chapter 1 : introduction to computer based … · chapter 1: introduction to management information...
TRANSCRIPT
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 1 of 53
CHAPTER 1: INTRODUCTION TO MANAGEMENT INFORMATION SYSTEM
Introduction
The chapter introduces the concept of Management Information Systems (MIS).
Definition of key terms is presented towards building up meaning of MIS with an
organization management concept.
Introduction to management
The term management is somewhat common to us in day to today. Based on classical
view introduced by Henri Fayol (1911), the term management refers to the functions
carried out by managers which include:
1. Planning: to examine the future and draw up plans of action
2. Organize: build up the structure, material and human, of the undertaking;
3. Direct or command: maintain activity among the personnel;
4. Co-ordinate: to bind together, unify and harmonize activity and effort;
5. Control: to see that everything occurs in conformity with policy and practice
Data versus Information
Data consists of raw facts, text, graphics and figure that have not been processed and
inadequate for user’s application. Information on the other hand is the results of the
processed data that is sorted, useful and valuable for particular user. For example, in a
business receipts, delivery notes, invoices may constitute data. However, at the end of the
day once this source documents are captured and analyzed the analysis reports produced
become information. The information shall be used to carry out different functions in the
management of the organization.
Quality of information
Several characteristics make information of quality to the user. They include, information
should be:
1. Accurate
Information must be free from errors.
2. Complete
Information has to contain all the important facts as needed to perform the required
processing and what you want to know.
3. Relevant (Communicated to the right user)
Information must be related to the desired performance or useful to what you’re
trying to do.
4. Timely
Information has to be delivered at the right time.
5. Up-to-date or current
Information is useful if it reflects the current state of affairs
6. Cost effective
Cost of producing information in a firm should not exceed the benefit/profit that is
obtained from it.
7. Simple or well presented to user (Understandable to user)
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 2 of 53
Information that has been presented should be easy to understand –format, language,
detail level, vocabulary, etc.
8. Security
Only authorized person is allowed to access the information.
9. Confidence of the source e.g. foreign currency exchange mean exchange rates from
Central Bank, Billing Rates from previous month data capture logs, etc.
10. Communicated through the right channel
Different users make audience to varied channels e.g. mass media, social media,
circulars, mobile SMS alerts, telephone calls, emails, websites, face to face, written
print outs, etc.
Understanding the systems theory
System is a collection of related components and has the interaction between them to
accomplish a common objective. System will have the following basic interacting
components;
System characteristics
1. Common purpose or goal: The overall objective(s) of the system are shared by its
components
2. Components: Parts that constitute the system
3. Inter-relationship: One component requires another in order to fulfill its functions
4. Synergy: System as a whole yields more than the sum total output of components
Components of a system
1. Input: Raw materials that enter to the system
2. Output: Results or products/by products of the system
3. Processes: Manipulative functions that convert inputs to outputs
4. Feedback and control: This is an inbuilt mechanism for continuous measurement and
review of the status to ensure the system remains on track according to set standards
of performance
5. Border / Boundary/Interface: Boundary is the line in between internal and external
environment of the system. Interface is the link of interaction between internal and
external environment of the system
6. External environment: What is outside the boundary of the system
Types of systems
Virtually all systems are part of a larger system, called a supra-system and likewise,
virtually all systems can be decomposed into smaller systems, called subsystems. A
system may also be closed or open. A closed system is isolated from its external
environment and it neither influences nor is influenced by that external environment; e.g.
a vacuum, a controlled experiment, etc. However, business systems are usually open
systems. They influence and influenced by their external environments. A system may
also be formal or informal. A formal system is official and documented with clear
standards and documents such as receipts, order notes, etc. Informal systems on the other
hand are not documented they are verbal and include telephone conversations,
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 3 of 53
observations and mental clues. Such information is easily lost unless it is captured in a
permanent record. Other systems include deterministic versus probabilistic (stochastic),
self organizing (adaptive) versus non adaptive, etc.
Information System
This is a collection of inter-related components and has the interaction between them to
capture data, process it and produce the useful output information needed by an
individual or organization.
Functions of information system
1. Input : Facts or data from outside the system
2. Processing : Transform the data to information
3. Output : Information that need to be used outside the system
4. Storage : A place to store data for future reference
5. Communication: Transmitting and dissemination of data and information through
carrier media
Categories of Information Systems
Information system can be categorized into TWO; manual and Computer Based
Information System (CBIS). Manual or non-computerized system involves a lot of
paper work, electromechanical tools and user memorization of transactions. Manual or
non-computerized information systems are bulky in storage, laborious and error-prone.
They may also be susceptible to data insecurity and expensive in the long run, besides
being unable to support the performance of the organization effectively and efficiently.
Organizations that insist on manual systems are often out-performed by those that that
adopt CBIS. However, in certain applications and environments manual information
systems may be the only feasible choice. For example in small businesses, most of them
take time to adopt CBIS due to certain demands for CBIS such as infrastructure, ICT
skills, high initial costs, etc.
Computer based information system is an information system that uses computer
hardware and software combined with some set of procedures and human experts to
capture data, manipulate it and provide information.
Components of CBIS
1. Hardware: Hardware can be a single PC, a single main frame or networks of
computers. It also includes physical device to control the process of input and
output like keyboard, mouse and modem.
2. Software : Application program such as MS Office, Macromedia
Dreamweaver and etc.
3. People : Those who are involved with the system or using the system.
4. Data : Consists of facts, text, graphic, figure that can be recorded and that have
specific meaning.
5. Procedures : Instructions and rules to design and use information system
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 4 of 53
Advantages of CBIS
1. Versatility: Ability to service multiple applications
2. Diligence: Computers are capable of working for many hours without fatigue other
human weaknesses such as favoritism, going on strike, absenteeism, etc.
3. Speed: Faster response in processing and access to information
4. Enhanced security: Ability to use electronic security codes
5. Vast capacity: Can store large volumes of data in very small space
6. Accuracy: Capable of processing complex problems with high precision
7. Ease of retrieval: Access to electronic data is easier than manual records
8. Cost effectiveness: Overall cost savings in manpower, storage and communication
Disadvantages of CBIS
1. High initial cost: Acquisition of hardware and software is expensive
2. High frequency of replacement/upgrading due to obsoleteness: There is need to
replace hardware and software from time to time to cope with change.
3. Need for special skills: ICT skilled staff are needed
4. Computers cannot think: Computers cannot replace human effort entire because at
times human judgment is needed to solve a problem or make decision.
5. Negative impact in society such as misuse, cyber crime, unemployment,
environmental hazards, etc.
Understanding Management Information Systems (MIS)
Management information systems are information systems that provide information to
managers at various levels of management. Within an organization management can be
divided into three managerial end-user levels; operational management (first line
managers), tactical management (middle management) and the strategic management (top
management). Each of these managerial end users have differing informational needs
dependent on the nature of decisions and the level of planning attended to. A top manager
is an upper-level executive who guides and controls the overall activities of the
organization. They are responsible for the organization’s planning and developing its
mission. They also determine the firm’s strategy and its major policies. They are
president, vice president, chief executive officer, and members of the Board. Middle
managers develop tactical plans, policies, and they coordinate and supervise the activities
of first-line managers. Titles at this level are division manager, department head, plant
manager, and operating manager. A first-line manager is a manager who coordinates and
supervises the activities of operating employees. They solve day-to-day problems.
Common titles for first-line manager include office manager, supervisor, foreman, shift
leaders, etc. Operating employees are not managers. They represent the work force of
organization.
Levels of management:
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 5 of 53
This refers to a pyramid model of the hierarchy of command in an organization. It is a
three tier view that conceptualizes management into strategic management, tactical
management and operational management.
The middle level management or tactical management comprises of horizontally into
areas of management. The most common areas are Administration and Finance,
Marketing, Human Resources, Information Technology, Research and Development, etc.
Strategic
Management
EIS & ES
Tactical
Management
MIS & DSS
Operational
Management
(TPS)
Long term plans
Unstructured decisions
Ad hoc and exceptional reports
Summarized reports/graphical
Least frequent reports
Medium term plans
Semi structured decisions
On Demand & Scheduled reports
Fairly summarized reports
Fairly frequent reports
Short term plans (task specific)
Highly structured decisions
Scheduled reports
Very detailed reports
Very frequent reports
In view of this organization structure ISs can be categorized according to that
management pyramid;
1. Operational Management (First Line Managers) requires Information Systems
capable of capturing transactional data from day to day operations. This called a
Transaction Processing System (TPS). The system should be capable of
processing volume of data captured in organizations transactions such as sales
system, inventory system, students’ registration system. The data collected by
these systems may be deposited into the organizations Database Management
System (DBMS) to be used as raw materials for the Middle Level (tactical
managers) Management Information System (MIS). A TPS may be real time or
batch based. Real time means data collected is processed immediately for
immediate output to aid in a current transaction, e.g. Bank Cashier Terminal
Processing System. A batch processing system means data collected is collated
together so that it is processed at one go later in the day or another specified time.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 6 of 53
These systems are easy to automate for they support structured decisions, for
example a Bank Cashier Terminal Processing System can be replaced by an
ATM. With the power of Internet TPS systems can also be based on Internet
infrastructure. An organization can operate a private Internet based TPS where
employees can access the organization’s private Internet accessible database to
conduct transactions from different branches of the organization such as bank
branches network. This called an intranet. These systems can also be extended
further to allow customers and suppliers to for example process their orders or
track their supplies. Such as a system is called extranet. Various organizations are
also embracing IS systems to provide unique services such as e-commerce, e-
ticketing, e-banking, etc.
2. Tactical management: The data collected in the organization DBMS becomes the
raw material for producing information for middle level managers. These
databases are interrogated by an interface called Management Information System
(MIS). Generally speaking an MIS is a system for providing information for
managers. It is therefore a general term for an IS. However, specifically MIS
refers to an IS for providing information for the middle level of management. It is
therefore based on a DBMS that collects data from organization TPS to provide
special information depending on the functional management targeted. At this
level these MIS may also be called Decision Support Systems (DSS) because the
information provided to these tactical managers is meant to aid them in decision
making. A DSS is a system that provides information to aid tactical managers in
the decision making roles. The decisions supported are semi-structured. They use
partial rules automated in the computer system and partly on the manager’s
wisdom and experience. Information used in a DSS is taken from TPS and MIS,
in addition to this external information may also be incorporated. With all the
information gathered, managers can use models contained within a DSS to look at
what might happen if they do certain things. This is a bit like an IF statement that
can be changed, scenarios or goal seeking. If a change is made to the figures then
the output is increased or decreased.
3. Strategic Management: This is the top most level of management. Their use of
information system may not be frequent. However, they need information on
exceptional issues of the organization on demand or on the need to know. At
some low frequency they may also need regular reports. Such reports are highly
summarized and very graphical to allow quick view of the organization at any one
point. Executive information systems are used for this purpose. They have very
user friendly features such as a dashboard with graphics represent various
parameters of interest and allow the CEO to drill down for information and
interrogate the report for any finer details they may need. The nature of decisions
made by this management is unstructured. They have no clear rules but largely
depend on the wisdom and experience of the decision maker. For example a
decision on whether to forge a business alliance, how to raise capital, etc.
Strategic management may also use Expert Systems to be able to make decisions
in areas where they have no adequate expertise. An Expert System is a
knowledge-based computer program or artificial intelligence containing expert
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 7 of 53
domain knowledge about objects, events, situations and courses of action, which
emulates the process of human experts in the particular domain. In other words,
expert system is a computer application that performs a task that would otherwise
be performed by a human expert. Expert systems are extensively used in the
medical field. For example, there are expert systems that can diagnose human
illness, and MYCIN is one of the popular expert systems in medical field.
However, Expert Systems can also be used at other levels of management.
CHAPTER 2: INFORMATION SYSTEMS FOR OPERATIONS,
MANAGEMENT AND STRATEGIC ADVANTAGE
Importance of Information Systems
Information systems in an organization are important to all levels of management to
enable managers perform their functions of planning, directing (commanding and
leadership), organizing, controlling and coordinating. They are important at
operational in execution of specific tasks or transaction/application in the day to day
operations of a business, such as accounting, sales, front office automation, etc.
However, an organization may identify unique application area that would make the
firm stand out among its peers or possibly to offer a service far from ordinary as
compared to competitors who are doing business as usual. Such a unique application
of IS by a firm is called strategic application and the system is therefore called a
strategic information system. A strategic information system therefore is an
information that is adopted by an organization in order to give the organization a
unique advantage that gives the firm an edge above the competitors. It is either using
IS to provide a unique service or using IS to provide better services so as to achieve a
competitive advantage or edge. For example providing online ticketing, an extranet to
allow customers to book a hotel room online, a Just In Time (JIT) system to order a
customized luxury car, etc. Ways to gain strategic advantage using IS includes;
1. Cost reduction: A firm can gain profit margin by using IS to reduce number of
staff and reduce production time for its products
2. Raise barriers to new entrants: Where an organization provides advanced system
more than competitors, new entrants may find it difficult to penetrate, e.g.
Safaricom 3G internet while competitors are on GPRS or EDGE technology
3. Establish high switching cost: Where a client has so expensive equipments from
the current supplier and the technology cannot migrate to another supplier the
customers would remain to avoid migration or switching cost; e.g. switching from
one accounting package to another provider may require flesh data entry and
expensive data conversion.
4. Creating new products or services: A company can gain strategic positioning by
using IS to provide a unique service e.g. Mobile Banking, 24-hour loan
processing, etc.
5. Differentiate products or services: An organization may attract customers by
convincing them that their product is different from their customers through
unique interaction and product features by use of IS.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 8 of 53
6. Enhance products or services: Even with current products the company can
enhance them such as longer business hours for customers by reducing after office
batch processing of daily transactions by use of real time transaction processing
system.
7. Establish business alliances: The business can enhance customer experience and
product provision by packaging products with other companies, e.g. a holiday
package that includes air ticket, hotel, tours and travel, etc by use of IS system
inter-linked with other service providers or service advantage smart cards.
8. Locking customers and locking out competitors: Making it impractical for
customers or suppliers to deal with competitors for example MPESA agency
requirements that your partners do not brand with competitors products
In general, beside these strategic uses of IS, MIS systems are specifically important at
various of levels of management to aid in transaction processing and to support
management decisions at various levels.
MIS characteristics
It supports transaction handling and record keeping (Transaction Processing
Systems and office automation systems).
It can be integrated with organization wide Database Management System
(DBMS) which supports centrally all major functional areas of an organization.
This will receive data collected from various operation’s Transaction Processing
Systems (TPS)
From the DBMS various managers can interrogate the MIS to obtain information
for operational, tactical, and strategic level managers with east access to timely
It supports decision –making function especially acting as a data source for the
middle level Decision Support Systems (DSS) for aiding them in their semi-
structured decisions.
MIS enables an organization to adapt to its changing needs.
It promotes security system by providing only access to authorized users.
MIS not only provides statistical and data analysis but also works on the basis on
MBO (management by objectives). MIS is successfully used for measuring
performance and making necessary change in the organizational plans and
procedures. It helps to build relevant and measurable objectives, monitor results,
and send alerts.
Function of MIS
The main functions of MIS are:
Data Processing: Gathering, storage, transmission, processing and getting output
of the data. Making the data into information is a major task.
Prediction: Prediction is based on the historical data by applying the prior
knowledge methodology by using modern mathematics, statistics or simulation.
Prior knowledge varies on the application and with different departments.
Planning: Planning reports are produced based on the enterprise restriction on the
companies and helps in planning each functional department to work reasonably.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 9 of 53
Control: MIS helps in monitoring the operations and inspects the plans. It consists
of differences between operation and plan with respect to data belonging to
different functional department. It controls the timely action of the plans and
analyzes the reasons for the differences between the operations and plan. Thereby
helps managers to accomplish their decision making task successfully.
Assistance: It stores the related problems and frequently used information to
apply them for relative economic benefits. Through this it can derive instant
answers of the related problem.
Advantages and Disadvantages of MIS
An MIS provides the following advantages.
1. It Facilitates planning: MIS improves the quality of plants by providing relevant
information for sound decision - making. Due to increase in the size and complexity
of organizations, managers have lost personal contact with the scene of operations.
2. In Minimizes information overload: MIS change the larger amount of data in to
summarized form and there by avoids the confusion which may arise when managers
are flooded with detailed facts.
3. MIS Encourages Decentralization: Decentralization of authority is possibly when
there is a system for monitoring operations at lower levels. MIS is successfully used
for measuring performance and making necessary change in the organizational plans
and procedures.
4. It brings Co-ordination: MIS facilities integration of specialized activities by
keeping each department aware of the problem and requirements of other
departments. It connects all decision centres in the organization.
5. It makes control easier: MIS serves as a link between managerial planning and
control. It improves the ability of management to evaluate and improve performance.
The used computers has increased the data processing and storage capabilities and
reduced the cost.
6. Facilitates data processing: MIS assembles, process, stores, retrieves, evaluates and
disseminates the information.
7. Creates strategic advantage for an organization such as cost reduction, product
differentiation, etc with end result being higher profitability
Disadvantages
The following are some of the disadvantages of MIS:
MIS is highly sensitive: MIS is very helpful in maintaining logging information of
an authorized user. This needs to monitor constantly.
Quality of outputs is governed by quality of inputs.
MIS budgeting: There is difficulty in maintaining indirect cost and overheads.
Capturing the actual cost needs to have an accrual system having true costs of
outputs which is extremely difficult. It has been difficult to establish definite
findings.
MIS is not flexible to update itself for the changes.
MIS effectiveness decreases towards the top level management. Top management
requires more information than can be supplied by from the internal data captured
by the MIS.
MIS is limited in handling qualitative data: Information accountability is based on
the qualitative factors and the factors like buyer attitude, customer satisfaction,
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 10 of 53
political climate, etc. which some time can be cause of success or failure of a
business.
CHAPTER 3: SYSTEMS APPROACH TO PROBLEM SOLVING AND ITS
APPLICATION IN MANAGEMENT
What is systems approach?
The systems approach is a problem solving technique that stresses a systematic
process of problem solving. Problems and opportunities are viewed in a systems
context. Studying a problem and formulating a solution becomes an organized
system of interrelated activities;
1. Define a problem or opportunity in a systems context.
2. Gather data describing the problem or opportunity
3. Identify alternative solutions.
4. Evaluate each alternative solution.
5. Select the best solution.
6. Implement the selected solution.
7. Evaluate the success of the implemented solution.
These activities and steps of the systems approach can be grouped into a smaller
number of stages of problem solving:
a. Understanding a problem or opportunity (steps 1 and 2).
b. Developing a solution (steps 3 through 5).
c. Implementing a solution (steps 6 and 7).
Understanding a Problem or Opportunity
To solve a problem or pursue an opportunity requires a thorough understanding of the
situation at hand. This implies viewing the problem/opportunity in a systematic fashion
within a systems context.
1. Defining Problems and Opportunities. Problems and opportunities must be
identified when using the systems approach. Symptoms must be separated from
problems. Symptoms are merely signals of underlying problems.
a. A problem is a basic condition that causes undesirable results.
b. An opportunity is a condition that presents the potential for desirable
results.
2. Gathering Data and Information. Data and information need to be captured to
gain sufficient background into the problem or opportunity situation. In the
context of a business systems problem, information gathering may encompass the
following:
a. Interviews with employees, customers, and managers.
b. Questionnaires to appropriate end users in the organization.
c. Personal observation or involvement in business operations.
d. Examination of documents, reports, procedures manuals, and other
documentation.
e. Inspecting accounting and management reports to collect operating
statistics, cost data, and performance results.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 11 of 53
f. Development, manipulation, and observation of a model of the business
operations or systems affected by the problem or opportunity.
Identifying Current Organizational Systems. In the systems approach, a problem
or opportunity must be viewed in a systems context. To understand a problem or
opportunity, you must understand both the organizational systems and
environmental systems in which a problem or opportunity arises. You must have
a systemic view of the situation.
a. A Business as a System. A business faced with a problem or opportunity
needs to be viewed as an organizational system operating within a
business environment. This concept helps us isolate and better understand
how a problem or opportunity may be related to the basic system
components of a business.
b. Environmental Systems. A business is a subsystem of society and is
surrounded by other systems in the business environment. Proper
interrelationships with the economic, political, and social stakeholders
within the environment should be maintained. These stakeholders that
interact with a business need to be identified, to determine their effect on a
problem or solution.
c. Organizational Subsystems. Typically a business is subdivided into
subdivisions that compose the organizational subsystem.
i. These typically represent functional areas such as marketing,
manufacturing, and finance, but can also represent geographic
areas, product lines, distribution facilities, work groups, etc.
ii. Decomposition is the process of identifying the boundaries of
subsystems within a business and determining the relationships
between the subsystems. Those subsystems most affected by the
problem or opportunity under consideration need to be identified.
d. Relationships Between Systems. A black box approach aids systems
professionals in analyzing the relationships and interconnections between
subsystems within the firm. In other words, the processing component
remains a black box while inputs and outputs of subsystems are studied.
i. Coupling - the process of determining how tight the function of
subsystems are connected. e.g., JIT - requires a close association
between inventory control and manufacturing.
ii. Decoupling - the process of loosening the connections between
systems. e.g., E-Mail may loosen communications connections
within the organization. People can be more efficient by having
differing avenues of communication available to them.
e. Evaluating Selected Systems. To understand a problem and solve it, you
should try to determine if basic system functions are being properly
performed. This should be done within a systems context by looking at
inputs, processing, outputs, feedback, and control structures.
f. Determining Objectives, Standards, and Constraints - a systems approach
must determine firm objectives, identify standards, and recognize
constraints.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 12 of 53
Developing a Solution
Once you understand a problem or opportunity, you can develop an appropriate solution.
3. Designing Alternative Solutions. Jumping immediately from problem definition
to a single solution limits your options and robs you of the chance to consider the
advantages and disadvantages of several alternatives. Of course, having too many
alternatives can obscure the best solution. Alternative solutions may come from
past experience, advice of others, simulation of business operations models, and
your own intuition and ingenuity. The "doing nothing" option is also a valid
alternative.
4. Evaluating Alternative Solutions. To identify the best solution, the proposed
alternatives need to be evaluated. The goal of evaluation is to determine how well
each alternative solution helps the firm and its selected subsystems meet their
objectives.
a. Evaluation criteria - should reflect the firm's objectives and constraints.
b. Cost Benefit Analysis - Every legitimate solution will have some
advantages or benefits, and some disadvantages or costs. This process
identifies the benefits and costs associated with each alternative solution.
i. Tangible costs - quantified costs such as Hardware, Software and
Staff Salaries.
ii. Intangible Costs - difficult to quantify such as Customer goodwill,
Employee morale caused by system errors and
Installation/conversion problems.
iii. Tangible Benefits - favorable results that the firm has attained such
as Decrease in payroll and Decrease in inventory carry.
iv. Intangible Benefits - hard to estimate and include better customer
service, and better delivery of customer request(s).
5. Selecting the Best Solution. Once all alternative solutions have been evaluated,
they can be compared to each other, and the "best" (most desirable) solution can
be selected. Since the solutions are compared based on multiple criteria (some of
which may be intangible), this selection is not always a simple process.
D. Implementing a Solution
6. Implement the selected solution. Once a solution has been selected, it must be
implemented. An implementation plan may have to be developed. A project
management effort may be required to supervise the implementation of large
projects. Typically, an implementation plan specifies the activities, resources, and
timing needed for proper implementation. This may include:
a. Types and sources of hardware and software.
b. Construction of physical facilities.
c. Hiring and training of personnel.
d. Start-up and operating procedures.
e. Conversion procedures and timetables.
7. Post implementation Review (Evaluate the success of the implemented solution).
The focus of the post implementation review is to determine if the implemented
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 13 of 53
solution has indeed helped the firm and selected subsystems meet their system
objectives. If not, the systems approach assumes you will cycle back to a
previous step and make another attempt to find a workable solution.
E. Applying the Systems Approach to Information Systems.
A variety of information systems development methodologies tailor the systems
approach to the process of developing information systems solutions to business
problems. A firm may experience difficulties in applying the systems process to
IS due to: Lack of User Acceptance due to Departmental/unit and/or emotional
conflicts, and the Rapidly changing environmental conditions.
CHAPTER 4: INFORMATION SYSTEMS DEVELOPMENT
Systems Development Life Cycle (SDLC) or sometimes just Systems Life Cycle (SLC)
an Information Systems Development process, used by a systems analyst to develop
information systems of high quality that meet or exceeds customer expectations, within
time and cost estimates, works effectively and efficiently in the current and planned
information technology infrastructure, and is cheap to maintain and cost-effective to
enhance. SDLC is a systematic approach to problem solving and is composed of several
phases, each comprised of multiple steps: systems investigation (systems planning),
systems analysis, systems design, systems implementation and post implementation
support and maintenance. Due to this sequencing of phases it is also referred to as the
waterfall model.
Systems investigations or planning are triggered by a user request. It may be initiated
by user in the user department or an external environment entity such as government,
supplier or customer or a new technology change that demands overhaul of systems, etc.
When this occurs a feasibility study should be conducted to determine the extent of the
problem – whether the problem really exists, its extent and what happen if the problem is
not tackled. The feasibility study aims to establish whether the problem should actually
be solved. One conclusion might be that the problem is too expensive to solve or it is not
worthy, or there is no adequate technical capacity to solve it. A decision may be made to
buy, lease or outsource or not to buy all together. Areas of feasibility include;
1. Financial feasibility: This aims to establish what are the financial costs for solving
the problem and what are the benefits (cost benefit analysis) of solving it.
2. Technical feasibility: Does the necessary technical capacity exist to solve the
problem, can it be hired or procured?
3. Operational feasibility: Can the system work in the organization given existing
systems?
4. Other feasibility may include social, environmental, political, etc.
Systems analysis involves establishing the requirements for solving the problem; such as
what technology will be required, what are the financial costs or budget, when to
implement or deliver the solution, etc. The completion of this exercise is marked by a
SYSTEMS REQUIREMENTS document. This document will act as the invitation for
bidders or Request for Quotations (RFQ) to suppliers. The systems analysis may be done
by a systems analyst from the IT department or by an external consultant.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 14 of 53
Systems design: Once the suppliers bid for supply of the system detailed in the
SYSTEMS REQUIREMENTS in the Invitation to Bid, the suppliers will detail their
proposed solutions in line with the systems requirements. This document is called
SYSTEMS SPECIFICATIONS. The systems specification document details what
systems the supplier proposes to deliver to meet the systems requirements. The
specifications should meet or exceed the systems specifications and should be within the
budget of approved by the procurement committee. As an aid to communication the
supplier may provide a prototype either a demo version of the system or schematic
drawing of the workings of the system. Once the procurement team is satisfied with the
bidder’s proposal they will draw the purchase order which will act as the contract
document for the supplier. It will outline the Terms of Reference for the contractor and
will be used to evaluate the final system that will be delivered. The system specifications
act as the BLUEPRINT for the systems design. Further design includes both the logical
and the physical design. The logical design is the development of specifications while
physical design is the building and testing of the system upon approval by the client.
Systems implementation refers to the delivery of the ordered system when the system
goes live. This is completed by a project team comprising of members from the
contractor and the client department. In order to enhance success and acceptance of the
final system, this stage beside the other stages must include representatives for the
affected user departments as well as the IT department who will be charged with
maintaining the system. For continuity the system could be implemented on phased
implementation, pilot change over direct changeover or parallel changeover. Phased
implementation may involve piecemeal implementation over a duration of time, pilot
change over may involve scaled down number of departments to ensure it works before it
is implemented full scale. Direct changeover is when the system is implemented over the
entire organization at one go. It is very risky in case the system fails but is quick and
cheap. Such changeover should be done during low season of the system usage. Parallel
changeover is when both the old and the new systems are run simultaneously until the
team is confident the users have learnt and the system is satisfactory for live running. A
team of data conversion may be required to convert data from the old system to the new
system. The new system is signed off upon confirmation that it has met the systems
requirements and that the contractor has met the specifications. System implementation
also involves user training. The system delivered should include systems documentations
which become an aid to training and future support. They include systems technical
manuals, user manuals and operational/procedure manuals. During this stage if the
contractor encounters change in specifications they must apply for change request
authorization from the procurement team of the organization.
Post Implementation Review and Support refers to the services that the users may
request after the system has gone live and the contractor has signed off. Whether the
contractor is legally bound to continue providing support services after delivery depends
on the specifications of the Warranty document and any Service Level Agreements
(SLA) established. For continuity the organization should sign for Scheduled Preventive
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 15 of 53
Maintenance (SPM). Further to strengthen the internal capacity for support the
organization should establish a help desk or an information centre. A help desk is a team
of ICT support who have been trained on the new system whereas an information centre
is a centre that provides information to a user’s community on frequently asked
questions. It may be an office or even a web based FAQ. The supplier may also
complement support by online chats, email support and telephone support and to some
extent site visits.
Systems development tools
These explain the tools used for designing and building systems. They include system
modeling tools, prototyping tools, and CASE tools. A model is replica of a system that
illustrates how the final system looks like. It is similar to a prototype, where a prototype
is a complete system but in an abbreviated version. A prototype may be a throw away or
an incremental prototype. A throw away prototype will be discarded once the idea has
been clarified but an incremental model may continue to be developed with additional
features so as to be part of the final scaled up system. CASE tools are powerful tools for
developing detailed representation of an organization model.
CHAPTER 5: COMPUTER HARDWARE
Hardware refers to the computer’s physical equipment (input, CPU, output, and storage).
The digital computer is used to organize numbers and alphabetic data; data is represented
in bytes, which can be broken down into eight bits. A bit is a binary digit with two
options: 0 (off) and 1 (on). The other computer classification is the analog computer; it is
used as a measuring device.
1. Input Devices are used to enter raw data into the system. They include devices for
manual human input (keyboard, mouse, trackball, touch screens) and dde - source
data automation (interactive touch screens, magnetic card readers, optical
recognition, and voice recognition). Data may be stored for batch processing or
processed immediately. Data may be in a form acceptable for another machine or
usable by people.
2. Processor Unit includes primary storage and the CPU (control unit and
arithmetic/logic unit).
The control unit includes instruction registers and control circuits. The control
unit (along with the main memory) makes possible the stored program concept of
computer operations. The control unit interprets program instructions; control
circuits are activated to complete operations and results are stored. The
arithmetic/logic unit (ALU) performs all mathematical computations and logical
comparisons. Data are transferred as needed from main memory to the
arithmetic/logic unit for manipulation and then returned to main memory for
additional processing or output.
The CPU physically is a microprocessor that includes the control unit and
arithmetic/logic unit mounted on a silicon chip. A multiprocessing operation
mode is possible when a computer contains more than one microprocessor.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 16 of 53
3. Output Devices – Output that is printed is called a hard copy; output that can be
viewed on a monitor or heard over speakers is called a soft copy.
4. Storage Devices are divided into primary and secondary storages also called
auxiliary storage. Primary storage includes Read Only Memory (ROM) and
Random Access Memory (RAM). ROM contains the manufacturer’s firm ware
but the RAM provides the computer’s working memory. The secondary storage is
used for data that are saved for future processing. Processed data are saved using
unique file names to identify the information or program. Common devices
include magnetic disk, optical disc, DVD, USB flash drive, and magnetic tape.
5. Data Communication and Networking equipment: These are devices used for
interconnecting of computers and data communication. They include modems,
network switches, network cards, routers, bridges, LANs and WANs, Wi-Fi, etc.
B. Types of Computers
1 Today’s computer systems fall into one of the following categories:
1. Supercomputers
2. Mainframe Computers
3. Minicomputers or Midrange Computers
4. Microcomputers, or personal computers
Supercomputers:
• Most powerful computer made
• Physically they are the largest
• Process huge amounts of data
• Can house thousands of processors
• Relatively rare because of size and cost.
• Used by large corporations, universities and government agencies.
Mainframe Computers
• Used in large organizations like insurance companies, and banks where many
people need frequent access to the same data, which is usually organized into one
or more databases.
• Airlines, Government Agencies (Federal Aviation Administration and Census
Bureau) track information about large populations, individual tax records, payroll,
and more.
• Are being used more and more as specialized servers on the World Wide Web,
enabling companies to offer secure transactions with customers over the Internet.
• Many enterprises are connecting personal computers and personal computer
networks to their mainframe system. This allows access to the mainframe data
and services and also enables them to take advantage of local storage and
processing, as well as other features of the PC or network.
• Houses an enormous volume of data (literally billions of records)
• Mainframe can occupy entire rooms or even an entire floor of a high-rise
building. Special air conditioning systems are used to keep them cool and on
raised floors to accommodate all the wiring needed to connect the system.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 17 of 53
Minicomputers
• Abbreviated version of mainframe computers.
• The capabilities are somewhere between mainframes and PC.
• Minicomputers can handle much more input and output than personal computers
can.
• Designed for a single user, most are designed to handle multiple terminals.
• Can be used as a server for PC’s
Microcomputers, or Personal Computers
• The microcomputer is “the computer for the masses” and personal computing
• Microcomputers include the following types: Desktop models, including
workstations, notebook computers (laptops), Network Computers (netbooks),
Mini laptops and Handheld personal computers, PDAs
CHAPTER 6: COMPUTER SOFTWARE
Types of software
Computer software refers to the set of instructions that are used by the computer for its
data processing. Software can be categorized into systems software and application
software.
System software: refers to a collection of software required by the computer to perform
its own internal process. This software includes firmware, operating systems and utility
programs.
Firmware: These are native programs that are loaded to the computer at the point of
manufacture and are embedded as a part of the computer basic configuration in Read
Only Memory (ROM) chip or its variance equivalent. These programs perform Basic
Input Output Systems (BIOS) functions such as performing Power-On Self Test (POST)
or Pre-Operational Self Test when the computer is powered on. In absence of an
operating system the firmware will load and await further instructions of the system
administrator on the location of the operating system. They may also include various
system drivers and hardware equipment drivers supplied by equipment manufacturer.
Operating systems: refers to programs that support the basic functions or operations of a
computer system. Examples of operating systems include Ms Windows, UNIX, Mac Os,
Novell Netware, etc. These functions including;
i. Booting a computer (i.e. preparing a computer for use by initializing its hardware
and software resources)
ii. Providing user interface: or the human computer interface that enables interaction
of a computer user with the computer system e.g. Windows Graphical User
Interface (GUI) using Windows Icon Menu and Pointer (WIMP) interactions
iii. Managing memory of the computer: It allocates how the computer memory is
utilized during processing
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 18 of 53
iv. Hardware and software interface: The operating system provides a platform to
load hardware drivers and help various hardware added to the computer system to
interact with the software
v. System resources management (Interrupt request handling): these include all the
resources of the computer apart from the memory management. Each resource in
the computer is assigned a unique identity code called IRQ that identifies the
priority given to that resource when it calls for attention from the processor
vi. Error handling: during processing the operating system responds to errors that
may arise such as output device missing, memory overflow, etc.
vii. Security management: The operating system includes access controls and
authentication mechanism to ensure the system maintains its integrity and data
reliability and is secure from unauthorized access
Utility programs
These are programs that expand the capacity of the computer by providing other
additional services. They include software developers’ tools such as programming
languages – compilers, debuggers, linkers, translators, and assemblers; systems tools and
accessories such as antivirus, backup and restore, media players, CD burning software,
Adobe Reader, Games, etc.
Application software
These are user programs that have been developed to deliver a specific functionality for
what a user does in his or her day to day operations. This means the application software
required by the computer depends on who the user is. Accountants need accounting
software, statisticians need statistical packages, school needs a school management
system, etc. Further application software is categorized according to nature of its
distribution. If the package is available as off-the-shelf then it is referred to as
application package, examples include Ms Office packages, QuickBooks, SPSS, etc. If
it is tailor-made by in-house development of hired or internal team of software
developers it is called be-spoke software. Application packages are cheap for they are
mass produced but may not be adequate for unique functionalities of an organization.
However, be-spoke software is expensive and many times the developers may choose to
package is to sell to other similar organizations.
Depending on the terms of sale, software may also be commercial or open-source.
Commercial software is available for sale and cannot be duplicated or altered without the
authority of the owner. Such acts of illegal reproduction are referred to as piracy.
However, open-source software is free to use and to modify. However, owners of the
software may change for some special rights on services such as installation and support.
Over the Internet a number of software can also be downloaded as freeware, shareware,
demo versions or commercial software. Freeware are absolutely free to use. Shareware
are copyrighted and shared free of charge but a donation may be expected or some
limitations may exist if you use it regularly, demo versions are commercial softwares
given as trial version to use for a period of time or with limited functionality or with a
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 19 of 53
penalty of carrying developers banner ads. However, one is expected to purchase the
commercial version after working with the demo version.
Application Packages Used to Support End-User Computing
These refer to a number of application packages used for office automation and by
knowledge workers. They can be classified into;
i. Word processors
ii. Spreadsheets
iii. Databases
iv. Presentation graphics
v. Desktop Publishing packages
vi. Photo and Video editors
vii. Statistical packages
viii. Accounting packages, etc.
CHAPTER 7: DATA RESOURCE MANAGEMENT
Transaction Processing Systems
A transaction processing system performs routine, day-to-day operation of a business that
helps a company add value to its products and services.
It requires a large amount of input data and produces a large amount of output
without requiring sophisticated or complex processing.
Examples are, order entry, inventory control, payroll, accounts payable, accounts
receivable, and general ledger.
An automated TPS consists of all the components of a CBIS such as hardware,
software, databases, telecommunication, people, and procedures.
A transaction processing system serves the foundation of other systems, such as MIS,
DSS, and AI/ES. These systems handle less input and output, but more sophisticated
and complex processing.
Transactions Processing Methods
Transactions are commonly performed in batch or on-line.
Batch Processing
With batch processing, business transactions are accumulated over a period of time
and prepared for processing as a single unit or batch.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 20 of 53
There is some delay between the occurrence of an event and the processing of the
event.
Examples are, payroll processing, billing, accounts payable, and accounts receivable.
On-Line/Real-Time Processing (OLTP)
With this form of data processing, each transaction is processed immediately, without
the delay of accumulating transactions into a batch.
As soon as the input data is available, a program performs the necessary processing
and updates the records affected by the transaction.
Data in an OLTP always reflect the current status.
On-Line Entry with Delayed Processing
This type of transaction is a compromise between the batch and on-line processing.
With this type of transaction, orders or transactions are entered into the computer
system when they occur, but they are not processed immediately.
Example: A typical mail order system in which orders are accumulated and then it is
forwarded to a warehouse for shipment.
Integrated Transaction Processing System
A firm may integrate all its business activities into a single transaction processing
system. It involves inventory control, order entry, shipping, invoice processing,
accounts receivable, purchase orders, accounts payable, payroll processing, general
ledger, and budget.
Objectives of Transaction Processing Systems
Because of the importance of the transaction processing system, organizations expect
their TPSs to accomplish a number of specific objectives.
Process data generated by and about transactions
The primary objective of any TPS is to capture, process, and store transactions
and to produce a variety of documents related to routine business activities.
Processing orders, purchasing materials, controlling inventory, billing customers,
and paying suppliers, result in transactions that are processed by a TPS.
Ensure data and information integrity and accuracy
One objective of any TPS is error-free data input and processing.
Rules must be in placed and implemented in the programming to ensure data
accuracy before it is stored.
Another of a TPS is to ensure that all data and information stored in the file or
database are accurate, current, and appropriate.
Produce timely documents and reports
Transaction processing systems produce routine documents such as order slip,
shipping order, invoice, purchase order, inventory status report, inventory on-
hand report, customer list, paycheck, and so on.
These documents need to be produced in timely manner to perform routine
business transactions.
Increase labor efficiency
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 21 of 53
Transaction processing system can substantially reduce routine clerical and other
labor requirements.
An automated scanning device in a retail store can substantially reduce the item
processing time. This not only increases checkout efficiency but also a reduction
of the manual workforce.
Help provide increased and enhanced service
TPSs can provide services faster than humans, thus increasing the number and
varieties of services it can offer to customers.
Examples are, automated university registration system, automated billing
inquiries, automated bank account transfers, and so on.
Help build and maintain customer loyalty
TPS can be used to build customer loyalty.
Examples are, ease of use of the system, easy access of customer account, timely
reporting of information, automated telephone answering and faxing, and web-
based information processing, can help satisfy customers.
Achieve competitive advantage
A competitive advantage provides a significant and long-term benefit for the
organization.
For example, UPS and FedEx systems keep track of a package at each stage of its
traversal. Customers can use a tracking number to find the latest status of the
package.
Some of the ways that companies can achieve competitive advantage are
mentioned below.
Transaction Processing Activities
All transaction processing systems performs a common set of basic data processing
activities. TPSs capture and process data that describe fundamental business transactions.
This data is used to update databases and to produce a variety of reports.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 22 of 53
Transaction Processing Cycle
The business data goes through a transaction processing cycle that includes: Data
Collection, Data Editing, Data Correction, Data Manipulation, Data Storage and
Document Production
Data Collection
The process of capturing and gathering all data necessary to complete transactions is
called data collection.
It can be manual such as completing a purchase order by hand. It can also be
automated via special input device such as scanners and terminals.
Data collection begins with a transaction (such as customer order) and results in the
origination of data that is input to the transaction processing system.
Data should be captured at its source and it should be recorded accurately, in a timely
fashion, with minimal manual effort, and in a manner that can be directly entered to
the computer rather than entering using keys.
Automatic data collection is termed as source data automation. An example is the
use of scanning device at the grocery store to read UPC code and hence the price of
an item. Another example is an employee badge used as a time card when going in
and out of an office building.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 23 of 53
Data Editing
An important step in processing data is to check for validity and completeness of
data. Controls must be placed in the data-entry form.
For example, quantity and cost must be numeric and names must be alphabetic.
Data Correction
A data that is not entered properly needs to be entered correctly.
Data correction involves reentering miskeyed or misscanned data in the data entry
point.
For example, a UPC code not found in the retail store checkout, is given a special
code to complete the transaction for an item.
Data Manipulation
The process of performing calculations and other data transformations is termed data
manipulation.
Examples are, sorting data, summarizing data, finding price of five items, calculating
employee weekly pay, and so on.
Data Storage
Involves updating one or more database tables or files with new transactions.
For example, inserting new customer information, updating customer demographics,
updating inventory transactions, creating new student registration, and so on.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 24 of 53
Document Production
TPSs produce important business documents such as sales receipts, order entry list,
customer list, invoices, purchase orders, inventory on-hand report, paychecks, and so
on.
Documents can be hard copy paper report or displayed on computer screen.
Traditional Transaction Processing Systems
Traditional transaction processing systems include order processing, purchasing, and
accounting. Systems that support these processing are mentioned in the table. We
describe these systems in detail in the following.
Accounts Receivable
A system that manages the cash flow of the company by keeping track of the money
paid by the customers and other companies for goods and services sold to them.
The major output of the accounts receivable system is monthly bills or statement sent
to the customers. See below.
Transactions created by accounts receivable system updates general ledger accounts.
It is also used to generate reports for “aged” accounts, for which payments are
overdue by 30, 60, or 90 days. Reminder notices are created for these accounts.
An important function of the accounting system is to identify bad credit risks. Thus
companies routinely checks customer credit before accepting a new order.
Accounts Payable
A system that manages the cash flow of the company by keeping track of the money
paid to the company on purchases and services received and produces reports such as
Accounts Receivable Aging Report.
Payroll
• Generates payroll checks and stubs, as well as W-2 statements at the end of the year
for tax purposes.
• This can be outsourced to an external company. In this case, the employee file (with
weekly hours and pay rate) is sent to the company and the company deliver the
checks.
• In addition, payroll processing produces employee journal containing various earning
factors as shown in the figure.
General Ledger
A system that produces a detailed list of business transactions designed to
automate financial reporting and data entry.
DATABASE MANAGEMENT SYSTEMS
The guiding principles of TPS systems are: to create data that is current, up-to-date,
accurate, and consistent. To achieve these goals, these systems employ Database
Management System (DBMS) software. A DBMS is a system for managing a collection
of related records. It allows the data to be stored and managed in a single file and thus
facilitates the centralized retrieval of the data. It collects, stores and manipulates data
(data input screens; Edit/Deletion of data screen) and disseminates information (executes
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 25 of 53
queries and creates reports). The DBMS also allows the user to query the database and
retrieve the data specific to his/her needs. One of the primary advantages of DBMS is its
ability to limit and control redundant data in multiple systems. Instead of the same data
field being repeated in different files, the information appears just once. Another
advantage of DBMS is that it improves data integrity. Updates are made only once, and
all changes are made for that data element no matter where it appears.
Types of Databases
Manual System - Customer Ledger Cards; Check Book Green Ledger
File-Processing System – Majority of Transaction Processing Systems
Microcomputer DBMS - Single-User Database System
Client/Server DBMS - Multiple-Users on the same LAN
Internet DBMS - Multiple-Users from different locations using Web to share data
Distributed DBMS - Multiple-Servers sharing the data processing load (bank)
Object-Oriented DBMS - processing/data management of objects (new engineering)
What are some of the reasons for implementing a database system?
Improve Data Integrity
Elimination of duplication of data
Data sharing
Centralizing file maintenance
Ease of creating information
Improve data consistency
Improve data accessibility and responsiveness
Advantages of using a database system are:
Centralized management and control over the data . The database administrator is
the focus of the centralized control . Any application requiring a change in the
structure of a data record requires an arrangement with the DBA, who makes the
necessary modifications . Such modifications do not affect other applications or
users of the record in question .
Reduction of Redundancies : Centralized control of data by the DBA avoids
unnecessary duplication of data and effectively reduces the total amount of data
storage required . It also eliminates the extra processing necessary to trace the
required data in a large mass of data . Advantages of DBMS...
Integrity : Centralized control can also ensure that adequate checks are
incorporated in the DBMS to provide data integrity . Data integrity means that the
data contained in the database is both accurate and consistent . Therefore, data
values being entered for the storage could be checked to ensure that they fall
within a specified range and are of the correct format .
Security : Data is of vital importance to an organization and may be confidential .
Such confidential data must not be accessed by unauthorized persons . The DBA
who has the ultimate responsibility for the data in the DBMS can ensure that
proper access procedures are followed, including proper authentication schemes
for access to the DBMS and additional checks before permitting access to
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 26 of 53
sensitive data . Different levels of security could be implemented for various
types of data and operations .
Conflict Resolution : Since the database is under the control of the DBA, he/she
should resolve the conflicting requirements of various users and applications . In
essence, the DBA chooses the best file structure and access method to get optimal
performance for the response - critical applications, while permitting less critical
applications to continue to use the database, albeit with a relatively slower
response .
Data Independence : Data independence is usually considered from two points of
view : physical data independence and logical data independence .
Physical data independence allows changes in the physical storage devices or
organization of the files to be made without requiring changes in the conceptual
view or any of the external views and hence in the application programs using the
database . Thus, the files may migrate from one type of physical media to another
or the file structure may change without any need for changes in the application
program .
What are some of the PROBLEMS with moving from a manual to a computerized
DBMS?
o Special personnel
o Cost (New Hardware/Software)
o Conversion Costs (training, duplication of systems)
o Problems with change
Manual System -
Why? Unknown business rules or data needs; very small effort
Problem? Data sharing; Accuracy of data dependent on user
File-Processing System -
Why? Linear data; used for a single purpose
Problem? Inability to create relationships with other data
Microcomputer DBMS - Single-User Database System
Why? Accounting data; relational data; improve data integrity
Problem? Time; level of effort; some business rules can't be modeled; changing
environment; New developments in third-party software
Client/Server DBMS -
Why? Multiple-Users need to share/input data
Problem? Concurrency control issues; data locking Yes/No
Internet DBMS -
Why? Users can share/input data from any terminal with Web access; no special
software needed; multi-site businesses allow customers and vendors to interface
directly
Problem? Harder to control; other people in your data; data corruptions; not all
business functions on Web; combining data for reporting
Distributed DBMS - sharing the data processing load
Why? Business cannot allow system downtime; banks, airlines
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 27 of 53
Problem? Cost in hardware, software (requires middleware) and staff
Object-Oriented DBMS -
Why? Intensive object processing (heat-loss photos)
Problem? Difficult to use; limited supply of experts; not cost effective to move
from existing system
The other way of classifying types of databases is by their data model. A data model is
the intangible form in which data is stored. It is kind of like the structure of a database,
but data models are only a theoretical idea; they are abstract concepts that you cannot
touch. Data models are used to describe how the data is stored and retrieved in a
database. Now, we will discuss a few of the types of data models.
Flat-file Database Model or Relational Database:
The flat-file data model is generally used by the old paper-based databases. In this
system, data was stored in numerous files. However, the files were not linked, so often,
data might be repeated in more than one file. This caused everything to be quite
redundant. The original "database," flat-file databases inspired scientists to find a way to
link files so that they would not be repetitive. Example is Ms Access.
Hierarchical Database Model:
The hierarchical database model took steps to get rid of the repetitiveness of the flat-file
database model, but although it was somewhat successful, it did not completely succeed.
There is still a level of redundant data in hierarchical databases.
A hierarchical database consists of a series of databases that are grouped together to
resemble a family tree:
Each of the boxes in the diagram represents one database. The top database in the
hierarchical model is called the "parent" database. The databases under it are called
"child" databases. One "parent" can have many "children," but a "child" can only have
one "parent." The child databases are all connected to the parent database via links called
"pointers."
To get to a child database in the hierarchical database model, you must first go through
the parent database, and then through the levels above it. If you have Microsoft
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 28 of 53
Windows, you might realize that this is how Windows Explorer works. First, you open up
a file- usually it's "My Computer." Under "My Computer," you can then choose from a
list of drives.
Notice in the diagram above how the child databases on the same level are not connected.
This presents a problem in the hierarchical database model and makes searching for data
extremely difficult. Another problem is that data cannot be entered into the child
databases until that field has been added to the parent database. This method was quite
inefficient. Thus, although the hierarchical database model reduced some repetitiveness
of data, it also presented many new problems. Hierarchical structures were widely used in
the first mainframe database management systems. However, owing to their restrictions,
they often cannot be used to relate structures that exist in the real world.
Network Database Model:
The network database model was designed to help resolve some of the hierarchical
database model's problems. For one thing, it allowed for links between the child
databases. This no only reduces the chance of redundant data, but also makes searching
for data much easier!
Another improvement of the network database model over the hierarchical model is that
while in the hierarchical model a child database can only have one parent, in the network
model, a child database can have more than one parent! However, the network database
model still had its share of problems. For one thing, it was difficult to execute and
maintain. Only database experts could successfully use these databases. It was difficult
for the general public to use network databases for real-life applications.
One type of network DBMS is a distributed database. A distributed database is a database
that is under the control of a central database management system (DBMS) in which
storage devices are not all attached to a common CPU. It may be stored in multiple
computers located in the same physical location, or may be dispersed over a network of
interconnected computers. Collections of data (e.g. in a database) can be distributed
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 29 of 53
across multiple physical locations. A distributed database is distributed into separate
partitions/fragments. Each partition/fragment of a distributed database may be duplicated.
The other type of network database is one which is held centrally but can be accessed
simultaneously by many users remotely using a WAN or locally as part of a LAN.
CHAPTER 8: TELECOMMUNICATIONS AND NETWORKS
A network occurs when two or more computers are connected together, allowing them to
share data and peripherals. A computer which is not connected to any other computer
(not part of a network) is known as a stand-alone computer.
There are two types of networks, these are:
Local Area Networks (LANs)
Wide Area Networks (WANs)
Local Area Networks
A Local area network is when a number of computers are connected together which are
in close proximity to each other, such as in an office building, a school or a home.
Client/Server network
Each computer in the network is known as a workstation (or simply as a station),
although one station on the network will be designated as the file server. This computer
will store all the software that controls the network as well as any software and files that
can be shared by all the computers attached to the network. Generally the file server will
be a more powerful computer (faster processor, more RAM, greater backing storage
capacity) than all the other computers in the network. The stations which contact the
server for access to files or shared resources are known as clients. This network
configuration is called a client/server network.
Advantages of Local Area Networks
There are several advantages to interconnecting computers in a network. These include:
Sharing data and programs such as portable storage media and load it up in each
computer that required it.
Sharing resources. Instead such as printers attached to each computer, you can
attach the peripheral to the network and it is then linked to each station on the
network.
Management. As everything will be saved on the file server, rather than on the hard
disks of each workstation, it means that centralised back-ups of files are available. It
is also possible to manage stations remotely
Security. A username and password are needed to access the network, and different
levels of access can be provided to different users.
Flexible access. You can use any station on the network to access your user space,
you are not restricted to the use of one computer.
Electronic communication. You can use e-mail and chat systems to communicate
with other network users (either individually or simultaneously). With e-S
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 30 of 53
mail you can send electronic attachments.
Workgroup computing. This is when many users are working on the same
document simultaneously.
INTERNET PROTOCOL (IP) ADDRESS
An Internet address or IP address is a digital code that identifies a computer (host)
location on the Internet or LAN. The current standard is IP address version 4 (IPv4),
which is a 32 bit long number represented in the form of four octets (eight-bit or one-byte
fields) separated by dots. Each octet is displayed as a decimal number in the range of 0-
255. Examples of valid IP addresses: 192.168.0.1, 205.245.172.72, 10.1.0.22, etc. An
IP address on the Internet or in a local network must be unique so network packets
destined for the host with that address can find it.
Transmission media
The transmission media is how the computers on the network are connected to one
another. In a local area network, the transmission media is owned by the organisation
that owns the LAN. As the stations are relatively close to one another the stations within
a LAN can be connected together using cables or wireless technologies.
Cables
Cabling is the most common medium through which data is transmitted between stations
and devices in a Local Area Network. Network cables include Ethernet and fibre cables.
Wireless LANs
Instead of connecting network devices with cabling, some networks are wireless. These
networks use high frequency radio waves or infrared beams to communicate between the
network devices. Each station on the network will have a wireless network interface
card or network adapter that allows them to send and receive data wirelessly.
Wireless networks are ideal for places where it is difficult or impossible to install cables.
They are also used with portable or remote workstations. Wireless networks also have
some disadvantages in that they can be susceptible to electrical interference, they are
slower than most cabled technologies and security can also be an issue.
Wireless technologies include Infrared, Bluetooth and WiFi (Wireless Fidelity)
Transmission media Twisted pair Coaxial cable Fibre optics wireless
Bandwidth 10 Mbit s-1 500 Mbit s-1 30 Gbit s-1 54 Mbit s-1
Geographical
spread
Small area – in a single building or a site linking buildings which
are in close proximity
Functions Allows sharing of data files, applications and peripherals
Can access work from any workstation on network
Different levels of access can be granted
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 31 of 53
Can communicate using e-mail, chat etc
Wide Area Networks
A Wide area network is when a number of computers are connected together which span
a large geographic area, such as a country or continent. WANs often connect multiple
smaller networks together. Typically a WAN consists of two or more Local Area
Networks. The internet is a global network where many LANs and WANs are
interconnected.
Advantages of Wide Area Networks
Wide area networks have much of the same advantages of local area networks, however
some things like sharing peripherals are not practical (although possible) on a wide area
network.
Transmission media
Computers connected to a wide area network are often connected through existing public
networks, but they may also be connected through leased lines (permanent telephone
connection between two points). The transmission media used in wide area networks
they include microwave transmission, satellite links, radio and optical fibres.
Summary of WANs
Transmission media Fibre optics Microwave Satellite Radio
bandwidth 30 Gbit s-1 100 Mbit s-1 100 Mbit s-1 2 Mbit s-1
Geographical
spread
large area – spread throughout a country or the world
functions Allows sharing of data files, applications and peripherals
Can communicate using e-mail, chat and allows video
conferencing
E-commerce
Entertainment
INTERNET Development
The field of computer networking and today’s internet trace their beginnings back to the
early 1960s, a time when the telephone network was the world’s dominant
communication network. Computers were expensive mainframes linked to remote
terminals that were very expensive and could only be afforded by large companies.
The main factors leading to the development of computer networks are:
the falling cost of telecommunication technologies and services
shared access to expensive equipment
the geographic spread of organizations
demand for up-to-date information
The Internet and the World Wide Web S S S
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 32 of 53
The internet is a wide area network made up of server computers distributed across the
world. It can be thought of as many smaller networks connected together. One server
will provide some unique information of its own, but it will also point to information on
other servers. These other servers point to still more servers (and possibly back to the
original server).
The internet provides three main services:
The World Wide Web, which gives access to remote databases through browsing or
searching
Electronic mail, which provides one to one (or one to many) communication and
exchange of information
File transfer, which makes it possible to send and receive large amounts of
information.
It also provides several other services including:
E-commerce
On-line banking
On-line shopping
Chat and instant
messaging
Web logs
Bulletin boards
Discussion groups
Streaming video
Video conferencing
The World Wide Web (WWW) is a collection of information held in multimedia form
on the internet. This information is stored at locations known as web sites in the form of
web pages.
Browser
A browser is a program that allows a user to read and navigate web pages. The software
also allows pages to be saved or printed. It also stores a history of recently viewed pages,
and can remember web page addresses using bookmarks. Two of the best known
browsers are Internet Explorer and Mozilla Firefox.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 33 of 53
Web pages
A web page is a document that usually contains information in the form of text, images
and other multimedia types
Web pages are created using a special language known as HTML (hypertext mark-up
language).
Each web page is stored on a web server and is identified by its unique location (address),
commonly known as its URL (uniform resource locator). Here is an example of a
URL:
HTTP://www.computing.com/int2/car.html
Hyperlinks
Some web pages will contain hyperlinks. Typically hyperlinks are used to connect web
pages (in the same or different sites) together. When a hyperlink is clicked, the
connected web page will be retrieved from its server and loaded into your browser.
Search engines
The internet contains millions of web pages on every subject imaginable. The best way
to find information is to use a search engine such as Google.
When you enter a search, you are really searching the database for words that match your
entry. Advanced searches can include operators such as AND or OR to help narrow the
search. The results of the search are placed on a web page that is composed of links and
brief extracts for the original web page. To visit the actual page all you have to do is
click on the hyperlink.
Electronic mail (e-mail) is the exchange of computer stored messages by
telecommunication. E-mail messages are usually encoded in ASCII text. However you
can also send non-text files, such as graphic images and sound files as attachments.
The protocol used to retrieve the webpage. Hypertext transfer protocol (HTTP) in this instance.
The domain name which specifies which server has the page. In this case: www.computing.com
The pathname which specifies where the actual page (car.html) is stored on the server.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 34 of 53
Many e-mail systems are now web-based. This means that a user can access their e-mail
from any computer that has a connection to the internet. The software used to access the
e-mail may vary, but the same basic principle and functions apply. The user logs onto an
e-mail server with a username and password, before access is granted. To send an e-mail
message to someone you must first have their e-mail address. This is the location of the
server on the internet where the person’s mailbox can be found. An example is given
below.
The part before the ’@’ symbol is the local part of the address, which is usually the
username of the person on that server. The part after the ‘@’ symbol (ntlworld.com) is
the domain name, which is often the name of the host e-mail service. Together they
make up the e-mail address of the person to whom the message is being sent.
INTRANETS
1. An intranet is a network inside an organization that uses Internet technologies (such
as web browsers and servers, TCP/IP network protocols, HTML hypermedia
document publishing and databases, and so on) to provide an Internet-like
environment within the enterprise for information sharing, communications,
collaboration, and the support of business processes.
2. An intranet is protected by security measures such as passwords, encryption, and fire
walls, and thus can be accessed by authorized users throughout the Internet.
Intranet applications support communications and collaboration, web publishing,
business operations and management, and intranet management. These applications can
be integrated with existing IS resources and applications, and extended to customers,
suppliers, and business partners to create extranets.
EXTRANETS
Extranets are network links that use Internet technologies to interconnect the intranet of a
business with the intranets of its customers, suppliers, or other business partners.
Companies can:
1. Establish direct private network links between themselves, or create private secure
Internet links between them called virtual private networks.
2. Use the unsecured Internet as the extranet link between its intranet and consumers and
others, but rely on encryption of sensitive data and its own fire wall systems to provide
adequate security.
The business value of extranets is derived from several factors:
1. The web browser technology of extranets makes customer and supplier access of
intranet resources a lot easier and faster than previous business methods
2. Extranets enable a company to offer new kinds of interactive Web-enabled
services to their business partners. Thus, extranets are another way that a
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 35 of 53
business can build and strengthen strategic relationships with its
customers and suppliers.
3. Extranets enable and improve collaboration by a business with its customers and
other business partners.
4. Extranets facilitate an online, interactive product development, marketing, and
customer- focused process that can bring better designed products to market
faster.
SOCIAL MEDIA IN BUSINESS
Social media refers to online tools and services that allow a user to create public content.
It also allows for the easy sharing of information, including existing content.Examples of
social media include skype, facebook, twitters, blogs, wikis, podcasts, social networks
and Really Simple Syndication (RSS) Feeds, etc.
Classification of Social Media Types
1. Blogs: This is a special type of website for users to easily publish personal articles
to the web. They can be used as public diaries by individuals, but have grown to
other uses such as providing general information about topics the author wishes to
discuss. A blog consists of the post provided by the blogger, date-stamped in a
chronological order, and a comments section underneath for feedback and
discussion on the post. An organisation can setup a blog to inform the public
about its products and services, or individuals within the organisation can blog on
any subject related to their products and services.
2. Micro-blogging: Micro-blogging is a new technology that has been derived from
blogging where users are allowed to publish information online about their
activities, opinions and status, with a character limit on the message being
between 140-200 characters. Users can then post or view comments through
micro-blogging tools such as Twitter, Jaiku and Pownce such that it allows a user
to create or read messages quickly and almost anywhere they wish. This faster
mode of communication is one of the main differences between micro-blogging
and blogging. A second difference is how frequently users can update such a short
message is with less thought and time. Users are therefore more likely to update
their micro-blog more frequently than their general blog. Users also use their
micro-blog to draw people’s attention to posts they have made at their main blog,
providing a link to the post.
3. Collaborative Projects: Collaborative projects allow users to create content
simultaneously using tools such as wikis in a shared repository of knowledge,
with the knowledge base growing over time as users can add, remove, and change
text-based content as need be. The users have power on the information created
rather than the information coming from a centralised source. Wikipedia is an
example of a wiki, where users can edit information on any page, with all the
content generated by users. Social bookmarking tools are another type of
collaborative project, where there is a collection of website links and media
content that is generated by groups of users.
4. Social Networking Sites: Social networking sites are tools that allow users to
create a personal profile of themselves and these personal profiles can then be
connected with friends and colleagues, where information can be shared between
each other to create a network of users, where anyone connected to the network
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 36 of 53
can view everyone else’s profile, and therefore interact with them. Popular social
networking sites include Facebook, Twitter, MySpace, and Bebo, etc.
5. Live-casting: This is sharing live content with the intent of interacting with a live
audience. The conversations can have many users interacting, and can include
video conferencing, web conferencing, tele-presence, etc. Other forms include
live podcasting, live blogging and videocasting. Journalists are currently using
these tools to provide live content to users but also corporate users are also using
the tools for remote meetings.
6. Content Communities: Content communities consist of users sharing media such
as text, photos, videos, and presentations content between one another. The
content is uploaded by users to a specific website such as YouTube for videos,
Flickr for photos and Slideshare for presentations, and can be viewed and shared
with other users.
7. Virtual Worlds: Virtual worlds are 3D environments, where users appear as
online embodiment that interacts with other users like they would in real life.
Virtual worlds act like another second life in games where one is immersed in a
virtual state.
CHAPTER 9: E-COMMERCE
E-Commerce is the ability of a company to have a dynamic presence on the Internet
which allowed the company to conduct its business electronically, in essence having an
electronic shop. Products can be advertised, sold and paid for all electronically without
the need for it to be processed by a human being.
Due to the vastness of the internet advertising and the website can be exposed to
hundreds of people around the world for almost nil cost and with information being able
to be changed almost instantly the site can always be kept up to date with all the latest
products to match with consumers demands.
The biggest advantage of E-Commerce is the ability to provide secure shopping
transactions via the internet and coupled with almost instant verification and validation of
credit card transactions. This has caused E-Commerce sites to explode as they cost much
much less than a store front in a town and has the ability to serve many more customers.
In the broad meaning electronic commerce (E-Commerce) is a means of conducting
business using one of many electronic methods, usually involving telephones, computers
(or both).
E-Commerce is not about the technology itself, it is about doing business using the
technology.
Electronic commerce, commonly known as e-commerce or eCommerce, consists of the
buying and selling of products or services over electronic systems such as the Internet
and other computer networks. The amount of trade conducted electronically has grown
extraordinarily with wide-spread Internet usage. A wide variety of commerce is
conducted in this way, spurring and drawing on innovations in electronic funds transfer,
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 37 of 53
supply chain management, Internet marketing, online transaction processing, electronic
data interchange (EDI), inventory management systems, and automated data collection
systems. Modern electronic commerce typically uses the World Wide Web at least at
some point in the transaction's lifecycle, although it can encompass a wider range of
technologies such as e-mail as well.
A large percentage of electronic commerce is conducted entirely electronically for virtual
items such as access to premium content on a website, but most electronic commerce
involves the transportation of physical items in some way. Online retailers are sometimes
known as e-tailers and online retail is sometimes known as e-tail. Almost all big retailers
have electronic commerce presence on the World Wide Web.
Types of E-Commerce
E-commerce is the use of Internet and the web to transact business but when we focus on
digitally enabled commercial transactions between and among organizations and
individuals involving information systems under the control of the firm it takes the form
of e-business. Nowadays, 'e' is gaining momentum and most of the things if not
everything is getting digitally enabled. Thus, it becomes very important to clearly draw
the line between different types of commerce or business integrated with the 'e' factor.
There are mainly five types of e-commerce models:
1. Business to Consumer (B2C) - As the name suggests, it is the model involving
businesses and consumers. This is the most common e-commerce segment. In this model,
online businesses sell to individual consumers. When B2C started, it had a small share in
the market but after 1995 its growth was exponential. The basic concept behind this type
is that the online retailers and marketers can sell their products to the online consumer by
using crystal clear data which is made available via various online marketing tools. E.g.
An online pharmacy giving free medical consultation and selling medicines to patients is
following B2C model.
2. Business to Business (B2B) - It is the largest form of e-commerce involving business
of trillions of dollars. In this form, the buyers and sellers are both business entities and do
not involve an individual consumer. It is like the manufacturer supplying goods to the
retailer or wholesaler. E.g. Dell sells computers and other related accessories online but it
is does not manufacture all those products. So, in order to sell those products, it first
purchases them from different businesses i.e. the manufacturers of those products.
3. Consumer to Consumer (C2C) - It facilitates the online transaction of goods or
services between two people. Though there is no visible intermediary involved but the
parties cannot carry out the transactions without the platform which is provided by the
online market maker such as eBay.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 38 of 53
4. Peer to Peer (P2P) - Though it is an e-commerce model but it is more than that. It is a
technology in itself which helps people to directly share computer files and computer
resources without having to go through a central web server. To use this, both sides need
to install the required software so that they can communicate on the common platform.
This type of e-commerce has quite low revenue generation as from the beginning it has
been inclined to the free usage due to which it sometimes got entangled in cyber laws.
5. M-Commerce - It refers to the use of mobile devices for conducting the transactions.
The mobile device holders can contact each other and can conduct the business. Even the
web design and development companies optimize the websites to be viewed correctly on
mobile devices.
There are other types of e-commerce business models too like Business to Employee
(B2E), Government to Business (G2B) and Government to Citizen (G2C) but in essence
they are similar to the above mentioned types. Moreover, it is not necessary that these
models are dedicatedly followed in all the online business types. It may be the case that a
business is using all the models or only one of them or some of them as per its needs.
Advantage and Disadvantage of Ecommerce
E commerce provides many new ways for businesses and consumers to communicate and
conduct business. There are a number of advantages and disadvantages of conducting
business in this manner.
Access to A Global Market: The internet allows companies to have access to a global
market rather than just the potential customers in the surrounding area of there physical
location.
Cutting Out the Middleman: Businesses can sell direct to the consumer rather than
having to sell to a supplier and then them sell it on and make more profit.
A Level Playing Field: A small business can compete and show itself as a professional
company as much as large ones as budgets for setting up a professional site are relatively
cheap to the amount of return you can get on them.
Open 24 Hours: With fully automated payment and order processing systems your site
need never be closed even if your office/warehouse is. Orders can be dispatched during
opening hours while orders can be taken 24 hours a day.
Greater Customer Satisfaction: An E-Commerce website can be a powerful tool for
building customer loyalty if it is effective enough, a well designed website puts the
customer in charge of the relationship, they can buy, browse, ask for help or track the
progress of order they have placed where they want and when they want.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 39 of 53
Reduced Marketing Costs: Internet advertisement being relatively cheap you can reach
many more people at a cheaper cost than using conventional advertising methods.
Better Customer Information: You can quickly and easy analyze your customers by
location and area as well as the products they buy as you will have to request a customers
name and address from them when processing a transaction.
Improved Security: Most E-Commerce suits offered by companies come with built in
security in the software and with the purchase of a dent SSL certificate and some good
server configurations you can safely know that all the details of your customers will be
safe and secure.
As a further thought, many businesses find it easier to buy and sell in U.S. dollars: it is
effectively the major currency of the Internet. In this context, global online customers can
find the concept of peculiar and unfamiliar currencies disconcerting. Some businesses
find they can achieve higher prices online and in US dollars than they would achieve
selling locally or nationally. Given that banks often charge fees for converting currencies,
this is another reason to investigate all of your (national and international) options for
accepting and making online payments.
In brief, it is useful to take a global view with regard the potential and organization of
your e-commerce activities, especially if you are targeting global customers.
A new marketing channel. The Internet provides an important new channel to sell
to consumers. Peterson et al. (1999) suggest that, as a marketing channel, the
Internet has the following characteristics:
the ability to inexpensively store vast amounts of information at different virtual
locations
the availability of powerful and inexpensive means of searching, organizing, and
disseminating such information
interactivity and the ability to provide information on demand
the ability to provide perceptual experiences that are far superior to a printed
catalogue, although not as rich as personal inspection
the capability to serve as a transaction medium
the ability to serve as a physical distribution medium for certain goods (e.g.,
software)
relatively low entry and establishment costs for sellers
no other existing marketing channel possesses all of these characteristics.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 40 of 53
Some disadvantages and constraints of e-commerce include the following.
Time for delivery of physical products. It is possible to visit a local music store
and walk out with a compact disc or a bookstore and leave with a book. E-
commerce is often used to buy goods that are not available locally from
businesses all over the world, meaning that physical goods need to be delivered,
which takes time and costs money. In some cases there are ways around this, for
example, with electronic files of the music or books being accessed across the
Internet, but then these are not physical goods.
Physical product, supplier & delivery uncertainty. When you walk out of a shop
with an item, it's yours. You have it; you know what it is, where it is and how it
looks. In some respects e-commerce purchases are made on trust. This is because,
firstly, not having had physical access to the product, a purchase is made on an
expectation of what that product is and its condition. Secondly, because supplying
businesses can be conducted across the world, it can be uncertain whether or not
they are legitimate businesses and are not just going to take your money. It's
pretty hard to knock on their door to complain or seek legal recourse! Thirdly,
even if the item is sent, it is easy to start wondering whether or not it will ever
arrive.
Perishable goods. Forget about ordering a single gelato ice cream from a shop in
Rome! Though specialized or refrigerated transport can be used, goods bought
and sold via the Internet tend to be durable and non-perishable: they need to
survive the trip from the supplier to the purchasing business or consumer. This
shifts the bias for perishable and/or non-durable goods back towards traditional
supply chain arrangements, or towards relatively more local e-commerce-based
purchases, sales and distribution. In contrast, durable goods can be traded from
almost anyone to almost anyone else, sparking competition for lower prices. In
some cases this leads to disintermediation in which intermediary people and
businesses are bypassed by consumers and by other businesses that are seeking to
purchase more directly from manufacturers.
Limited and selected sensory information. The Internet is an effective conduit for
visual and auditory information: seeing pictures, hearing sounds and reading text.
However it does not allow full scope for our senses: we can see pictures of the
flowers, but not smell their fragrance; we can see pictures of a hammer, but not
feel its weight or balance. Further, when we pick up and inspect something, we
choose what we look at and how we look at it. This is not the case on the Internet.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 41 of 53
If we were looking at buying a car on the Internet, we would see the pictures the
seller had chosen for us to see but not the things we might look for if we were
able to see it in person. And, taking into account our other senses, we can't test the
car to hear the sound of the engine as it changes gears or sense the smell and feel
of the leather seats. There are many ways in which the Internet does not convey
the richness of experiences of the world. This lack of sensory information means
that people are often much more comfortable buying via the Internet generic
goods - things that they have seen or experienced before and about which there is
little ambiguity, rather than unique or complex things.
Returning goods. Returning goods online can be an area of difficulty. The
uncertainties surrounding the initial payment and delivery of goods can be
exacerbated in this process. Will the goods get back to their source? Who pays for
the return postage? Will the refund be paid? Will I be left with nothing? How long
will it take? Contrast this with the offline experience of returning goods to a shop.
Privacy, security, payment, identity, contract. Many issues arise - privacy of
information, security of that information and payment details, whether or not
payment details (eg. credit card details) will be misused, identity theft, contract,
and, whether we have one or not, what laws and legal jurisdiction apply.
Defined services & the unexpected. E-commerce is an effective means for
managing the transaction of known and established services, that is, things that
are everyday. It is not suitable for dealing with the new or unexpected. For
example, a transport company used to dealing with simple packages being asked
if it can transport a hippopotamus, or a customer asking for a book order to be
wrapped in blue and white polka dot paper with a bow. Such requests need human
intervention to investigate and resolve.
Personal service. Although some human interaction can be facilitated via the web,
e-commerce can not provide the richness of interaction provided by personal
service. For most businesses, e-commerce methods provide the equivalent of an
information-rich counter attendant rather than a salesperson. This also means that
feedback about how people react to product and service offerings also tends to be
more granular or perhaps lost using e-commerce approaches. If your only
feedback is that people are (or are not) buying your products or services online,
this is inadequate for evaluating how to change or improve your e-commerce
strategies and/or product and service offerings. Successful business use of e-
commerce typically involves strategies for gaining and applying customer
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 42 of 53
feedback. This helps businesses to understand, anticipate and meet changing
online customer needs and preferences, which is critical because of the
comparatively rapid rate of ongoing Internet-based change.
Size and number of transactions. E-commerce is most often conducted using
credit card facilities for payments, and as a result very small and very large
transactions tend not to be conducted online. The size of transactions is also
impacted by the economics of transporting physical goods. For example, any
benefits or conveniences of buying a box of pens online from a US-based
business tend to be eclipsed by the cost of having to pay for them to be delivered
to you in Australia. The delivery costs also mean that buying individual items
from a range of different overseas businesses is significantly more expensive than
buying all of the goods from one overseas business because the goods can be
packaged and shipped together.
Some business processes are difficult to be implemented through electronic
commerce.
Return-on-investment is difficult to apply to electronic commerce.
Businesses face cultural and legal obstacles to conducting electronic commerce.
Benefits Of Ecommerce
E Commerce is one of the most important facets of the Internet to have emerged in the
recent times. Ecommerce or electronic commerce involves carrying out business over the
Internet with the assistance of computers, which are linked to each other forming a
network. To be specific ecommerce would be buying and selling of goods and services
and transfer of funds through digital communications.
The benefits of Ecommerce:
Ecommerce allows people to carry out businesses without the barriers of time or
distance. One can log on to the Internet at any point of time, be it day or night and
purchase or sell anything one desires at a single click of the mouse.
The direct cost-of-sale for an order taken from a web site is lower than through
traditional means (retail, paper based), as there is no human interaction during the
on-line electronic purchase order process. Also, electronic selling virtually
eliminates processing errors, as well as being faster and more convenient for the
visitor.
Ecommerce is ideal for niche products. Customers for such products are usually
few. But in the vast market place i.e. the Internet, even niche products could
generate viable volumes.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 43 of 53
Another important benefit of Ecommerce is that it is the cheapest means of doing
business.
The day-to-day pressures of the marketplace have played their part in reducing the
opportunities for companies to invest in improving their competitive position. A
mature market, increased competitions have all reduced the amount of money
available to invest. If the selling price cannot be increased and the manufactured
cost cannot be decreased then the difference can be in the way the business is
carried out. Ecommerce has provided the solution by decimating the costs, which
are incurred.
From the buyer’s perspective also ecommerce offers a lot of tangible advantages.
1. Reduction in buyer’s sorting out time.
2. Better buyer decisions
3. Less time is spent in resolving invoice and order discrepancies.
4. Increased opportunities for buying alternative products.
The strategic benefit of making a business ‘ecommerce enabled’, is that it helps
reduce the delivery time, labor cost and the cost incurred in the following areas:
1. Document preparation
2. Error detection and correction
3. Reconciliation
4. Mail preparation
5. Telephone calling
6. Data entry
7. Overtime
8. Supervision expenses
Operational benefits of e commerce include reducing both the time and personnel
required to complete business processes, and reducing strain on other resources.
It’s because of all these advantages that one can harness the power of ecommerce
and convert a business to e-business by using powerful turnkey ecommerce
solutions made available by e-business solution providers.
CHAPTER 10: DATA SECURITY & CONTROLS IN INFORMATION
SYSTEMS:
Although data does not show on the balance sheet as an asset, many companies are totally
reliant on the information stored on their PC’s, Laptops and Networks.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 44 of 53
Here we look at some of the issues to consider when reviewing the security of your
computer systems, and some of the compliance issues surrounding data security and data
protection.
Data security refers to various vulnerabilities that data and systems are exposed to.
Security controls are measures needed for information systems performance and security,
the legal and ethical implications of the control of computer crime and other societal
impacts of information systems.
Threats to data
Confidentiality, integrity and availability, also known as the CIA triad or AIC triad
(availability, integrity and confidentiality), is a model designed to guide policies for
information security within an organization. The elements of the triad are considered the
three most crucial components of security.
In this context, confidentiality is a set of rules that limits access to information, integrity
is the assurance that the information is trustworthy and accurate, and availability is a
guarantee of reliable access to the information by authorized people. Availability is the
measure carried out to ensure there is no denial of service.
Confidentiality:
Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure
confidentiality are designed to prevent sensitive information from reaching the wrong
people, while making sure that the right people can in fact get it: Access must be
restricted to those authorized to view the data in question. It is common, as well, for data
to be categorized according to the amount and type of damage that could be done should
it fall into unintended hands. More or less stringent measures can then be implemented
according to those categories.
Sometimes safeguarding data confidentiality may involve special training for those privy
to such documents. Such training would typically include security risks that could
threaten this information. Training can help familiarize authorized people with risk
factors and how to guard against them. Further aspects of training can include strong
passwords and password-related best practices and information about social engineering
methods, to prevent them from bending data-handling rules with good intentions and
potentially disastrous results.
A good example of methods used to ensure confidentiality is an account number or
routing number when banking online. Data encryption is a common method of ensuring
confidentiality. User IDs and passwords constitute a standard procedure; two-factor
authentication is becoming the norm. Other options include biometric verification and
security tokens, key fobs or soft tokens. In addition, users can take precautions to
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 45 of 53
minimize the number of places where the information appears and the number of times it
is actually transmitted to complete a required transaction. Extra measures might be taken
in the case of extremely sensitive documents, precautions such as storing only on air
gapped computers, disconnected storage devices or, for highly sensitive information, in
hard copy form only.
Integrity:
Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over
its entire life cycle. Data must not be changed in transit, and steps must be taken to ensure
that data cannot be altered by unauthorized people (for example, in a breach of
confidentiality). These measures include file permissions and user access controls.
Version control maybe used to prevent erroneous changes or accidental deletion by
authorized users becoming a problem. In addition, some means must be in place to detect
any changes in data that might occur as a result of non-human-caused events such as an
electromagnetic pulse (EMP) or server crash. Some data might include checksums, even
cryptographic checksums, for verification of integrity. Backups or redundancies must be
available to restore the affected data to its correct state.
Availability:
Availability is best ensured by rigorously maintaining all hardware, performing hardware
repairs immediately when needed and maintaining a correctly functioning operating
system environment that is free of software conflicts. It’s also important to keep current
with all necessary system upgrades. Providing adequate communication bandwidth and
preventing the occurrence of bottlenecks are equally important. Redundancy, failover,
RAID even high-availability clusters can mitigate serious consequences when hardware
issues do occur. Fast and adaptive disaster recovery is essential for the worst case
scenarios; that capacity is reliant on the existence of a comprehensive disaster recovery
plan (DRP). Safeguards against data loss or interruptions in connections must include
unpredictable events such as natural disasters and fire. To prevent data loss from such
occurrences, a backup copy may be stored in a geographically-isolated location, perhaps
even in a fireproof, waterproof safe. Extra security equipment or software such as
firewalls and proxy servers can guard against downtime and unreachable data due to
malicious actions such as denial-of-service (DoS) attacks and network intrusions.
Access security
Good access controls to the computers and the computer network minimise the risks of
data loss.
Access controls can be divided into two main areas:
Physical access – controls over who can enter the premises and who can see personal
data
Logical access – controls to ensure employees only have access to the appropriate
software and data necessary to perform their particular job.
Physical access
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 46 of 53
As well as having appropriate physical access controls to the premises – there are other
considerations such as can people see screens from the outside, and is material containing
personal information subject to appropriate disposal procedures?
Logical access
Logical access techniques should be employed to ensure that personnel do not have more
access than is necessary to perform their role. This should be tackled at both the system
level and at applications level. At the system level, for example, some users will not
require access to the accounting software. Common authentication mechanisms are
passwords, personal identification
numbers, cryptographic tokens, biometrics, and smart cards.
At the applications level, for example, with an accounting package it may be desirable
that all users of a purchase ledger can access supplier details and post purchase invoices –
but it may be desirable that only a few of these users also have access to supplier
payment and cheque printing routines.
Passwords
Passwords are one of the measures which can be used to implement access controls.
However, to be at all effective they should:
be relatively long (i.e. 8 characters or more)
contain a mixture of alpha, numeric and other characters (such as &^”)
not be the same for all applications
be changed regularly
be removed or changed when an employee leaves.
Identification Authentication and Authorization
Identification describes a method of ensuring that a subject is the entity it claims to be.
E.g.: A user name or an account number.
Authentication is the method of proving the subjects identity. E.g.: Password,
Passphrase, PIN
Authorization is the method of controlling the access of objects by the subject. E.g.: A
user cannot delete a particular file after logging into the system
Note: There must be a three step process of Identification, Authentication and
Authorization in order for a subject to access an object
Identification Component Requirements: When issuing identification values to users or
subjects, ensure that
Each value should be unique, for user accountability
A standard naming scheme should be followed
The values should be non-descriptive of the users position or task
The values should not be shared between the users.
Authentication Factors: There are 3 general factors for authenticating a subject.
Something a person knows- E.g.: passwords, PIN- least expensive, least secure
Something a person has – E.g.: Access Card, key- expensive, secure
Something a person is- E.g.: Biometrics- most expensive, most secure
Authentication Methods
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 47 of 53
1. Biometrics: Verifies an individuals identity by analyzing a unique
personal attribute or behavior. It is the most effective and accurate
method for verifying identification.
Types of Biometric Systems
Finger Print- are based on the ridge endings, bifurcation exhibited by the friction
edges and some minutiae of the finger
Palm Scan- are based on the creases, ridges, and grooves that are unique in each
individuals palm
Hand Geometry- are based on the shape (length, width) of a persons hand and
fingers
Retina Scan- is based on the blood vessel pattern of the retina on the backside of
the eyeball.
Iris Scan- is based on the colored portion of the eye that surrounds the pupil. The
iris has unique patterns, rifts, colors, rings, coronas and furrows.
Signature Dynamics- is based on electrical signals generated due to physical
motion of the hand during signing a document
Keyboard Dynamics- is based on electrical signals generated while the user types
in the keys (passphrase) on the keyboard.
Voice Print- based on human voice
Facial Scan- based on the different bone structures, nose ridges, eye widths,
forehead sizes and chin shapes of the face.
Handy Topography- based on the different peaks, valleys, overall shape and
curvature of the hand.
Types of Biometric Errors
Type I Error: When a biometric system rejects an authorized individual ( false
rejection rate)
Type II Error: When a biometric systems accepts imposters who should be
rejected (false acceptance rate)
Crossover Error Rate (CER): The point at which the false rejection rate equals
false acceptance rate. It is also called as Equal Error Rate (EER).
Passwords: It is the most common form of system identification and authentication
mechanism. A password is a protected string of characters that is used to authenticate an
individual. Password Management. Password should be properly guaranteed, updated,
and kept secret to provide and effective security. Passwords generators can be used to
generate passwords that are uncomplicated, pronounceable, non-dictionary words. If the
user chooses his passwords, the system should enforce certain password requirement like
insisting to use special char, no of char, case sensitivity etc. )
Techniques for Passwords Attack
Electronic monitoring- Listening to network traffic to capture information,
especially when a user is sending her password to an authentication server. The
password can be copied and reused by the attacker at another time, which is called
a replay attack.
Access the password file- Usually done on the authentication server. The
password file contains many users’ passwords and, if compromised, can be the
source of a lot of damage. This file should be protected with access control
mechanisms and encryption.
Brute force attacks Performed with tools that cycle through many possible
character, number, and symbol combinations to uncover a password.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 48 of 53
Dictionary attacks Files of thousands of words are used to compare to the user’s
password until a match is found.
Social engineering An attacker falsely convinces an individual that she has the
necessary authorization to access specific resources
Password checkers can be used to check the strength of the password by trying to break
into the system:
Passwords should be encrypted and hashed
Password aging should be implemented
No of logon attempts should be limited
Cognitive Passwords: Cognitive passwords are facts or opinion-based information used to
verify an individual identity (e.g.: mothers maidens name). This is best used for helpdesk
services, and occasionally used services.
One-Time or Dynamic Passwords: It is a token based system used for authentication
purposes where the service is used only once. It is used in environments that require a
higher level of security than static password provides
Types of token generators
Synchronous (e.g.: SecureID) - A synchronous token device/generator
synchronizes with the authentication service by any of the two means.
Time Based: In this method the token device and the authentication service must
hold the same time within their internal clocks. The time value on the token
device and a secret key are used to create a one time password. This password is
decrypted by the server and compares it to the value that is expected.
Counter Based: In this method the user will need to initiate the logon sequence on
the computer and push a button on the token device. This causes the token device
and the authentication service to advance to the next authentication value. This
value and a base secret are hashed and displayed to the user. The user enters this
resulting value along with a user ID to be authenticated.
Asynchronous: A token device that is using an asynchronous token-generating
method uses a challenge/response scheme to authenticate the user. In this
situation, the authentication server sends the user a challenge, a random value also
called a nonce. The user enters this random value into the token device, which
encrypts it and returns a value that the user uses as a one-time password. The user
sends this value, along with a username, to the authentication server. If the
authentication server can decrypt the value and it is the same challenge value that
was sent earlier, the user is authenticated
Example: SecureID
It is one of the most widely used time-based tokens from RSA Security
It uses a time based synchronous two-factor authentication
Cryptographic Keys
Uses private keys and Digital Signatures
Provides a higher level of security than passwords.
Passphrase: A passphrase is a sequence of characters that is longer than a password and
in some cases, takes the place of a password during an authentication process. The
application transforms the pass phrase into a virtual password and into a format required
by the application. It is more secure that passwords.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 49 of 53
Memory Cards: Holds information but cannot process them. More secure than
passwords but costly e.g.: Swipe cards, ATM cards
Smart Cards: Holds information and has the capability to process information and can
provide a two factor authentication (knows and has)
Categories of Smart Cards
Contact
Contactless
o Hybrid- has 2 chips and supports both contact and contactless
Combi- has a microprocessor that can communicate with both a contact as well as
a contact reader. More expensive and tamperproof than memory cards
Types of smartcard attacks
Fault generation: Introducing of computational errors into smart card with the
goal of uncovering the encryption keys that are being used and stored on cards
Side Channel Attacks: These are non-intrusive attacks and are used to uncover
sensitive information about how a component works without trying to
compromise any type of flaw or weakness. The following are some of the
examples
o Differential Power Analysis: Examining the power emission that are
released during processing
o Electromagnetic Analysis: Examining the frequency that are emitted
Timing: How long a specific process takes to complete
Software Attacks: Inputting instructions into the card that will allow for the
attacker to extract account information. The following are some of the examples
Microprobing: Uses needles to remove the outer protective material on the cards
circuits by using ultrasonic vibrations thus making it easy to tap the card ROM
chip
Identity Management: Identity Management is a broad term that encompasses the use of
different products to identify, authenticate and authorize users through automated means.
Identity management system is the management of the identity life cycle of entities
(subjects or objects) during which:
The identity is established:
a name (or number) is associated to the subject or object;
the identity is re-established: a new or additional name (or number) is connected
to the subject or object;
The identity is described:
one or more attributes which are applicable to this particular subject or object may
be assigned to the identity;
the identity is newly described: one or more attributes which are applicable to this
particular subject or object may be changed;
The identity is destroyed.
Identity Management Challenges
Identity Management Technologies
Authorization Principles
Data backup and restore
Data backup is an essential process for security and needs to be undertaken on a regular
basis. There are a number of points to consider.
Data file locations
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 50 of 53
In a network environment some data files might be stored on the server and other data
files stored on local drives. In which case separate backups may be required for both the
server and one or more PC’s.
Backup strategy
There is likely to be a need for two parallel backup procedures; one to cover a complete
systems backup and another to cover the backing up of individual applications’ data files.
Complete systems backup
On a network some form of server backup software should be used to take a complete
copy of the network drive(s). This can normally be set to run overnight. However,
someone will need to be given responsibility for these procedures -
Key areas to consider include:
training in how to use the backup software, alter backup schedules and change backup
file criteria
The person responsible needs to be able to:
adapt the backup criteria as new applications are added
interpret backup logs and react to any errors notified
restore data from backup media
maintain a regular log of backups and where these are stored.
Finally, be aware that some backup utilities only take a mirror image of the hard disc. In
this case, the whole of the hard disc has to be restored even if there is a problem with just
one file or just one folder.
Applications backup
Many accounting and payroll packages have their own backup routines. It is a good idea
to use these (as well as full server backup) on a regular basis, and always just before
period end, or pay period end, update routines.
Local PCs
Remember that some users will have applications data files exclusively on their local
drives (such as payroll data for example) and these will all require their own regular
backup regime.
Backup media
There are about half a dozen different types of backup media available – from the
writable CD capable of storing up to 1gb, through the DVD reader/writer (5gb) up to the
mighty external hard drives (1000gb). Most server backups will use either use tape
cartridges or CD/DVD reader/writers. For more temporary forms of backup, a USB
memory stick/pen (1gb) might be considered.
Backup frequency
A cycle of backups should be retained for a period of time (probably going back at least
12 months – but see Backup retention below). Overwriting the same backup
disc/tape/cd/dvd day after day is not advised.
Backup retention
Backups should be stored in a variety of locations. Obviously, the safest place is off-site.
Physical backup media can be stored in a separate location, whilst some firms may rent
disc space on a service provider’s server, to backup files to.
Issues such as how long certain type of records, accounting records for example, need to
be kept for, should be borne in mind.
Backup media degradation/decomposition
Backup media degrades and the data decomposes over a period of time.
DVD’s are particularly sensitive to light (i.e. they are photosensitive) for example, so
ensure that they are stored in a dark environment.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 51 of 53
RW media is noted as being particularly prone to degradation, and should not be relied
upon for long-term storage.
Backups should be checked on a regular basis for signs of digital decomposition.
Restoring data
As with backup, there are a number of issues to consider.
Total systems restore. This can be a complex procedure in a network environment
and may require specialist network engineers to provide assistance.
Application restore. We recommended above (see Applications backup) a separate
cycle of backups to cover individual applications. If it is necessary to restore the
whole application from these backups, then the restore utility within the package
concerned needs to be used and the correct backup media loaded.
Individual data file(s) restore. These are generally less complex, but nevertheless
care is needed. If the required data files are on the server backup then the restore
utility will need to be used, the correct backup media loaded and the file or files to be
restored identified.
Virus/Spam protection
The prevalence of e-mail viruses and unsolicited spam means that software is required to
filter these items out of the system. This software will require regular updating, along
with all relevant on-going software security patches that need to be applied to the
operating and applications software. Additional network security in the form of firewall
software is also required to protect the network from unauthorised access and potential
network attacks.
A computer virus is a small but a destructive software that corrupts data and files in a
computer or crashes a network system. It is transmitted through 'contaminated' (infected)
data files, introduced into a system via disks or internet.
How to detect that your computer has a virus
2. Your antivirus product is disabled for no reason and cannot be restarted
3. A threat is discovered or Threat Detected window keeps appearing from
your installed antivirus.
4. You receive frequent alerts from your Personal firewall about an unknown
program attempting to connecting to the Internet
5. You receive suspect pop-up alerts frequently for attempted processes you
have no idea about.
6. Your attempted Internet URLs keep getting re-directed to other third
party websites.
7. Strange or unexpected toolbars appear at the top of your web browser
8. Your computer runs slower than usual
9. Your computer freezes, hangs or is unresponsive
10. There are new icons on your Desktop that you do not recognize
11. Your computer restarts by itself (but not a restart caused by Windows
Updates)
12. You see unusual error messages (for example, messages saying there are
missing or corrupt files folders)
13. You are unable to access the Control Panel, Task Manager, Registry
Editor or Command Prompt.
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 52 of 53
14. Your files open corrupted or they are changed to shortcuts or other file
type formats.
15. Storage spaces gets filled up all over sudden
16. People receive spam email from your email address with a third-party
email program installed (for example, Microsoft Outlook, Outlook
Express/Windows Mail, Windows Live Mail and Mozilla Thunderbird)
17. Unusual screen activity
18. Failed program execution
19. Failed system bootups when booting , or login credentials changed
20. Unexpected writes to a drive.
How to safeguard your computer from viruses
1. Install a licensed antivirus program. Installing an antivirus program and keeping it
up to date can help defend your computer against viruses. Antivirus programs
scan for viruses trying to get into your email, operating system, or files. New
viruses appear daily, so set your antivirus software to install updates
automatically.
2. Don't open email attachments unless you're expecting them. Many viruses are
attached to email messages and will spread as soon as you open the email
attachment. It's best not to open any attachment unless it's something you're
expecting. For more information, see When to trust an email message.
3. Keep your computer updated. Microsoft releases security updates that can help
protect your computer. Make sure that Windows receives these updates by turning
on Windows automatic updating. For more information, see Turn automatic
updating on or off.
4. Use a firewall. Windows Firewall (or any other firewall) can help alert you to
suspicious activity if a virus or worm attempts to connect to your computer. It can
also block viruses, worms, and hackers from attempting to download potentially
harmful programs to your computer.
5. Use your browser's privacy settings. Being aware of how websites might use your
private information is important to help prevent fraud and identity theft. If you're
using Internet Explorer, you can adjust your Privacy settings or restore the default
settings whenever you want. For details, see Change Internet Explorer 9 privacy
settings.
6. Use a pop-up blocker with your browser. Pop-up windows are small browser
windows that appear on top of the website you're viewing. Although most are
created by advertisers, they can also contain malicious or unsafe code. A pop-up
blocker can prevent some or all of these windows from appearing.
7. The Pop-up Blocker feature in Internet Explorer is turned on by default. To learn
more about changing its settings or turning it on and off, see Change Internet
Explorer 9 privacy settings.
8. Turn on User Account Control (UAC). When changes are going to be made to
your computer that require administrator-level permission, UAC notifies you and
gives you the opportunity to approve the change. UAC can help keep viruses from
MIST 520: MANAGEMENT INFORMATION SYSTEMS
Kamau, G.G. Page 53 of 53
making unwanted changes. To learn more about turning on UAC and adjusting
the settings, see Turn User Account Control on or off.
Employees
All employees should know and understand the firms’ security procedures and the
consequences of abusing these. You might wish to refer to our factsheet which sets out a
model internet and e-mail access policy. Staff dealing with personal data also require
training in the principles of data protection and good information handling practices
Compliance issues
Most businesses process personal data to a greater or lesser degree. If this is the case,
then notification under the Data Protection Act is required. That will then mean on-going
compliance with the principles of information handling and information security. We can
help you with this process to ensure compliance.
Control and Management Issues
Transaction processing systems are the backbone of any organization’s information
systems.
Business Resumption Planning
It is the process of anticipating and providing for disasters. A disaster can be a
flood, fire, earthquake, intentional damage, labor unrest or erasure of an important
file.
Focus on maintaining the integrity of the corporation information and keeping the
information system running until normal operations can be resumed.
Identify potential problems and prepare for the disaster.
Disaster Recovery
The implementation of the business resumption plan.
The primary tools are backups for hardware, software, databases,
telecommunication, and personnel.
Keep a backup copy of software and database to a remote location in a safe,
secure, fireproof, and temperature and humidity controlled environment.
Always train backup personnel in case employees leave the company.
Transaction Processing System Audit
Auditing a TPS system, is an attempt to answer three basic questions:
Does the system meet the business need for which it is developed?
What procedures and controls have been established?
Are the procedures and controls being properly used?
An internal audit is conducted by employees of the organization and an external audit
is conducted by an outside firm.
The auditors inspects all programs, documents, control techniques, the disaster plan,
insurance protection, fire protection, and other system management concerns such as
efficiency and effectiveness of the disk and tape library.
The audit trail allows the auditors to trace any out from the computer system back to
its source documents.