Spread Knowledge

Information Systems - CS507

CS507 - Information Systems - Lecture Handout 01

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Defining Needs

Decisions are required to be taken in day to day life. No single task in our life can be done without decision making. For every assignment we undertake, there has to be a process of making choices. Whenever we are faced with choices, there is an inevitable need of selecting one particular course of action. Any task can be done in various ways, but doing it simultaneously through all possible alternatives is virtually impossible. This necessitates making a reasonable choice from all the options available.
An example can be taken for a person who wants to go to Islamabad. He can look at following options.

Read more: CS507 - Information Systems - Lecture Handout 01

CS507 - Information Systems - Lecture Handout 02

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Areas Covered

  • Introduction to Organization and
  • Role of Information in Organization, Management & Strategy

What is Organization?

Basically, an organization is group of people organized to accomplish an overall goal. Organizations can range in size from two people to hundreds of thousands -- some people might argue that organizations are even larger. Organizations have an overall goal (or mission) which is usually subdivided into various other goals (often called strategic goals) that, in total, will achieve the overall goal of the organization.

A structure through which individuals cooperate systematically to conduct business. It is a collection of people working under predefined rules and regulations to obtain a set of objectives. It is a stable formal social structure. It takes resources from the environment and processes them to produce outputs.

Read more: CS507 - Information Systems - Lecture Handout 02

CS507 - Information Systems - Lecture Handout 03

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Organization & Information Requirements

Organizations have various attributes which distinguish them from each other. No two organizations are similar in all respects. There have to have certain distinctive lines keeping them unique from each other.
Information requirements keep varying in accordance with

  • Size of organization
  • Its structure
  • The Culture it follows
  • Decision Making Structures
  • Interested parties both internal and external

An organization should consider the above mentioned requirements while devising a system which tailors for specific information needs.

Read more: CS507 - Information Systems - Lecture Handout 03

CS507 - Information Systems - Lecture Handout 04

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Unique Attributes of Organization

Organizations can be distinguished on the basis of various criteria. These are as follows.

  • Organizational structure
  • Culture of the Organizations
  • Management Style
  • Decision Making Style

Organizational Structure Pyramid/Tall/Hierarchical

Hierarchical organization

A hierarchical organization is organization structured in a way such that every entity in the organization, except one, is subordinate to a single other entity. This is the dominant mode of organization among large organizations; most corporations and governments are hierarchical organizations

Read more: CS507 - Information Systems - Lecture Handout 04

CS507 - Information Systems - Lecture Handout 05

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Effect of Changes in Environment

Business Environment is defined as “all elements that exist outside the boundary of the business (Organization) and have the potential to affect all or part of the organization

Elements of Environment

It is a collective reference made to the following factors

  • Legal
  • Ethics
  • Economic
  • Social
  • Technological

Legal

Rules and Policies and Legal Laws established by government effect the Business Environment Change in tariff rate may increase or decrease operation of the business.

Read more: CS507 - Information Systems - Lecture Handout 05

CS507 - Information Systems - Lecture Handout 06

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Systems vs. Procedures

Procedure is a defined set of instructions aimed at describing how to proceed in achieving a pre-defined milestone/target. Systems have collection of predefined procedures related to each other in a sequenced logical manner in order to collectively achieve the desired results. The system & procedures in all kinds of environment are subject to internal controls and checks that are necessary to ensure the effectiveness of the same.

Purpose of Systems & Procedures

The basic purpose behind setting up systems and procedures is to make available information when required. But when procedures are organized in a logical manner to form systems, the value of information as an output of a system enhances. When technology is added to the system, scope of a system changes to include hardware, software and designs linked together in accordance with the procedures contained in that system to give a purposeful architecture.

Read more: CS507 - Information Systems - Lecture Handout 06

CS507 - Information Systems - Lecture Handout 07

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Types of Systems

What are Systems?

A system is a group of elements that are integrated with the common purpose of achieving an objective.

Example

Purchase & Sales System

Components of a system

Following are the important components of the system.

  • Input elements
    Raw Data input to the computer system
  • Process
    Computation, analysis, application of any model
  • Output elements
    Results of computation or analysis
  • Control mechanism
    Comparison of actual with expected
  • Feedback system
    Corrective action
  • Objectives
    Expected/Ideal output

  • Read more: CS507 - Information Systems - Lecture Handout 07

CS507 - Information Systems - Lecture Handout 08

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

What are Systems?

A system is a group of elements that are integrated with the common purpose of achieving an objective.
Organization having common goal for the achievement are functionally interactive units. All systems have inputs, outputs, and feedback, and maintain a basic level of equilibrium. For example, in the human body the heart functions to support the circulatory system, which is vital to the survival of the entire body.

Example
Purchase System

A simple example can be given of a purchase and sales system. In a typical purchase system information related to purchase of materials is kept, for instance,

  • Orders for the purchase of various materials
  • Status of deliveries received against specific orders
  • Changes in the order quantity, time, day or other information
  • Quality inspection reports and whether they need to be communicated to the supplier
  • Updated status report of stock
  • Issues made out of the stock

All and more of information is required to be linked and provided in an organized way.

Read more: CS507 - Information Systems - Lecture Handout 08

CS507 - Information Systems - Lecture Handout 09

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Infrastructure

Infrastructure, generally, is the set of interconnected structural elements that provide the framework for supporting the entire structure. It usually applies only to structures that are artificial. The term is used differently in a variety of fields; perhaps the single most well-known usage is in economics, where it refers to physical infrastructure such as buildings and roads.

The notion that a structure has an internal framework is popular especially in business organizations where a dependency on interconnected information technology systems has become as prevalent as a city's dependency on interconnected conveyance systems for power, people and things. Information infrastructure consists of the physical facilities services and management that support all computing resources in an organization. There are five major components of infrastructure

Read more: CS507 - Information Systems - Lecture Handout 09

CS507 - Information Systems - Lecture Handout 10

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Support Systems

Seeing the benefits of MIS for middle level managers, Computerised systems have been devised for other employees in the organization to help them complete their work efficiently and effectively.

Support systems can be classified into two categories

  • Office automation systems
  • Decision support systems

Office Automation Systems

Office automation system includes formal and informal electronic systems primarily concerned with the communication of information to and from persons both inside and outside the firm. It supports data workers in an organization.

Read more: CS507 - Information Systems - Lecture Handout 10

CS507 - Information Systems - Lecture Handout 11

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Data Mart

Data warehouses can become enormous with hundreds of gigabytes of transactions. As a result, subsets, known as "data marts," are often created for just one department or product line. Data Warehouse combines databases across an entire enterprise. However, Data Marts are usually smaller and focus on a particular subject or department or product line.

Following are the common techniques through which a data warehouse can be used.

Online Analytical Processing (OLAP)

Decision support software that allows the user to quickly analyze information that has been summarized into multidimensional views and hierarchies. The term online refers to the interactive querying facility provided to the user to minimize response time. It enables users to drill down into large volume of data in order to provide desired information, such as isolating the products that are more volatile from sales data. OLAP summarizes transactions into multidimensional user defined views.

Read more: CS507 - Information Systems - Lecture Handout 11

CS507 - Information Systems - Lecture Handout 12

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

CBIS from Functional View Point

CBIS can be divided into subsystems based on how the users are grouped in the organization. This grouping of users is in terms of related tasks that are performed. These conceptual systems are mirror images of physical systems that are present. These systems are collectively called Organizational Information systems (OIS).

Organizational Information Systems (OIS)

The term OIS views organization as a combination of process oriented groups whose information needs are related but independent. All functional systems should work together for problem solving since each system specialises in specific domain of information.

Read more: CS507 - Information Systems - Lecture Handout 12

CS507 - Information Systems - Lecture Handout 13

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Organizational Structure

Departments are structured based on the set of related responsibilities. The set of responsibilities being discharged set the tone and structure of that department. The complexity and diversity of these responsibilities also affect how departments are set in an organization.

Existence of Functional departments in every organization vary with the nature of industry and the nature of products/services being offered

Certain departments may not exist in an organization, for instance financial sector (banking, leasing companies) and travel agencies do not incorporate the concept of manufacturing as they belong to the services sector.

Let’s take a look at different departments in different industry segments in order to better understand the concept.

Read more: CS507 - Information Systems - Lecture Handout 13

CS507 - Information Systems - Lecture Handout 14

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Marketing

No information system can exist in an organization without being linked with other functional information systems. This linkage is important for the over all smooth functionality of the information system since it allows easy transformation and usage of information.

  • Marketing
    Production subsystem needs to be linked with the marketing system so as to produce right amount of product.
  • Human resource system
    Most of the human resource is involved in the manufacturing process. Since factory premises has to be working continuously, availability of relevant labour is critical.
  • Accounts and Finance
    Accounts should have a control over various recording points in the entire process from procurement to finished good store room. This would help both in recording transactions for financial statements and approving and arranging for cash payments.

  • Read more: CS507 - Information Systems - Lecture Handout 14

CS507 - Information Systems - Lecture Handout 15

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Decision Making

There are some of the critical decisions that top managers face every day. How to decide whether to sell or spin off a business? Should the supplier relationships be renegotiated? What can be done to improve decision-making competency throughout your organization?

To capture maximum value, executives not only must make the right decisions, but also must negotiate skillfully. Since most business decisions involve other parties, it is essential for managers to understand their individual role as it relates to other decision makers, as well as how to use this knowledge to create the strongest possible negotiating position.

Hence, keeping in mind the importance of decision making for managers, information systems are also designed in a way to help them out to control operations and perform their managerial responsibilities more effectively.

Decision making is the cognitive process of selecting a course of action from among multiple alternatives.

Cognitive process is the mental process of knowing, including aspects such as awareness, perception, reasoning, and judgment.

Read more: CS507 - Information Systems - Lecture Handout 15

CS507 - Information Systems - Lecture Handout 16

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Phases of decision-making

There are five phases of the decision making process, the details of these phases have already been discussed in detail. These five phases will be elaborated in the form of an example for better understanding.

Phases of decision-making process are:

  • Intelligence – searching for conditions in the environment that call for decisions
  • Design – inventing, developing, and analyzing possible courses of action
  • Choice – selecting a course of action from those available
  • Implementation – implementing the selected course of action
  • Monitoring – checking the consequences of the decision made after implementation

  • Read more: CS507 - Information Systems - Lecture Handout 16

CS507 - Information Systems - Lecture Handout 17

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Planning for System Development

The management should prefer to have a plan for IT development so as to help it to take various software development projects in a structured way. At the very start, planning is done by the management regarding following issues

  • Scope of software development – certain selected areas or the entire organization.
  • How to get the project done – in-house committee or hired consultants.
  • How much resource and time commitment can be made.
  • Any written policy on which model is needed to be followed for software development.

IT planning provides a structured means of addressing the impact of technologies, including emerging technologies, on an organization. Through the planning process, relevant technologies are identified and evaluated in the context of broader business goals and targets. Based on a comparative assessment of relevant technologies, the direction for the organization can be established. Business planning is an accepted responsibility of management. Plans provide a direction and framework for action. Plans enunciate business goals and the actions that need to be initiated to achieve those goals including related benefits, resources and timeframes.

Read more: CS507 - Information Systems - Lecture Handout 17

CS507 - Information Systems - Lecture Handout 18

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Systems Development Life Cycle

System Development Life Cycle (SDLC) is the overall process of developing information systems through a multi-step process from investigation of initial requirements through analysis, design, implementation and maintenance. SDLC is also known as information systems development or application development. SDLC is a systems approach to problem solving and is made up of several phases, each comprised of multiple steps. It describes the stages a system passes through from inception until it is discarded or replaced. SDLC provides

  1. Structure
  2. Methods
  3. Controls
  4. Checklist

  5. Read more: CS507 - Information Systems - Lecture Handout 18

CS507 - Information Systems - Lecture Handout 19

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

System Design

System design can be explained and presented in narrative form. But the benefits of diagrammatic view cannot be understated. This helps to give a snapshot of what the entire system looks like. Various diagrammatic tools can be used while designing the system.

As an example consider the following DFD which indicates a simple process of recording transactions and posting into general ledger

Read more: CS507 - Information Systems - Lecture Handout 19

CS507 - Information Systems - Lecture Handout 20

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Incremental Model

The incremental model is a method of software/ Information System development where the model is designed, implemented and tested incrementally until the product is finished. It involves both development and maintenance. This model combines the elements of the waterfall model with the philosophy of prototyping.

Example -An example of this incremental approach is observed in the development of word processing applications where the following services are provided on subsequent modules:

CS507 - Information Systems - Lecture Handout 21

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Spiral Model

SPIRAL is an iterative approach to system development. The spiral lifecycle model is a combination of the classic waterfall model and aspects of risk analysis. This model is very appropriate for large and complex Information Systems. The spiral model emphasizes the need to go back and reiterate earlier steps a number of times as the project progresses. It's actually a series of short waterfall cycles, each producing an early prototype representing a part of the entire project. It is a circular view of the software lifecycle as opposed to the linear view of the waterfall approach. It can incorporate other models in its various developmental phases.

There are usually four distinct phases of the spiral model software development approach.

Read more: CS507 - Information Systems - Lecture Handout 21

CS507 - Information Systems - Lecture Handout 22

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

System Analysis

System analysis can be defined simply as: “The study of business problem domain to recommend improvements and specify the business requirements for the solution.”

Or alternatively as:

“A problem solving technique that decomposes a system into its component pieces for the purpose of studying, how well those component parts work and interact to accomplish their purpose.”

Both the definitions highlight following important points:

  • System analysis helps to create an understanding of the business processes, their linkage with one another, the parameters governing the data flow within the business, the controls and checks built into the processes and the reporting needs in a business where a problem exists or for which the software needs to be designed.
  • System analysis creates the understanding and lays out the necessary relationships that will assist in defining a solution to the problem or the design of the proposed software that will meet the user needs.

  • Read more: CS507 - Information Systems - Lecture Handout 22

CS507 - Information Systems - Lecture Handout 23

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Benefits of Good System Design

  • Better understanding by the developer of the system. A properly designed system helps in elaborating and understanding refined aspects of system.
  • System development becomes efficient. An error free designed system saves development time since it helps in understanding without discussion.
  • A well designed system also helps in early detection of problems in critical areas, if any.
  • Better quality of reporting formats. Modifications can be made easily in the system.
  • Little maintenance is required in the operations phase.

System Analysis & Design Methods

Two approaches are followed for system analysis and design

CS507 - Information Systems - Lecture Handout 24

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Symbols used for flow charts

Symbols

The symbols have already been briefly stated in the previous Lesson. Following would explain these symbols in detail.

Symbols

Read more: CS507 - Information Systems - Lecture Handout 24

CS507 - Information Systems - Lecture Handout 25

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Rules for DFD’s

The DFD as an analytical tool follows certain rules. These rules help in achieving the level of standardization.

  • There should be no black holes, gray holes, miracles.
  • Do not leave things unlabeled
  • the DFD should not include data flows that are unassociated with the process.

Data Flows cannot be without a process or function being involved in the flow. Below are given three diagrams that indicate bad practices. There has to be a process in between these three diagrams.

Rules for DFD’s

Read more: CS507 - Information Systems - Lecture Handout 25

CS507 - Information Systems - Lecture Handout 26

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Symbols

Entity Relationship Diagram as a technical tool also has predefined set of symbols. The purpose behind all this is to have standardization in the use of technique in varied situations. Some major symbols commonly used are as under.

Symbols

Read more: CS507 - Information Systems - Lecture Handout 26

CS507 - Information Systems - Lecture Handout 27

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Object Oriented Analysis and Design

There are some terms important to explaining the concept object oriented analysis and design.

Object

An object can be defined as “A concept, abstraction, or thing with crisp boundaries and meaning of the problem at hand. Objects serve two purposes, they promote understanding of the real world and provide a practical basis for computer implementation.”
Rumbaugh et al. (1991)

Classes

A class is defined as “The purpose of a class is to specify a classification of objects and to specify the features that characterize the structure and behavior of those objects.”

Read more: CS507 - Information Systems - Lecture Handout 27

CS507 - Information Systems - Lecture Handout 28

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Critical Success Factors (CSF)

Critical Success Factor (CSF) is a business term for an element which is necessary for an organization or project to achieve its mission. For example, for an international package delivery system, CSF’s can be identified such as safe transport of customer consignments, timely delivery of consignment, online status confirmation system to inform customers and proper packaging and handling.

Critical Success Factors differ from organization to organization. While approving any project, the management may evaluate the project on the basis of certain factors critical to the success or failure of the project. For instance:

  • Money factors: positive cash flow, revenue growth, and profit margins.
  • Acquiring new customers and/or distributors
  • Customer satisfaction – No. of complaints, after sales service
  • Quality – Customer feed back on the product.
  • Product / service development -- what's new that will increase business with existing customers and attract new ones?
  • Intellectual capital – enhancing production techniques and acquiring knowledge relating to advancement in hardware/machines, equipment, processes.
  • Strategic relationships -- new sources of business, products and outside revenue, sub contracting.
  • Employee development and retention –
  • Sustainability
  • Corporate social responsibility
  • Corporate Governance

  • Read more: CS507 - Information Systems - Lecture Handout 28

CS507 - Information Systems - Lecture Handout 29

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Security of Information System

The information systems are vulnerable to modification, intrusion or malfunctioning. Hence they need to be secured from all these threats be devising a sound security system.

“Information assets are secure when the expected losses that will occur from threats eventuating over sometime are at an acceptable level.”

Security Issues

Some losses will inevitably occur in all environments. So eliminating all possible losses is either impossible or too costly. Level of losses should be specified. The level of losses decided should be linked with a time period in which the occurrence would be tolerated. The definition mentions threats, which can be either

CS507 - Information Systems - Lecture Handout 30

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Threat Identification

“A threat is some action or event that can lead to a loss.”

Various types of threats may exist that could, if they occur result in information assets being exposed, removed either temporarily or permanently, lost, damaged, destroyed, or used for un-authorized purposes are identified. Susceptibility to threats, whether logical or physical are a major risk factor for the data base and information system of an organization. These risks are to be identified and steps that include physical and logical controls need to be instituted and monitored on a regular basis. Security measures can be designed only if we know what kind of threats or risks are to be guarded against. Obviously, we would also have to determine the frequency of the known and the unknown risks or threats.

Threats and risks are usually used synonymously. These are always there and cannot be avoided but should be managed to minimize losses and maximize returns. Each level of management and each operational area perceives risk differently and communicates these perceptions in different terms.

Read more: CS507 - Information Systems - Lecture Handout 30

CS507 - Information Systems - Lecture Handout 31

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Control Adjustment

This phase involves determining whether any controls can be designed, implemented, operated. The cost of devising controls should not exceed the expected potential benefit being enchased and the potential loss being avoided. The above decision takes into account consideration of various factors like personal judgment of the situation, any information gained on desired/non-existing controls during the previous phases, seeking demands of users for an ideal control environment.

Existing controls should not be totally discarded while adjusting controls. They can either be terminated totally due to the threats not being there any more and existence of better controls either modified for betterment. This phase should consider the security to be cost effective, and integrated.

Security to be cost effective

IT Guideline on security issued by IFAC states:

“Different levels and types of security may be required to address the risks to information. Security levels and associated costs must be compatible with the value of the information.”

Read more: CS507 - Information Systems - Lecture Handout 31

CS507 - Information Systems - Lecture Handout 32

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Unauthorized intrusion

Intrusion can be both either physical or logical. In physical intrusion, the intruder physically could enter an organization to steal information system assets or carry out sabotage. For example the Intruder might try to remove hard disks. In case of logical intrusion, the intruder might be trying to have an unauthorized access to the system. The purpose could be damaging or stealing data, installation of bug or wire tapping -- Spying on communication within the organization.

Physical Access Vs. Logical access

In computer security, being able to physically touch and interact with the computers and network devices amounts to physical access. It lets someone insert a boot disk in the machine and bypass normal operating system controls. Physical access enables people to install unauthorized snooping equipment such as keystroke loggers. However, interact with data through access control procedures such as identification, authentication and authorization.

Read more: CS507 - Information Systems - Lecture Handout 32

CS507 - Information Systems - Lecture Handout 33

User Rating:  / 1

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Antivirus software

Use of antivirus software is another very important technical control against the spread of virus.

Scanners

They scan the operating system and application soft ware for any virus based on the viruses they contain. Every virus has a different bit pattern. These unique bit patterns act as an identity for the virus and are called signatures. These signatures are available in virus definitions. Every scanner contains in it certain virus definitions which in fact are signatures (bit patterns) for various kinds of virus. The scanner checks or scans the operating system and other application soft wares installed on the hard drives. While scanning, it checks the bit patterns in all software against the bit patterns contained in the virus definitions of the scanner. If they found similar, they are labeled as virus.

Active monitors

This software serves the concurrent monitoring as the system is being used. They act as a guard against viruses while the operating system is performing various functions e.g connected to internet, transferring data, etc. It blocks a virus to access the specific portions to which only the operating system has the authorized access. Active monitors can be problem some because they can not distinguish between a user request and a program or a virus request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or a set of files.

Read more: CS507 - Information Systems - Lecture Handout 33

CS507 - Information Systems - Lecture Handout 34

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Types of Controls

Implementation of controls is a critical security feature of information systems. They block and detect various forms of intrusion and protect various components of the entire information systems, are these telecommunication lines or computer software’s and hard wares.

  1. Access Controls – Controlling who can access the system.
  2. Input Controls – Controls over how the data is input to the system.
  3. Communication Controls – Controls over the transfer of data between LAN, WAN or internet.
  4. Processing Controls – controlling the processing of data
  5. Database Controls – Securing the most important asset of the organization
  6. Output controls – controlling the privacy of the data.

Access Controls

These controls establish the interface between the would-be user of the computer system and the computer itself. These controls monitor the initial handshaking procedure of the user with the operating system. For example when a customer enter the card and the pin code in an automatic teller machine (ATM), the access controls are exercised by the system to block unwanted or illegitimate access.

Read more: CS507 - Information Systems - Lecture Handout 34

CS507 - Information Systems - Lecture Handout 35

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Audit trails and logs

An audit trail is a logical record of computer activities/usage/processing pertaining to an operating or application system or user activities. An information system may have several audit trails, each devoted to a particular type of activity. All these audit trails are primarily extracted from the audit log recorded on chronological basis. The audit log is maintained only for the list of activities specified for which the log is to be maintained. The information can be recorded varies including but not limited to

  1. Time stamp for the log in/out time
  2. Terminal in use
  3. Files accessed
  4. Transactions performed
  5. Amendments made

Audit trails can provide a means to help accomplish several security-related objectives, including individual accountability, reconstruction of events (actions that happen on a computer system), intrusion detection, and problem analysis, as well as evidence of the correct processing regimes within a system

Read more: CS507 - Information Systems - Lecture Handout 35

CS507 - Information Systems - Lecture Handout 36

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Risk Management

Risk Management is the process of measuring, or assessing risk and then developing strategies to manage the risk. In general, the strategies employed include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk. Risk management is a general concept which can encompass various aspects or issues to be catered for. For example risk management against natural disasters, financial risk management, knowledge risk management, relationship risk management. No matter what aspect of risk is being covered the general approach is quite the same. Here since we are more focused on study of information systems, we would try to relate more to the risks related to proper working of information systems.

Managing the security risks associated with reliance on information technology is a continuing challenge. Many private organizations, have struggled to find efficient ways to ensure that they fully understand the information security risks affecting their operations and implement appropriate controls to mitigate these risks. In recent years, systems have become more susceptible to virus because computers have become more interconnected and, thus, more interdependent and accessible to a larger number of individuals.

Read more: CS507 - Information Systems - Lecture Handout 36

CS507 - Information Systems - Lecture Handout 37

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Control Analysis

This phase includes assessment of controls already been implemented or planned, probability that they can be broken, assessment of potential loss despite such controls existing. Controls are also classified as non-technical controls also called management controls and technical controls – software, hardware controls. The output of this step is current or planned controls used for the IT system to measure the likelihood of vulnerability being exercised and reduce the impact of loss.

Likelihood Determination

CS507 - Information Systems - Lecture Handout 38

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Risk Management

Managing the companies risk is gaining more and more importance. Companies are getting more aware of the fact that risks should be foreseen and addressed before they could prove havoc for the organization in any regard.

Corporate Culture and Risk Management

As it goes, “The ultimate risk is not taking the risk”. Recognizing and managing risk should be an important part of the corporate culture. IS related risk management is a one level deeper into the over all corporate risk strategy. Assuming that most of the business processes have become computer and technology dependent to whatever extent actually used, a secure IS supported with a sound risk management strategy must be available to the organization.

Read more: CS507 - Information Systems - Lecture Handout 38

CS507 - Information Systems - Lecture Handout 39

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Web Security

The nature of the internet makes it vulnerable to attack. Estimates claim that there are over 300 million computers connected via the Internet. Originally designed to allow for the freest possible exchange of information, it is widely used today for commercial purposes. This poses significant security problems for organizations when protecting their information assets. For example, hackers and virus writers try to attack the Internet and computers connected to the Internet. Some want to invade others’ privacy and attempt to crack into databases of sensitive information or sniff information as it travels across Internet routes.

The concept of Web

The Internet Protocol is designed solely for the addressing and routing of data packets across a network. It does not guarantee or provide evidence on the delivery of messages. There is no verification of an address. The sender will not know if the message reaches its destination at the time it is required. The receiver does not know if the message came from the address specified as the return address in the packet. Other protocols correct some of these drawbacks.

Read more: CS507 - Information Systems - Lecture Handout 39

CS507 - Information Systems - Lecture Handout 40

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Factors Encouraging Internet Attacks

Generally, Internet attacks of both a passive and active nature occur for a number of reasons, including availability of tools and techniques on the Internet or as commercially available software that an intruder can download easily. For example, to scan ports, an intruder can easily obtain network scanners, various password cracking programs are available free or at a minimal cost. Lack of security awareness and training among an organization’s employees. No matter how perfect a system is made by removing all possible vulnerabilities, there are still chances that weaknesses exist and the system can be intruded at any given time. Inadequate security over firewalls and operating systems may allow intruders to view internal addresses and use network services indiscriminately.

Internet Security Controls

Information Systems can be made secure from the threats discussed last slides. There is not a single control available to cater for the risk of vulnerabilities associated with web (Internet). Some of the solutions are:

Read more: CS507 - Information Systems - Lecture Handout 40

CS507 - Information Systems - Lecture Handout 41

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

E-Commerce

Electronic Commerce (e-commerce or EC) describes the buying, selling, and exchanging of products, services, and information via computer network, primarily the internet. Some people view the term commerce as describing transactions conducted between business partners. Ebusiness is a broad definition of EC, not just buying and selling, but also servicing customers, collaborating with business partners, and conducting electronic transactions within an organization.

Why E-Commerce?

Due to rapid expansion in business, and time pressures from customers, Efficiency in delivering products and information there to and addressing complaints is of paramount importance. Use of internet or web services can be a very effective tool in achieving this goal. It helps to achieve various business goals in the fastest possible way, e.g. sharing production schedules with suppliers, knowing customer demands for future in advance. These days almost almost all businesses have Ecommerce, from fast food chains to automobile manufacturers. Online orders can be placed along with online payment made. All this is possible with the use of E-commerce. According to Lou Gerstner, IBM’s former CEO,

Read more: CS507 - Information Systems - Lecture Handout 41

CS507 - Information Systems - Lecture Handout 42

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Supply Chain Management

Introduction

The business in the globalization age is more about enhanced efficiencies, increased productivity resulting in lower costs of production, quick and effective decision making increased outreach and customer/client satisfaction and sharing knowledge across institutions. This enables a business to become a more effective player in the free and extremely competitive global market. Globalization encompasses the concept of moving beyond the geographical boundaries of a country and using technological advances to maximum advantage for the business. The internet and Web technologies have brought new dimensions to doing and managing business. ECommerce we have talked about. Obviously every business has some inherent risks. So does ECommerce.
For example, privacy, legality, taxation are issues that pose a challenge for a good Ebusiness environment although measures both legislative and operational have been taken and continue to be devised. As far as Management Information Systems for businesses are concerned these too have undergone a major change particularly with the availability of Internet. Gone are the days of the stand alone systems which looked at each aspect of the business separately. Today we are talking of end to end solutions for businesses. In other words business imperatives have driven us to re-define the scope of the coverage/ extant of management information systems. The Buzzword for some time now is “ ENTERPRISE RESOURCE PLANNING.” (ERP).

Read more: CS507 - Information Systems - Lecture Handout 42

CS507 - Information Systems - Lecture Handout 43

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Enterprise Resource Planning

Following are various modes of integration:

  1. Connect Existing modules/system
  2. Use Supply Chain Management (SCM) Software
  3. Use ERP Software

The material on first two modes is available in the handouts of lecture 42. The third way of integrating is using an ERP software. Before we start of with what ERP is, I would like to touch a previously discussed linkage between IT and business objectives.

Business Objectives and IT

The goals set by the business strategy are always of supreme importance. Some of these goals are meeting customer requirements, reaching customer where he is --- online, scattered locations, achieving distinctive competence and winning brand loyalty. IT function in an organization is set up in order to support the business goals set at all levels of the organization. IT objectives should be flexed according to the business needs of the organization. This helps in efficient use of IT resources for the achievement of business objectives.

Read more: CS507 - Information Systems - Lecture Handout 43

CS507 - Information Systems - Lecture Handout 44

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

ERP & E-commerce

Organizations do accept that when we talk of E-commerce in real terms, not just having a website for online information but actually to be able to execute transactions, there has to be an integrated software up and running. Especially when Consumerism is the prime focus, being integrated and online will help in better implementation of CRM.

Text in the clips

This is known as the business to business B2B and business to consumer B2C.They have become buzz words but they are very real. What most ERP’s are heading towards are internet portals. The front end becomes the internet portal and the other businesses and customers can come in through that.

Gist of the clips

Now consumers and business use the gateway of internet to walk into the business and make transactions. So Websites with online buying options have become the virtual selling locations for the business.

Read more: CS507 - Information Systems - Lecture Handout 44

CS507 - Information Systems - Lecture Handout 45

User Rating:  / 0

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Importance of ethics in IS

Information is a source of power. Consequently, developments in information systems also involve social and political relationships-- and so make ethical considerations in how information is used all the more important. Electronic systems now reach into all levels of government, into the workplace, and into private lives to such an extent that even people without access to these systems are affected in significant ways by them. New ethical and legal decisions are necessary to balance the needs and rights of everyone.

Meaning of Ethics

Ethics are moral choices made by individuals in relation to the rest of the community, standards of acceptable behavior, and rules governing members of a profession. ETHICS are principles and rules concerning duty to society, profession and business. Ethics is about how we ought to live. The purpose of ethics in information systems is not philosophical or academic, it can mean the survival of a business or industry. The issues relating to electronic information systems include control of and access to information, privacy and misuse of data, International considerations. Issues of ethics and privacy have always been there even when computerized environments were in their natal phase. However, with the advancement in technology, the issues have grown sophisticated and so are the remedies.

Read more: CS507 - Information Systems - Lecture Handout 45