CHAPTER 1: INFORMATION SYSTEM

Data: Raw facts such as an employee’s name and number of hours worked in a week,
inventory part numbers or sales orders.

Information: A collection of facts organized in such a way that they have additional value
beyond the value of the facts themselves.

MIS: A management information system (MIS) provides information that organizations

require to manage themselves efficiently and effectively. Management information
systems are typically computer systems used for managing.

THE FIVE PRIMARY COMPONENTS:

1.) Hardware, 2.) Software, 3.) Data (information for decision making), 4.) Procedures
(design, development and documentation), and 5.) People (individuals, groups, or
organizations).

MIS

Management information systems are distinct from other information systems because
they are used to analyze and facilitate strategic and operational activities.

Academically, the term is commonly used to refer to the study of how individuals, groups,
and organizations evaluate, design, implement, manage, and utilize systems to generate
information to improve efficiency and effectiveness of decision making, including systems
termed decision support systems, expert systems, and executive information
systems.[2] Most business schools (or colleges of business administration within
universities) have an MIS department, alongside departments
of accounting, finance, management, marketing, and sometimes others, and grant degrees
(at undergrad, masters, and PhD levels) in MIS.

DATA VS INFORMATION
 INFORMATION SYSTEM

 Information System is the study of complementary networks of hardware and software that
people and organizations use to collect, filter, process, create, and distribute data.

 The IS’s designer is concerned with how to use computer systems effectively in producing
data for the right person at the right time.

 An information system is typically considered to be a set of interrelated elements or

components that collect(input), manipulate(processes), and disseminate (output) data and
information and provide a feedback mechanism to meet an objective.
o Open System
o Close System

TYPES OF INFORMATION SYSTEM

Transaction Processing Systems
A transaction processing system provides a way to collect, process, store, display modify or cancel
transactions. Most of these systems allow multiple transactions to take place simultaneously. The
data that this system collects is usually stored in databases which can be used to produce reports such
as billing, wages, inventory summaries, manufacturing schedules, or check registers.
Management Information Systems
A management information system is an information system that uses the data collected by the
transaction processing system and uses this data to create reports in a way that managers can use it to
make routine business decisions in response to problems. Some of the reports that this information
system creates are summary, exception and ad hoc reports. All this is done to increase the efficiency
of managerial activity.
Decision Support Systems
A decision support system helps make decisions by working and analyzing data that can generate
statistical projections and data models. This system gives support rather than replacing a managers
judgement while improving the quality of a managers decision. A DSS helps solve problems while
using external data.
Executive Information Systems

Executive Information Systems are strategic-level information systems that are found at the top of
the Pyramid. They help executives and senior managers analyze the environment in which the
organization operates, to identify long-term trends, and to plan appropriate courses of action. The
information in such systems is often weakly structured and comes from both internal and external
sources. Executive Information System are designed to be operated directly by executives without
the need for intermediaries and easily tailored to the preferences of the individual using them.

COMPUTER-BASED INFORMATION SYSTEM

 An Information System is an organized combination of people, hardware, software,

communication networks and the data resources that collects, transforms and disseminates
information in a organization.

INFORMATION SYSTEMS VS INFORMATION TECHNOLOGY

 Information technology can be considered as a subset of information systems. It deals with
the technology part of any information system, and as such deals with hardware, servers,
operating systems and software etc.

 Information technology can be considered as a subset of information systems. It deals with

the technology part of any information system, and as such deals with hardware, servers,
operating systems and software etc.
 A system is always a combination of people, machines, processes and technology. And IT
is just a part of the system. Since a part can never be identical to whole, information systems
is never going to be identical to information technology. Designing of a system takes much
more than technology as people and processes are also involved.
 ‘Information systems’ is in essence bridging the gap between business and the ever
growing field of computers. On the other hand, information technology is all about
managing technology and making use of it for the betterment of business.

 Origin: Information systems have been in existence since pre-mechanical era in form of
books, drawings, etc. However, the origin of information technology is mostly associated
with invention of computers.
 Development: Information systems have undergone great deal of evolution, i.e. from
manual record keeping to the current cloud storage system. Similarly, information
technology is seeing constant changes with evermore faster processor and constantly
shrinking size of storage devices.
 Business Application: Businesses have been using information systems for example in
form of manual books of accounts to modern TALLY. The mode of communication has
also gone under big change, for example, from a letter to email. Information technology
has helped drive efficiency across organization with improved productivity and precision
manufacturing.

EXPANDING ROLES OF IS(HISTORY OF IS)

 Data Processing: 1950s-1960s

 Management Reporting: 1960s-1970s

 Decision support: 1970s-1980s

 Strategic and End User Support: 1980s-1990s

 Global Internetworking: 1990s-2000s

 Data Processing: 1950s-1960s

The first business application of computers (in the mid- 1950s) performed repetitive, high-
volume, transaction-computing tasks. The computers "crunched numbers” summarizing
and organizing transactions and data in the accounting, finance, and human resources areas.
Such systems are generally called transaction processing systems (TPSs)

 Management Reporting: 1960s-1970s

Management Information Systems (MISs): these systems access, organize, summarize and
display information for supporting routine decision making in the functional areas. Office
Automation Systems( OASs): such as word processing systems were developed to
support office and clerical workers.

 Decision support: 1970s-1980s

Decision Support Systems: were developed to provide computer based support for
complex, non-routine decision.

 Strategic and End User Support: 1980s-1990s

The use or development of information systems by the principal users of the systems’
outputs, such as analysts, managers, and other professionals.

Intelligent Support System (ISSs): Include expert systems which provide the stored
knowledge of experts to non-experts, and a new type of intelligent system with machine-
learning capabilities that can learn from historical cases.
 Knowledge Management Systems: Support the creating, gathering, organizing, integrating
and disseminating of organizational knowledge.

 Global Internetworking: 1990s-2000s

Mobile Computing: Information systems that support employees who are working with
customers or business partners outside the physical boundaries of their company; can be
done over wire or wireless networks.

CLASSIFICATION OF IS

Operations support systems process data generated by business operations

 Major categories are:

Transaction processing systems
Process control systems
Office automation systems

Management Support Systems provide information and support needed for effective decision
making by managers

 Major categories are:

 Management Information System

 Decision Support Systems

 Executive Information System

1. Operations Support System

 Transaction processing systems
  Process business exchanges

 Maintain records about the exchanges

 Handle routine, yet critical, tasks

 Perform simple calculations

Process control systems monitor and control industrial processes.

Office automation systems automate office procedures and enhance office communications and
productivity.

Management support systems provide information and support needed for effective decision
making by managers

Major categories are:

Management information systems

 Routine information for routine decisions

 Operational efficiency

 Use transaction data as main input

 Databases integrate MIS in different functional areas

 Some common examples of MIS output are reports onsales, stock, inventory, payroll

Decision Support System

 Interactive support for non-routine decisions or problem

 End-users are more involved in creating a DSS than an MIS

Executive information systems

 provide critical information tailored to the information needs of executives

 DSS: Decision Support System

MIS: MANAGEMENT INFORMATION SYSTEM

 Functional Aspects
 MIS is an integrated collection of functional information systems, each supporting
particular functional areas.
 Financial MIS

Provides financial information to all financial managers within an organization.

 Marketing MIS

Supports managerial activities in product development, distribution, pricing decisions, and

promotional effectiveness

A FRAMEWORK FOR INFORMATION SYSTEMS ARCHITECTURE

 What is an Information Systems Architecture?

o An information systems architecture provides a unifying framework into which

various people with different perspectives can organize and view the fundamental
building blocks of information systems.

o Stakeholders have different views of the system and each has something “at stake”
in determining the success of the system.

o Stakeholders can be broadly classified into four groups:

 System Owners

 System Users

 System Designers
  System Builders

 Information systems architecture provides a foundation for organizing the various

components of any information system you care to develop.
 Different people have different views of the system. Managers, users, and technical
specialists each view the system in different ways, and in different levels of detail. We call
these people stakeholders in the system. They can be broadly classified into four groups:

o System owners pay for the system to be built and maintained. They own the system,
set priorities for the system, and determine policies for its use. In some cases,
system owners may also be system users.

o System users are the people who actually use the system to perform or support the
work to be completed. In today’s team-oriented business world, system users
frequently work side-by-side with system designers.

o System designers are the technical specialists who design the system to meet the
users requirements. In many cases, system designers may also be system builders.

 Systems builders are the technical specialists who construct, test, and deliver the system
into operation.
INFORMATION SYSTEMS FRAMEWORK

INFORMATION SYSTEM FOCUSES

SYSTEM INFORMATION SYSTEM SCOPE

OWNERS
(purpose and vision; goals and objectives; costs and benefits)

S
Y
S SYSTEM INFORMATION SYSTEM REQUIREMENTS
USERS
T (WHAT the system "is" and "must do" independent of technology)
E
M

A
N
A
L
Y SYSTEM INFORMATION SYSTEM DESIGN
S DESIGNERS
T
(HOW the system will be implemented using technology)
S

SYSTEM INFORMATION SYSTEM COMPONENTS

BUILDERS
(the actual, technical implementation of the system)

Software Interface Networking

Data Technology Technology Technology
Technology
 Figure :Information System Perspectives
o Each group of stakeholders is afforded one row in our information systems
framework. Furthermore, each row has its own perspective or view of the
information system.
o Perspectives - The People Side of Information Systems

 What are Information Workers?

o The term information worker (also called knowledge worker) was coined to
describe those people whose jobs involve the creation, collection, processing,
distribution, and use of information.

 System Owners

o System owners are an information system's sponsors and chief advocates. They are
usually responsible for budgeting the money and time to develop, operate, and
maintain the information system. They are also ultimately responsible for the
system’s justification and acceptance.

o All participants in the information systems game share one thing in common, they
are what the U.S. Department of Labor now calls information workers.
o Today, more than 60 percent of the U.S. labor force is involved in the production,
distribution, and usage of information.
o For any system, large or small, there will be one or more system owners.
o System owners usually come from the ranks of management. For medium-to-large
information systems, the owners are usually middle or executive managers. For
smaller systems, the owners may be middle managers or supervisors. For personal
information systems, the owner and user are the same person.
o System owners tend to think in very general terms, not in details.
o System owners tend to be the least interested (or impressed) with the technology
used in any information system. They are concerned with the ‘value’ returned by
the system. Value is measured in different ways.

o What is the purpose of the system?

o What is the vision of the system – goals and objectives?

o How much will the system cost to build?

o How much will the system cost to operate?

o Will those costs be offset by measurable benefits?

o What about intangible benefits?

Perspectives - The People Side of Information Systems

 System Users

o System users are the people who use (and directly benefit from) the information
system on a regular basis – capturing, validating, entering, responding to, storing,
and exchanging data and information.

o There are many classes of system users including:

 Internal Users

 Clerical and service workers

 Technical and professional staff

• Knowledge workers are a subset of information workers

whose responsibilities are based on a specialized body of
knowledge.

 Supervisors, middle managers, and executive managers

 System users make up the vast majority of the information workers in any information
system.

 System users define (1) the problems to be solved, (2) the opportunities to be exploited, (3)
the requirements to be fulfilled, and (4) the business constraints to be imposed by (or for)
the information systems. They also tend to be concerned with how easy (or difficult) the
system is to learn and use. Unlike system owners, system users tend to be less concerned
with costs and benefits of the system. Instead, they are concerned with ‘business
requirements’ of the system.

 Internal users are employees of the business for which an information system is built.
Internal users are the largest class of users and comprise the largest percentage of system
users in most businesses.

 Clerical and service workers perform most of the day-to-day data processing in the average
business. Most of the fundamental data in any business is captured or created by these
workers, many of whom perform manual labors in addition to processing of data.
Information systems that target these workers tend to focus on transaction processing speed
and accuracy.

 Technical and professional staff consists largely of business and industrial specialists who
perform highly skilled and specialized work. Their work is based on well-defined bodies
of knowledge; hence, they are sometimes called knowledge workers. Information systems
 that target these knowledge works tend to focus on data analysis as well as generating
timely information for problem solving.

o Perspectives - The People Side of Information Systems

 System Users

o There are many classes of system users including: (continued)

 Remote and Mobile Users

 External Users

 System Designers

o System designers translate users' business requirements and constraints into

technical solutions. They design the computer files, databases, inputs, outputs,
screens, networks, and programs that will meet the system users' requirements.
They also integrate the technical solution back into the day-to-day business
environment.

 Supervisors, middle managers, and executive managers are all decision makers.
Supervisors tend to focus on day-to-day management issues. Middle managers are more
concerned with tactical, or short-term management plans and problems. Executive
managers are concerned with overall business performance, an strategic or long-term
planning and problem solving. Information systems for management tend to focus entirely
on information access. Managers need the right information at the right time to solve
problems and make good decisions.

 Remote and mobile users like traditional internal users, they are employees of the business.
Unlike traditional internal users, they are geographically separated from the business. An
example is the sales and service representatives.

 Many business are looking to telecommuting to reduce costs and improve worker
productivity. Telecommuting, stated simply, is working from home. There is considerable
evidence to suggest that many employees can be just as productive working at home if they
can be connected to the company’s information systems through modern
telecommunications technology.

 Businesses are redesigning their information systems to directly connect to and interoperate
with their business and trading partners, suppliers, customers, and even the end consumer.
The explosive growth of the Internet for electronic commerce is making the consumer a
external user of information systems. Currently, World Wide Web pages on the Internet
are mostly used to market information to the end consumer of products.
 o Perspectives - The People Side of Information Systems

 System Builders

o System builders construct the information system components based upon the
design specifications from the system designers. In many cases, the system
designer and builder for a component are one and the same.

o The applications programmer is the classic example of a system builder.

 The Role of the System Analyst

o For the system owners and users, the analyst typically constructs and validates their
views.

o For the system designers and builders, the analyst (at the very least) ensures that
the technical views are consistent and compatible with the business views.

 Other technical specialists may also be involved, such as systems programmers, database
programmers, network administrators, and microcomputer software specialists.

IS IN FUNCTIONAL AREA
MIS is an integrated collection of functional information systems, each supporting
particular functional areas.
 Internet An Organization’s
MIS

Financial
MIS
Business
transactions

Drill down reports

Accounting
Transaction Databases MIS Exception reports
processing of
Demand reports
systems valid
transactions Key-indicator reports
Marketing
MIS Scheduled reports

Business
transactions
Databases Human
of
Resources Etc.
external
data
MIS
Extranet
Etc.

Pushpa Thapa, KEC 21

QUALITIES OF INFORMATION SYSTEM

o Management information systems (MIS) is an organized approach to gathering
information from company operations and making a strategic management
decision. Developing quality characteristics for gathering information is essential
to making solid management decisions.
o The main qualities of good management information system are:

1.Relevance

2. Accuracy

3. Timely
o
4. Exhaustive

5. Cost-Effective
Main Qualities of Good Management Information System
o Relevance: Information should be relevant to the strategic decision that company
management is currently reviewing. Because companies may review several
business opportunities at one time, avoiding information not relating to the decision
is essential.

2. Accuracy: MIS information should be accurate and avoid any probable costs.
Making decisions based on estimates can lead to cost overruns or lower profits from
 future operations.

3. Timely: Many management decisions are based on information from a certain

time period, such as quarterly or annual periods. Information outside of the
requested time frame may skew information and lead to an improperly informed
decision.

4. Exhaustive: MIS information gathering should resemble an upside-down

triangle. The early stages of information gathering should be exhaustive, including
all types of company information. As management narrows its decision-making
process, the information is refined to include only the most relevant pieces.

5. Cost-Effective: The MIS needs to be a cost-effective and efficient system for

gathering information. Most of these systems are developed internally, creating
costs that cannot be passed to clients.

IS RESOURCES

 The individual data being processed through the use of hardware and software and shared
through network connection has allowed us to utilize more information in less time.
o Information Systems Resources

 Networks …connected in some manner that allows to sharing of resources

 Hardware and Peripheral Devices …tangible and can be touched

 Software …intangible and can’t be touched physically

 Data …one piece of a record

 People …work together to create usable information

 CHAPTER 2
CONTROL, AUDIT AND SECURITY OF INFORMATION
SYSTEM
CONTROLS

 Methods, policies, and procedures

 Ensures protection of organization’s assets

 Ensures accuracy and reliability of records, and operational adherence to management

standards

GENERAL CONTROLS

o IT General Controls – are policies and procedures that relate to many applications
and support the effective functioning of application controls by helping to ensure
the continued proper operation of information systems. These controls apply to
mainframe, server, and end-user environments. General IT controls commonly
include:

• Controls over data centre and network operations

• System software acquisition, change and maintenance
• Access security
• Application system acquisition, development, and maintenance.
• Physical security of assets, including adequate safeguards such as secured
facilities over access to assets and records,
• Authorization for access to computer programs and data files.

 Establish framework for controlling design, security, and use of computer programs

 Include software, hardware, computer operations, data security, implementation, and

administrative controls

o Application controls
o These are controls that relate to specific computer software applications and the
individual transactions. For example, a company would usually place restrictions
on which personnel have authorization to access its general ledger so as to revise
its chart of accounts, posting / approving journal entries etc.

 Unique to each computerized application

 Include input, processing, and output controls

DIGITAL FIRM

 The Digital Firm is a general term for organizations that have enabled core business
relationships with employees, customers, suppliers, and other external partners
through digital networks.
 Protecting the Digital Firm

 High-availability computing: Tools and technologies enabling system to recover from a

crash

 Disaster recovery plan: Runs business in event of computer outage

 Load balancing: Distributes large number of requests for access among multiple servers

 Mirroring: Duplicating all processes and transactions of server on backup server to prevent
any interruption

 Clustering: Linking two computers together so that a second computer can act as a backup
to the primary computer or speed up processing

AUDIT

 An audit is an objective examination and evaluation of the financial statements of an

organization to make sure that the records are a fair and accurate representation of the
transactions they claim to represent. It can be done internally by employees of the
organization, or externally by an outside firm.

 Ensure computer based financial and other information reliable

 Ensure all records included while processing

 Ensure protection from frauds

Auditing Around Computer

 Take sample inputs and manually apply processing rules and compare outputs with
computer outputs

Auditing Through The Computer

 Establish audit trail which allows examining selected intermediate results

 Control totals provide intermediate checks

 Facility to trace transaction value and print intermediate results

 Selective printing of records meeting criteria specified by the auditor

  For example :Inactive accounts, overactive accounts, accounts with high balance
o Comparing credit and debit balances
o Ensure logs are kept of who did what in critical data entry and processing to fix
responsibility. Called an Audit trail.

 Auditor’s own check inputs and expected outputs.

Auditing With The Computer

 Extracting data based on the specified criterion for inspection(e.g. Students with wide
disparity in marks in two subjects)

 Totaling specified subset of data for check

 Procedure to check sale discounts

 Process with independent data file created by auditor and verify to see if system is as per
specification

SECURITY

 Security means protection of data from accidental or intentional modification, destruction

or disclosure to unauthorized persons

POTENTIAL THREATS TO SECURITY

o Natural disasters such as fire, floods, earthquakes
o Accidents such as disk crashes, file erasure by inexperienced operators
o Theft/erasure of data by disgruntled employees

 Frauds by changing programs, data by employees

 Industrial espionage

 Viruses/Worms

 Hackers who break into systems connected to the internet

 Denial of service attacks by flooding with mail

HOW TO PROTECT DATA/PROGRAMS

 Regular back up of data bases every day/or week depending on the time criticality and size

 Incremental back up at shorter intervals

  Backup copies kept in safe remote location-particularly necessary for disaster recovery

 Duplicate systems run and all transactions mirrored if it is a very critical system and cannot
tolerate any disruption before storing in disk.

 Physical locks

 Password system

 Biometric authentication (Eg: Finger print)

 Encrypting sensitive data/programs

 Identification of all persons who read or modify data and logging it in a file

 Training employees on data care/handling and security

 Antivirus software

 Firewall protection when connected to internet

ENTERPRISE LAYERED SECURITY STRATEGY

 practice of combining multiple mitigating security controls to protect resources and data.

 Also known as layered defense

Types of Security Layers

 Consumer Layered Security Strategy

 Enterprise Layered Security Strategy

CONSUMER LAYERED SECURITY STRATEGY

 Extended validation (EV) SSL certificates

 Multifactor authentication (also sometimes known as versatile or two-factor

authentication)

 Single sign-on (SSO)

 Fraud detection and risk-based authentication

 Transaction signing and encryption

 Secure Web and e-mail

 Open fraud intelligence network

Enterprise Layered Security Strategy
 Workstation application whitelisting

 Workstation system restore solution

 Workstation and network authentication

 File, disk and removable media encryption

 Remote access authentication

 Network folder encryption

 Secure boundary and end-to-end messaging

 Content control and policy-based encryption

WHAT IS E-COMMERCE SECURITY

 E-commerce security is the protection of e-commerce assets from unauthorized access, use,
alteration, or destruction.

 6 dimensions of e-commerce security

1. Integrity: prevention against unauthorized data modification
2. Nonrepudiation: prevention against any one party from reneging on an agreement
after the fact
3. Authenticity: authentication of data source
4. Confidentiality: protection against unauthorized data disclosure
5. Privacy: provision of data control and disclosure
6. Availability: prevention against data delays or removal

Threats: anyone with the capability, technology, opportunity, and intent to do

harm.Potential threats can be foreign or domestic, internal or external, state-sponsored or
a single rogue element. Terrorists, insiders, disgruntled employees, and hackers are
included in this profile (President's Commission on Critical Infrastructure Protection)

 Concern
 Loss of Privacy/confidentiality, data misuse/abuse
 Cracking, eavesdropping, spoofing, rootkits
 Viruses, Trojans, worms, hostile ActiveX and Java
 System unavailability, denial of service, natural disasters, power
interruptions
1. Intellectual property threats -- use existing materials found on the Internet without
the owner's permission, e.g., music downloading, domain name (cybersquatting), software
pirating
2. Client computer threats
– Trojan horse
-– Active contents
-– Viruses
3. Communication channel threats
– Sniffer program
– Backdoor
– Spoofing
– Denial-of-service
4. Server threats
– Privilege setting
– Server Side Include (SSI), Common Gateway Interface (CGI)
– File transfer
– Spamming

COUNTERMEASURE
A procedure that recognizes, reduces, or eliminates a threat
1. Intellectual property protection
– Legislature
– Authentication
2. Client computer protection
– Privacy -- Cookie blockers; Anonymizer
– Digital certificate (Figure 5.9)
– Browser protection
– Antivirus software
– Computer forensics expert
3. Communication channel protection
– Encryption
* Public-key encryption (asymmetric) vs Private-key encryption (symmetric)
* Encryption standard: Data Encryption Standard (DES), Advanced Encryption
Standard (AES)
– Protocol
* Secure Sockets Layer (SSL)
* Secure HyperText Transfer Protocol (S-HTTP)
– Digital signature
Bind the message originator with the exact contents of the message
–A hash function is used to transform messages into a 128-bit digest (message digest).
 –The sender’s private key is used to encrypt the message digest (digital signature)
–The message + signature are sent to the receiver
–The recipient uses the hash function to recalculate the message digest
–The sender’s public key is used to decrypt the message digest
–Check to see if the recalculated message digest = decrypted message digest
4. Server protection
– Access control and authentication
* Digital signature from user
* Username and password
* Access control list
– Firewalls
International Computer Security Association's classification:
· Packet filter firewall: checks IP address of incoming packet and rejects anything that
does not match the list of trusted addresses (prone to IP spoofing)
· Application level proxy server: examines the application used for each individual IP
packet (e.g., HTTP, FTP) to verify its authenticity.
· Stateful packet inspection: examines all parts of the IP packet to determine whether
or not to accept or reject the requested communication.

HOW TO MINIMIZE SECURITY THREATS

1. Perform a risk assessment à a list of information assets and their value to the firm
2. Develop a security policy à a written statement on:
* what assets to protect from whom?
* why these assets are being protected?
* who is responsible for what protection?
* which behaviors are acceptable and unacceptable?
3. Develop an implementation plan à a set of action steps to achieve security goals
4. Create a security organization à a unit to administer the security policy
5. Perform a security audit à a routine review of access logs and evaluation of security
procedures

SSL CERTIFICATES

 SSL stands for Secure Socket Layer.

 It is the standard security technology for establishing an encrypted link between a web
server and a browser. This link ensures that all data passed between the web server and
browsers remain private and integral.

 To be able to create an SSL connection a web server requires an SSL Certificate.

 SSL Certificates are small data files that digitally bind a cryptographic key to an
organization’s details. When installed on a web server, it activates the padlock and the https
protocol (over port 443) and allows secure connections from a web server to a browser.
Typically, SSL is used to secure credit card transactions, data transfer and logins, and more
recently is becoming the norm when securing browsing of social media sites.

 SSL Certificates bind together:

o A domain name, server name or hostname.
o An organizational identity (i.e. company name) and location.

 An organization needs to install the SSL Certificate onto its web server to initiate secure
sessions with browsers.

 Depending on the type of SSL Certificate applied for, the organization will need to go
through differing levels of vetting.

 Once installed, it is possible to connect to the website over https://www.domain.com, as

this tells the server to establish a secure connection with the browser.

 Once a secure connection is established, all web traffic between the web server and the
web browser will be secure. Browsers tell visitors a website is SSL secure via several
visible trust indicators:
 Types of SSL Certificates
 Why there are different types of Certificates?
o Some organizations need SSL simply for confidentiality, e.g. encryption
o Some organizations wish to use SSL to enhance trust in their security and identity,
e.g. they want to show customers they have been vetted and are a legitimate
organization

 There are basically three types of SSL certificates

o OV SSL CERTIFICATES: assures the validity of a Web site by verifying that the
applicant is a legitimate business. Before issuing the SSL certificate, the CA
performs a rigorous validation procedure, including checking the applicant's
business credentials (such as the Articles of Incorporation) and verifying the
accuracy of its physical and Web addresses.
o DV SSL CERTIFICATES: The validation procedure is less rigorous for a Domain
Validated SSL Certificate. When issuing a Domain Validated SSL Certificate, the
CA checks only that the applicant's name and contact information matches the
registration information in the WHOIS database for the domain name associated
with the applied for SSL Certificate.
o EV SSL CERTIFICATES: The Certificate application process itself is more
thorough and the validation criteria more rigorous for EV certification, whose
applicants, at least initially, are limited to certain types of business entities and
government agencies.

EV (EXTENDED VALIDATION)SSL CERTIFICATES

Extended Validation, or EV SSL, raises the bar on standard SSL validation processes,
incorporating some of the highest standards in identity assurance to establish the legitimacy
of online entities.

 Certificate Authorities put applicant websites through rigorous evaluation procedures and
meticulous documentation checks to confirm their authenticity and ownership.
 This systematic authentication process, also known as the Extended Validation Standard,
is based on a set of guidelines prescribed for CAs to adhere to when they receive a request
for a digital certificate from an organization or business entity.

 These guidelines include:

o Establishing the legal, physical and operational existence of the entity
o Verifying that the entity's identity matches official records like incorporation and
business licensing information
o Confirming that the entity owns or has exclusive rights to use the domain mentioned
in the application for certification
o Confirming that the request for an EV certificate has been authorized by the entity

 The objective of the EV issuance process is to enable users to distinguish legitimate

websites from phishing sites, building their trust in online commercial transactions and
increasing participation.

REMOTE BASED AUTHENTICATION

 Remote access is the ability to get access to a computer or a network from a remote distance
through wired or wireless connection.

 Authentication is the method of proving the subjects identity. E.g.: Password, Passphrase,
PIN

Why?

 To Prevent

 Accessing private data and information transferring between server and users i.e. Channel
attack.

 Direct attacks from hackers into network .

 Brute force, software attacks

 Authentication Methods:

 Biometrics

 Passwords

 Cognitive Passwords

 Card Based

 One-Time or Dynamic Passwords (token based)

Importance Today ?

 Today every thing is electronics and internet based like e-banking, e-commerce, e-learning,
e-governance, m-banking etc.

 Companies have many branches worldwide so data and information are distributed among
branches offices.

 User do transaction remotely using internet using different handheld devices.

 All information of enterprises are centralized at server which is shared/distributed remotely

among concerned people worldwide.

CONTENT CONTROL AND POLICY BASED ENCRYPTION

 Services for the security of email content in an organization

 Email content like:

credit card no., account information, etc.
o -organization vital information, customer
o vital information.
 Email Content Contol

 This service contains the rules that defines:

o -whether an email is to be encrypted or not
o - which block or header in email to be encrypted

Policy Based Encryption(PBE)

 It’s a service that encrypts specific emails based on policy.

o -Set of rules designed to analyze all email

 PBE uses the Email Content Control rules to identify which email needs to be encrypted.
  The PBE Service is managed through the same control panel that you use to manage your
Anti-Virus.

 PBE service is closely integrated with the Email Content Control service.

 Policy Based Encryption Benefits:

 Automatically applies email encryption based on the organization's email security policies.

 Data loss prevention and email messages security policies are consistently and accurately
applied.

 Eliminates email encryption key management, backup and administration burdens.

o -uses software-as-a-service (SaaS) infrastructure

CHAPTER 3: ENTERPRISE MANAGEMENT SYSTEM

ENTERPRISE MANAGEMENT SYSTEM
• EMS is concerned with control, monitoring and the management of IT infrastructure and
applications in order to optimize IT service delivery in Company.
• EMS is wide information system designed to coordinate all the resources, information and
activities needed to complete business processes.
• Enterprise – an entire company, everything, all-inclusive
• Management – The monitoring and controlling of entities
• Systems – Information Technology Infrastructure, hardware and software, data,
information, and processes

ENTERPRISE SOFTWARE
• Enterprise software is any software used in large organizations (whether business or
government).
• It is considered to be an essential part of a computer-based information system, and it
provides business-oriented tools such as online payment processing and automated billing
systems.
• Enterprise software is also referred to as enterprise application software.

ENTERPRISE RESOURCE PLANNING

• ERP is business process management software that allows an organization to use a system
of integrated applications to manage the business and automate back office functions.
• ERP software integrates all facets of an operation, including product planning,
development, manufacturing processes, sales and marketing.

• Some of ERP’s functions include:

– Bookkeeping & Accounting
– Human Resource Management
– Planning Production
– Supply Chain management
ERP COMPONENTS
ENTERPRISE RESOURCE PLANNING SOFTWARE
• It helps an organization to integrate information flows, operations and processes all
resources accessible, for example, materials, work force, machine and money.
• The focus of ERP is on resource management within constraints to maximize the return on
investment.
• These data are then stored in a unified database, which are the key for the success of this
software solution.

• The ERP package design is built on the principle of Best Practices.

• ERP Software: SAP, Supply Chain Management, CRM

SUPPLY CHAIN
• A supply chain is the system of organizations, people, activities, information and resources
involved in moving a product or service from supplier to customer.
• Supply chain activities transform raw materials and components into a finished product
that is delivered to the end customer.
Supply Chain Management
Supply Chain Management is
the design and management of processes
across organizational boundaries
with the goal of matching supply and demand
in the most cost effective way.

CUSTOMER RELATIONSHIP MANAGEMENT

• Customer Relationship Management is a strategy for managing all your company’s
interactions with current and prospective customers.
• CRM formation of bonds between a company and its customers.
• CRM enables your company to increase productivity, close more business, and improve
customer satisfaction and retention.

CRM Strategies
Customer Retention Marketing Techniques
• Customization: Changing the product (not just the marketing message) according to user
preferences
• Customer co-production: Allows the customer to interactively create the product
• Customer service tools include:
– Frequently asked questions
– Real-time customer service chat systems
– Automated response systems

Benefits of using CRM

• Centralized customer interaction
• Improved customer support and satisfaction
• High rate of customer retention
• Increase revenue and referrals from existing customers
• Improve your products/services
 • Measure and optimize your performance
• Boost new business

ENTERPRISE INFORMATION MANAGEMENT

• Enterprise information management (EIM) is a set of business processes, disciplines and
practices used to manage the information created from an organization's data.
• EIM initiatives seek to build efficient and agile data management operations with
capabilities for information creation, capture, distribution and consumption.
• The goal is to provide and preserve information as a business asset that remains secure,
easily accessible, meaningful, accurate and timely.

ENTERPRISE IT MANAGEMENT
• EITM is a strategy conceived and developed by Computer Associates International which
details how organizations can transform the management of IT in order to maximize
business value.
• Strategy for increasing the business relevance of the IT function, EITM considers the need
for IT organizations to start operating as a service-based business.
• Ensuring investments are prioritized according to business strategy and that operational
efficiencies can be more quickly realized and costs reduced when IT processes are
integrated and automated.

ROLE OF IT IN ENTERPRISE MANAGEMENT

• Enterprise IT Management was developed in response to a growing need by IT
organizations to gain more value from investments made in IT capabilities, infrastructure
and resources.
• EITM proposes a set of capabilities that enable IT to better govern, manage and secure the
IT services delivered to the business.
• IT/IS as asset, “strategic weapon”, “nervous system” (strategic level) Vs tool, commodity
(operational level)

ENTERPRISE INFORMATION SYSTEMS

• Enterprise information system (EIS) is a system that serves an entire enterprise or at least
two functional departments in:
– Business intelligence (BI)
– Enterprise resource planning (ERP)
– Knowledge management (KM)
– Partner relationship management (PLM)
 – Business process management (BPM)
– Customer relationship management (CRM)

ROLE OF IS IN ENTERPRISE MANAGEMENT

• Help to unify the firm’s structure and organization: One organization
• Management: Firm wide knowledge-based management processes
• Technology: Unified platform
• Business: More efficient operations & customer-driven business processes
• Supporting the major business functions: sales and marketing, manufacturing and
production, finance and accounting, and human resources
ROLE OF IS AND IT IN ENTERPRISE MANAGEMENT
• Reduce Costs/ Improve Productivity
• Improve Customer Satisfaction/ Loyalty
• Create Competitive Advantage
• Generate growth
• Streamline Supply Chain
• Global Expansion
ENTERPRISE ENGINEERING
• Enterprise Engineering is integrated set of disciplines for building or changing an
enterprise, its processes, and systems.
• It integrates the most powerful change methods and makes them succeed.
• The goal is a human-technological partnership of maximum efficiency in which learning
takes place at every level.

Goal of the Enterprise Engineer

• Identify and integrate the most valuable and successful ways to change an enterprise, and
to take them into a professional discipline with a teachable methodology and measures of
effectiveness.

ENTERPRISE INTEGRATION
• Integration of markets
• Integration between several development and manufacturing sites
 • Integration between suppliers and manufacturers
• Integration of design and manufacturing
• Integration of multi-vendor hardware and software components
Basic principles for integration
• Provide the vision, right information, resources, and responsibility
• Empowered people
• A comprehensive and effective communication networks
• Democratization and dissemination of information
• Freely shared information
Types of Integration
• Loose Integration versus Full Integration
• Horizontal Integration versus Vertical Integration
• Intra-Enterprise Integration versus Inter-enterprise Integration
• System Integration, Application Integration, and Business Integration

Loose Integration versus Full Integration

• Loose Integration - If two systems can merely exchange information with one another with
no guarantee that they will interpret this information the same way
• Full integration - Two systems are fully integrated if and only if
– the specificities of any one of these systems are only known to the system itself and
not by the other one,
– the two systems both contribute to a common task, and
– the two systems share the same definition of each concept they exchange

ALIGNMENT PROCESS
• Developing a common understanding among the key stakeholders of the purpose and goals
of the project and the means and methods of accomplishing those goals is called the
Alignment Process.
• It is important to accomplish this alignment during the initiation phase.
• Project managers usually conduct a start-up meeting that is sometimes called a kickoff
meeting.
 • The agenda and duration of the start-up meeting depends on the complexity level of the
project.
• Projects with a limited scope and short duration may engage in a session start-up meeting
over lunch.
• A medium-complexity project will require more-hour meeting while a high-complexity
project cannot achieve alignment in a single meeting. Alignment can require several days
of activities.

Objective of Alignment Process

• The purpose of the alignment process is to develop a common understanding of the
purpose, agree on the means and methods, and establish trust.
• The components of the alignment process are discussions of the purpose, goals, participant
roles, methods of tracking progress and costs, methods of managing change, and building
trust.
• The effects of a lack of trust are delays caused by fact checking or missing information that
was not shared because the person’s discretion was not trusted to handle sensitive
information.

ELECTRONIC ORGANISMS
 As systems become more complex, the designs of this systems must be automated.
 Electronic organisms, in fact all organisms,
 have to be complex, because they have to contain all the creative infrastructure necessary
for their creation, reproduction, maintenance and action,
 but they can easily afford to be complex, because there is no need for detailed
communication with a programmer.
 Electronic Organisms have the ability to react immediately to unforeseen challenges,
without the need for a programmer to recognize the situation and deal with it by modifying
a program.
 Electronic Organisms do so by recurrence to fundamental goals and organizing principles,
just as programmers do so now.
 Electronic organisms will live, grow and evolve in the rapidly growing world of installed
computers and networks, just as microbes, plants and animals live in natural ecosystems.
 Strong forces are pushing technology towards electronic organisms.