journal of AmericanAcademy of Business,Cambridge * Number 2 * March 2005 150

The Conceptual Enterprise Model
The conceptual enterprise model represents the requirements of the enterprise independent of process and technology implementations. It includes the data and function models supporting the operational and analytical requirements for the enterprise. The data model can be constructed using Entity Relationship Modeling techniques (Chen 1976). Analytic data models can be developed using dimensional modeling techniques (Todman 2001). Functional decomposition can be used to develop the function models. Model cross-check is an important activity during this phase to ensure that the data and function models are accurate and complete. Joint application design (JAD) sessions are effective ways to facilitate the information gathering and modeling process. It is important that the JAD sessions involve cross-functional management and operational staff to ensure that an enterprise view is developed in the model. The construction of the enterprise model is incremental and common elements are identified and leveraged throughout the modeling process. Designer tools can be used for proper documentation of the models. See Chan (2004a, b) for a detailed description of the conceptual enterprise model and respective techniques required in its development. The conceptual enterprise model serves as the blueprint for information and functional sharing for process and technology implementations across the extended enterprise. The Target Architecture The target architecture is developed for the future state of the enterprise based on the requirements developed in the conceptual enterprise model driven by the business strategies. The architecture covers each of the dimensions in organizational structure, business processes and technical architectures. In this phase, new and enhanced business processes are designed.
Figure 3 illustrates the comparison of a new process to the old process using the swim lane process diagrams. In this example, a Web-based self-management process eliminates all the intermediate steps of the old process model. Various processes can be used to implement functions defined in the conceptual model utilizing different technologies. For example, a customer service function can be implemented by multiple processes in the future state which may include a call center operation and a Web-based self-service operation using different technologies. A new B2B process may be used to implement a vendor-managed inventory strategy. Technical requirements and capacity plans can be derived from the conceptual requirements in the data and function models. For example, volumetric and data usage information in the data model can be used to determine database requirements. Frequency information in the function model can be used to determine transactional requirements for the hardware. Analytical requirements in the conceptual model can be used to evaluate the analytic tools and models. The target technical architecture will address the future states of databases, software, hardware and networks supporting the new processes designed to implement future business strategies.The Journal of American Academy of Business,Cambridge * Number 2 * March 2005 151 Migration Strategy and Implementation plans The migration strategy is put in place to describe how the firm can move from the baseline architecture to the target architecture. This includes the definition of initiatives and their prioritization based on the strategies developed in the business objective phase. It describes the methods to be deployed for organizational changes, process enhancements and reengineering, and the technical infrastructure migration of databases, software, hardware and networking platforms. The migration strategy will also address critical IT strategies such as make vs. buy vs. utility computing, and outsourcing vs. insourcing. These strategies will affect the implementation plans concerning technology evaluation, vendor selection, training and change management. Various implementation options can be evaluated based on the business objectives, constraints and measures on the return on investments. Implementation can take a phased approach with interim deliverables. Detailed technical implementation plans are developed to include plans for new system design and development; data and system conversion; installation of databases, software, hardware and networking components; training and rollout. Financial and human resource requirements and impacts are evaluated. The enterprise model serves as the roadmap for migration planning as illustrated in

RE-EVALUATING THE IS/IT ORGANIZATION
As new IS strategies are developed by aligning information technologies with business strategies, the IS/IT organization itself needs to be re-evaluated. A wide-range of roles that can be assumed by an IS/IT organization may include support, data center operations, maintenance, development, consultancy, management of IT strategies and architectures, and the management of vendor relationships. These roles are rapidly changing in this economy driven by global forces. Strategies in multi-sourcing and utility computing change the roles of IT is many organizations. Organizations may take totally different approaches based on different business strategies. For example, Best Buy’sdecision to outsource the entire IT operation to Accenture will cause IT head count to drop from 820 to 40 (Sliwa 2004). On the other hand, J. P. Morgan’s decision to end its projected $5 billion outsourcing accord with IBM will bring in 4,000 IBM employees and contractors to J. P. Morgan (Forelle 2004). It is important that the roles and structures of the IS/IT organization be aligned to support the new business strategies.

CONCLUSION
Porter (2001)’s proposition of the evolution of technologies in business emphasizes the need for information systems strategies to enable the real-time optimization of the value chain. It is echoed throughout the literature that information technology strategies need to be aligned with business strategies. This paper proposes a framework for the development of information systems strategies and plans driven by business objectives and strategies. It provides an integrated framework for the development of technology architectures and business processes across the value chain. A systematic approach to enterprise information system planning is presented.

The Journal of American Academy of Business,Cambridge * Number 2 * March 2005 152

REFERENCES

Busch, E.A., Jarvenpaa, S.L., Tractinsky, N., Glick, W.H. (1991). External Versus Internal Perspectives in Determining a Firm’s Progressive Use of Information Technology. Proceedings of the 12th International Conference on Information Systems, New York, 1991, 239-250. Chan, J. (2004a).
Techniques in Enterprise Modeling. 2004 Proceedings of Information Systems and Quantitative Methods, SAIS,
Midwest Business Administration Association, 9-19. Chan, J. (2004b).
A Conceptual Enterprise Model for the Demand and Supply Value Chains. ACME 2004 Proceedings of International Conference on Pacific Rim Management, 314-320.Chen, P.P. (1976).
The Entity-Relationship Model: Toward a Unified View of Data. ACM Transactions on Database Systems, March 1976, 1(1),9-37.Doonan, J., Reams, K., Magalhaes, C. (2002). Getting the Most from IT Strategies. International Tax Review, April 2002, 13(4), 33-35. Forelle, C. (2004). J.P. Morgan Ends Accord With IBM. The Wall Street Journal, September 16, 2004. King, W.R. (1978). Strategic Planning for Management Information Systems. MIS Quarterly, 1978, 2(1), 27-37. Lederer, A., Sethi, V. (1998). Seven Guidelines for Strategic Information Systems Planning. Information Strategy: The Executive’s Journal, Fall 98, 15(1), 23-28. Lilley, V. (2004). How to Profit from Your IS Strategy. Specialty Chemicals, March 2004, 24(3), 36-37.
Porter, M.E., Millar, V.E. (1985). How Information Gives You Competitive Advantage. Harvard Business Review, July-August 1985, 63(4),149-161. Porter, M.E. (2001). Strategy and the Internet. Harvard Business Review, 79(3), 62-78.Reich, B.H., Benbasat,
I. (1996) Measuring the Linkage between Business and Information Technology Objectives. MIS Quarterly, 1996, 20(1),
Schaffir, K.H. (1985). Information Tech for the Manufacturer (Part II). Management Review, December 85, 74(12), 55-57.
Sliwa, C. (2004). Best Buy to Outsource IT To Accenture. Computerworld, 4/19/2004, 38(16).
Teo, T.S.H., King, W.R. (1997). Integration between Business Planning and Information Systems Planning: An Evolutionary-Contingency
Perspective. Journal of Management Information Systems. Summer 97, 14(1), 185-214.Todman, C. (2001). Designing a Data Warehouse: Supporting Customer Relationship Management.
Upper Saddle River, NJ: Prentice Hall. Zviran, M. (1990).
Relationships between Organizational and Information Systems Objectives:
Some Empirical Evidence. Journal of Management Information Systems, 1990, 7(1)
The Journal of American Academy of Business, Cambridge * Number 2 * March 2005

A friend of mine, Joey Smith, has developed a self-study course for aspiring CIOs, and he’s got an audioconference interview lined up with a high-end recruiter to discuss the qualifications for a CIO. Joey and I were talking about this the other day, and I told him that I’m a bit concerned that aspiring CIOs are looking for a “silver bullet,” a magic solution that they can easily apply and thereby instantly qualify to be a highly paid CIO.

The real world isn’t like that. Many years ago I had an employee who wanted to be promoted to a higher level position, and he kept telling me that if I promoted him to the higher level then he would show me that he can perform at that higher level. My answer to him was always the same: show me that you can be a star in your current position, and demonstrate some of the skills that go along with the higher level position, and I’ll promote you. But the work comes first – not afterward.

The same thing applies to aspiring CIOs. If you demonstrate the capabilities that a CIO needs, and if you get some proven business successes under your belt, then you can qualify for a CIO position in your current company, or you can convince a CIO recruiter that you can do the job elsewhere. But you must have the successes first. That’s what recruiters are looking for – proven success stories – not people who have the potential to succeed.

Eight Qualifications for a CIO
Here’s my own list of qualifications that you’ll need to develop to become a CIO. First, you need the same kind of skills that are required for any senior executive position:

1. The ability to inspire confidence and trust. Some call this “poise;” others call it “charisma.” It’s a quality that’s hard to describe, and even more difficult to develop and achieve. It comes from experience, self-confidence, self-reliance, and knowing that you’re going to be successful at anything you attempt. And what’s more important, you make others know – without you telling them – that you’ll be successful at anything you attempt.

2. The ability to communicate clearly, succinctly, and emotionally to any audience, whether it’s stockholders, investors, your board of directors, or an entry-level clerical person. When I use the word “emotionally” I mean that the communication has to occur at multiple levels. At the surface the communication is intellectual, conveying facts. But at a lower level there’s a communication that makes the person want to agree and comply. At this lower level you’re doing more than communicating – you’re motivating and inspiring.

You may have noticed that the two skills I’ve mentioned thus far are the same abilities that politicians need. That’s true, but if these are the only skills you have, then you may find yourself described as an “empty suit,” and you’ll certainly never be successful at an executive position. So we need to add a conscience and a belief system:

3. Consistent, demonstrated ethical behavior. You know what’s right – for yourself, for your organization, for your company, and for your country and the world – and your actions consistently demonstrate that you want to move things in the right direction.

With these first three qualifications we now have an ethical politician, but we need an agenda.

4. Intelligence and wisdom. Intelligence to comprehend and truly understand what needs to be done. Wisdom to know what shouldn’t be done, and to understand the best way to accomplish things.

This fourth qualification has ruled out most politicians, so we’re beginning to zero in on good executives.

5. Good judgment. Knowing the time and place to say or do what needs to be said or done. Good judgment comes from experience. Unfortunately, experience comes from bad judgment – either your own or the bad judgment of others. The only way to get good judgment is to learn from your mistakes and from the mistakes of others.

6. Recognition of your own limitations. This might seem to contradict Skill #1, in which I said that you know you’re going to be successful at anything you attempt. But if you truly know your own limitations, then you won’t attempt something that’s beyond your capabilities. You’ll constantly extend your limits, but you know the difference between being aggressive and being foolhardy.

7. Motivation to be a CIO in spite of all of the responsibilities and headaches that come with the job. If you don’t live and breathe to be a CIO, then you probably won’t get there.

8. A strong interest in applying technology to improve the business. You probably wondered when I would mention technology. But note the words I used in describing this skill. A successful CIO doesn’t have to be a technology expert, and in fact most CIO’s aren’t technology experts. People who are highly motivated to become technology experts typically don’t have the other seven skills. Some CIO’s may have come from a technology background, but if they were technology experts in their past, they’ve now left that skill behind them.

How Do You Become a CIO?
First, be realistic. Do you have the eight qualifications I’ve listed? If not, then can you get there at some point? Some of the qualifications can be developed over time, but I believe that some of these qualifications are a result of who we are – our basic personality type. There are some people who will never be a CIO, and that’s not a bad thing. What is a bad thing, however, is seeing some of these people deceiving themselves into believing that they can overcome insurmountable obstacles. They obviously don’t have skill #6, and it’s unfortunate that these people won’t find happiness until they recognize their own limitations and focus on things that truly do make them happy.

But let’s say for the sake of argument that you do possess all eight of these skills, or you’re close to possessing them. What do you do next? Recognize that having the skills themselves doesn’t make you a CIO; you have to create business successes to be recognized for what you are. And I emphasize the word “business;” technology successes don’t get you the recognition until those technology successes translate into specific measurable monetary business success. Use technology to make your company a star (like eBay), or to make your company more competitive (like Wal-Mart). Use your technology to improve productivity (like UPS) or to change an industry (like CheckFree). Technology leaders usually aren’t leaders of technology – they’re leaders in the use of technology for business purposes.

You don’t have to start at the top, and in fact no one does. You can apply CIO skills to your job as an IT project leader or as a department manager, or even as a programmer-analyst. But you have to remember that CIO success comes from business success, and business success comes from thinking from your customers’ viewpoint.

How do you become a CIO? It’s not a leap – it’s just one more step in a continuing career progression of meeting and exceeding business needs.

BLUE OCEAN STRATEGY: How to Create Uncontested Market Space and Make the Competition Irrelevant W. Chan Kim and Renée Mauborgne Harvard Business School Press, 2005

 ”Don’t Compete with Rivals—Make Them Irrelevant”

Companies have long engaged in head-to-head competition in search of sustained, profitable growth. They have fought for competitive advantage, battled over market share, and struggled for differentiation. Yet in today’s overcrowded industries, competing head-on results in nothing but a bloody “red ocean” of rivals fighting over a shrinking profit pool. In a book that challenges everything you thought you knew about the requirements for strategic success, W. Chan Kim and Renée Mauborgne contend that while most companies compete within such red oceans, this strategy is increasingly unlikely to create profitable growth in the future. Based on a study of 150 strategic moves spanning more than a hundred years and thirty industries, Kim and Mauborgne argue that tomorrow’s leading companies will succeed not by battling competitors, but by creating “blue oceans” of uncontested market space ripe for growth . Such strategic moves—termed “value innovation”—create powerful leaps in value for both the firm and its buyers, rendering rivals obsolete and unleashing new demand. BLUE OCEAN STRATEGY provides a systematic approach to making the competition irrelevant. In this frame-changing book, Kim and Mauborgne present a proven analytical framework and the tools for successfully creating and capturing blue oceans. Examining a wide range of strategic moves across a host of industries, BLUE OCEAN STRATEGY highlights the six principles that every company can use to successfully formulate and execute blue ocean strategies. The six principles show how to reconstruct market boundaries, focus on the big picture, reach beyond existing demand, get the strategic sequence right, overcome organizational hurdles, and build execution into strategy. Upending traditional thinking about strategy, this landmark book charts a bold new path to winning the future.

No business will ever reach the goal of “business and IT alignment”. Let me explain.

The goal of perfect alignment is unachievable because of the dynamic nature of business. Every organization operates in an ecosystem and is affected by the forces at play in it. Economy, industry, competitors etc. are all players in this ecosystem who are continuously evolving. Similarly, knowledge and tools – such as information technology – are also continuously changing. To remain competitive i.e. maintain differentiation, every organization must adapt in response to the actions and activities of others in its ecosystem. Organizations that do not adapt lose their competitive edge over time and disappear.

Add to this the changes in an organization’s internal environment – structure, skills, finances, personnel, knowledge, core competency etc. – and now one has a potent mix of forces that demand change in response.

This continuous change is the cause of perpetual misalignment.

It takes time to understand the impact of the actions of others. It takes time to take action. While you are reacting, the world is not stationary – it is throwing more stuff your way. By the time you are done, you are out of alignment. To be precise, while you are taking action, you are out of alignment!

Till we have perfect predictive modeling and instant systems, no organization will ever be in perfect alignment. The best one can do is to move “toward” alignment i.e. moving in the right direction.

Do not let this discourage you from pursuing business and IT alignment! It is a worthy goal to pursue. Indeed, it is a critical one to pursue. You might never reach alignment but you can take steps to get ever closer.

This requires a process.

Often, we ignore the fact that business and IT alignment is a process. This process does not have a starting point nor does it have an end. It is a series of “learn and do” cycles that incrementally get towards alignment.

Organizations come up with pithy slogans, tag lines and spend millions advertising and promoting them. Ostensibly, this builds the “brand”. Arguably, brand is one of the most powerful concepts not just creating but also sustaining shareholder value. So, all this energy and dollars are well justified.

However, are you taken at your word or do your deeds speak more convincingly? My own experience as a customer and consulting with companies is that self professed

virtues are important but action driven images are critical.

The issue in your customers’ mind is: Can you back up your claims?

This is where IT comes in. Let me explain.

Brand is critical to shareholder value

Brand is the essence of an organization. It cannot be touched or felt and in more ways than one, it is a perception. It does not speak yet it is that one thing that tells more

about an organization than all the reams of paper taken up by press releases, brochures, employee manuals etc.

Why do people buy iPods for twice or thrice the price of a comparable MP3 player? Why did people automatically associate “Xeroxing” with “photocopying”? Why do people

watch Steven Spielberg movies even when they know nothing about them in advance? Why is Mike Tyson still a huge draw? Why is Toyota going to be the largest car

company in the world in 2007?

Brand takes time to build; short time to destroy – sometimes an instance. How many of you are going to watch Michael Richards’ (Seinfeld’s Kramer) stand up comedy

show? He blew away a lifetime of value in that one outburst.

o According to J.D. Power and Associates surveys, American car companies are competing head to head with Japanese companies in quality but is that the car buyer’s

perception?

o Can an airline come out of a crash? What happened to Pan Am?

o Would you like to have a brokerage indicted for fraud manage your investments?

o Would you like to put your money in a bank whose statements are inaccurate? How many inaccurate statements before you change banks?

o Would you like to buy your insurance policy company known for waste and mismanagement?

o Would you buy the stock of a company involved in options scam?

How bad can it get? Remember Anderson? This Big 6 accounting firm was indicted for participating in fraud against shareholders. The issue never went to trial. No guilt was

ever proven. They were out of business on that indictment.

Brand is a promise – an implied one at that – of value.

to be continued..

kriptograpi adalah suatu ilmu mengamankan pesan dan di lakukan oleh cryptographer. sedang criptanalys adalah suatu ilmu dan seni membuka ciphertext.

akar kata kriptograpi berasal dari bahasa yunani yaitu kryptos=menyembunyikan, dan graphein=menulis, sehingga dapat didefinisikan sebagai ilmu yang mengubah informasi dari bentuk normal(plaintext) yang dapat dipahami menjadi bentuk yang tidak dapat dipahami(ciphertext).

algoritma kriptograpi selalu terdiri dari dua bagian yaitu enkripsi dan deskripsi, enkripsi merupakan proses untuk mengubah pesan plaintext menjadi ciphertext, sebaliknya adalah proses deskripsi.

proses enkripsi dan deskripsi diatur oleh kunci kriptograpi, dalam sistem dimana terdapt algoritma kriptograpi ditambah seluruh kemingkinan plaintext, ciphertext dan kunci-kuncinya disebut kriptosistem (cryptosystem atau cryptograpic system). secara sederhana proses kriptograpi dapat digambarkan sebagai berikut.

aritmatika modular merupakan operasi matematika yang banyak dipergunakan pada metode kriptograpi simetris, adalah aritmatika modulo dua dan operasi XOR (Exlusive OR) dengan symbol []. operadi modulo dua ini melibatkan 0 dan 1 saja sehingga identik dengan bit pada komputer. seluruh kemungkinan nilai XOR ini dapat dilihat pada table dibawah ini

kerahasiaan dan keamanan data adalah sangat penting, perlindungan terhadap kerahasiaan data, caranya adalah dengan penyandian data atau enkripsi, enkripsi merupakan suatu proses penyandian pesan asal menjadi karakter yang tidak dapat dibaca, algoritma enkripsi yang biasa digunakan adalah DES, Triple DES, Blowfish, IDEA dan sebagainya. Algoritma semakin rumit semakin aman, tetapi pengguna  tidak memikirkan seberapa sulit algoritma dan aplikasinya, yang mereka inginkan adalah kerahasiaan data mereka terjamin. syarat system enkripsi yang aman adalah pertama true random bits (hanya sekali dihasilkan), kedua key space yang besar untuk algoritma enkripsi tersebut, algoritma one time pad aman dari penyadap disebut juga unbreakable algorithm.

Kriptograpi modern menganut kerahasiaan pada kunci bukan pada algoritma, sehingga keamanan data tergantung pada kunci bukan pada algoritma.

bersambung..