Information Systems - CS507
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Defining Needs
Decisions are required to be taken in day to day life. No single task in our life can be done without decision
making. For every assignment we undertake, there has to be a process of making choices. Whenever we
are faced with choices, there is an inevitable need of selecting one particular course of action. Any task
can be done in various ways, but doing it simultaneously through all possible alternatives is virtually
impossible. This necessitates making a reasonable choice from all the options available.
An example can be taken for a person who wants to go to Islamabad. He can look at following options.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Areas Covered
- Introduction to Organization and
- Role of Information in Organization, Management & Strategy
What is Organization?
Basically, an organization is group of people organized to accomplish an overall goal. Organizations can range in size from two people to hundreds of thousands -- some people might argue that organizations are even larger. Organizations have an overall goal (or mission) which is usually subdivided into various other goals (often called strategic goals) that, in total, will achieve the overall goal of the organization.
A structure through which individuals cooperate systematically to conduct business. It is a collection of people working under predefined rules and regulations to obtain a set of objectives. It is a stable formal social structure. It takes resources from the environment and processes them to produce outputs.
/ 1
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Organization & Information Requirements
Organizations have various attributes which distinguish them from each other. No two organizations are
similar in all respects. There have to have certain distinctive lines keeping them unique from each other.
Information requirements keep varying in accordance with
- Size of organization
- Its structure
- The Culture it follows
- Decision Making Structures
- Interested parties both internal and external
An organization should consider the above mentioned requirements while devising a system which tailors for specific information needs.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Unique Attributes of Organization
Organizations can be distinguished on the basis of various criteria. These are as follows.
- Organizational structure
- Culture of the Organizations
- Management Style
- Decision Making Style
Organizational Structure Pyramid/Tall/Hierarchical
Hierarchical organization
A hierarchical organization is organization structured in a way such that every entity in the organization, except one, is subordinate to a single other entity. This is the dominant mode of organization among large organizations; most corporations and governments are hierarchical organizations
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Effect of Changes in Environment
Business Environment is defined as “all elements that exist outside the boundary of the business (Organization) and have the potential to affect all or part of the organization
Elements of Environment
It is a collective reference made to the following factors
- Legal
- Ethics
- Economic
- Social
- Technological
Legal
Rules and Policies and Legal Laws established by government effect the Business Environment Change in tariff rate may increase or decrease operation of the business.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Systems vs. Procedures
Procedure is a defined set of instructions aimed at describing how to proceed in achieving a pre-defined milestone/target. Systems have collection of predefined procedures related to each other in a sequenced logical manner in order to collectively achieve the desired results. The system & procedures in all kinds of environment are subject to internal controls and checks that are necessary to ensure the effectiveness of the same.
Purpose of Systems & Procedures
The basic purpose behind setting up systems and procedures is to make available information when required. But when procedures are organized in a logical manner to form systems, the value of information as an output of a system enhances. When technology is added to the system, scope of a system changes to include hardware, software and designs linked together in accordance with the procedures contained in that system to give a purposeful architecture.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Types of Systems
What are Systems?
A system is a group of elements that are integrated with the common purpose of achieving an objective.
Example
Purchase & Sales System
Components of a system
Following are the important components of the system.
- Input elements
Raw Data input to the computer system - Process
Computation, analysis, application of any model - Output elements
Results of computation or analysis - Control mechanism
Comparison of actual with expected - Feedback system
Corrective action - Objectives
Expected/Ideal output
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
What are Systems?
A system is a group of elements that are integrated with the common purpose of achieving an objective.
Organization having common goal for the achievement are functionally interactive units. All systems
have inputs, outputs, and feedback, and maintain a basic level of equilibrium. For example, in the human
body the heart functions to support the circulatory system, which is vital to the survival of the entire
body.
Example
Purchase System
A simple example can be given of a purchase and sales system. In a typical purchase system information related to purchase of materials is kept, for instance,
- Orders for the purchase of various materials
- Status of deliveries received against specific orders
- Changes in the order quantity, time, day or other information
- Quality inspection reports and whether they need to be communicated to the supplier
- Updated status report of stock
- Issues made out of the stock
All and more of information is required to be linked and provided in an organized way.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Infrastructure
Infrastructure, generally, is the set of interconnected structural elements that provide the framework for supporting the entire structure. It usually applies only to structures that are artificial. The term is used differently in a variety of fields; perhaps the single most well-known usage is in economics, where it refers to physical infrastructure such as buildings and roads.
The notion that a structure has an internal framework is popular especially in business organizations where a dependency on interconnected information technology systems has become as prevalent as a city's dependency on interconnected conveyance systems for power, people and things. Information infrastructure consists of the physical facilities services and management that support all computing resources in an organization. There are five major components of infrastructure
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Support Systems
Seeing the benefits of MIS for middle level managers, Computerised systems have been devised for other employees in the organization to help them complete their work efficiently and effectively.
Support systems can be classified into two categories
- Office automation systems
- Decision support systems
Office Automation Systems
Office automation system includes formal and informal electronic systems primarily concerned with the communication of information to and from persons both inside and outside the firm. It supports data workers in an organization.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Data Mart
Data warehouses can become enormous with hundreds of gigabytes of transactions. As a result, subsets, known as "data marts," are often created for just one department or product line. Data Warehouse combines databases across an entire enterprise. However, Data Marts are usually smaller and focus on a particular subject or department or product line.
Following are the common techniques through which a data warehouse can be used.
Online Analytical Processing (OLAP)
Decision support software that allows the user to quickly analyze information that has been summarized into multidimensional views and hierarchies. The term online refers to the interactive querying facility provided to the user to minimize response time. It enables users to drill down into large volume of data in order to provide desired information, such as isolating the products that are more volatile from sales data. OLAP summarizes transactions into multidimensional user defined views.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
CBIS from Functional View Point
CBIS can be divided into subsystems based on how the users are grouped in the organization. This grouping of users is in terms of related tasks that are performed. These conceptual systems are mirror images of physical systems that are present. These systems are collectively called Organizational Information systems (OIS).
Organizational Information Systems (OIS)
The term OIS views organization as a combination of process oriented groups whose information needs are related but independent. All functional systems should work together for problem solving since each system specialises in specific domain of information.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Organizational Structure
Departments are structured based on the set of related responsibilities. The set of responsibilities being discharged set the tone and structure of that department. The complexity and diversity of these responsibilities also affect how departments are set in an organization.
Existence of Functional departments in every organization vary with the nature of industry and the nature of products/services being offered
Certain departments may not exist in an organization, for instance financial sector (banking, leasing companies) and travel agencies do not incorporate the concept of manufacturing as they belong to the services sector.
Let’s take a look at different departments in different industry segments in order to better understand the concept.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Marketing
No information system can exist in an organization without being linked with other functional information systems. This linkage is important for the over all smooth functionality of the information system since it allows easy transformation and usage of information.
- Marketing
Production subsystem needs to be linked with the marketing system so as to produce right amount of product. - Human resource system
Most of the human resource is involved in the manufacturing process. Since factory premises has to be working continuously, availability of relevant labour is critical. - Accounts and Finance
Accounts should have a control over various recording points in the entire process from procurement to finished good store room. This would help both in recording transactions for financial statements and approving and arranging for cash payments.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Decision Making
There are some of the critical decisions that top managers face every day. How to decide whether to sell or spin off a business? Should the supplier relationships be renegotiated? What can be done to improve decision-making competency throughout your organization?
To capture maximum value, executives not only must make the right decisions, but also must negotiate skillfully. Since most business decisions involve other parties, it is essential for managers to understand their individual role as it relates to other decision makers, as well as how to use this knowledge to create the strongest possible negotiating position.
Hence, keeping in mind the importance of decision making for managers, information systems are also designed in a way to help them out to control operations and perform their managerial responsibilities more effectively.
Decision making is the cognitive process of selecting a course of action from among multiple alternatives.
Cognitive process is the mental process of knowing, including aspects such as awareness, perception, reasoning, and judgment.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Phases of decision-making
There are five phases of the decision making process, the details of these phases have already been discussed in detail. These five phases will be elaborated in the form of an example for better understanding.
Phases of decision-making process are:
- Intelligence – searching for conditions in the environment that call for decisions
- Design – inventing, developing, and analyzing possible courses of action
- Choice – selecting a course of action from those available
- Implementation – implementing the selected course of action
- Monitoring – checking the consequences of the decision made after implementation
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Planning for System Development
The management should prefer to have a plan for IT development so as to help it to take various software development projects in a structured way. At the very start, planning is done by the management regarding following issues
- Scope of software development – certain selected areas or the entire organization.
- How to get the project done – in-house committee or hired consultants.
- How much resource and time commitment can be made.
- Any written policy on which model is needed to be followed for software development.
IT planning provides a structured means of addressing the impact of technologies, including emerging technologies, on an organization. Through the planning process, relevant technologies are identified and evaluated in the context of broader business goals and targets. Based on a comparative assessment of relevant technologies, the direction for the organization can be established. Business planning is an accepted responsibility of management. Plans provide a direction and framework for action. Plans enunciate business goals and the actions that need to be initiated to achieve those goals including related benefits, resources and timeframes.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Systems Development Life Cycle
System Development Life Cycle (SDLC) is the overall process of developing information systems through a multi-step process from investigation of initial requirements through analysis, design, implementation and maintenance. SDLC is also known as information systems development or application development. SDLC is a systems approach to problem solving and is made up of several phases, each comprised of multiple steps. It describes the stages a system passes through from inception until it is discarded or replaced. SDLC provides
- Structure
- Methods
- Controls
- Checklist
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
System Design
System design can be explained and presented in narrative form. But the benefits of diagrammatic view cannot be understated. This helps to give a snapshot of what the entire system looks like. Various diagrammatic tools can be used while designing the system.
As an example consider the following DFD which indicates a simple process of recording transactions and posting into general ledger
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Incremental Model
The incremental model is a method of software/ Information System development where the model is designed, implemented and tested incrementally until the product is finished. It involves both development and maintenance. This model combines the elements of the waterfall model with the philosophy of prototyping.
Example -An example of this incremental approach is observed in the development of word processing applications where the following services are provided on subsequent modules:
- Basic file management, editing and document production functions
- Advanced editing and document production functions
- Spell and grammar checking
- Advance page layout
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Spiral Model
SPIRAL is an iterative approach to system development. The spiral lifecycle model is a combination of the classic waterfall model and aspects of risk analysis. This model is very appropriate for large and complex Information Systems. The spiral model emphasizes the need to go back and reiterate earlier steps a number of times as the project progresses. It's actually a series of short waterfall cycles, each producing an early prototype representing a part of the entire project. It is a circular view of the software lifecycle as opposed to the linear view of the waterfall approach. It can incorporate other models in its various developmental phases.
There are usually four distinct phases of the spiral model software development approach.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
System Analysis
System analysis can be defined simply as: “The study of business problem domain to recommend improvements and specify the business requirements for the solution.”
Or alternatively as:
“A problem solving technique that decomposes a system into its component pieces for the purpose of studying, how well those component parts work and interact to accomplish their purpose.”
Both the definitions highlight following important points:
- System analysis helps to create an understanding of the business processes, their linkage with one another, the parameters governing the data flow within the business, the controls and checks built into the processes and the reporting needs in a business where a problem exists or for which the software needs to be designed.
- System analysis creates the understanding and lays out the necessary relationships that will assist in defining a solution to the problem or the design of the proposed software that will meet the user needs.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Benefits of Good System Design
- Better understanding by the developer of the system. A properly designed system helps in elaborating and understanding refined aspects of system.
- System development becomes efficient. An error free designed system saves development time since it helps in understanding without discussion.
- A well designed system also helps in early detection of problems in critical areas, if any.
- Better quality of reporting formats. Modifications can be made easily in the system.
- Little maintenance is required in the operations phase.
System Analysis & Design Methods
Two approaches are followed for system analysis and design
- Structured analysis and design – Which includes various tools, such as.
- Flowcharting
- Data Flow diagram
- ERD
- Object oriented analysis and design
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Symbols used for flow charts
Symbols
The symbols have already been briefly stated in the previous Lesson. Following would explain these symbols in detail.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Rules for DFD’s
The DFD as an analytical tool follows certain rules. These rules help in achieving the level of standardization.
- There should be no black holes, gray holes, miracles.
- Do not leave things unlabeled
- the DFD should not include data flows that are unassociated with the process.
Data Flows cannot be without a process or function being involved in the flow. Below are given three diagrams that indicate bad practices. There has to be a process in between these three diagrams.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Symbols
Entity Relationship Diagram as a technical tool also has predefined set of symbols. The purpose behind all this is to have standardization in the use of technique in varied situations. Some major symbols commonly used are as under.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Object Oriented Analysis and Design
There are some terms important to explaining the concept object oriented analysis and design.
Object
An object can be defined as “A concept, abstraction, or thing with crisp boundaries and meaning of the
problem at hand. Objects serve two purposes, they promote understanding of the real world and provide a
practical basis for computer implementation.”
Rumbaugh et al. (1991)
Classes
A class is defined as “The purpose of a class is to specify a classification of objects and to specify the features that characterize the structure and behavior of those objects.”
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Critical Success Factors (CSF)
Critical Success Factor (CSF) is a business term for an element which is necessary for an organization or project to achieve its mission. For example, for an international package delivery system, CSF’s can be identified such as safe transport of customer consignments, timely delivery of consignment, online status confirmation system to inform customers and proper packaging and handling.
Critical Success Factors differ from organization to organization. While approving any project, the management may evaluate the project on the basis of certain factors critical to the success or failure of the project. For instance:
- Money factors: positive cash flow, revenue growth, and profit margins.
- Acquiring new customers and/or distributors
- Customer satisfaction – No. of complaints, after sales service
- Quality – Customer feed back on the product.
- Product / service development -- what's new that will increase business with existing customers and attract new ones?
- Intellectual capital – enhancing production techniques and acquiring knowledge relating to advancement in hardware/machines, equipment, processes.
- Strategic relationships -- new sources of business, products and outside revenue, sub contracting.
- Employee development and retention –
- Sustainability
- Corporate social responsibility
- Corporate Governance
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Security of Information System
The information systems are vulnerable to modification, intrusion or malfunctioning. Hence they need to be secured from all these threats be devising a sound security system.
“Information assets are secure when the expected losses that will occur from threats eventuating over sometime are at an acceptable level.”
Security Issues
Some losses will inevitably occur in all environments. So eliminating all possible losses is either impossible or too costly. Level of losses should be specified. The level of losses decided should be linked with a time period in which the occurrence would be tolerated. The definition mentions threats, which can be either
- Physical, (e.g. Theft, rain, earthquake, disasters, fire) or
- Logical (e.g intrusion, virus, etc)
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Threat Identification
“A threat is some action or event that can lead to a loss.”
Various types of threats may exist that could, if they occur result in information assets being exposed, removed either temporarily or permanently, lost, damaged, destroyed, or used for un-authorized purposes are identified. Susceptibility to threats, whether logical or physical are a major risk factor for the data base and information system of an organization. These risks are to be identified and steps that include physical and logical controls need to be instituted and monitored on a regular basis. Security measures can be designed only if we know what kind of threats or risks are to be guarded against. Obviously, we would also have to determine the frequency of the known and the unknown risks or threats.
Threats and risks are usually used synonymously. These are always there and cannot be avoided but should be managed to minimize losses and maximize returns. Each level of management and each operational area perceives risk differently and communicates these perceptions in different terms.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Control Adjustment
This phase involves determining whether any controls can be designed, implemented, operated. The cost of devising controls should not exceed the expected potential benefit being enchased and the potential loss being avoided. The above decision takes into account consideration of various factors like personal judgment of the situation, any information gained on desired/non-existing controls during the previous phases, seeking demands of users for an ideal control environment.
Existing controls should not be totally discarded while adjusting controls. They can either be terminated totally due to the threats not being there any more and existence of better controls either modified for betterment. This phase should consider the security to be cost effective, and integrated.
Security to be cost effective
IT Guideline on security issued by IFAC states:
“Different levels and types of security may be required to address the risks to information. Security levels and associated costs must be compatible with the value of the information.”
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Unauthorized intrusion
Intrusion can be both either physical or logical. In physical intrusion, the intruder physically could enter an organization to steal information system assets or carry out sabotage. For example the Intruder might try to remove hard disks. In case of logical intrusion, the intruder might be trying to have an unauthorized access to the system. The purpose could be damaging or stealing data, installation of bug or wire tapping -- Spying on communication within the organization.
Physical Access Vs. Logical access
In computer security, being able to physically touch and interact with the computers and network devices amounts to physical access. It lets someone insert a boot disk in the machine and bypass normal operating system controls. Physical access enables people to install unauthorized snooping equipment such as keystroke loggers. However, interact with data through access control procedures such as identification, authentication and authorization.
/ 1
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Antivirus software
Use of antivirus software is another very important technical control against the spread of virus.
Scanners
They scan the operating system and application soft ware for any virus based on the viruses they contain. Every virus has a different bit pattern. These unique bit patterns act as an identity for the virus and are called signatures. These signatures are available in virus definitions. Every scanner contains in it certain virus definitions which in fact are signatures (bit patterns) for various kinds of virus. The scanner checks or scans the operating system and other application soft wares installed on the hard drives. While scanning, it checks the bit patterns in all software against the bit patterns contained in the virus definitions of the scanner. If they found similar, they are labeled as virus.
Active monitors
This software serves the concurrent monitoring as the system is being used. They act as a guard against viruses while the operating system is performing various functions e.g connected to internet, transferring data, etc. It blocks a virus to access the specific portions to which only the operating system has the authorized access. Active monitors can be problem some because they can not distinguish between a user request and a program or a virus request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or a set of files.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Types of Controls
Implementation of controls is a critical security feature of information systems. They block and detect various forms of intrusion and protect various components of the entire information systems, are these telecommunication lines or computer software’s and hard wares.
- Access Controls – Controlling who can access the system.
- Input Controls – Controls over how the data is input to the system.
- Communication Controls – Controls over the transfer of data between LAN, WAN or internet.
- Processing Controls – controlling the processing of data
- Database Controls – Securing the most important asset of the organization
- Output controls – controlling the privacy of the data.
Access Controls
These controls establish the interface between the would-be user of the computer system and the computer itself. These controls monitor the initial handshaking procedure of the user with the operating system. For example when a customer enter the card and the pin code in an automatic teller machine (ATM), the access controls are exercised by the system to block unwanted or illegitimate access.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Audit trails and logs
An audit trail is a logical record of computer activities/usage/processing pertaining to an operating or application system or user activities. An information system may have several audit trails, each devoted to a particular type of activity. All these audit trails are primarily extracted from the audit log recorded on chronological basis. The audit log is maintained only for the list of activities specified for which the log is to be maintained. The information can be recorded varies including but not limited to
- Time stamp for the log in/out time
- Terminal in use
- Files accessed
- Transactions performed
- Amendments made
Audit trails can provide a means to help accomplish several security-related objectives, including individual accountability, reconstruction of events (actions that happen on a computer system), intrusion detection, and problem analysis, as well as evidence of the correct processing regimes within a system
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Risk Management
Risk Management is the process of measuring, or assessing risk and then developing strategies to manage the risk. In general, the strategies employed include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk. Risk management is a general concept which can encompass various aspects or issues to be catered for. For example risk management against natural disasters, financial risk management, knowledge risk management, relationship risk management. No matter what aspect of risk is being covered the general approach is quite the same. Here since we are more focused on study of information systems, we would try to relate more to the risks related to proper working of information systems.
Managing the security risks associated with reliance on information technology is a continuing challenge. Many private organizations, have struggled to find efficient ways to ensure that they fully understand the information security risks affecting their operations and implement appropriate controls to mitigate these risks. In recent years, systems have become more susceptible to virus because computers have become more interconnected and, thus, more interdependent and accessible to a larger number of individuals.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Control Analysis
This phase includes assessment of controls already been implemented or planned, probability that they can be broken, assessment of potential loss despite such controls existing. Controls are also classified as non-technical controls also called management controls and technical controls – software, hardware controls. The output of this step is current or planned controls used for the IT system to measure the likelihood of vulnerability being exercised and reduce the impact of loss.
Likelihood Determination
- This phase determines that a potential vulnerability could be exercised by a given threat-source. Following table will help us to define and understand the likelihood definitions.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Risk Management
Managing the companies risk is gaining more and more importance. Companies are getting more aware of the fact that risks should be foreseen and addressed before they could prove havoc for the organization in any regard.
Corporate Culture and Risk Management
As it goes, “The ultimate risk is not taking the risk”. Recognizing and managing risk should be an important part of the corporate culture. IS related risk management is a one level deeper into the over all corporate risk strategy. Assuming that most of the business processes have become computer and technology dependent to whatever extent actually used, a secure IS supported with a sound risk management strategy must be available to the organization.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Web Security
The nature of the internet makes it vulnerable to attack. Estimates claim that there are over 300 million computers connected via the Internet. Originally designed to allow for the freest possible exchange of information, it is widely used today for commercial purposes. This poses significant security problems for organizations when protecting their information assets. For example, hackers and virus writers try to attack the Internet and computers connected to the Internet. Some want to invade others’ privacy and attempt to crack into databases of sensitive information or sniff information as it travels across Internet routes.
The concept of Web
The Internet Protocol is designed solely for the addressing and routing of data packets across a network. It does not guarantee or provide evidence on the delivery of messages. There is no verification of an address. The sender will not know if the message reaches its destination at the time it is required. The receiver does not know if the message came from the address specified as the return address in the packet. Other protocols correct some of these drawbacks.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Factors Encouraging Internet Attacks
Generally, Internet attacks of both a passive and active nature occur for a number of reasons, including availability of tools and techniques on the Internet or as commercially available software that an intruder can download easily. For example, to scan ports, an intruder can easily obtain network scanners, various password cracking programs are available free or at a minimal cost. Lack of security awareness and training among an organization’s employees. No matter how perfect a system is made by removing all possible vulnerabilities, there are still chances that weaknesses exist and the system can be intruded at any given time. Inadequate security over firewalls and operating systems may allow intruders to view internal addresses and use network services indiscriminately.
Internet Security Controls
Information Systems can be made secure from the threats discussed last slides. There is not a single control available to cater for the risk of vulnerabilities associated with web (Internet). Some of the solutions are:
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
E-Commerce
Electronic Commerce (e-commerce or EC) describes the buying, selling, and exchanging of products, services, and information via computer network, primarily the internet. Some people view the term commerce as describing transactions conducted between business partners. Ebusiness is a broad definition of EC, not just buying and selling, but also servicing customers, collaborating with business partners, and conducting electronic transactions within an organization.
Why E-Commerce?
Due to rapid expansion in business, and time pressures from customers, Efficiency in delivering products and information there to and addressing complaints is of paramount importance. Use of internet or web services can be a very effective tool in achieving this goal. It helps to achieve various business goals in the fastest possible way, e.g. sharing production schedules with suppliers, knowing customer demands for future in advance. These days almost almost all businesses have Ecommerce, from fast food chains to automobile manufacturers. Online orders can be placed along with online payment made. All this is possible with the use of E-commerce. According to Lou Gerstner, IBM’s former CEO,
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Supply Chain Management
Introduction
The business in the globalization age is more about enhanced efficiencies, increased productivity
resulting in lower costs of production, quick and effective decision making increased outreach
and customer/client satisfaction and sharing knowledge across institutions. This enables a
business to become a more effective player in the free and extremely competitive global market.
Globalization encompasses the concept of moving beyond the geographical boundaries of a
country and using technological advances to maximum advantage for the business. The internet
and Web technologies have brought new dimensions to doing and managing business. ECommerce
we have talked about. Obviously every business has some inherent risks. So does ECommerce.
For example, privacy, legality, taxation are issues that pose a challenge for a good Ebusiness
environment although measures both legislative and operational have been taken and
continue to be devised. As far as Management Information Systems for businesses are
concerned these too have undergone a major change particularly with the availability of
Internet. Gone are the days of the stand alone systems which looked at each aspect of the
business separately. Today we are talking of end to end solutions for businesses. In other words
business imperatives have driven us to re-define the scope of the coverage/ extant of
management information systems. The Buzzword for some time now is “ ENTERPRISE
RESOURCE PLANNING.” (ERP).
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Enterprise Resource Planning
Following are various modes of integration:
- Connect Existing modules/system
- Use Supply Chain Management (SCM) Software
- Use ERP Software
The material on first two modes is available in the handouts of lecture 42. The third way of integrating is using an ERP software. Before we start of with what ERP is, I would like to touch a previously discussed linkage between IT and business objectives.
Business Objectives and IT
The goals set by the business strategy are always of supreme importance. Some of these goals are meeting customer requirements, reaching customer where he is --- online, scattered locations, achieving distinctive competence and winning brand loyalty. IT function in an organization is set up in order to support the business goals set at all levels of the organization. IT objectives should be flexed according to the business needs of the organization. This helps in efficient use of IT resources for the achievement of business objectives.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
ERP & E-commerce
Organizations do accept that when we talk of E-commerce in real terms, not just having a website for online information but actually to be able to execute transactions, there has to be an integrated software up and running. Especially when Consumerism is the prime focus, being integrated and online will help in better implementation of CRM.
Text in the clips
This is known as the business to business B2B and business to consumer B2C.They have become buzz words but they are very real. What most ERP’s are heading towards are internet portals. The front end becomes the internet portal and the other businesses and customers can come in through that.
Gist of the clips
Now consumers and business use the gateway of internet to walk into the business and make transactions. So Websites with online buying options have become the virtual selling locations for the business.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Importance of ethics in IS
Information is a source of power. Consequently, developments in information systems also involve social and political relationships-- and so make ethical considerations in how information is used all the more important. Electronic systems now reach into all levels of government, into the workplace, and into private lives to such an extent that even people without access to these systems are affected in significant ways by them. New ethical and legal decisions are necessary to balance the needs and rights of everyone.
Meaning of Ethics
Ethics are moral choices made by individuals in relation to the rest of the community, standards of acceptable behavior, and rules governing members of a profession. ETHICS are principles and rules concerning duty to society, profession and business. Ethics is about how we ought to live. The purpose of ethics in information systems is not philosophical or academic, it can mean the survival of a business or industry. The issues relating to electronic information systems include control of and access to information, privacy and misuse of data, International considerations. Issues of ethics and privacy have always been there even when computerized environments were in their natal phase. However, with the advancement in technology, the issues have grown sophisticated and so are the remedies.
Google +