Chapter 1,2,3
Chapter 1,2,3
Chapter 1,2,3
Data: Raw facts such as an employee’s name and number of hours worked in a week,
inventory part numbers or sales orders.
Information: A collection of facts organized in such a way that they have additional value
beyond the value of the facts themselves.
MIS
Management information systems are distinct from other information systems because
they are used to analyze and facilitate strategic and operational activities.
Academically, the term is commonly used to refer to the study of how individuals, groups,
and organizations evaluate, design, implement, manage, and utilize systems to generate
information to improve efficiency and effectiveness of decision making, including systems
termed decision support systems, expert systems, and executive information
systems.[2] Most business schools (or colleges of business administration within
universities) have an MIS department, alongside departments
of accounting, finance, management, marketing, and sometimes others, and grant degrees
(at undergrad, masters, and PhD levels) in MIS.
DATA VS INFORMATION
INFORMATION SYSTEM
Information System is the study of complementary networks of hardware and software that
people and organizations use to collect, filter, process, create, and distribute data.
The IS’s designer is concerned with how to use computer systems effectively in producing
data for the right person at the right time.
Executive Information Systems are strategic-level information systems that are found at the top of
the Pyramid. They help executives and senior managers analyze the environment in which the
organization operates, to identify long-term trends, and to plan appropriate courses of action. The
information in such systems is often weakly structured and comes from both internal and external
sources. Executive Information System are designed to be operated directly by executives without
the need for intermediaries and easily tailored to the preferences of the individual using them.
Origin: Information systems have been in existence since pre-mechanical era in form of
books, drawings, etc. However, the origin of information technology is mostly associated
with invention of computers.
Development: Information systems have undergone great deal of evolution, i.e. from
manual record keeping to the current cloud storage system. Similarly, information
technology is seeing constant changes with evermore faster processor and constantly
shrinking size of storage devices.
Business Application: Businesses have been using information systems for example in
form of manual books of accounts to modern TALLY. The mode of communication has
also gone under big change, for example, from a letter to email. Information technology
has helped drive efficiency across organization with improved productivity and precision
manufacturing.
Intelligent Support System (ISSs): Include expert systems which provide the stored
knowledge of experts to non-experts, and a new type of intelligent system with machine-
learning capabilities that can learn from historical cases.
Knowledge Management Systems: Support the creating, gathering, organizing, integrating
and disseminating of organizational knowledge.
Mobile Computing: Information systems that support employees who are working with
customers or business partners outside the physical boundaries of their company; can be
done over wire or wireless networks.
CLASSIFICATION OF IS
Management Support Systems provide information and support needed for effective decision
making by managers
Office automation systems automate office procedures and enhance office communications and
productivity.
Management support systems provide information and support needed for effective decision
making by managers
Operational efficiency
Some common examples of MIS output are reports onsales, stock, inventory, payroll
Functional Aspects
MIS is an integrated collection of functional information systems, each supporting
particular functional areas.
Financial MIS
Marketing MIS
o Stakeholders have different views of the system and each has something “at stake”
in determining the success of the system.
System Owners
System Users
System Designers
System Builders
o System owners pay for the system to be built and maintained. They own the system,
set priorities for the system, and determine policies for its use. In some cases,
system owners may also be system users.
o System users are the people who actually use the system to perform or support the
work to be completed. In today’s team-oriented business world, system users
frequently work side-by-side with system designers.
o System designers are the technical specialists who design the system to meet the
users requirements. In many cases, system designers may also be system builders.
Systems builders are the technical specialists who construct, test, and deliver the system
into operation.
INFORMATION SYSTEMS FRAMEWORK
S
Y
S SYSTEM INFORMATION SYSTEM REQUIREMENTS
USERS
T (WHAT the system "is" and "must do" independent of technology)
E
M
A
N
A
L
Y SYSTEM INFORMATION SYSTEM DESIGN
S DESIGNERS
T
(HOW the system will be implemented using technology)
S
o The term information worker (also called knowledge worker) was coined to
describe those people whose jobs involve the creation, collection, processing,
distribution, and use of information.
System Owners
o System owners are an information system's sponsors and chief advocates. They are
usually responsible for budgeting the money and time to develop, operate, and
maintain the information system. They are also ultimately responsible for the
system’s justification and acceptance.
o All participants in the information systems game share one thing in common, they
are what the U.S. Department of Labor now calls information workers.
o Today, more than 60 percent of the U.S. labor force is involved in the production,
distribution, and usage of information.
o For any system, large or small, there will be one or more system owners.
o System owners usually come from the ranks of management. For medium-to-large
information systems, the owners are usually middle or executive managers. For
smaller systems, the owners may be middle managers or supervisors. For personal
information systems, the owner and user are the same person.
o System owners tend to think in very general terms, not in details.
o System owners tend to be the least interested (or impressed) with the technology
used in any information system. They are concerned with the ‘value’ returned by
the system. Value is measured in different ways.
System Users
o System users are the people who use (and directly benefit from) the information
system on a regular basis – capturing, validating, entering, responding to, storing,
and exchanging data and information.
Internal Users
System users make up the vast majority of the information workers in any information
system.
System users define (1) the problems to be solved, (2) the opportunities to be exploited, (3)
the requirements to be fulfilled, and (4) the business constraints to be imposed by (or for)
the information systems. They also tend to be concerned with how easy (or difficult) the
system is to learn and use. Unlike system owners, system users tend to be less concerned
with costs and benefits of the system. Instead, they are concerned with ‘business
requirements’ of the system.
Internal users are employees of the business for which an information system is built.
Internal users are the largest class of users and comprise the largest percentage of system
users in most businesses.
Clerical and service workers perform most of the day-to-day data processing in the average
business. Most of the fundamental data in any business is captured or created by these
workers, many of whom perform manual labors in addition to processing of data.
Information systems that target these workers tend to focus on transaction processing speed
and accuracy.
Technical and professional staff consists largely of business and industrial specialists who
perform highly skilled and specialized work. Their work is based on well-defined bodies
of knowledge; hence, they are sometimes called knowledge workers. Information systems
that target these knowledge works tend to focus on data analysis as well as generating
timely information for problem solving.
System Users
External Users
System Designers
Supervisors, middle managers, and executive managers are all decision makers.
Supervisors tend to focus on day-to-day management issues. Middle managers are more
concerned with tactical, or short-term management plans and problems. Executive
managers are concerned with overall business performance, an strategic or long-term
planning and problem solving. Information systems for management tend to focus entirely
on information access. Managers need the right information at the right time to solve
problems and make good decisions.
Remote and mobile users like traditional internal users, they are employees of the business.
Unlike traditional internal users, they are geographically separated from the business. An
example is the sales and service representatives.
Many business are looking to telecommuting to reduce costs and improve worker
productivity. Telecommuting, stated simply, is working from home. There is considerable
evidence to suggest that many employees can be just as productive working at home if they
can be connected to the company’s information systems through modern
telecommunications technology.
Businesses are redesigning their information systems to directly connect to and interoperate
with their business and trading partners, suppliers, customers, and even the end consumer.
The explosive growth of the Internet for electronic commerce is making the consumer a
external user of information systems. Currently, World Wide Web pages on the Internet
are mostly used to market information to the end consumer of products.
o Perspectives - The People Side of Information Systems
System Builders
o System builders construct the information system components based upon the
design specifications from the system designers. In many cases, the system
designer and builder for a component are one and the same.
o For the system owners and users, the analyst typically constructs and validates their
views.
o For the system designers and builders, the analyst (at the very least) ensures that
the technical views are consistent and compatible with the business views.
Other technical specialists may also be involved, such as systems programmers, database
programmers, network administrators, and microcomputer software specialists.
IS IN FUNCTIONAL AREA
MIS is an integrated collection of functional information systems, each supporting
particular functional areas.
Internet An Organization’s
MIS
Financial
MIS
Business
transactions
Business
transactions
Databases Human
of
Resources Etc.
external
data
MIS
Extranet
Etc.
1.Relevance
2. Accuracy
3. Timely
o
4. Exhaustive
5. Cost-Effective
Main Qualities of Good Management Information System
o Relevance: Information should be relevant to the strategic decision that company
management is currently reviewing. Because companies may review several
business opportunities at one time, avoiding information not relating to the decision
is essential.
2. Accuracy: MIS information should be accurate and avoid any probable costs.
Making decisions based on estimates can lead to cost overruns or lower profits from
future operations.
IS RESOURCES
The individual data being processed through the use of hardware and software and shared
through network connection has allowed us to utilize more information in less time.
o Information Systems Resources
GENERAL CONTROLS
o IT General Controls – are policies and procedures that relate to many applications
and support the effective functioning of application controls by helping to ensure
the continued proper operation of information systems. These controls apply to
mainframe, server, and end-user environments. General IT controls commonly
include:
Establish framework for controlling design, security, and use of computer programs
o Application controls
o These are controls that relate to specific computer software applications and the
individual transactions. For example, a company would usually place restrictions
on which personnel have authorization to access its general ledger so as to revise
its chart of accounts, posting / approving journal entries etc.
The Digital Firm is a general term for organizations that have enabled core business
relationships with employees, customers, suppliers, and other external partners
through digital networks.
Protecting the Digital Firm
Load balancing: Distributes large number of requests for access among multiple servers
Mirroring: Duplicating all processes and transactions of server on backup server to prevent
any interruption
Clustering: Linking two computers together so that a second computer can act as a backup
to the primary computer or speed up processing
AUDIT
Take sample inputs and manually apply processing rules and compare outputs with
computer outputs
Extracting data based on the specified criterion for inspection(e.g. Students with wide
disparity in marks in two subjects)
Process with independent data file created by auditor and verify to see if system is as per
specification
SECURITY
Industrial espionage
Viruses/Worms
Regular back up of data bases every day/or week depending on the time criticality and size
Duplicate systems run and all transactions mirrored if it is a very critical system and cannot
tolerate any disruption before storing in disk.
Physical locks
Password system
Identification of all persons who read or modify data and logging it in a file
Antivirus software
practice of combining multiple mitigating security controls to protect resources and data.
E-commerce security is the protection of e-commerce assets from unauthorized access, use,
alteration, or destruction.
COUNTERMEASURE
A procedure that recognizes, reduces, or eliminates a threat
1. Intellectual property protection
– Legislature
– Authentication
2. Client computer protection
– Privacy -- Cookie blockers; Anonymizer
– Digital certificate (Figure 5.9)
– Browser protection
– Antivirus software
– Computer forensics expert
3. Communication channel protection
– Encryption
* Public-key encryption (asymmetric) vs Private-key encryption (symmetric)
* Encryption standard: Data Encryption Standard (DES), Advanced Encryption
Standard (AES)
– Protocol
* Secure Sockets Layer (SSL)
* Secure HyperText Transfer Protocol (S-HTTP)
– Digital signature
Bind the message originator with the exact contents of the message
–A hash function is used to transform messages into a 128-bit digest (message digest).
–The sender’s private key is used to encrypt the message digest (digital signature)
–The message + signature are sent to the receiver
–The recipient uses the hash function to recalculate the message digest
–The sender’s public key is used to decrypt the message digest
–Check to see if the recalculated message digest = decrypted message digest
4. Server protection
– Access control and authentication
* Digital signature from user
* Username and password
* Access control list
– Firewalls
International Computer Security Association's classification:
· Packet filter firewall: checks IP address of incoming packet and rejects anything that
does not match the list of trusted addresses (prone to IP spoofing)
· Application level proxy server: examines the application used for each individual IP
packet (e.g., HTTP, FTP) to verify its authenticity.
· Stateful packet inspection: examines all parts of the IP packet to determine whether
or not to accept or reject the requested communication.
SSL CERTIFICATES
It is the standard security technology for establishing an encrypted link between a web
server and a browser. This link ensures that all data passed between the web server and
browsers remain private and integral.
An organization needs to install the SSL Certificate onto its web server to initiate secure
sessions with browsers.
Depending on the type of SSL Certificate applied for, the organization will need to go
through differing levels of vetting.
Once a secure connection is established, all web traffic between the web server and the
web browser will be secure. Browsers tell visitors a website is SSL secure via several
visible trust indicators:
Types of SSL Certificates
Why there are different types of Certificates?
o Some organizations need SSL simply for confidentiality, e.g. encryption
o Some organizations wish to use SSL to enhance trust in their security and identity,
e.g. they want to show customers they have been vetted and are a legitimate
organization
Extended Validation, or EV SSL, raises the bar on standard SSL validation processes,
incorporating some of the highest standards in identity assurance to establish the legitimacy
of online entities.
Certificate Authorities put applicant websites through rigorous evaluation procedures and
meticulous documentation checks to confirm their authenticity and ownership.
This systematic authentication process, also known as the Extended Validation Standard,
is based on a set of guidelines prescribed for CAs to adhere to when they receive a request
for a digital certificate from an organization or business entity.
Remote access is the ability to get access to a computer or a network from a remote distance
through wired or wireless connection.
Authentication is the method of proving the subjects identity. E.g.: Password, Passphrase,
PIN
Why?
To Prevent
Accessing private data and information transferring between server and users i.e. Channel
attack.
Biometrics
Passwords
Cognitive Passwords
Card Based
Importance Today ?
Today every thing is electronics and internet based like e-banking, e-commerce, e-learning,
e-governance, m-banking etc.
Companies have many branches worldwide so data and information are distributed among
branches offices.
PBE uses the Email Content Control rules to identify which email needs to be encrypted.
The PBE Service is managed through the same control panel that you use to manage your
Anti-Virus.
PBE service is closely integrated with the Email Content Control service.
Automatically applies email encryption based on the organization's email security policies.
Data loss prevention and email messages security policies are consistently and accurately
applied.
ENTERPRISE SOFTWARE
• Enterprise software is any software used in large organizations (whether business or
government).
• It is considered to be an essential part of a computer-based information system, and it
provides business-oriented tools such as online payment processing and automated billing
systems.
• Enterprise software is also referred to as enterprise application software.
SUPPLY CHAIN
• A supply chain is the system of organizations, people, activities, information and resources
involved in moving a product or service from supplier to customer.
• Supply chain activities transform raw materials and components into a finished product
that is delivered to the end customer.
Supply Chain Management
Supply Chain Management is
the design and management of processes
across organizational boundaries
with the goal of matching supply and demand
in the most cost effective way.
CRM Strategies
Customer Retention Marketing Techniques
• Customization: Changing the product (not just the marketing message) according to user
preferences
• Customer co-production: Allows the customer to interactively create the product
• Customer service tools include:
– Frequently asked questions
– Real-time customer service chat systems
– Automated response systems
ENTERPRISE IT MANAGEMENT
• EITM is a strategy conceived and developed by Computer Associates International which
details how organizations can transform the management of IT in order to maximize
business value.
• Strategy for increasing the business relevance of the IT function, EITM considers the need
for IT organizations to start operating as a service-based business.
• Ensuring investments are prioritized according to business strategy and that operational
efficiencies can be more quickly realized and costs reduced when IT processes are
integrated and automated.
ENTERPRISE INTEGRATION
• Integration of markets
• Integration between several development and manufacturing sites
• Integration between suppliers and manufacturers
• Integration of design and manufacturing
• Integration of multi-vendor hardware and software components
Basic principles for integration
• Provide the vision, right information, resources, and responsibility
• Empowered people
• A comprehensive and effective communication networks
• Democratization and dissemination of information
• Freely shared information
Types of Integration
• Loose Integration versus Full Integration
• Horizontal Integration versus Vertical Integration
• Intra-Enterprise Integration versus Inter-enterprise Integration
• System Integration, Application Integration, and Business Integration
ALIGNMENT PROCESS
• Developing a common understanding among the key stakeholders of the purpose and goals
of the project and the means and methods of accomplishing those goals is called the
Alignment Process.
• It is important to accomplish this alignment during the initiation phase.
• Project managers usually conduct a start-up meeting that is sometimes called a kickoff
meeting.
• The agenda and duration of the start-up meeting depends on the complexity level of the
project.
• Projects with a limited scope and short duration may engage in a session start-up meeting
over lunch.
• A medium-complexity project will require more-hour meeting while a high-complexity
project cannot achieve alignment in a single meeting. Alignment can require several days
of activities.
ELECTRONIC ORGANISMS
As systems become more complex, the designs of this systems must be automated.
Electronic organisms, in fact all organisms,
have to be complex, because they have to contain all the creative infrastructure necessary
for their creation, reproduction, maintenance and action,
but they can easily afford to be complex, because there is no need for detailed
communication with a programmer.
Electronic Organisms have the ability to react immediately to unforeseen challenges,
without the need for a programmer to recognize the situation and deal with it by modifying
a program.
Electronic Organisms do so by recurrence to fundamental goals and organizing principles,
just as programmers do so now.
Electronic organisms will live, grow and evolve in the rapidly growing world of installed
computers and networks, just as microbes, plants and animals live in natural ecosystems.
Strong forces are pushing technology towards electronic organisms.