INTRODUCTION TO INFORMATION

SYSTEMS

Module Guide

Copyright© 2023
MANCOSA
All rights reserved; no part of this book may be reproduced in any form or by any means, including photocopying machines,
without the written permission of the publisher. Please report all errors and omissions to the following email address:
modulefeedback@mancosa.co.za
 This Module guide
Introduction to Information Systems (NQF level 5)
module guide will be used across the following programmes:

 Higher Certificate in Information Technology

 Bachelor of Commerce in Financial Management
 Bachelor of Commerce in Supply Chain Management
Information Systems

INTRODUCTION TO INFORMATION SYSTEMS

Preface.................................................................................................................................................................... 2

Unit 1: Introducing Information Systems into Business ........................................................................................... 8

Unit 2: Hardware and Software ............................................................................................................................. 31

Unit 3: Telecommunications and Networks ........................................................................................................... 51

Unit 4: Managing Information Security and Ethical Challenges ............................................................................ 73

Bibliography ........................................................................................................................................................ 112

Reference List ..................................................................................................................................................... 113

Glossary .............................................................................................................................................................. 114

1 MANCOSA
i
Introduction to Information Systems

List of Contents

List of Tables

Table 1.1: Summary of attributes of information quality .................................................................................... 14

Table 1.2: Decision characteristics and management level .............................................................................. 16

List of Figures and Illustrations

Figure 1.1 illustrates the organisation of the input –process-output model. ...................................................... 17

Figure 1.2: A generic model of a system ......................................................................................................... 17

Figure 2.1: Different forms of computer system. ............................................................................................... 38

Figure 3.2: A wide-area network (WAN) ........................................................................................................... 57

Figure 3.3: a small workgroup network connecting a single server to three PCs and a laser printer. ............... 58

Figure 3.4 Illustration of Intranet, extranet and the Internet .............................................................................. 63

1 MANCOSA
 Introduction to Information Systems

Preface
A. Welcome
Dear Student
It is a great pleasure to welcome you to Introduction to Information Systems (IIS5). To make sure that you share
our passion about this area of study, we encourage you to read this overview thoroughly. Refer to it as often as
you need to since it will certainly be making studying this module a lot easier. The intention of this module is to
develop both your confidence and proficiency in this module.

The field of Information Systems is extremely dynamic and challenging. The learning content, activities and self-
study questions contained in this guide will therefore provide you with opportunities to explore the latest
developments in this field and help you to discover the field of Information Systems as it is practiced today.

This is a distance-learning module. Since you do not have a tutor standing next to you while you study, you need
to apply self-discipline. You will have the opportunity to collaborate with each other via social media tools. Your
study skills will include self-direction and responsibility. However, you will gain a lot from the experience! These
study skills will contribute to your life skills, which will help you to succeed in all areas of life.

This course in Introduction to Information Systems is intended to provide a comprehensive guide to choosing the
appropriate information system for an organisation.

It covers, in detail, the software and hardware technologies which form Information Systems, the networks that
enable communication within Information Systems and the security aspects required to manage Information
Systems effectively and securely.

The module is a 15 credit module at NQF level 5

We hope you enjoy the module.

MANCOSA does not own or purport to own, unless explicitly stated otherwise, any intellectual property rights in or
to multimedia used or provided in this module guide. Such multimedia is copyrighted by the respective creators
thereto and used by MANCOSA for educational purposes only. Should you wish to use copyrighted material from
this guide for purposes of your own that extend beyond fair dealing/use, you must obtain permission from the
copyright owner.

MANCOSA 2
Introduction to Information Systems

B. Learning Outcomes and Associated Assessment Criteria of the Module

LEARNING OUTCOMES OF THE MODULE ASSOCIATED ASSESSMENT CRITERIA OF THE MODULE

 Describe the roles of information  Concepts of data and information are reviewed in
systems understanding information systems
 Use of information systems in the different levels of
management is explored in improving managerial
decision-making

 Identify and explain the function of  Peripheral devices are reviewed in understanding
various hardware and software hardware components
components  Various input and output devices are defined to
understand the concept of hardware
 Types of computer systems are compared in
understanding hardware
 Application software, operating system software and
generic software concepts are reviewed in understanding
software components

 Discuss the Input, Process and Output  Generic model of a system is investigated in
understanding the IPO cycle

 Comprehend the relationship between  Telecommunications networks are reviewed in

computer hardware, software, database understanding the relationship between hardware,
management and telecommunications software, database management and networks
technologies  Telecommunication model is explored to elaborate on the
concept of telecommunications

 Explain how information technology is  Management of security is reviewed in understanding

used in modern information systems to user collaboration and managerial decision-making
support the end user collaboration and  Use and relevance of information systems in
managerial decision making management decision-making is reviewed

C. Learning Outcomes of the Units

You will find the Unit Learning Outcomes on the introductory pages of each Unit in the Module Guide. The Unit
Learning Outcomes lists an overview of the areas you must demonstrate knowledge in and the practical skills you
must be able to achieve at the end of each Unit lesson in the Module Guide.

3 MANCOSA
 Introduction to Information Systems

D. How to Use this Module

This Module Guide was compiled to help you work through your units and textbook for this module, by breaking
your studies into manageable parts. The Module Guide gives you extra theory and explanations where necessary,
and so enables you to get the most from your module.

The purpose of the Module Guide is to allow you the opportunity to integrate the theoretical concepts from the
prescribed textbook and recommended readings. We suggest that you briefly skim read through the entire guide
to get an overview of its contents. At the beginning of each Unit, you will find a list of Learning Outcomes and
Associated Assessment Criteria. This outlines the main points that you should understand when you have
completed the Unit/s. Do not attempt to read and study everything at once. Each study session should be 90
minutes without a break

This module should be studied using the prescribed and recommended textbooks/readings and the relevant
sections of this Module Guide. You must read about the topic that you intend to study in the appropriate section
before you start reading the textbook in detail. Ensure that you make your own notes as you work through both the
textbook and this module. In the event that you do not have the prescribed and recommended textbooks/readings,
you must make use of any other source that deals with the sections in this module. If you want to do further reading,
and want to obtain publications that were used as source documents when we wrote this guide, you should look
at the reference list and the bibliography at the end of the Module Guide. In addition, at the end of each Unit there
may be link to the PowerPoint presentation and other useful reading.

E. Study Material
The study material for this module includes tutorial letters, programme handbook, this Module Guide, a list of
prescribed and recommended textbooks/readings which may be supplemented by additional readings.

F. Prescribed and Recommended Textbook/Readings

There is at least one prescribed and recommended textbooks/readings allocated for the module.
The prescribed and recommended readings/textbooks presents a tremendous amount of material in a simple,
easy-to-learn format. You should read ahead during your course. Make a point of it to re-read the learning content
in your module textbook. This will increase your retention of important concepts and skills. You may wish to read
more widely than just the Module Guide and the prescribed and recommended textbooks/readings, the
Bibliography and Reference list provides you with additional reading.

MANCOSA 4
Introduction to Information Systems

The prescribed and recommended textbooks/readings for this module is:

Prescribed Reading/Textbook
 Laudon, K.C. and Laudon, J.P. (2019) Essentials of MIS. Thirteenth Edition. United States of America:
Pearson Education.

Recommended Readings
 Bridgoli, H. (2021) MIS. Tenth Edition. Stamford, USA: Cengage Learning.
 Stair, R.M. and Reynolds, G.W. (2018) Fundamentals of Information Systems. Nineth Edition. Boston,
USA: Cengage Learning.

G. Notional Learning Hours

Learning time
Types of learning activities
%

Lectures/Workshops (face to face, limited or technologically mediated) 10

Tutorials: individual groups of 30 or less 0

Syndicate groups 0

Practical workplace experience (experiential learning/work-based learning etc.) 0

Independent self-study of standard texts and references (study guides, books, journal articles) 60

Independent self-study of specially prepared materials (case studies, multi-media, etc.) 25

Other: Online 5

TOTAL 100

5 MANCOSA
 Introduction to Information Systems

H. Special Features
In the Module Guide, you will find the following icons together with a description. These are designed to help you
study. It is imperative that you work through them as they also provide guidelines for examination purposes.

Special Feature Icon Explanation

The Learning Outcomes indicate aspects of the particular Unit you have
LEARNING to master.
OUTCOMES

The Associated Assessment Criteria is the evaluation of the students’

ASSOCIATED
understanding which are aligned to the outcomes. The Associated
ASSESSMENT
Assessment Criteria sets the standard for the successful demonstration
CRITERIA
of the understanding of a concept or skill.

A Think Point asks you to stop and think about an issue. Sometimes you
THINK POINT are asked to apply a concept to your own experience or to think of an
example.

You may come across Activities that ask you to carry out specific tasks.
In most cases, there are no right or wrong answers to these activities.
ACTIVITY
The purpose of the activities is to give you an opportunity to apply what
you have learned.

At this point, you should read the references supplied. If you are unable
READINGS to acquire the suggested readings, then you are welcome to consult any
current source that deals with the subject.

PRACTICAL Practical Application or Examples will be discussed to enhance

APPLICATION understanding of this module.

OR EXAMPLES

KNOWLEDGE You may come across Knowledge Check Questions at the end of each
CHECK Unit in the form of Knowledge Check Questions (KCQ’s) that will test
QUESTIONS your knowledge. You should refer to the Module Guide or your
textbook(s) for the answers.

You may come across Revision Questions that test your understanding
REVISION
of what you have learned so far. These may be attempted with the aid
QUESTIONS
of your textbooks, journal articles and Module Guide.

MANCOSA 6
Introduction to Information Systems

Case Studies are included in different sections in this Module Guide.

CASE STUDY This activity provides students with the opportunity to apply theory to
practice.

You may come across links to Videos Activities as well as instructions

VIDEO ACTIVITY on activities to attend to after watching the video.

7 MANCOSA
 Introduction to Information Systems

Unit
1: Introducing Information
Systems into Business

MANCOSA 8
Introduction to Information Systems

Unit Learning Outcomes:

CONTENT LIST LEARNING OUTCOMES OF THIS UNIT:

1.1 Introduction  Introduce topic areas for the unit

1.2 Why Study Business  Discuss the importance of information systems

Information Systems?

1.3 Why Information Systems are  Understand the importance of information systems
important?

1.4 Basic concepts  Define the basic concepts related to information systems
including the characteristics of a system and components

1.5 Managerial decision making  Examine the vital role information systems play in business
operations and managerial decision making
 List the types of decisions taken at different levels of management

1.6 The Systems approach  Differentiate between the different types of systems

1.7 What is Business Information  Explain how knowledge management relates to information
Systems (BIS)? systems

1.8 Resources that support  Identify the resources that support information systems
business information systems

1.9 Components of an Information  List the components of an information system

System

1.10 Applications of Business  Describe the applications of an information system

Information systems

1.11 Recognising Business  Discuss the components of recognising business information

information systems system

1.12 Summary  Summarise topic areas covered in unit

9 MANCOSA
 Introduction to Information Systems

Prescribed Textbook:
Below is the prescribed reading for specific to this unit;
 Laudon, K.C. and Laudon, J.P. (2019) Essentials of MIS. Thirteenth
Edition. United States of America: Pearson Education.

Recommended Readings:
Below is the recommended reading for specific to this unit;
 Bridgoli, H. (2021) MIS. Tenth Edition. Stamford, USA: Cengage Learning.
 Stair, R.M. and Reynolds, G.W. (2018) Fundamentals of Information
Systems. Nineth Edition. Boston, USA: Cengage Learning.

MANCOSA 10
Introduction to Information Systems

1.1. Introduction
When beginning the study of the use of information systems (IS) in business, it is important to understand a number
of concepts drawn from a variety of different fields. In order to create, improve and manage business information
systems (BIS) one must combine an understanding of information, systems concepts, business organisations and
information technology (IT).

The purpose of this study unit is to introduce the field of information systems. The user will gain a basic
understanding of the importance of information systems by analysing how information systems relate to the student
as a managerial end user. This study unit will also familiarise the user with the important role of information
technology in your organisation. This study unit presents an overview of the basic areas of information systems
knowledge needed by business professionals, including the conceptual system components and major types of
information systems.

1.2 Why Study Business Information Systems?

 Information systems form an integral part of modern organisations and businesses. Computer-based IS
are now used to support all aspects of an organisation’s normal functions and activities. New technology
creates new opportunities for forward-thinking companies. Higher levels of automation, high speed
communications and improved access to information can all provide significant benefits to a modern
business organisation. However, the benefits of new and emerging technologies can only be realised once
they have harnessed and directed towards an organisation’s goals. (Laudon K.C and Laudon J.P. (2019).
Essentials of MIS. 13th Edition. United States of America: Pearson Education. Page 33)

Video Activity 1.1

1. What is information systems?
2. What are the 3 pillars of knowledge for Information systems?

1.3 Why Information Systems Are Important?

Information systems play a fundamental and ever-expanding role in all organisations. Therefore, an understanding
of the effective and responsible use and management of information systems is important for all managers and
other business knowledge workers in today’s global information society. A knowledge worker is a person whose
primary work activities include creating, using and distributing information. A high portion of workers employed by
organisations can be classified as knowledge workers.

11 MANCOSA
 Introduction to Information Systems

Information systems have become a vital component of successful organisations. It constitutes an essential field
of study in business administration and management. Information systems are considered a major functional area
in business operations and it can play an important role in the success of an organisation. It integrates accounting,
finance, marketing, production and human resource management in the organisation. It can provide the information
an organisation needs for efficient operations, effective managerial decision-making and a competitive
advantage.

First, a clear understanding of the difference between efficiency and effectiveness is important. This difference is
a basic principle in management and it is also applicable to the field of information systems. Efficiency can be
defined as doing things right. It is a measure of the consumption of input resources in producing given system
outputs. It focuses on productivity. An efficient data processing system can update thousands of employee records
per minute. Historically, data processing systems have supported efficiency by automating routine paperwork
processing tasks.

Effectiveness can be defined as doing the right things. This means doing things that need to be done in order to
achieve important business results. An effective information system is therefore a system that achieves its
objectives. A database housed on a notebook may enable a sales manager to identify high potential sales
prospects and to direct his staff’s attention to take advantage of those prospects.

The following are some of the importance of information systems in business today:-
 Organisations use computers and information systems to reduce costs and gain a competitive advantage
in the marketplace
 Information systems have become common in grocery and retail stores as due to the introduction of the
point-of-sale (POS) system which speeds up service by reading the universal product codes (UPCs) on
items in a shopping cart. This same system also manages store inventory, and some information systems
can even reorder stock automatically
 In the education sector, computers and information systems have been integrated to make work easy,
fast and improve efficiency through calculating student grades and compiling the grade point averages
(GPAs)

Think Point 1.1

Describe the functions of a knowledge worker

MANCOSA 12
Introduction to Information Systems

1.4. Basic Concepts

1.4.1. Data and Information
Much of a manager’s work involves using information to make decisions and ensuring that information flows
through the organisation as efficiently as possible.

1 Data
Data are raw facts or observations, typically about physical phenomena or business transactions. More specifically,
data refers to objective measurements of the attributes (characteristics) of entities, such as today’s date, people,
places, things, and events (Laudon and Laudon; 2013:13).

Data consists of raw facts and by itself is difficult to use for making decisions. The data component of an information
system is considered the input to the system. The information that users need affects the type of data that is
collected and used. Generally, there are two sources of data: external and internal. Internal data includes sales
records, personnel records, etc. Whereas external data includes customers, competitors and suppliers. (Bidgoli,H.
2022:10)

2 Information
Information is the output of an information system, it consists of facts that have been analysed by the process
component and are therefore more useful to the IS user. Information can also be defined as processed data,
which has been placed in a meaningful and useful context for an end user. The quality of information is determined
by its usefulness to users, and its usefulness determines the success of an information system. Information is
useful if it enables decision makers to make the right decision in a timely manner. To be useful, information must
have the following qualities:
 Timeliness
 Integration with other data and information
 Consistency and accuracy
 Relevance
(Bidgoli, H.2022. p.20)

1.4.2. Data Process

The purpose of an information system’s process element is creating the most useful type of information for making
decisions. This element generally includes transaction-processing reports and models for decision analysis that
can be built into the system or accessed from external sources. A process used to convert data into information.
Examples include summarising, classifying and sorting.

13 MANCOSA
 Introduction to Information Systems

1.4.3. Value of Information

It is often possible to measure the value of information directly. The tangible value of information is often measured
in terms of financial value; an example can be the use of inventory information to improve stock control procedures.
The intangible value of information is difficult or impossible to quantify, an example can be attempting to measure
the extent to which information can improve decision behaviour.

Think Point 1.2

How are information systems transforming business, and why are they so
essential for running and managing a business today?

1.4.4. Sources of Information

Information can be gathered through both formal and informal communication. Formal communications can include
reports and accounting statements. Informal communications can include conversations and notes.

1 Formal communication
Formal communication involves presenting information in a structured consistent manner.

2 Informal communication.
This describes less well-structured information that is transmitted by informal means such as casual conversations
between members of staff.

3 Attributes of Information Quality

A group of characteristics by which the quality of information can be assessed, normally grouped into categories
of time, content and form.

1Table 1.1: Summary of attributes of information quality

TIME CONTENT FORM ADDITIONAL CHARACTERISTICS
Timeliness Accuracy Clarity Confidence in source
Currency Relevance Detail Reliability
Frequency completeness Order Appropriateness
Time period Conciseness Presentation Received by correct person
Scope Media Sent by correct channels
(Bocij et al, 2008)

MANCOSA 14
Introduction to Information Systems

1.4.5 Knowledge
Knowledge management (KM) is a technique used to improve customer management (CRM) systems by
identifying, storing, and distributing facts about how to perform tasks. Know-how can be explicit knowledge or
formal written procedures. Knowledge is an asset that should be shared throughout an organisation to generate
business intelligence and maintain a competitive advantage in the marketplace. Knowledge can be thought of as
the combined result of a person’s experiences and the information they possess. (Bigoli, H. 2021. p 302)

Knowledge management describes a range of activities intended to make sure an organisation uses its information
resources as effectively as possible. Applications of KM include data mining, document image processing and
business intelligence. Competitive intelligence is an area of knowledge management concerned with helping
organisations to respond effectively to competition by gathering and analysing information about competitors.

1.5 Managerial Decision Making

In order for an organisation to function effectively all activities must be planned and monitored by managers
according to well-informed decisions. The functions of management include forecasting, planning, organising and
coordination and control. One of the key management functions that information systems seek to support is
managerial decision making. The way in which managers make decisions and the factors that influence those
decisions are often described as decision behaviour.

Decisions can be classified as structured or unstructured or semi-structured.

Structured decisions: situations where the rules and constraints governing are known, e.g., How would we
process a sales order?

Unstructured decisions: complex situations where the rules governing the decision are complicated or unknown,
e.g., what should our distribution channels be?

Semi-structured: Many decisions fall somewhere in between the two extremes, e.g., which foreign market should
we target?

Practical Application 1.1

Questions
1. Identify an organisation that you are familiar with and describe how it has
benefited from knowledge management.

15 MANCOSA
 Introduction to Information Systems

1.5.1 Levels of Managerial Decision Making

According to Laudon and Laudon (2015:19) an organisation usually has the following levels:
 Strategic Level: managers are largely concerned with long term organisational planning
 Tactical Level: Managers are largely concerned with medium term planning
 Operational Level: Managers are largely concerned with short term planning and the day- to day - control
of an organisation’s activities

Video Activity 1.2

https://www.youtube.com/watch?v=i0XIwlapYps
Identify and describe the 3 types of decisions that management are faced with?

2Table 1.2: Decision characteristics and management level

Management level Type of decision Timescale Impact of Frequency of

organisation decisions

STRATEGIC LEVEL Unstructured Long Large Infrequent

TACTICAL LEVEL Unstructured / medium Medium Infrequent / frequent

structured

OPERATIONAL structured short small Frequent

LEVEL
(Bocij et al, 2008)

1.6 The Systems Approach

Systems theory provides a means of analysing and improving business processes within and between systems
(Laudon and Laudon; 2013:15).

1.6.1. What is a system?

A system can be defined as a collection of interrelated components that work together towards a collective goal.
The function of a system is to receive inputs and transform these into outputs.

1.6.2 What is Input?

Input is the raw materials for a process that will produce a particular output

1.6.3 What is process?

Inputs are turned into outputs by a transformation process.

MANCOSA 16
Introduction to Information Systems

1.6.4 What is output?

A product that is created by a system.

Think Point 1.3

1. What exactly is an information system? How does it work? What are its
people, Organisation, and technology components?
2. What can you do to prepare yourself for competing in a globalised
business environment?
How would knowledge of information systems help you compete?
3. What major features of a business are important for understanding the role
of information systems?
4. Why are systems for collaboration and teamwork so important and what
technologies do they use?
5. What types of systems are used for enterprise-wide knowledge
management and knowledge work, and how do they provide value for
businesses?

INPUT PROCESS OUTPUT

1Figure 1.1 illustrates the organisation of the input –process-output model.

When these components are added to the basic model of the system, it can be illustrated in Figure 1.2 as follows

CONTROL

FEEDBACK

INPUT PROCESS OUTPUT

2 Figure 1.2: A generic model of a system

17 MANCOSA
 Introduction to Information Systems

1.6.5 What is feedback?

Feedback is output returned to appropriate people or activities in the organisation to evaluate and refine the input.
It provides information on the performance of a system which can be used to adjust its behaviour.

1.6.6 What is control mechanism?

If alterations are needed to the system, adjustments are made by a control mechanism.
In business there are familiar phrases such as “I am not part of the system”, “The system is down”, “He has
a good system”, or “Do not interfere with the system”. Phrases like these suggest that almost everything can
be a system. However, the term “system” is often misunderstood because the value and applicability of the systems
theory to daily life is underestimated. More specifically, in the field of information systems, the value of the systems
theory to solve information management problems is underestimated.

Other system concepts that are important to your body of knowledge include the following:
 Closed System: A system that does not interact with other systems or its environment, is a closed system.
An example of a closed system is a battery that runs down after a while. This phenomenon of decay is called
entropy
 Open System: A system that interacts with other systems in its environment is called an open system
(connected to its environment by exchanges of inputs and outputs)
 Adaptive System: A system that has the ability to change itself or its environment in order to survive is called
an adaptive system
 Cybernetic System: A system that includes feedback and control components. These systems are self-
monitoring and self-regulating

Consider an example that will explain most of the system concepts. A medium sized furniture manufacturing
business is used as an example.

Knowledge Check Questions 1.1

1. Processing is when raw data is converted into meaning full information.

TRUE/FALSE
2. ____________ is output that is returned to appropriate members of the
organisation to help them evaluate or correct the input.
A. System
B. Feedback
C. Raw data
D. Process

MANCOSA 18
Introduction to Information Systems

3. Which of the following is a decision that is made by strategic

management?
A. Sales forecast
B. Budget preparation
C. Introducing a new product
D. Payroll

The organisation is supposed to have a common purpose or goal, for example to make a profit. Furthermore, it
consists of various functional departments, such as the Human Resource, Production (manufacturing), Sales,
Marketing, and Financial, Research and Development and Information Technology departments. It is important
that all the subsystems of this organisation (functional departments), work together to ensure that the organisation
attains the common goal. The different subsystems (departments) are interrelated to each other and form a bigger
system, in this case the manufacturing business. The business uses inputs (raw materials, labour, capital) and
transforms or processes these (manufacturing process) into outputs (chairs, tables). The system, and subsystems,
is influenced by the internal environment (business policies, productivity, organisational culture, strikes) and the
external environment (government policies and the economic, socio-economic, political and technological
environment). There is also a feedback and control process built into the manufacturing process.

It is vital that all the departments work together to attain the common goal of the organisation. Each department
(sub-system) may act in the best possible way as a sales system, but the sum of their actions may not be optimal
for the organisation. This is the problem of sub-optimisation. An aggressive market strategy could lead to more
sales, but if product quality (production) is not of the necessary standard, the organisation will over the long-term
fail to be optimal and sales could drop. Therefore, the various subsystems must be aligned to achieve the goals of
the system. If the subsystems complement each other, their effectiveness considered collectively as a system may
be greater than the sum of the effectiveness of each subsystem considered separately. This phenomenon is called
synergism. The effect of synergism must be understood and fostered because it can give an organisation a
competitive edge.

Although the systems theory is concerned with a holistic approach, it does not neglect the components of the
subsystems. It recognises the activities of the components while also considering the activity of the whole system
that contains it. That is important, because the system is only as strong as the individual entities being put together.
The weakest link in the chain determines the strength.

19 MANCOSA
 Introduction to Information Systems

Activity 1.1
1. List the five components that make up an information system
2. Information systems include hardware, software and expertise can you
give an example of each
3. Define of a process

1.7 What Is a Business Information System (BIS)?

A business information system is a group of interrelated components that work collectively to carry out input,
processing, output, storage and control actions in order to convert data into information products that can be used
to support forecasting, planning, control, coordination, decision making and operational activities in an
organisation. Business information systems are sets of inter-related procedures using IT infrastructure in a
business enterprise to generate and disseminate desired information. Such systems are designed to support
decision making by the people associated with the enterprise in the process of attainment of its objectives.
(https://www.yourarticlelibrary.com/management/information-system/business-information-system-meaning-
features-and-components)

Knowledge Check Question 1.2

1. The following is not a component of a business system?
A. Input
B. Decisions
C. Transactions and processing
D. Information and its flow
2. A process is a series of steps undertaken to achieve a desired outcome
or goal. True/ False.

1.8 Resources That Support Business Information Systems

People resources: People resources include the users of an information system and those who develop, maintain
and operate the system.
Hardware resources: The term hardware resources refer to all types of machines, not just computer hardware.
Software resources: In the same way, the term software resources do not only refer to computer programs and
the media on which they are stored. The term can also be used to describe the procedures used by people.
Communications resources: Resources are also required to enable different systems to transfer data.
Data resources: Data Resource is an element of information technology infrastructure that symbolises all the data
available to an Organisation, whether they are automated or non-automated.

MANCOSA 20
Introduction to Information Systems

Readings
1. Laudon & Laudon, 2022. Management Information’s Systems. 7th edition,
p. 245.

1.9 Components of an Information System.

The components of an Information System are as follows:
 Input device: Hardware used to enter data, information or instructions into a computer-based information
system
 Central processing unit (CPU): The processor found in a computer system that controls all of the
computer’s main functions and enables users to execute programs or process data
 Memory: A temporary means of storing data awaiting processing, instructions used to process data or
control the computer system, and data or information that has been processed
 Storage devices: A permanent means of storing data and programs until they are required
 Output devices: Translate the results of processing – output – into a human readable form

Activity 1.2
Is there a difference between data and information? If so, what is the
difference? Give examples from your personal experiences.
Answering Guide:
1. Define data and Information.
2. Highlight the difference between the two concepts.
3. Give examples of data and information that you have come across.

The terms data and information are often used interchangeably. Data is raw facts or observations, typically about
physical phenomena or business transactions. More specifically, data refers to objective measurements of the
attributes (characteristics) of entities, such as people, places, things, and events. Information is processed data,
which has been placed in a meaningful and useful context for an end user. Data is subjected to a “value-added”
process where its form is aggregated, manipulated, and organised, its content analysed and evaluated and placed
in a proper context for a human user. Information, therefore, is data that has been made relevant for a specific
person to make decisions. Any report given to a foreman or area manager, remains data until it has been assi-
milated by them to make decisions. Note, therefore, that one person's information may be another person's data.

21 MANCOSA
 Introduction to Information Systems

The value of information can be directly linked to how it helps decision-makers achieve the organisation’s goals
and objectives. For example, the value of information can be measured by the time required to make a decision or
by the increased profits of an organisation. Consider a market forecast that predicts a high demand for a new
product. If market forecast information is used to develop the new product and the organisation makes an additional
profit of one million Rand, the value of the information to the organisation is one million Rand. However, it is in
most cases difficult to quantify the value of information to the organisation in monetary terms. There are also
intangible gains, such as a growth in market share, lower risk, better safety and a competitive advantage.

Video Activity 1.3

Follow the link below to a YouTube video and answer the question that follow.
Link: https://www.youtube.com/watch?v=5PGEWejcmNU
Using the Generic Model of a System, from the video identify each component
of a system and briefly describe how it has been implemented in the ATM
system.
Rubric: List the components of the ATM as per table below

Input Process Output Feedback

Management Responsibility
Managers must answer the following questions regarding the gathering, processing and dissemination of
data/information in an organisation:
 Do the team members know what happens to the data he or she gathered?
 Does anyone use the data in the decision making or problem solving process?
 Is there any feedback regarding the value and possible use of the data?
 Do the team members think that the gathering of data is worth the input?
 Does the organisation get the right information at the right time?
 Does the organisation utilise the quality and usable information?

MANCOSA 22
Introduction to Information Systems

Practical Application 1.2

Take a system that you are familiar with and describe its various components
according to the input –process-output model.

Rubric: List the components of your system as per table below

Input Process Output

1.10 Applications of Business Information systems

The information or data processing activities that occur in an information system include the input of data resources,
processing of data into information, output of information products, storage of data resources and the control of
system performance.

Think Point 1.4

1. How does the economic benefits of information systems help in business?
2. Why are information systems so essential for running and managing a business
today?
3. What are the business benefits of using intelligent techniques in decision making
and knowledge management?

1.11 Recognising Business information systems

Managers should be able to recognise the fundamental components of information systems encountered in the
real world. This means that managers should be able to identify the people, hardware, software and data resources
they use, the types of information products they produce and the way they perform input, processing, output,
storage and control activities.

To fully understand a business information system, one needs to analyse it by identifying the resources the
information system uses, the information processing activities it performs, and the information products it produces.
This will enable managers to identify ways to improve the components and thus the performance of the information
system. Information systems form part of the total system in an organisation with a common goal, for instance to
maximise shareholder wealth. Therefore, a basic understanding of the systems theory and its application to
business information systems is vital to any organisation.

23 MANCOSA
 Introduction to Information Systems

Knowledge Check Questions 1.3

1. Information systems are composed of basic components.
A. 4
B. 3
C. 2
D. many
2. Which of the following information systems are used in the daily running
of the business?
A. TPS
B. OPS
C. OAS
D. All the above

1.12 Summary
This study unit has given an overview of the basic concepts of information system. It has also shown that much of
a manager’s work involves making decision about the best way to achieve the organisation’s objectives. Further,
the quality of a manager’s decisions depends upon the quality of the information he or she has access to. Since
information influences almost every activity within an organisation, it is an important asset and must be treated
accordingly.

Information systems have proved to be important subsystems in any organisation because it contributes to the
common goal of the organisation. An information system uses the resources of people, hardware, and software to
perform input, processing, output, storage, and control activities that convert data resources into information
products.

MANCOSA 24
Introduction to Information Systems

Case Study 1.1

Federal Express (FedEx), founded in 1971, handles an average of 3 million
package-tracking requests every day (http://about.van.fedex.com/). To stay
ahead in a highly competitive industry, the company focuses on customer
service by maintaining a comprehensive Web site, FedEx.com, where it assists
customers and reduces costs. For example, every request for information that
is handled at the Web site rather than by the call centre saves an estimated
$1.87. FedEx has reported that customer calls have decreased by 83,000 per
day since 2000, which saves the company $57.56 million per year. And
because each package-tracking request costs FedEx 3 cents, costs have been
reduced from more than $1.36 billion to $21.6 million per year by customers
using the Web site instead of the call centre. Another technology that improves
customer service is Ship Manager, an application installed on customers’ sites
so users can weigh packages, determine shipping charges, and print shipping
labels. Customers can also link their invoicing, billing, accounting, and
inventory systems to Ship Manager. However, FedEx still spends almost $326
million per year on its call centre in order to reduce customers’ frustration when
the Web site is down or when customers have difficulty using it. The company
uses customer relationship management software called Clarify in its call
centres to make customer service representatives’ jobs easier and more
efficient and to speed up response time. (Bidgoli. H.2021,p 38)

Answer the following questions:

1. Is technology by itself enough to ensure high-quality customer service?
2. What are FedEx’s estimated annual savings from using information
technology?
3. What are two examples of information technologies used by FedEx

25 MANCOSA
 Introduction to Information Systems

Revision Questions 1.1

1. There are a number of problems with the way companies store and
manage information. Using your own words, identify and describe
these problems.
2. Knowledge management is nothing new; it is merely a repackaging
of existing information management techniques. Discuss.
3. Discuss the following statement with reference to how an
organisation should react to the Internet. ‘Is the Internet a typhoon
force, a ten times force, or is it a bit of wind? Or is it a force that
fundamentally alters our business?’ (Andy Grove, Chairman of Intel).
4. ‘Enterprise resource planning software is likely to replace packages
used in a single area of the organisation, such as accounting,
logistics, production and marketing.’ Discuss.

MANCOSA 26
Introduction to Information Systems

Unit 1 Answers
Video activity 1.1
1. Information systems is the ability to solve business problems through the use of information technology.
2. The 3 pillars are Technology, business and data.

Think Point 1.1

1. Knowledge workers are defined as high level workers who apply theory and analytical knowledge acquired
through formal training to develop products and services. Knowledge workers must know how to identify
important information from a large database of information that they need to be familiar with. They should be
in a position to weed out less important information and focus on essential information that will help them solve
problems, answer questions, and generate ideas.
(https://corporatefinanceinstitute.com/resources/knowledge/other/knowledge-workers/)

Think point 1.2

Organisations are trying to become more competitive and efficient by digitally enabling their core business
processes and evolving into digital firms. The internet has stimulated globalisation by dramatically reducing the
costs of producing, buying and selling goods on a global scale. New information system trends include the
emerging mobile digital platform, big data (including LoT), more remote management and democratisation of
decision making, machine learning systems, and the growing use of social media in business. Information systems
are a foundation for conducting business

Video Activity 1.2

Technical Decisions:
Technical decisions are mainly made on the core activities of an organisation. These are basic activities relating
directly to the ‘work of the organisation’. Depending on the type of business that the organisation is into, for mining
companies for example their core activities would be exploration, drilling, refining and distribution. Decisions
concerning such activities are basically technical in nature. Therefore, technical decisions are concerned with the
process through which inputs such as people, information or products are converted into outputs by the
organisation.

Managerial Decisions
Such decisions are related to the co-ordination and support of the core activities of the organisation. Managerial
decision-making is also concerned with regulating and altering the relationship between the organisation and its
external environment. In order to maximise the efficiency of its core activities it becomes absolutely important for
management to ensure that these actions are not disrupted by short-term changes in the environment.

27 MANCOSA
 Introduction to Information Systems

Institutional Decisions:
Institutional decisions are made on issues that affect the institution as a whole. Activities that concern diversification
of activities, large-scale capital expansion, acquisition and mergers and various other organisational decisions.
Such decisions obviously involve long-term planning and policy formulation. In the words of Boone and Koontz:
“Institutional decisions involve long-term planning and policy formulation with the aim of assuring the organisation’s
survival as a productive part of the economy and society.” The implication is clear: if an organisation is to thrive in
the long run as a viable organisation, it must occupy a useful, productive place in the economy and society as a
whole. (https://www.businessmanagementideas.com/)

Practical Activity 1.1

Most organisations have resorted to the use of knowledge management systems. The following are some of the
benefits that knowledge management has brought to many organisations.
More efficient workplace
Faster, better decision making
Increased collaboration
Building organisational knowledge
Employee on-boarding and training process is optimised
Increased employee happiness and retention, due to the valuing of knowledge, training, and innovation

Knowledge Check Question 1.1

1. True
2. B
3. C

Activity 1.1
1. Hardware, software, data, people, process.
2. Hardware- Computers, Software- Application & Operating system software, Expertise- database
designers, software engineers etc.
3. A process is a series of steps undertaken to achieve a desired outcome or goal.

Knowledge Check Question 1.2

1. A
2. True

MANCOSA 28
Introduction to Information Systems

Activity 1.2
1. Data is raw facts or observations, typically about physical phenomena or business transactions. .
Information is processed data, which has been placed in a meaningful and useful context for an end user.
2. Data refers to objective measurements of the attributes (characteristics) of entities, such as people,
places, things, and events. Data is subjected to a “value-added” process where its form is aggregated,
manipulated, and organised, its content analysed and evaluated and placed in a proper context for a
human user. Information, therefore, is data that has been made relevant for a specific person to make
decisions. Any report given to a foreman or area manager, remains data until it has been assimilated by
them to make decisions.
3. Learner’s test marks, patients body temperatures etc.

Video Activity 1.3

Input Process Output Feedback
Touch screen Accepting the card, the pin The screen Receipt or transaction
Keypad and cash withdrawal Cash outlet draws slip
Cash inlet draws

Practical Application 1.2

1. The learner’s may use different types of systems that they are familiar with it could be from their work
environments or a system they have encountered. Inputs could be from the environment to the
organisation e.g. customer requests, government requirements etc. Processes include the organisational
processes what the organisation decides to do with the information/ data/ input that it gets from the
environment. The outputs are the products and services from the organisation into the environment.

Think Point 1.4

1. Information systems have resulted in automated systems and processed that have helped businesses to
reduce labour costs. Advertisement costs have also been reduced due to the use of platforms that charge
very little for adverts or marketing content as compared to the use traditional methods. The introduction
of new and improved products and services. Easy and efficient information storage.
2. Due to efficient Information Systems has helped businesses to have consistent management of
organisational, financial and employee information. Most of the corporations have seen a drift in the
process of workflow due to the accuracy and reliability.
3. Reduced labour expenses because of automated data collection, report generation and design tools,
decision making has become easy, fast and companies have become more responsive to opportunities.

29 MANCOSA
 Introduction to Information Systems

Knowledge Check Question 1.3

1. B
2. A

Case Study 1.1

1. Technology on its own is not enough to ensure high quality customer service. In the case of fedex,
customers sometimes face challenges in accessing the website, the website its self is sometimes is down
or processing high volumes of request and it gets overwhelmed. Customers will have to call in to be
assisted therefore technology alone is not enough.
2. Call centre savings = $1.87 + $21.6+ $57.56 = $81.03 million
Fedex’s annual savings is estimated at $81.03million
3. Fedex is using the Customer Relations Management system and the Ship manager

MANCOSA 30
 Introduction to Information Systems

Unit
2: Hardware and Software

31 MANCOSA
 Introduction to Information Systems

Unit Learning Outcomes

CONTENT LIST LEARNING OUTCOMES OF THIS UNIT:

2.1 Introduction  Introduce topic areas for the unit

2.2 What Is Meant by Peripherals?  Describe the trends and developments in microcomputer,
midrange and mainframe computer systems

2.3 What Are Input and Output  Explain what input and output devices are
Devices?

2.4 Storage Trends and Trade-offs  Understand the basic computer hardware concepts as well as
the major types of technologies used in peripheral services for
computer input, output and storage

2.5 Components of a Computer  List the major types and uses of computer peripherals
System

2.6 Types of Computer Systems  Identify the relative computing power provided by different
computing platforms or types of computers

2.7 Networked Computer Systems  Explain the benefits and features of network computer
systems

2.8 Application Software: End User  Identify several major types of system and application
Applications software

2.9 General-purpose Software  Define general purpose software and give examples

2.10 Application-specific Software  Define what application specific software is

2.11 Summary  Summarise topic areas covered in unit

MANCOSA 32
Introduction to Information Systems

Prescribed Textbook:
Below is the prescribed reading for specific to this unit;
 Laudon, K.C. and Laudon, J.P. (2019) Essentials of MIS. Thirteenth
Edition. United States of America: Pearson Education.

Recommended Readings:
Below is the recommended reading for specific to this unit;
 Bridgoli, H. (2021) MIS. Tenth Edition. Stamford, USA: Cengage Learning.
 Stair, R.M. and Reynolds, G.W. (2018) Fundamentals of Information
Systems. Nineth Edition. Boston, USA: Cengage Learning.

33 MANCOSA
 Introduction to Information Systems

2.1 Introduction
The study unit deals with a managerial overview of computer hardware by reviewing the basic types of computer
systems and the major types of computer peripheral devices used for input, output, and storage. An overview will
also be given on computer software by analysing the functions, benefits and the limitations of major types of
systems and application software packages.

2.2 What Is Meant by Peripherals?

Peripheral devices are sometimes referred to as an auxiliary devices, a peripheral is a hardware input
device or output device that gives a computer additional functionality. Peripheral devices are not critical for the
computers performance, but they are an enhancement to the user's experience. A computer system can function
properly without a keyboard or a mouse and this is why they are considered peripherals. Peripheral is the generic
name for all input/output devices and secondary storage devices that depend on direct connections or
Telecommunication links to the central processing unit (CPU) of a computer system.

Knowledge Check Questions 2.1

1. A hard disk is an output device True/ False.
2. A hard disk falls under which category of peripheral devices from the
following.
A. Output
B. Storage
C. Inpu/output

2.3 What Are Input and Output Devices?

2.3.1 Input devices: Hardware used to enter data, information or instructions into a computer-based
information system.
2.3.2 Output devices: translate the results of processing – output into a human readable form.
These devices include:
 pointing devices such as electronic mice, trackballs, pointing sticks and touch-sensitive screens
 pen-based computing such as light pens or digitisers
 video and multimedia input and video output
 printed output by means of printers and plotters to produce permanent (hard copy) output
 voice recognition and voice response; and
 Optical scanning and magnetic data entry

MANCOSA 34
Introduction to Information Systems

Readings
1. Laudon & Laudon. 2022. Management Information Systems 17th
Edition, p 208
2. Bigoli. H. 2021. Management Information Systems 10th edition, p 31

Practical Application 2.1

1. What device would you use to convert handwritten impressions into
coded characters & positional coordinates for input to a computer
2. When using a joystick the button at the top of the joystick is usually
used for

2.4 Storage Trends and Trade-Offs

A Storage device is a piece of equipment that may be used to store, extract data files. Storage devices are able to
store data permanently or temporarily. There are two types of storage devices that is external or internal to the
computer.

Storage devices of computers can be divided into:

1. Primary storage devices: The primary storage of most modern computers consists of the following:
 Volatile memory: Anything held in memory is lost once the power to the computer system is switched off
 Non-volatile memory: Non-volatile memory retains its contents until altered or erased
 Random access memory (RAM): RAM is used as volatile, working storage by a computer, holding
instructions and data that are waiting to be processed
 Read-only memory (ROM): The contents of ROM are fixed and cannot be altered. ROM is non-volatile
 EPROM (erasable programmable read-only memory): This is a form of ROM memory that retains its
contents until changed using a special device known as a ‘burner’
 Cache memory: Used to improve performance by anticipating the data and instructions needed by the
processor. The required data is retrieved and held in the cache, ready to be transferred directly to the
processor when required

35 MANCOSA
 Introduction to Information Systems

2. Secondary storage devices

Secondary storage devices include the following:
 Floppy disk: Consists of a plastic disk, coated with a magnetic covering and enclosed within a rigid plastic
case
 Hard disk: A magnetic medium that stores data upon a number of rigid platters that are rotated at very high
speeds
 Personal video recorder (PVR): A PVR is a sophisticated video recorder that uses a hard disk drive to store
programs. The use of a hard disk drive allows a PVR to offer a range of sophisticated features, such as the
ability to ‘pause’ live broadcasts
 Flash drive: A flash drive is a portable storage device that connects to a computer via a standard USB port.
Flash drives have no moving parts, so are reliable and robust

Knowledge Check Questions 2.2

1. A microphone is used as an input device
A. True
B. False
2. A terabyte is equal to 1 million gigabytes
A. True
B. False
3. Smart lights can be found on networks?
A. True
B. False

2.5 Components of a Computer System

2.5.1 What is a Computer System?
A computer system is a number of interrelated components including hardware and software that work together
with the aim of converting data into information. The components of a computer system include hardware and
software.

2.5.2 Computer Hardware

What is Computer Hardware?
Hardware components are physical devices, such as keyboards, monitors, and processing units (Bidgoli. H
2021.42). Other hardware devices are classified into input and output devices. Hardware used to enter data,
information or instructions into a computer-based information system is referred to as an input device. Hardware
responsible for showing the processed data and information by the computer system is commonly known as an
output device.

MANCOSA 36
Introduction to Information Systems

• Central Processing Unit (CPU): The processor found in a computer system that controls all the computer’s
main functions and enables users to execute programs or process data
• Memory: a temporary means of storing data awaiting processing, instructions used to process data or control
the computer systems and data or information that has been processed
• Output devices: translate the results of processing – output into a human readable form
• Storage devices: a permanent means of storing data and programs until they are required

Practical Application or Examples 2.2

1. If you could build your own personal computer (PC), what components
would you purchase? Put together a list of the components you would
use to build the PC. Include the following, a computer case,
motherboard, CPU, hard disk, RAM, and DVD drive. How will you make
sure that the components are compatible with each other? Follow this
link https://www.intel.com/content/www/us/en/gaming/resources/how-to-
build-a-gaming-pc.html and read about the guidelines and procedures of
building a gaming PC by Intel.

2.6 Types of Computer Systems

There are several major categories of computer systems with a variety of characteristics and capabilities. Thus,
computer systems are typically classified as:
 Mainframe computers: powerful computers used for large-scale data processing
 Minicomputers computers: computers that offer an intermediate stage between the power and mainframe
systems and the relatively low cost of microcomputer systems
 Microcomputers: computers that are considered less powerful than minicomputers and mainframes, but are
more flexible and relatively inexpensive to purchase
 Other types of computers that fall under the microcomputer category are personal computers which include
laptop computer, tablet and smart computer

These categories are attempts to describe the relative computing power provided by different computing platforms
or types of computer. Therefore, they are not precise classifications.

Some experts predict the merging or disappearance of several computer categories. They feel that many midrange
and mainframe systems have been made obsolete by the power and versatility of client/server networks of
microcomputers and servers. Most recently, some industry experts have predicted that the emergence of network
computers and information appliances for applications on the Internet and corporate intranets will replace many
personal computers, especially in large organisations and in the home computer market.

37 MANCOSA
 Introduction to Information Systems

Computer systems are most commonly categorised according to size, processing speed and storage capacity.

3Figure 2.1: Different forms of computer system.

(Source: Bocij et al, 2008)

Activity 2.1
1. A touchscreen monitor falls under which hardware category
2. What are the differences that exist between ROM and RAM?
3. For a computer to be called portable what features should it possess?
4. What are the characteristics of a client/ server network?

MANCOSA 38
Introduction to Information Systems

2.7 Networked Computer Systems

Computer networking refers to connected computing devices such as laptops, desktops, servers, smartphones,
tablets and an ever expanding range of Internet of Things (IoT) devices that include cameras, door locks, doorbells,
refrigerators, audio/visual systems, thermostats and various sensors that communicate with one another.
(https://www.cisco.com/)

The benefits of network computer systems are:

 Networked computer systems allow end users to communicate electronically and share the use of
hardware, software, and data resources
 Networks of small computers have become a major alternative to the use of larger computer systems, as
many organisations downsize their computing platforms. For example, a local area network (LAN) of
microcomputers can replace the use of groups of end user terminals connected to a minicomputer or
mainframe

Video Activity 2.1

Virtualisation is a characteristic of networked computers. Use the video link
below to answer questions that follow about virtualisation.
https://www.youtube.com/watch?v=Ci4jCxzbRJY

1. How do virtual machines communicate with each other?

2. Identify the advantages of virtualisation
3. State any 3 types of virtualisation

The features of networked computer applications include:

 Networked microcomputer systems are used in place of minicomputers and mainframes
 Are easy to install, use, and maintain; and provide a more efficient, flexible, lower-cost alternative to large
computer systems for many applications
 Can share computer power, software, and databases required in time-sharing and resource-sharing
applications
 Networked computers also support work group computing (communicate electronically and share data on
joint projects); and Are used in transaction processing applications
 Software-defined (SDN): In response to new requirements in the "digital" age, network architecture is
becoming more programmable, automated, and open. In software-defined networks, routing of traffic is
controlled centrally through software-based mechanisms. This helps the network to react quickly to
changing conditions

39 MANCOSA
 Introduction to Information Systems

 Intent-based: Building on SDN principles, intent-based networking (IBN) not only introduces agility but
also sets up a network to achieve desired objectives by automating operations extensively, analysing its
performance, pinpointing problematic areas, providing all-around security, and integrating with business
processes
 Virtualised: The underlying physical network infrastructure can be partitioned logically, to create multiple
"overlay" networks. Each of these logical networks can be tuned to meet specific security, quality-of-
service (QoS), and other requirements
 Controller-based: Network controllers are crucial to scaling and securing networks. Controllers automate
networking functions by translating business intent to device configurations, and they monitor devices
continuously to help ensure performance and security. Controllers simplify operations and help
Organisations respond to changing business requirements
 Multi-domain integrations: Larger enterprises may construct separate networks, also called networking
domains, for their offices, WANs, and data centres. These networks communicate with one another
through their controllers. Such cross-network, or multi-domain, integrations generally involve exchanging
relevant operating parameters to help ensure that desired business outcomes that span network domains
are achieved. (https://www.cisco.com/)

Video Activity 2.2

Follow the link below to access a YouTube video that explains computer
networking to allow you to answer the following questions.
Link: https://www.youtube.com/watch?v=tSodBEAJz9Y
1. Explain how businesses setup a private WAN.
2. List the types of resources that can be shared on a computer network
system.
3. What portable devices can be added to a network?
4. Which of the following devices are built into the router in a home network
setup? This question requires 2 answers
A. Wireless access point
B. Switch
C. Smart phone
D. Smart lights

MANCOSA 40
Introduction to Information Systems

MANAGEMENT RESPONSIBILITY
Managers may argue that it is unnecessary to be an expert on information system technology. Computer hardware
and software are vital resources to support business operations, managerial decision making and strategic
advantage. Therefore, you need to understand the basic terminology and concepts which are part of the basic
literacy of business people and managers in an information era.

The responsibility as a manager would be to manage the end users and the effective utilisation of computer
technology in the work environment.

Readings
Additional reading
It is recommended that you refer on a regular basis to the Glossary page for
short descriptions of most of the relevant terms as follows. You can also
discuss the terms with a computer expert at work or with fellow students.

Refer to the glossary page for the following terms:

 Application generator
 Artificial intelligence
 Batch processing
 Business ethics
 Business Information Systems
 Business Process Reengineering
 Chip theft
 Client/Server model
 Competitive Advantage
 Computer criminals
 Cost of ownership
 Critical Success Factors
 Cross licensing agreement
 Database
 Data warehouse
 Decision Support Systems
 Electronic Data Interchange
 Electronic Commerce
 Executive Information Systems

41 MANCOSA
 Introduction to Information Systems

 Expert Systems
 Extranet
 Groupware
 Information
 Intelligent Agent
 Local Area Network
 Management Information System
 Neural Networks
 Online Analytical Processing
 Prototyping
 Systems analysis

Think Point 2.1

1. What is the role of hardware in computer systems?
2. What are the major computer hardware, data storage, input, and output technologies used in
business?
3. What are the principal issues in managing hardware and software technology?
4. What are the advantages and disadvantages of allowing employees to use their personal
Smartphones for work?
5. What are the components of IT infrastructure?

2.8 Application Software: End User Applications

Software can be defined as a series of detailed instructions that control the operation of a computer system.
Software exists as programmes that are developed by computer programmers (Laudon and Laudon; 2013:547).

Systems software: this form of software manages and controls the operation of the computer system as it
performs tasks on behalf of the user.

Application software directs the processing required for a particular use, or application, that you as an end user
want to accomplish. Application software can be divided into two categories, general purpose programs and
application-specific programmes. The various types of application software for end users are discussed in this
study unit. General purpose programmes are those that perform common information processing jobs for end
users. Examples are word processing programmes, spreadsheets programmes, database management
programmes, integrated packages, and graphics programmes. Application-specific programmes are programmes
that support specific applications of end users. Major categories of application-specific programmes include
business application programmes, scientific application programmes, and other application programmes.

MANCOSA 42
Introduction to Information Systems

Practical Application 2.3

The Fourth Industrial Revolution (4IR) has changed the way that Organisations operate. The
Internet of Things (IoT) in particular has changed even how as people we live our lives. Follow
this (https://builtin.com/internet-things/iot-examples) link to read how some companies have
adopted IoT in their business in order to improve the services or products they provide. Can
you identify any solutions here that can benefit your community or organisation? If so, how?

The major software trends important to managerial end users are:

 there is a trend away from custom-designed one-of-a-kind programs developed by the professional
programmers or end users of an organisation, and
 there is, however, a trend towards the use of “off-the-shelf” software packages acquired by end users from
software vendors
 There is also a trend towards the use of user-friendly fourth-generation programming languages. That
makes it easier for end users to develop their own applications

You have to take note of these trends in order to use the available technology to the benefit of the organisation.

2.9 General-Purpose Software

General-purpose applications are programmes that can be used to carry a wide range of common tasks, for e.g. a
word processor. It is often referred as productivity software as it helps to improve the efficiency of an individual.
General-purpose software commonly used by end users includes:
 Software Suites and Integrated Packages
 Web-Browsers
 Electronic Mail
 Word Processing and Desktop Publishing Packages
 Electronic Spreadsheets
 Database Management Packages
 Presentation Graphics and Multimedia Packages
 Personal Information Managers
 Groupware and other business Software
 Search engines

43 MANCOSA
 Introduction to Information Systems

Knowledge Check Questions 2.3

1. A search engine and a web browser are the same. True/ False
2. Electronic spread sheets can be used for accounting purposes. True/
False

2.10 Application-Specific Software

Application-specific software comprises programs intended to serve a specific purpose such as software in the
accounting and marketing function.

Activity 2.2
Which application software (also known as software packages) are you familiar
with? Do you use it to support your work tasks? Explain.
__________________________________________________________

___________________________________________________________
__________________________________________________________
Do you think that these software packages are helpful tools?
__________________________________________________________
__________________________________________________________
__________________________________________________________

2.11 Summary:
This unit focused on the hardware and software required for an information system to function. They various types
of hardware and software were explained. Peripherals is the generic name for all input/output equipment and
secondary storage devices that depend on direct connections or Telecommunications links to the central
processing unit (CPU) of a computer system. Network computer systems are very important in organisations and
the network benefits and features were explained in this unit.

There are several major categories of computer systems with a variety of characteristics and capabilities.
Software can be defined as a series of detailed instructions that control the operation of a computer system.
Software exists as programmes that are developed by computer programmers and there are two types namely:
application software and operating system software.

MANCOSA 44
Introduction to Information Systems

Think Point 2.2

1. What are the uses of software within a computer system?
2. Which type of software helps the hardware components to function
properly within the computer system?
3. What are the advantages of purchasing off-the-shelf software packages?
4. Can you give examples of Web browsers that you have used

Case Study 2.1

You have been offered a new position as an office manager at KFC a fast food
company. It offers drive through, online orders and sit in facilities. Your first
assignment is to assist in setting up and office with networked computers and
other devices that should be used by your team.

Your team consists of 12 members that work in the same office building. Your
team is responsible for creating advertisements to increase sales, create new
exciting menus and responding to online orders.

Twelve machines have been assigned to your office but however some devices
that you had ordered to be delivered at the same time with the computers were
skipped and it is your responsibility to research what those devices will be used
for and how many are required by your office. The devices are listed below:
Printer, Speaker, Camera, Wireless router.

You will fill-in an acquisition form in FULL. You will describe each device and
its purposes. In the acquisition form include the purchase prices as well. An
example has been done for you below.

Items Description amount

Memory stick A flash drive is a portable storage 12 x R1200

device that connects to a computer
via a standard USB port. Flash
drives have no moving parts, so are
reliable and robust. The
64gigabytes memory sticks are the
choice for storing graphical content
like posters. Price range is from

45 MANCOSA
 Introduction to Information Systems

R800 to R2000. Quantity needed is

12 for all 12 users in the office.

Revision Questions 2.1

1. In brief, what is VoIP? If necessary, use the Internet to carry out any
research you need.
2. What are the benefits of VoIP to a business organisation?
3. Can you think of any disadvantages associated with this technology?
4. Suggest at least three ways virtual computing can help an organisation to
reduce costs.
5. When you focus on recovery: the hardware and software you buy
becomes less important.’ How true is this?
6. In your own words, explain how virtual machines can ‘…be moved
around, backed up, or diverted to adjacent or remote systems’.
7. Will network computers and clients make personal computers obsolete?
Using relevant examples, make a case for one side of this argument.
8. Despite still being functional, an obsolete computer system is of little
value to a business organisation. Organisations should continually
upgrade or replace systems in order to keep abreast of changes in
technology. Make a case in favour of or against this argument.

MANCOSA 46
Introduction to Information Systems

Unit 2 Answers
Knowledge check Questions 2.1
1. False
2. B

Practical Application 2.1

1. Writing tablet
2. To select the option pointed by the curser.

Practical application 2.2

Components to purchase:
 Central processing unit (CPU)
 Motherboard
 Memory (RAM)
 Graphics processing unit (GPU)
 Storage
 Power supply unit (PSU)
 System cooling( Fan)
 Mouse
 Keyboard
 Network adaptor
 Monitor
 DVD ROM
To make sure components are compatible purchase from the same vendor or purchase according to the
components performance capacity.

Activity 2.1
1. Input and output device
2. ROM is read only memory it is non-volatile whereas RAM is Random access Memory, it is used to store
information and data that is used by the computer whilst you are working on it. Its contents are lost as soon
as the computer is switched off.
3. It should be light weight, easy to handle and can operate with a use of a rechargeable battery.
4. In a client /server network, the server provides the clients with all required services such as software
applications and other capabilities. The computer processing work is divided between the two. The client is
the user point of entry, whereas the server typically processes and stores shared data, serves up webpages,
or manages network activities.

47 MANCOSA
 Introduction to Information Systems

Video Activity 2.1

1. A private WAN
2. Printer,
3. TRUE
4. PDA, Smart phone
5. A and B

Video Activity 2.1

1. They can communicate through encapsulation
2. i. Cost effective you will reduce number of servers that are needed
ii. Environment friendly as it is a green technology
3. Operating system virtualisation, server virtualisation, desktop virtualisation, network functions
virtualisation

Knowledge Check Questions 2.2

1. A
2. A
3. True

Practical Activity 2.3

1. Students to identify solutions that can benefit their communities and organisations.
 Connected appliances
 Smart home security systems
 Autonomous farming equipment
 Wearable health monitors
 Smart factory equipment
 Wireless inventory trackers
 Ultra-high speed wireless internet
 Shipping container and logistics tracking

Knowledge Check Questions 2.3

1. False
2. True

MANCOSA 48
Introduction to Information Systems

Activity 2.2
Application software examples:
 Word processors
 Web browsers
 Spreadsheets
 Presentation
 Graphics

Think Point 2.2

1. The hardware components allows users to navigate the computer and also allows all software applications
to be stored on the computer.
2. Switches, routers, desktop computers, servers, cameras, scanners, VOIP telephones, etc.
3. The principal issues in managing the hardware and software technology are:
 Scalability and capacity planning
 The business must compare benefits of outsourcing hardware and software to purchasing hardware
and building in-house applications
4. Advantages:
 Employees are familiar with their own devices therefore no need for training
 Flexibility
Disadvantages:
 Privacy and security breaches
 Difficult to secure company data on employees personal devices
5. IT infrastructure includes:
Computer hardware, software applications, network components, data storage

Think point 2.2

1. Software are the programs that are needed for hardware components to function/ accomplish the input
through input devices such as the keyboard, for processing to take place, for the user to have an output
and also for the overall control of activities of information systems.
2. Operating system software
3. Low to No maintenance costs, Affordable, easy to implement,
4. Chrome, Internet Explorer, Mozilla

49 MANCOSA
 Introduction to Information Systems

Case Study 2.1

Items Description Amount
Printer A printer is an output device that will be used to print 1 x 5600
sample posters and other office documents. Price
range is from R3400-6000. Only is needed for the
office.
Speaker A speaker is an output device that is used to 1 x 800
generate. One is required for the office for video and
audio adverts. Price ranges from R400-3000
Camera A camera is an input device used to capture images 1 x 7500
and videos. One is needed for the office price ranges
from R4000- R28000
Wireless router A wireless router is a network device that allows 1 x 1700
computers to connect to the internet. The price
ranges from 800-2500

MANCOSA 50
 Introduction to Information Systems

Unit
3: Telecommunications
and Networks

51 MANCOSA
 Introduction to Information Systems

Unit Learning Outcomes

CONTENT LIST LEARNING OUTCOMES OF THIS UNIT:

3.1 Introduction  Introduce topic areas for the unit

3.2 What are Computer  Identify the business benefits and disadvantages of networks
Networks?

3.3 What is meant by  Describe the importance of telecommunications in your organisation

Telecommunications?

3.4 Types of  Define the types of telecommunications networks

Telecommunications
Networks

3.5 Client Server Computing  List the advantages and disadvantages of client/server computing

3.6 Network Computing  Explain the features of network computing

 Explain Peer-to-Peer network
 Explain what Inter-Enterprise Networks is

3.7 Trends in  Examine trends in telecommunications

Telecommunications

3.8 The Internet  Write how the Internet is enhancing value to business organisations

3.9 E-Commerce  Describe the models of e-commerce

 Describe the key features of e-commerce

3.10 Summary  Summarise topic areas covered in the unit

MANCOSA 52
Introduction to Information Systems

Prescribed Textbook:
Below is the prescribed reading for specific to this unit;
 Laudon, K.C. and Laudon, J.P. (2019) Essentials of MIS. Thirteenth
Edition. United States of America: Pearson Education.

Recommended Readings:
Below is the recommended reading for specific to this unit;
 Bridgoli, H. (2021) MIS. Tenth Edition. Stamford, USA: Cengage Learning.
 Stair, R.M. and Reynolds, G.W. (2018) Fundamentals of Information
Systems. Nineth Edition. Boston, USA: Cengage Learning.

53 MANCOSA
 Introduction to Information Systems

3.1 Introduction
For the modern organisations to operate effectively, the links connecting its people and their computers are vital.
The network links provide the channels for information to flow continuously between people working in different
departments of an organisation, or in different organisations. This allows people to collaborate much more
efficiently than before the advent of networks when information flow was irregular and unreliable. These links allow
hardware such as printers and faxes to be shared more cost-effectively.

This unit focuses on the use of computer networks from the global network of the internet through to small-scale
networks. The benefits of networks are discussed. The basic trends and functions of telecommunications networks
are also explained.

3.2 What Are Computer Networks?

A computer network can be defined as: “a communications system that links two or more computers and peripheral
devices and enables transfer of data between the components”. In its simplest form, a network consists of two or
more connected computers. Each computer on the network contains a network interface card to link the computer
to the network. The connection medium for linking network devices can be a telephone wire, coaxial cable, radio
signal in the case of cell phones and wireless local area networks. (Laudon and Laudon. 2022, p 285)

Computer networks are themselves constructed on different scales. Small-scale networks within a workgroup or
single office are known as local-area networks (LANs). Larger-scale networks which are national or international
are known as wide-area networks (WANs). The internet is the best known example of wide-area network.

3.2.1 What are the business benefits of networks?

Networks are vital to a business. They are important for the cost savings and improved communications that arise
from an internal network. Beyond this, they are truly vital, because they help a business reach out and connect
with its customers, suppliers and collaborators. Through doing this a company can order new raw materials more
rapidly and cheaply from its suppliers and can keep in touch with the needs of its customers.

3.2.2 Benefits of networks

The benefits that networks provide are as follows
 Reduce cost compared to traditional communications
 Reduce time for information transfer
 Enable sharing and dissemination of company information
 Enable sharing of hardware resources such as printers, back up, processing power
 Promote new ways of working
 Operate geographically separate business as one

MANCOSA 54
Introduction to Information Systems

 Restructure relationships with partners

Think Point 3.1

1. Consider a company like Takealot, how is it benefiting from networking
and data communication?

3.2.3 What are the disadvantages of network technology?

To balance against the many benefits, there are, of course, disadvantages with introducing networks. The main
disadvantages are:
 Overreliance on networks for mission-critical applications
 Cost of initial set-up and maintenance
 Disruptions during initial set up and maintenance
 Reduced security due to more external access points to the networks on wide-area networks and the internet

3.3 What is meant by Telecommunications?

Telecommunications is the electronic transmissions of data and information over short and long distances.
Telecommunications allows different types of data to be transmitted over different types of communication medium.
Data in the form of voice, video, text and images can now be transmitted over long distances. Businesses today
cannot be efficient without using telecommunication technologies such as networked computers, mobile phones,
wireless networks and email systems.

3.3.1 The Importance of Telecommunication Networks and Networking in an Organisation

Telecommunications networks and the use of these networks for communication (networking) is important in
today’s organisation for the following reasons:
 Networking permits the sharing of scarce, critical resources such as software, printers, fax machines and
other peripherals
 Networking allows users to share data. Users from different areas within the organisation, as well as those
in different organisations, can all access common databases and this permits the more efficient use of data
 Networking is the key in making distributed data processing and client/server systems feasible. It
interconnects the computer systems of an organisation so their computing power can be shared by end users
throughout the whole organisation
 Networks exchange the communication within the organisation and between organisations. Networking,
therefore, can be used for applications such as information distribution and to build strategic information
systems
 There is a trend towards electronic trade. Computer networks form the basis for electronic trade

55 MANCOSA
 Introduction to Information Systems

 It enhances collaboration and communication among individuals both inside and outside an organisation

Manager as end user and organisations need to electronically exchange data and information with other end users,
customers, suppliers, financial institutions and other organisations. Only through the use of Telecommunications
can managers work their activities, manage organisational resources, and compete successfully in today’s fast
changing global economy.

Many organisations today could not survive without interconnected networks of computers to serve the information
processing and communications needs of their end users.

3.3.2 A telecommunications network model

The conceptual model below shows a telecommunications network. It illustrates that a communications network is
any arrangement where a sender transmits a message to a receiver over a channel consisting of some type of
medium. A telecommunications network consists of five basic categories of components, those are terminals,
telecommunications processors, telecommunications channels, computers, and telecommunications control
software. Turn to the Glossary page for descriptions of unfamiliar terms.

http://www.centuriontel.com/portal/client/faq/index.html?split_network.htm

Knowledge Check Questions 3.1

1. A computer network is an example of a telecommunications network. True/
False
2. Telecommunication happens when there is an exchange of information
between participants with the help of technology. True /False
3. Which of the following devices is not a part of telecommunications?
A. Server
B. Printer
C. Router
D. PBX

MANCOSA 56
Introduction to Information Systems

3.4 Types of Telecommunications Network

There are many different types of telecommunications networks. From an end user point of view, there are two
basic types: wide area networks (WAN) and local area networks (LAN). It is important to note that there is a growing
trend toward the increased use of LAN’s and WAN’s as an alternative to the use of terminals connected to
minicomputers or smaller mainframes for end user computing in many organisations.

3.4.1 Wide Area Network (WAN)

A wide area network can span several cities, provinces, or even countries, and it is usually owned by several
different parties. The data transfer speed depends on the speed of its interconnections called links and can vary
from 28.8 Kbps to 155 Mbps. For example, a WAN can be useful for a company headquartered in Cape Town,
with 30 branch offices in 6 provinces. The WAN makes it possible for all branch offices to communicate with
headquarters sending and receiving information. (Bidgoli. H, 2021. p155)

The most common and powerful WAN is the internet. Computers connect to a WAN through public networks, such
as the telephone system or private cable systems and also through leased lines or satellites.

These networks cover areas such as:

 A large city or metropolitan area
 A whole country; or
 Many countries and continents

WAN’s may consist of a variety of cable, satellite, and microwave technologies.

4 Figure 3.2: A wide-area network (WAN)

(Source: Bidgoli. H, 2021)

57 MANCOSA
 Introduction to Information Systems

3.4.2 Local Area Network (LAN)

A LAN consists of a single network segment or several connected segments that are limited in extent, hence local.
LAN’s use a powerful microcomputer with a large disk capacity as a file server or network server that contains a
network operating system program (e.g. Novell) that controls telecommunications and the use of network
resources. A LAN connects workstations and peripheral devices that are in close proximity. Usually, a LAN covers
a limited geographical area, such as a building or campus, and one company owns it. Its data transfer speed varies
from 100 Mbps to 10 Gbps LANs may be connected to WANs by communication processors forming a common
interface called a gateway. LANs are used to share resources such as printers and to integrate services such as
e-mail and file sharing.

Some of the characteristics of LAN’s include the following:

 LAN’s use a variety of telecommunications media, such as ordinary telephone wiring, coaxial cable, or
wireless radio systems to interconnect microcomputer workstations and computer peripherals
 Ethernet is the dominant LAN standard at the physical network level, specifying the physical medium to
carry signals between computers, access control rules, and a standardised set of bits that carry data over
the system
 LAN’s allow end users in a work group to communicate electronically; share hardware, software, and data
resources; and pool their efforts when working on group projects

5 Figure 3.3: a small workgroup network connecting a single server to three PCs and a laser printer.

(Source: Bidgoli. H, 2021)

MANCOSA 58
Introduction to Information Systems

Think Point 3.2

1. Looking at the LAN, is it possible to create a LAN without having a
server to control that network?

3.5 Client Server Computing

Client Server computing is a grown trend in most organisations. Computing power has rapidly become distributed
and interconnected throughout many organisations through networks of all types of computers.

3.5.1 Characteristics of a client/server network are:

 End user microcomputer workstations are the clients
 Clients are interconnected by local area networks and share application processing with LAN servers, which
also manage the networks
 LANs may be interconnected to other LANs and wide area networks of client workstations and servers.

3.5.2 Benefits of client server computing include:

The main advantage of the client/server architecture is its scalability, meaning its ability to grow. Client/server
architectures can be scaled horizontally or vertically. Horizontal scaling means adding more workstations
(clients), and vertical scaling means migrating the network to larger, faster servers. (Bidgoli.H, 2021, 161)
 Clients (end users) can perform some or most of the processing of their business applications
 LAN servers can share application processing, manage work group collaboration, and control common
hardware, software, and databases
 Data can be completely processed locally, where most inputs and outputs must be handled
 Provides access to the workstations and servers in other networks
 Computing processing is more tailored to the needs of the end users
 Increases information processing efficiency and effectiveness as users are more responsible for their own
application systems
 Allows large central-site computers to handle the jobs they do best, such as high-volume transaction
processing, communications network security and control, and maintenance and control of large corporate
databases
 Clients at local sites can access the corporate super servers to receive corporate wide management
information or transmit summary transaction data reflecting local site activities

59 MANCOSA
 Introduction to Information Systems

Video Activity 3.1

https://www.youtube.com/watch?v=L5BlpPU_muY
1. What is a network server
2. What are the roles of a network server on a LAN?
3. Explain the client server network model?

3.6 Network Computing

The growing reliance on the computer hardware, software, and data resources of the Internet, Intranets, extranets,
and other networks has emphasised that for many users “the network is the computer”. This network computing,
or network-centric, concept views networks as the central computing resource of any computing environment. It
appears to be the architecture that will take computing into the next century.

3.6.1 Features of network computing include:

 Network computers provide a browser-based user interface for processing small application programs called
applets
 Network computers are microcomputers without floppy or hard disk drives that are designed as low-cost
networked computing devices
 Servers provide the operating system, applets, databases, and database management software needed by
the end users in the network

3.6.2 Peer-to-Peer networks

The emergence of peer-to-peer (P2P) networking technologies and applications is being hailed as a development
that will revolutionise E-business and E-commerce and the Internet itself. It is a simple type of LAN which provides
sharing of files and peripherals between PCs.

Practical Application or Examples 3.1

A simple example of a Peer-to-Peer network is when you connect your mobile
phone to your PC /Laptop via Bluetooth or cable for the purpose of transferring
files.

Use your smart phone and Laptop to connect using Bluetooth technology and
access files in your smart phone and / or transfer some files from your PC to
your phone.

MANCOSA 60
Introduction to Information Systems

3.6.3 Inter-Enterprise Networks

Many applications of telecommunications can be classified as inter-enterprise networks. Businesses are using
telecommunications to:
 Link a company’s wide area and local area networks to the networks of customers and suppliers both
domestically and internationally
 Build new strategic business relationships and alliances with their stakeholders in an attempt to increase and
lock in their business, while locking out competitors
 Reduce transaction-processing costs
 Increase the quality of service
 Connect to information service providers, and other external organisations to provide better information for
management decision-making

Distributed Processing is where information-processing activities in an organisation are accomplished by a

network of computers interconnected by telecommunications links instead of relying on one large centralised
computer facility or on the decentralised operation of several independent computers.

Think Point 3.3

1. Why do you think organisations use telecommunications? What are the

benefits?
2. Describe an effective e-mail and Web use policy for a company.
3. Are you familiar with the Internet?
4. Do you think that the Internet can be to the benefit of managers? Explain.
5. Do you agree with the following statement: “The only way to compete in the
global society is to do business electronically? Therefore, organisations
should use the Internet as a vehicle for international trade”. Explain.

3.7 Trends in Telecommunications

There is definitely a change in the business use of telecommunications. The trend toward more vendors, services,
advanced technologies, and open systems dramatically increase the number of feasible applications.
Telecommunications, therefore, is playing a more important role in support of the operations, management, and
strategic objectives of both large and small companies. The difference between analogue and digital network
technologies, the various communication media, the trend towards open systems and the application trends should
be noted.

The trend is towards the pervasive use of telecommunications networks in support of business operations,
managerial decision-making, and strategic advantage in domestic and global markets.

61 MANCOSA
 Introduction to Information Systems

3.7.1 Key Concepts in telecommunications

Analogue: analogue data are continuous in that an infinite number of values between two given points can be
represented
Digital: Digital data can only represent a finite number of discrete values.

Activity 3.1
Describe the current trends that have been observed in the telecommunication sector with
regards to business organisations.

MANAGEMENT RESPONSIBILITY
Telecommunications is so important in organisations that any manager has to be aware of the telecommunications
trends in the industry, otherwise, the organisation could fall in the trap of poor decisions or investments in this
minefield. This could lead to a situation where the organisation is unable to compete with rival organisations. A
basic knowledge of the technology trends is also important to enable the managers to make the right decisions in
obtaining and managing telecommunications technology in your organisation.

3.8 The Internet

The simplest way in which the internet can be described is as a global network system made up of smaller systems.
The history and origin of the internet as a business tool is surprising since it has taken a relatively long time to
become an essential part of business. The internet was conceived by the Defence Advanced Research Projects
Agency (DARPA), an American intelligence organisation in 1969 (Laudon and Laudon; 2015:190).

The internet began to achieve its current form in 1987, growing from systems developed by DARPA and the
National Science Foundation (NSF). The internet is only the latest of a series of developments through which the
human race has used technology to disseminate information.

3.8.1 The distinguishing features of the Internet can be summarised as follows:

 The Internet does not have a central computer system or telecommunications centre. Instead, each message
sent on the Internet has an address code so any computer in the network can forward it to its destination
 The Internet does not have a headquarters or governing body
 The usage of the Internet is growing rapidly. This high level of traffic on the net makes it very slow. That is a
major problem
 The most popular Internet application is e-mail. Other applications include assessing files and databases from
libraries and organisations, and holding real-time conversations with other Internet users
 The Internet supports bulletin board systems

MANCOSA 62
Introduction to Information Systems

3.8.2 Difference between Intranet and Extranet

Intranet is a private network within a single company using internet standards to enable employees to share
information using e-mail and web publishing. Extranet is formed by extending the intranet beyond a company to
customers, suppliers and collaborators (Laudon and Laudon; 2013:55).

Video Activity 3.2

Due to globalisation we have seen companies opening different branches all
over the world. To enable their offices to communicate and share data other
resources securely, multi-nationals, other small and medium companies are
making use of Virtual Private Networks. Use the video link below for more
information on VPNs.
Link: https://www.youtube.com/watch?v=CWy3x3Wux6o

6 Figure 3.4 Illustration of Intranet, extranet and the Internet

https://bus206.pressbooks.com/back-matter/appendix/

63 MANCOSA
 Introduction to Information Systems

Cloud Computing
What is cloud computing?
Cloud computing is the on-demand delivery of Information Technology resources over the Internet with pay-as-
you-go pricing. Instead of buying, owning, and maintaining physical data centres and servers, you can access
technology services, such as computing power, storage, and databases, on an as-needed basis from a cloud
provider like Amazon Web Services, Microsoft Azure and Google Cloud (https//www.content.aws.training).

Types of cloud of computing

Infrastructure as a Service (IaaS)
Infrastructure as a Service, sometimes abbreviated as IaaS, contains the basic building blocks for cloud IT and
typically provide access to networking features, computers (virtual or on dedicated hardware), and data storage
space. Infrastructure as a Service provides you with the highest level of flexibility and management control over
your IT resources and is most similar to existing IT resources that many IT departments and developers are familiar
with today. (https//www.content.aws.training).

IaaS is also called hardware as a service (HaaS), it is a type of cloud computing service whereby computer
infrastructure is delivered as a service. The service provider owns the equipment and is responsible for housing,
running, and maintaining it. This model is particularly popular in data centres where the infrastructure is used as
an outsourced service and the centre is billed only on usage and how much of the service is used. (Bidgoli.H, 2021.
P 372)

Platform as a service (PaaS)

Platforms as a service remove the need for Organisations to manage the underlying infrastructure (usually
hardware and operating systems) and allow you to focus on the deployment and management of your applications.
This helps you be more efficient as you don’t need to worry about resource procurement, capacity planning,
software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your
application. (https//www.content.aws.training).

Platform as a service provides a computing platform and a solution as a service. Clients use the platform and
environment to build applications and services over the Internet. PaaS services are hosted in the cloud and
accessed by clients through their Web browsers. PaaS automates the configuration, deployment, and ongoing
management of applications in the cloud. Popular examples include AWS Elastic Beanstalk, Windows Azure,
Heroku.com, Force.com, Google App Engine, Apache Stratos, and Red Hat’s OpenShift. . (Bidgoli.H, 2021. P 372)

MANCOSA 64
Introduction to Information Systems

Software as a Service
Software as a Service provides you with a completed product that is run and managed by the service provider. In
most cases, people referring to Software as a Service are referring to end-user applications. With a SaaS offering
you do not have to think about how the service is maintained or how the underlying infrastructure is managed; you
only need to think about how you will use that particular piece of software. A common example of a SaaS
application is web-based email where you can send and receive email without having to manage feature additions
to the email product or maintaining the servers and operating systems that the email program is running on.
(https//www.content.aws.training).

Practical Application 3.2

1. What is the cloud computing infrastructure that creates a development
environment upon which applications may be build?
2. State the cloud computing service model in which hardware is virtualised in
the cloud.
3. Identify a classic model/ models of an IaaS service model?

3.8.3 Important Key Concepts

Firewall: a specialised software application mounted on a server at the point where the company is connected to
the internet. Its purpose is to prevent unauthorised access into the company from outsiders.
World Wide Web: the most common technique for publishing information on the internet. It is accessed through
web browsers which display web pages of embedded graphics and HTML/XML-encoded text.
Businesses’ use of the Internet is expanding rapidly for several reasons:
 Ease of world-wide communications with colleagues, consultants, customers and suppliers
 Links workstations together to form virtual work groups to work on joint projects such as product development,
marketing campaigns, and scientific research
 Allows for collaboration through Internet’s global e-mail and bulletin board systems (BBS)
 Access to a vast range of information provided by the networks on the Internet
 The Internet represents the wave of the future in business telecommunications and
 Special software programs are required to access the Internet. Examples include Gopher, Mosaic, Netscape
and Explorer

Video Activity 3.3

With the use of the internet, most of our electronic data is now stored on the
cloud. Use the video below to answer the following questions on cloud
computing.
Link: https://www.youtube.com/watch?v=mxT233EdY5c

65 MANCOSA
 Introduction to Information Systems

1. What are the different uses of cloud computing?

2. What type of resources are offered by cloud computing?
3. It is possible to access resources in real-time using cloud computing?
TRUE/FALSE

3.9 E-Commerce
Electronic commerce (e-commerce) is defined as sharing business information, maintaining business
relationships, and conducting business transactions through the use of telecommunication networks. What is
referred to as traditional e-commerce has been conducted using EDI, enterprise-wide messaging systems, fax
communication, bar coding, and other private local area network and wide area network systems. E-commerce is
also about reorganising internal business processes and external business alliances and creating new consumer-
oriented products and services globally. The term e-business is sometimes used interchangeably with the term
e-commerce to refer to this broader concept.

3.9.1 E-Commerce Models

There are several forms of e-commerce, or e-commerce models, based on who is involved in the
transaction:
 Business-to-business (B2B). The business-to-business (B2B) model represents inter-
Organisational information systems in which a company handles transactions within its own value
chain or with other businesses and Organisations
 Business-to-consumer (B2C). The business-to-consumer (B2C) model represents retailing
transactions between a company and individual customers

Activities involved in B2C e-commerce

1. Information sharing— A B2C e-commerce Company can use a variety of methods to share
information with its customers, such as company Web sites, online catalogues, e-mail, online
advertisements, video conferencing, message boards, and newsgroups
2. Ordering—Customers can use electronic forms or e-mail to order products from a B2C site
3. Payment—Customers have a variety of payment options, such as credit cards, e-checks, and
digital wallet. Electronic payment systems are discussed in the section titled “E-Commerce
Supporting Technologies.” (Bidgoli,H. 2021, p223)
4. Consumer-to-consumer (C2C). The consumer-to-consumer (C2C) model represents individuals
who are selling and buying directly with each other via a Web site

3.9.2 The key features of E-commerce

Most of us have become so used to the Internet that we take it for granted. Let’s look at the factors that make e-
commerce so different from anything we’ve seen before (Laudon and Laudon; 2015:296 - 298).

MANCOSA 66
Introduction to Information Systems

Ubiquity: 24/7 365 days a year, anytime, anywhere. New market spaces change the balance of power from
being business-centric to customer-centric. Transactions costs for both businesses and customers are reduced.

Global Reach: The Internet opens markets to new customers. If you live in New York City and yearn for fresh
Montana-grown beef, you can order it from a Web site and receive it the next day. You benefit from new markets
previously not available, and the Montana rancher benefits from new customers previously too expensive to reach.

Universal standards: One of the primary reasons e-commerce has grown so quickly and has become so wide-
spread is due to the universal standards upon which the technology is built. Businesses don’t have to build
proprietary hardware, software, or networks in order to reach customers thereby keeping market entry costs to a
minimum. Customers can use the universally accepted Internet tools to find new products and services quickly
and easily thereby keeping search costs to a minimum. It truly is a win-win situation for both sides.

Richness: The richness of information available to customers, coupled with information that merchants are able
to collect about them, is opening up new opportunities for both businesses and consumers. Consumers can access
more information than was previously available and businesses collect more information than they were previously
able to. Now, instead of trying to gather information about businesses or consumers from multiple sources, both
parties can use the Internet to cobble together more information than ever. And do it much easier and faster than
ever before.

Interactivity: E-commerce originally presented simple, static Web sites to customers with limited possibilities of
interactivity between the two. Now, most major retailers and even small shops, use a variety of ways to
communicate with customers and create new relationships around the globe.

Information Density: While many people complain about having too much information pouring from the Internet,
it provides information density like no other medium. Consumers enjoy price transparency allowing them to
comparison shop quickly and easily. Cost transparency is another benefit consumers enjoy that they’ve never
had available as readily as what they can find on the Internet. On the other hand, merchants gather much more
information about customers and use it for price discrimination.

Personalisation/Customisation: The neighbourhood merchant probably knows most customers by name and
remembers their personal preferences. That same comfortable relationship can now be extended to the Internet
through a variety of personalisation and customisation technologies. Interactivity, richness, information density,
and universal standards help make it possible.

67 MANCOSA
 Introduction to Information Systems

Social Technology: User Content Generation and Social Networking: Social networks are no longer limited
to those people living in your immediate, physical neighbourhood or even the same town or city. Your social
network can now extend to all four corners of the world. More and more content is being generated by users like
video, audio, graphics, and pictures.

Activity 3.2
The COVID-19 pandemic has disrupted how many Organisations were
operating. Some have chosen to adopt E-Commerce as a solution. Can you
identify an organisation or business that has introduced E-Commerce in their
business? Describe how this E-Commerce solution has helped that business.

3.10 Summary
A computer network is a set of computers connected together for the purpose of sharing resources. The most
common resource shared today is connection to the Internet. Other shared resources can include a printer or a file
server. The growing reliance on the computer hardware, software, and data resources of the Internet, Intranets,
extranets, and other networks has emphasised that for many users “the network is the computer”.

The trend is towards the pervasive use of telecommunications networks in support of business operations,
managerial decision-¬making, and strategic advantage in domestic and global markets

Knowledge Check Questions 3.2

1. A LAN can either be wireless or wired? True/false
2. Which of the following is a benefit of cloud computing?
A. Sharing resources
B. Benefits from huge economies of scale
C. Unlimited internet access
D. All of the above
3. Transaction costs are higher in digital markets than traditional markets?
True/false

Case Study 3.1

As a marketing director of an existing clothing store. You have been tasked
with improving the stores e-commerce and digital presence. The store already
has a running website that was launched years ago but however the online
store has not been doing so well and you need to make recommendations as
to how you can improve the performance of the online store.

MANCOSA 68
Introduction to Information Systems

Identify personnel, resources and other e-commerce services that can be used
to improve this situation.

Revision Questions 3.1

1. Do you think that the introduction of client/server system has been
worthwhile to businesses?
2. There are many possible benefits of company-wide networks. Is it
possible for them to be achieved without changing working practices?

69 MANCOSA
 Introduction to Information Systems

Unit 3 Answers
Think point 3.1
Takealot can be defined as a virtual company and because of the introduction of networking and data
communication it has been made possible for the company to operate across geographical boundaries and be
able to get customers all over the country.
Data communications has made it possible for Takealot to effectively do business through efficient networks and
other telecommunication media.
Knowledge Check Questions 3.1
1. True
2. True
3. B

Think Point 3.2

A local area network (LAN) is a collection of devices connected together in one physical location, such as a building,
office, or home. A LAN can be small or large, ranging from a home network with one user to an enterprise network
A peer-to-peer LAN doesn't have a central server and cannot handle heavy workloads like a client/server LAN can,
and so they're typically smaller. On a peer-to-peer LAN, each device shares equally in the functioning of the
network. The devices share resources and data through wired or wireless connections to a switch or router. Most
home networks are peer-to-peer with thousands of users and devices in an office or school.

Video Activity 3.1

1. A server is a remote computer on the network that provides information or services in response to client
requests.
2. The server determines who gets access to what and in which sequence.
3. In the client/server model, software runs on the local computer (the client) and communicates with the
remote server to request information or services. The steps are as follows:-
 The user runs client software to create a query
 The client accepts the request and formats it so the server can understand it
 The client sends the request to the server over the network
 The server receives and processes the query
 The results are sent to the client

Practical Application 3.1

1. Switch on Bluetooth on both your laptop and your smart phone. Scan to enable connectivity between
the two.
2. A passcode maybe shared to allow the devices to connect and share data.

MANCOSA 70
Introduction to Information Systems

Think point 3.3

1. Organisations use telecommunications for effective communications within the organisation and with its
stakeholders. It allows employees to communicate easily from wherever they are located.
Telecommunications can allow flexible working hours.
Businesses are using telecommunications to:
 Cut costs
 Improve the collaboration of work groups
 Develop on-line operational processes
 Share resources
 Lock in customers and suppliers
 Develop new products and services
 Breaking down of time, geographic and structural barriers
 Link a company’s wide area and local area networks to the networks of customers and suppliers both
domestically and internationally
 Build new strategic business relationships and alliances with their stakeholders in an attempt to increase and
lock in their business, while locking out competitors
 Increase the quality of service; and
 The connection to information service providers, and other external organisations provides better information
for management decision-making
2. Policies differ from organisation to organisation however, employees should be reminded to only use work
emails for work related issues, to not open emails from unknown sources especially the ones that come with
attachments. When browsing the Web employees should be careful not to download unnecessary files from
the internet. Organisations should put in place access controls that prohibit access to unsafe websites,
suspicious incoming emails etc.
3. Students responses may vary
4. The internet is beneficial to most organisations therefore and for businesses to improve its performance they
should consider going digital.
5. The most effective way that organisations can grow is via the use the internet. Companies can grow globally
and be able to manage all its branches through the effective use of internet.

Activity 3.1
Answering Guide
1. Choose a business that you are familiar with.
2. Highlight how this business has used the changing trends in telecommunication.

71 MANCOSA
 Introduction to Information Systems

Video activity 3.2

1. Data backups and archiving, disaster recovery, software testing and development, big data analytics
2. Resources offered by cloud computing: IaaS, PaaS, SaaS,
3. TRUE

Practical Application 3.2

1. IaaS
2. IaaS
3. AWS

Activity 3.2
Answering Guide: Identify an organisation and describe how Ecommerce has assisted that business in ensuring
that it survives the COVID-19 pandemic.

Video Activity 3.3

1. Uses of cloud computing are,
i. data backups,
ii. disaster recovery,
iii. email,
iv. virtual desktops
v. big data analytics
vi. Customer facing applications
2. Resources offered by cloud computing are, infrastructure, software, platforms and storage.
3. True

Knowledge Check 3.2

1. TRUE
2. B
3. FALSE

Case Study 3.1

1. The store needs to update its website to an exchange website to allow for customers to search and
purchase products, employ and experienced digital marketer, Social media manager and also brand
ambassadors that have a huge social media following this has worked for a lot of businesses.
The use of other online market places such as Takealot, Zando, Amazon etc.

MANCOSA 72
Introduction to Information Systems

Unit
4: Managing Information Security
and Ethical Challenges

73 MANCOSA
 Introduction to Information Systems

Unit Learning Outcomes

CONTENT LIST LEARNING OUTCOMES OF THIS UNIT:

4.1 Introduction  Introduce topic areas for the unit

4.2 The Need for Controls  Provide an explanation of the need for control in information systems

4.3 Common Threats to  Describe the most common threats faced by information systems
Information Systems

4.4 E-Business Security  Outline several types of information system controls, procedural
controls and facility controls that can be used to ensure the quality and
4.5 E-Business System
security of information systems
Controls and Audits

4.6 Professionalism, Ethics  List several ethical principles that affect the use and management of
and Morality information technology

4.7 Privacy Issues  Examine the privacy issues related to information systems

4.8 Social Issues  Write the social and legal issues related to information systems

4.9 Legal Issues  Recall and list the principles of the POPI Act and the UK Data
Protection Act 1984

4.10 The Heartbleed Bug  Explain how leaks can be prevented within an information system.

4.11 Summary  Summarise topic areas covered in unit

MANCOSA 74
Introduction to Information Systems

Prescribed Textbook:
Below is the prescribed reading for specific to this unit;
 Laudon, K.C. and Laudon, J.P. (2019) Essentials of MIS. Thirteenth
Edition. United States of America: Pearson Education.

Recommended Readings:
Below is the recommended reading for specific to this unit;
 Bridgoli, H. (2021) MIS. Tenth Edition. Stamford, USA: Cengage Learning.
 Stair, R.M. and Reynolds, G.W. (2018) Fundamentals of Information
Systems. Nineth Edition. Boston, USA: Cengage Learning.

75 MANCOSA
 Introduction to Information Systems

4.1 Introduction
This unit discusses the threats to computer systems with regard to business and the defences and control needed
for, the performance and security of e-business systems. The moral, legal and ethical responsibilities of those
involved in designing, developing and managing computer-based information systems are also explained.

4.2 The Need for Controls

Controls upon information systems are based upon 2 underlying principles:
 The need to ensure the accuracy of the data held by the organisation
 The need to protect against loss or damage
Access controls are designed to protect systems from unauthorised access in order to preserve data integrity.
The following are the two widely used access controls: terminal resource security and passwords.
Terminal Resource Security
It is a software feature that erases the screen and signs the user off automatically after a specified length of
inactivity. This method of access control prevents unauthorised users from using an unattended computer to
access the network and data. Some programs also allow users to access data only during certain times, which
reduces break-in attempts during off hours.

Passwords
It is a combination of numbers, characters, and symbols that is entered to allow access to a system. A password’s
length and complexity determines its vulnerability to discovery by unauthorised users. For example, p@s$w0rD is
much harder to guess than password. The human element is one of the most notable weaknesses of password
security because users can forget passwords or give them to an unauthorised user
(Intentionally or unintentionally). (Bidgoli,H.2021, p124)

MANCOSA 76
Introduction to Information Systems

Knowledge Check Questions 4.1

1. Network security consists of__________.
A. Protection
B. Detection
C. Reaction
D. All of the above

2. Which of the following process is used to verify the identity of a user on a

network?
A. Authentication
B. Identification
C. Validation
D. Verification

4.3 Common Threats to Information Systems

Accidents
• Inaccurate data entry. As an example, consider a typical relational database management system, where
update queries are used to change records, tables and reports. If the contents of the query are incorrect,
errors might be produced within all of the data manipulated by the query. Although extreme, significant
problems might be caused by adding or removing even a single character to a query
• Attempts to carry out tasks beyond the ability of the employee. In smaller computer-based information
systems, a common cause of accidental damage involves users attempting to install new hardware items or
software applications. In the case of software applications, existing data may be lost when the program is
installed or the program may fail to operate as expected
• Failure to comply with procedures for the use of organisational information systems. Where organisational
procedures are unclear or fail to anticipate potential problems, users may often ignore established methods,
act on their own initiative or perform tasks incorrectly
• Failure to carry out backup procedures or verify data backups. In addition to carrying out regular backups of
important business data, it is also necessary to verify that any backup copies made are accurate and free
from errors
• Update query: Used to change records, tables and reports held in a database management system

Natural disasters
• All information systems are susceptible to damage caused by natural phenomena, such as storms, lightning
strikes, floods and earthquakes
• In Japan and the United States, for example, great care is taken to protect critical information systems from
the effects of earthquakes

77 MANCOSA
 Introduction to Information Systems

• Although such hazards are of less concern for instance, in Europe, properly designed systems will make
allowances for unexpected natural disasters

Sabotage
• Deliberate deletion of data or applications
• Logic bomb: Sometimes also known as a time bomb, a logic bomb is a destructive computer program that
activates at a certain time or in reaction to a specific event
• Back door: A section of program code that allows a user to circumvent security procedures in order to gain
full access to an information system
• Data theft: This can involve stealing sensitive information or making unauthorised changes to computer
records
• Accidental deletion

Unauthorised use
• Hacker: Hackers are often described as individuals who seek to break into systems as a test of their abilities.
Few hackers attempt to cause damage to systems that they access and few are interested in gaining any
sort of financial profit
• Cracker: A person who gains access to an information system for malicious reasons is often termed a cracker
rather than a hacker. This is because some people draw a distinction between ‘ethical’ hackers and malicious
hackers

Computer viruses
Computer virus: This is a computer programme that is capable of self-replication, allowing it to spread from one
‘infected’ machine to another. Whilst some methods such as logic bombs are beginning to decline, others like the
release of the virus construction kits are becoming more common. For example, parasitic viruses insert copies of
themselves into legitimate programs. Macro viruses are created using high level programming languages.
Two other kinds of programmes are related to computer viruses: worms and Trojans.

Worms are independent computer programs that copy themselves from one computer to another over a network.
Unlike viruses worms can operate on their own without attaching to other files and rely less on human interaction
to spread from computer to computer.

A Trojan is a software program that appears to be benign but then does something other than expected. A Trojan
horse does not self-replicate therefore it is not a virus but it is often a way for viruses to be introduced into the
computer.

MANCOSA 78
Introduction to Information Systems

Spyware represents a new type of threat for business and home users. In general, spyware describes a category
of software designed to capture and record confidential information without a user’s consent. (Laudon and Laudon;
2022:332).

4.4 E-Business Security

Video Activity 4.1

Let’s take a look at the video in the link:
https://www.youtube.com/watch?v=inWWhr5tnEA it discusses cyber security
and cyber threats that we should look out for. Answer the following questions.
1. Identify any 2 examples of Malware.
2. Describe a phishing attack? You can use examples.
3. How can a man in the middle attack be prevented?
4. What are the benefits of using a firewall?
5. Identify types of cyber-attacks that are likely to affect large
cooperates

There are many significant threats to the security of E-business and E-commerce. Business managers and
professionals alike are responsible for the security, quality, and performance of the business systems in their
business units.

4.4.1 Internetworked Security Defence

Security of today’s internetworked E-business enterprises is a major management challenge. Vital network links
and business flows need to be protected from external attack by cyber criminals or subversion by the criminal or
irresponsible acts of insiders. This requires a variety of security tools and defensive measures and a coordinated
security management program.

4.4.2 Encryption
Data encryption transforms data, in plaintext or clear text, into a scrambled form called cipher text that cannot be
read by others. The rules for encryption, known as the encryption algorithms, determine how simple or complex
the transformation process should be. The receiver then unscrambles the data by using a decryption key. There
are many different encryption algorithms used. One of the oldest encryption algorithms, used by Julius Caesar, is
a simple substitution algorithm in which each letter in the original message is replaced by the letter three positions
farther in the alphabet.(Bidgoli.H,2021, p138)

79 MANCOSA
 Introduction to Information Systems

Encryption characteristics include:

 Passwords, messages, files, and other data can be transmitted in scrambled form and unscrambled by
computer systems for authorised users only
 Encryption involves using special mathematical algorithms, or keys, to transform digital data into a scrambled
code before they are transmitted, and to decode the data when they are received
 The most widely used encryption method uses a pair of public and private keys unique to each individual. For
example: E-mail could be scrambled and encoded using a unique public key for the recipient that is known to
the sender. After the E-mail is transmitted, only the recipient’s secret private key could unscramble the
message
 Encryption programs are sold as separate products or built into other software used for the encryption process.
 There are several competing software encryption standards, but the top two are RSA and PGP

A commonly used encryption protocol is Secure Sockets Layer (SSL), which manages transmission security on
the Internet. As you browse on the World Wide Web, check in the address bar if the website starts with https it
means the website is protected and it is close to impossible for hackers to intercept you transactions. When it http
without the s, just know that the connection is not secure and you should be careful not to share sensitive
information.

However, a more safe recent cryptographic protocol is Transport Layer Security (TLS), which safeguards data
security and integrity over public networks, such as the Internet. Similar to SSL, TLS encrypts the network segment
used for performing transactions.

Readings
Bidgoli H. Management Information Systems 10Th edition, p. 98

4.4.3 Firewalls
Fire Wall computers and software is another important method for control and security on the Internet and other
networks. A network firewall can be a communications processor, typically a router, or a dedicated server, along
with firewall software (Laudon and Laudon; 2015:243). Firewall computers and software characteristics include:
 A firewall serves as a “gatekeeper” computer system that protects a company’s intranets and other computer
networks from intrusion by serving as a filter and safe transfer point for access to and from the Internet and
other networks
 A firewall computer screens all network traffic for proper passwords and other security codes, and only allows
authorised transmissions in and out of the network

MANCOSA 80
Introduction to Information Systems

 Firewalls have become an essential component of organisations connecting to the Internet, because of its
vulnerability and lack of security
 Firewalls can deter, but not completely prevent, unauthorised access (hacking) into computer networks. In
some cases, a firewall may allow access only from trusted locations on the Internet to particular computers
inside the firewall. Or it may allow only “safe” information to pass
 In some cases, it is impossible to distinguish safe use of a particular network service from unsafe use and so
all requests must be blocked. The firewall may then provide substitutes for some network services that perform
most of the same functions but are not as vulnerable to penetration

In addition to firewalls, information security companies have come up with intrusion detection tools and services to
protect against suspicious network traffic and attempts to access information. Intrusion detection systems
feature full-time monitoring tools placed at the most vulnerable points or hot spots of corporate networks to detect
and deter intruders continually.

The system generates an alarm if it finds a suspicious activity. Scanning software looks for patterns that show any
known methods of computer attacks such as bad passwords, checks to see whether important files have been
removed or changed, and sends warnings of vandalism or system administration errors. The intrusion detection
tool can also be customised to shut down a particularly sensitive part of a network if it receives unauthorised traffic.

Practical Application or Examples 4.1

Credit / Debit card fraud
Identity theft is on the rise and it can happen to anyone of us. Imagine someone
taking over your identity to apply for a credit card, use your social security
number and or your Identity document. Credit card or ATM card skimming
happens when criminals replace card readers with a counterfeit device at cash
counters or other point-of-sale systems, such as those at grocery stores, coffee
shops, gas stations, or ATMs. This device captures data contained in the
magnetic strip of credit cards and debit cards and passes it to the skimmer.
Sometimes, a small camera is set up to capture entries like ATM PINs.

With information like credit card or debit card numbers, names, or ATM PINs,
criminals may be able to make fraudulent purchases or withdraw cash in the
account holder’s name. (https://us.norton.com)
1. When identity theft occurs, what do the cybercriminals look for ?

81 MANCOSA
 Introduction to Information Systems

4.4.4 Denial of Service Defences

The Internet is extremely vulnerable to a variety of assaults by criminal hackers, especially denial of service
(DOS) attacks. Denial of service attack is when hackers flood a network server or web server with a lot of false
communications or requests for services to crash the network. The network will receive a lot of queries that it fails
to handle as it becomes over-whelmed and therefore it becomes unavailable to process legitimate requests. A
distributed denial-of-service (DDoS) attack uses a number of computer systems to flood the network from lots
of different launch points (Laudon and Laudon; 2022:333).
 The victim’s website
 The victim’s Internet service provider (ISP)
 The sites of “zombie” or slave computers that were commandeered by the cyber criminals

4.4.5 E-Mail Monitoring

Internet and other online E-mail systems are one of the favourite avenues of attack by hackers for spreading
computer viruses or breaking into networked computers. E-mail is also the battleground for attempts by companies
to enforce policies against illegal, personal, or damaging messages by employees, and the demands of some
employees and others, who see such policies as violations of privacy rights.

4.4.6 Virus Defences

Many companies are building defences against the spread of viruses by centralising the distribution and updating
of anti-virus software, as a responsibility of there IS departments. Other companies are outsourcing the virus
protection responsibility to their Internet service providers or to telecommunications or security management
companies.

4.4.7 Other Security Measures

A variety of security measures are commonly used to protect E-business systems and networks. These include
both hardware and software tools like fault-tolerant computers and security monitors, and security policies and
procedures like passwords and backup files.

A) Security Codes
Typically, a multilevel password system is used for security management.
 First, an end user logs on to the computer system by entering his or her unique identification code, or user ID.
The end user is then asked to enter a password in order to gain access into the system
 Next, to access an individual file, a unique file name must be entered

B) Backup Files
Backup files, which are duplicate files of data or programmes, are another important security measure.

MANCOSA 82
Introduction to Information Systems

 Files can be protected by file retention measures that involve storing copies of files from previous periods
 Several generations of files can be kept for control purposes

Think Point 4.1

1. Identify job roles in the field of cybersecurity.
2. What is the best way of dealing with an email from an unknown sender?
3. Explain the characteristics of a good firewall and a secure computer
network?

C) Security Monitors
System security monitors are programmes that monitor the use of computer systems and networks and protect
them from unauthorised use, fraud, and destruction.
 Security monitor programmes provide the security measures needed to allow only authorised users to
access the networks
 Security monitors also control the use of the hardware, software, and data resources of a computer system
 Security monitors can be used to monitor the use of computer networks and collect statistics on any
attempts at improper use

4.4.8 Biometric Controls

Biometric controls are security measures provided by computer devices, which measure physical traits that
make each individual unique. This includes:
 Voice verification
 Fingerprints
 Hand geometry
 Signature dynamics
 Keystroke analysis
 Retina scanning
 Face recognition
 Genetic pattern analysis

4.4.9 Computer Failure Controls

A variety of controls are needed to prevent computer failure or to minimise its effects. Computer systems may fail
due to:
 Power failure
 Electronic circuitry malfunctions
 Telecommunications network problems

83 MANCOSA
 Introduction to Information Systems

 Hidden programming errors

 Computer operator errors
 Electronic vandalism

The information services department typically takes steps to prevent equipment failure and to minimise its
detrimental effects. For example:
 Programmes of preventative maintenance of hardware and management of software updates are
commonplace
 Using computers equipped with automatic and remote maintenance capabilities
 Establishing standards for electrical supply, air conditioning, humidity control, and fire prevention standards
 Arrange for a backup computer system capability with disaster recovery organisations
 Scheduling and implementing major hardware or software changes to avoid problems
 Training and supervision of computer operators
 Using fault tolerant computer systems (fail-safe and fail-soft capabilities)

4.4.10 Fault Tolerant Systems

Many firms use fault tolerant computer systems that have redundant processors, peripherals, and software that
provide a fail-over capability to back up components in the event of system failure.
 Fail-Safe - Fail-Safe refers to computer systems that continue to operate at the same level of performance
after a major failure
 Fail-Soft - Fail-soft refers to computer systems that continue to operate at a reduced but acceptable level
after a system failure

4.4.11 Disaster Recovery

Hurricanes, earthquakes, fires, floods, criminal and terrorist acts, and human error can all severely damage an
organisation's computing resources. Many organisations like airlines and losing even a few hours of computing
power for example, cripples banks. That is why it is important for organisations to develop disaster recovery
procedures and formalise them in a disaster recovery plan. It specifies which employees will participate in disaster
recovery, and what their duties will be; what hardware, software, and facilities will be used; and the priority of
applications that will be processed. Arrangements with other companies for use of alternative facilities as a disaster
recovery site and off-site storage of an organisation's databases are also part of an effective recovery effort.

Knowledge Check Questions 4.2

1. A firewall can be in the form of a physical device or software application.
True/false

MANCOSA 84
Introduction to Information Systems

2. A Trojan horse is an example of a man-in-the-middle attack. True/false

3. A UPS may be used in which of the following situations?
A. Blackouts
B. Internet failure
C. DDoS
D. Hidden programming errors
4. Adware is an example of a computer virus. True/false

4.5 E-Business System Controls and Audits

The development of information system controls and the accomplishment of E-business systems audits are two
other types of security management.

4.5.1 Information Systems Controls

Information systems controls are methods and devices that attempt to ensure the accuracy, validity, and propriety
of information system activities. Information System (IS) controls must be developed to ensure proper data entry,
processing techniques, storage methods, and information output. IS controls are designed to monitor and maintain
the quality and security of the input, processing, output, and storage activities of any information system.

4.5.2 Auditing E-Business Systems

 E-business systems should be periodically examined, or audited, by a company’s internal auditing staff or
external auditors from professional accounting firms. Such audits should review and evaluate whether proper
and adequate security measures and management policies have been developed and implemented
 An important objective of E-business system audits is testing the integrity of an application audit trail. An
audit trail can be defined as the presence of documentation that allows a transaction to be traced through
all stages of its information processing. The audit trail of manual information systems was quite visible and
easy to trace, however, computer-based information systems have changed the form of the audit trail

Activity 4.1
1. What is your view on the importance of information system security and control?
2. Is it needed? Why? Explain.
3. Cite examples from your personal experiences to motivate your answer.

85 MANCOSA
 Introduction to Information Systems

4.6 Professionalism, Ethics and Morality

Developers, managers and users of computer-based information systems are expected to behave in a professional
manner at all times. They are expected to balance the needs of their employer and the requirements of their
profession with other demands such as responsibility to society. The term ethics, morality and professionals are
often used to describe the expectations of managers and employees.

4.6.1 What is Professionalism?

Professionalism can be described as acting to meet the standards set by a profession in terms of individual
conduct, competence and integrity.

4.6.2 What is Ethics?

Ethics means doing the right thing, but what is “right” can vary from one culture to another and even from one
person to another. What is Morality? Morality is concerned with an individual’s personal beliefs of what is right and
wrong. Ethical issues in information systems have been given new urgency by the rise of the Internet and e-
commerce. Internet and digital technologies make it easier than ever to assemble, integrate, and distribute
information, unleashing new concerns about the appropriate use of customer information, the protection of
personal privacy, and the protection of intellectual property.(Laudon and Laudon, 2022. p:155)

Practical Application 4.2

Review the following situations and determine if they are:-
a. Ethical,
b. Unethical,
c. Legal or
d. Illegal

1. You make two copies of a software package you just bought and sell one
to a friend.
2. You make two copies of a software package you just bought for personal
use, in case the original software fails and you need a backup.
3. A banker uses the information a client enters in a loan application to sell
other financial products to this client.
4. A credit card company sells its customers’ mailing addresses to its
competitors.
5. A supervisor fires a programmer who has intentionally spread viruses to
the organisation’s network.

MANCOSA 86
Introduction to Information Systems

4.6.3 Computer crime in E- Business

Computer crime is a growing threat to the security of computer-based information systems and thus presents a
major challenge to the ethical use of information technology.

Computer crime is defined by the U.S. Department of Justice as any violations of criminal law that involve a
knowledge of computer technology for their perpetration, investigation, or prosecution.” (Laudon and Laudon, 2022,
p334)
xamples of computer crime are:

 Hacking

 Cyber Theft

 Unauthorised Use at Work

 Software Piracy

 Piracy of Intellectual Property

 Computer Viruses

 Ransomware attacks

 Email and internet fraud

 Cyberespionage

Think Point 4.2

1. What is Encryption? Why is it important?
2. What ethical, social, and political issues raised by information systems?
3. Why do contemporary information systems technology and the Internet pose
challenges to the protection of individual privacy and intellectual property?
4. What are some of the arguments for and against the use of digital media?
5. Discuss the pros and cons of allowing companies to amass personal data
for behavioural targeting.

4.7 Privacy Issues

The power of information technology to store and retrieve information can have a negative effect on the right to
privacy of every individual. Privacy is the claim of individuals to be left alone, free from surveillance or interference
from other individuals or organisations, including the state. The internet has posed new challenges for the
protection of individual privacy. Due to machine learning and artificial intelligence, websites are now able to track
searches that have been conducted, websites and web pages visited, the online content a person has accessed
and what items that person has inspected or purchased online. (Laudon and Laudon, 2022. p:165)

87 MANCOSA
 Introduction to Information Systems

Claims to privacy are also involved at the workplace. Two examples can be used to illustrate common concerns
related to privacy:
• The use of computer-based information systems enables an organisation to combine or analyse data in
ways not previously possible with manual systems. As an example, a bank might build up profiles of its
customers by analysing their spending, borrowing and saving habits. This information could then be
supplied to other organisations involved in marketing relevant goods or services
• Communications technology allows organisations to share data, allowing them to develop a comprehensive
pool of information regarding individuals. An insurance company, for example, might gather medical
information before deciding whether or not to offer a policy to an individual

Knowledge Check Questions 4.3

1. Cookies are small text files deposited on a computer hard drive when a
user visits websites. True/ False.
2. Fake news is one of the recent ethical issues related to social media.
True/ False
3. An acceptable use policy is a set of rules specifying the legal and ethical
use of a system and the consequences of noncompliance. True / False

4.8 Social Issues

It is vital to note that computers can have many benefits to society. Applications such as the following can be used
to solve human and societal problems:
 Medical diagnosis
 Computer-assisted instruction
 Governmental program planning
 Environmental quality control; and
 Law enforcement

Information society describes a modern population that is conversant with – and reliant upon – information and
communications technology. In this section some of the social issues are considered that both concern individuals
and organisations.

4.8.1 Employment
There is no doubt that technology has made a significant impact on the patterns of employment. The tasks of
employees have been taken by computer-based information systems. However, it is also true that technology has
been responsible for the loss of many jobs while creating other jobs. Information systems when used alone without
human interaction have proved to be inefficient therefore most organisations have employed personnel that assists
its clients who are faced with challenges when using some of their e-services.

MANCOSA 88
Introduction to Information Systems

4.8.2 Digital Divide

One group will be made up of those who have access to technology and are able to obtain information via the
Internet. The other will be made up of those who are unable to gain access to technology and information.
Computers are still not affordable for many people. The digital divide has implications for education. Children in
particular are often victims of the digital divide. Those without computers or Web access at home, as well as
students who cannot afford computer equipment, are at a disadvantage and can often fall behind in their education.
(Bidgoli, H.2021. p 108)

4.9 Legal Issues

The Protection of Personal Information Act (POPIA) of South Africa required organisations to be compliant by 30
June 2021. The POPI act sets conditions for responsible parties to lawfully process the information of data subjects.
The following are the eight general conditions included in POPI Act.
 Principle 1: Accountability
This principle contemplates the assigning of responsibility by organisations for overseeing compliance with the Bill.
 Principle 2: Processing Limitation
This principle requires that personal information may only be processed in a fair and lawful manner.
 Principle 3: Purpose Specification
The principle of Purpose Specification helps to determine the scope within which personal information may be
processed by an organisation.
 Principle 4: Further Processing Limitation
Once an organisation has identified and obtained consent for specific, legitimate and explicitly defined purposes,
the processing of such personal information may only occur insofar as it is necessary for the fulfilment of those
purposes.
 Principle 5: Information Quality
Clause 16 of the Bill sets out, in general terms, the responsibility of organisations to ensure and maintain the quality
of the personal information that they process.
 Principle 6: Openness
The sixth principle of “Openness” is linked directly to an organisation’s duty to process information in a fair and
transparent manner.
 Principle 7: Security Safeguards
The underlying theme of Principle 7 is that all personal information should be kept secure against the risk of loss,
unauthorised access, interference, modification, destruction or disclosure
 Principle 8: Data Subject Participation
Principle 8 empowers individuals to access and/or request the correction or deletion of any personal information
held about them that may be inaccurate, misleading or outdated.

89 MANCOSA
 Introduction to Information Systems

Some of the UK legislation relevant to those included in managing or developing computer-based systems are:

The copyright, Designs and Patents Act 1998 provides limited protection for an organisation’s intellectual
properties such as copyrights.

Computer Misuse Act 1990 attempts to prevent unauthorised access to computer-based systems. In addition,
such legislation also makes it an offence to cause damage to hardware, software or data.
The Human Right Act 1998 has implications for personal privacy including the privacy of employees.

Regulation of Investigatory Powers Act 2000 has caused concern for many business organisations since under
certain circumstances it allows confidential e-mail traffic and business data to be monitored by security forces.

Data Protection Act 1998 defines the way in which companies may gather, store, process and disclose personal
data.

The Data Protection Act 1998 of UK is based on a number of principles. These include:
 Information shall be obtained and processed fairly and lawfully
 Information shall be held only for one or more specific and lawful purposes
 Companies should not hold information that is excessive or not relevant to the Act
 Information held on individuals should be accurate and up to date
 Information should not be held for longer than needed
 Individuals have the right to see the data and make corrections where necessary
 Companies must take measures to protect information from unauthorised access

Video Activity 4.2

South Africa has put the Protection of Personal Information (POPI) Act into
law. Follow this link https://www.youtube.com/watch?v=hSZ2kj1hgAY to learn
more about this Act. Briefly summarise why it was put into law and how it will
benefit the citizens of the country.

4.10 The Heartbleed Bug

Heartbleed Bug
The Heartbleed Bug was a serious vulnerability in the popular OpenSSL cryptographic software library. This
weakness allowed stealing the information protected, under normal conditions, by the SSL/TLS encryption used
to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications
such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

MANCOSA 90
Introduction to Information Systems

The Heartbleed bug allowed anyone on the Internet to read the memory of the systems protected by the vulnerable
versions of the OpenSSL software. This compromised the secret keys used to identify the service providers and
to encrypt the traffic, the names and passwords of the users and the actual content. This allowed attackers to
eavesdrop on communications, steal data directly from the services and users and to impersonate services and
users.

What leaks in practice?

We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without
leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the
secret keys used for our X509 certificates, usernames and passwords, instant messages, emails and business
critical documents and communication.

How to stop the leak?

As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and
now it has to be deployed. Operating system vendors and distribution, appliance vendors, independent software
vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes
available for the operating systems, networked appliances and software they use.

Knowledge Check Questions 4.3

1. Which of the following describes the heart bleed bug?
A. a serious flaw in OpenSSL
B. loss of credit card information
C. unsecure VPNs
D. All the above
2. SSL is short for?
A. System Solutions Layer
B. Secure sockets layer
C. System security layer
D. All the above
3. When implemented correctly, SSL is believed to be highly secure. True/
False

91 MANCOSA
 Introduction to Information Systems

4.11 Summary
The entire globe is connected through the internet. This means that at any given moment there are huge amount
of data being exchanged at different parts of the world. This data is necessary for businesses to operate and
provide services and products to their customers. This data also in critical for Organisations to gain competitive
advantage. It becomes important, therefore for companies to ensure their data is protected. In this learning unit we
have learnt the mechanisms that are available to ensure that data is made secure. Also we have seen how
attackers may attempt to illegally access organisational data. Lastly we have learnt that governments have laws in
place that seek to ensure that people that handle this data do so with the understanding that they need to be
professional and maintain a high level of ethical behaviour.

Case Study 4.1

As the most senior member in the finance and accounting department of your
organisation, you are responsible with setting up a team to go and do
consulting work on behalf of the organisation. You organise a 6 member team
to Cape town to complete a client project. During their stay, one of the team
members used a business debit card at a local ATM. A month after returning
to the Pretoria, the firm received overdraft notices from their bank. They
identified fraudulent withdrawals of R36, 000, all originating from Table Bay.
There was an additional R8,000 overdraft fee.

The criminals installed an ATM skimmer device to record card account

credentials. Many false debit cards were manufactured and used at ATMs in
different locations across Cape town.

Realising the organisation has been defrauded, You contact the bank and
closed the impacted account immediately. Your attempts to pursue
reimbursement from the bank are unsuccessful. The bank goes on to deduct
the R8000 overdraft fee from the company owner’s personal account. As the
senior manager you decide to close the company’s accounts with the current
bank. The new bank offers comprehensive fraud protection guarantees. The
organisation opens two business accounts:
1. One for receiving funds and making small transfers
2. One for small expense payments.

MANCOSA 92
Introduction to Information Systems

As an organisation you decide to update travel protocols, prohibition the use of

company-provided debit cards. Employees are encouraged to prepay
expenses electronically, pay cash, or use a major credit card, as necessary.

Discuss
1. Ways in which the above could have been prevented.
2. What would you have done differently in this situation?

Revision Questions 4.1

1. What is CVE-2014-0160 or Heartbleed Bug?
2. Why is it called the Heartbleed Bug?
3. What makes the Heartbleed Bug unique?
4. Is the Heartbleed Bug a design flaw in SSL/TLS protocol specification?
5. What information is being leaked in the Heartbleed Bug?
6. What is leaked primary key material and how to recover?
7. What is leaked secondary key material and how to recover?
8. What is leaked protected content and how to recover?
9. What is leaked collateral and how to recover?
10. Recovery sounds laborious, is there a short cut?
11. How does revocation and reissuing of certificates work in practice?
12. How do I know whether I was affected by Heartbleed Bug?
13. How widespread is the Heartbleed Bug?
14. What versions of the OpenSSL are affected?
15. How were operating systems affected by the Heartbleed Bug? List those
that were vulnerable and those that were not vulnerable to this Bug?
16. How can OpenSSL be fixed?
17. Should heartbeat be removed to aid in detection of vulnerable services?
18. How can I detect if someone has exploited the Heartbleed Bug against
me?
19. Can IDS/IPS detect or block the Heartbleed Bug?
20. IDS/IPS can be programmed to detect the Heartbleed Bug but not to
block. Has this been abused in the wild?
21. Can attacker access only 64k of the memory?
22. Is the Heartbleed Bug a MITM bug like Apple's go to fail bug was?
23. Does TLS client certificate authentication mitigate the fact that with the
Heartbleed Bug the attacker can directly contact the vulnerable service?

93 MANCOSA
 Introduction to Information Systems

24. Does OpenSSL's FIPS mode mitigate the fact that TLS cannot prevent
an attack through the Heartbleed Bug?
25. Does the Perfect Forward Secrecy (PFS) mitigate the fact that FIPS)
mode has no effect on the vulnerable heartbeat functionality?
26. Can the heartbeat extension be disabled during the TLS handshake?
27. Who found the Heartbleed Bug?
28. What is the Defensics SafeGuard?
29. Who coordinates response to the GnuTLS open source software
vulnerability?
30. Is there a way forward in ensuring that computer users or systems are
protected from the GnuTLS open source software vulnerability and the
Heartbleed Bug?

4.12 Additional Reading

The OpenSSL project has made a statement at https://www.openssl.org/news/secadv_20140407.txt. NCSC-FI
published an advisory at
https://www.cert.fi/en/reports/2014/vulnerability788210.html. Individual vendors of operating system distributions,
affected owners of Internet services, software packages and appliance vendors may issue their own advisories.
 CVE-2014-0160
 NCSC-FI case# 788210
 http://www.kb.cert.org/vuls/id/720951
 https://www.openssl.org/news/secadv_20140407.txt
 http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities
 http://heartbleed.com/
 http://www.ubuntu.com/usn/usn-2165-1/
 http://www.freshports.org/security/openssl/
 https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
 https://rhn.redhat.com/errata/RHSA-2014-0376.html
 http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html
 https://lists.fedoraproject.org/pipermail/announce/2014-April/003205.html

MANCOSA 94
Introduction to Information Systems

Unit 4 Answers
Knowledge Check questions 4.1
1. D
2. A

Video Activity 4.1

1. Trojan, adware, spyware
2. Phishing attack- Is an attack whereby the hacker sends a fraudulent email with the intention of installing
malware, obtaining valuable information from the victim e.g. log-in credentials etc.
3. Installing a firewall, implementing honey pots and the use of unique passwords.
4. Benefits of a firewall:
 Monitoring network traffic
 preventing virus attacks, hacking
 promotes privacy
5. Cyber-attacks that affect organisations:
 Advanced persistent threats
 DDoS
 SQL Injection Attack

Practical Application 4.1

When online identity theft occurs, cybercriminals are generally looking for very specific types of information from
a machine and its user. While Social Security numbers are a huge bonus that may enable bad guys to open false
accounts and take out lines of credit and more, it's more common that the criminals are scanning machines to
find:
1. User names and passwords for existing accounts – If they gain access to these for a credit card, for example,
they can make unauthorised online charges and have products delivered anywhere in the world.
2. Other identifying information – If a cybercriminal manages to pull a user name and password for a bank
account, for example, he or she may also be able to get other personal information such as date of birth,
address and more. The more pieces of data a cybercriminal is able to collect, the more likely it is they will
be able to use that information for personal gain.
3. Data they can sell – When cybercriminals are able to access data, they may or may not be the actual bad
guys that use it to create false accounts or charge unauthorised purchases. They may instead sell that
information to others in the online world. There are many underground operations online where
cybercriminals sell credit card numbers, Social Security numbers and more to the highest bidders.
(https://www.nortonlifelockpartner.com/security-center/identity-theft-protection.html)

95 MANCOSA
 Introduction to Information Systems

Think Point 4.1

1. Job roles in the field of Cyber security:
 Ethical Hacker
 Security architect
 Chief information security officer
2. Emails from unknown sources should be handled with caution. However the best way of handling such
emails is to delete them without opening or downloading its attachments.
3. A good firewall must be able to protect the network from latest threats and should be up-to-date.
 It should not affect the speed of the network, some firewalls tend to slow down the network as
you upgrade its protection features
A secure network should have an effective firewall, and access controls that are update. Users should
be prompted to change their passwords regularly, therefore it should have strong password policies.

Knowledge Check Questions 4.2

1. TRUE
2. FALSE
3. A
4. FALSE

Activity 4.1
1. Students may highlight the following points:
 Information system security is important for both organisations and individuals
 Sensitive information should be handled with utmost confidentiality
 The need to employ very skilled personnel when it comes to information system security
Examples can also be included.

Think point 4.2

1. Encryption is the process of transforming plain text or data into cipher text that cannot be read by anyone
other than the sender and the intended receiver. Protects messages from being read by unauthorised persons.
2. Information rights, property rights, accountability and control etc.
3. Contemporary information systems technology, including Internet technology, challenges traditional regimens
for protecting individual privacy and intellectual property. Data storage and data analysis technology enables
companies to easily gather personal data about individuals from many different sources and analyse these
data to create detailed electronic profiles about individuals and their behaviours. Data flowing over the Internet
can be monitored at many points. The activities of Web site visitors can be closely tracked using cookies and
other Web monitoring tools.

MANCOSA 96
Introduction to Information Systems

Not all Web sites have strong privacy protection policies, and they do not always allow for informed consent
regarding the use of personal information. The online industry prefers self-regulation to the U.S. government
tightening privacy protection legislation. Traditional copyright laws are insufficient to protect against software
piracy because digital material can be copied so easily. Internet technology also makes other intellectual
property even more difficult to protect because digital material can be copied easily and transmitted to many
different locations simultaneously over the Net. Web pages can be constructed easily using pieces of content
from other Web sites without permission. (https://paginas.fe.up.pt/~acbrito/laudon/ch5/summary.htm)

4. Arguments for digital media:-

 Convenience
 Affordable
 Reliable
Arguments against digital media:-
 Compromised privacy
 Social disconnection people tend to stay on their electronic devices for and do not pay attention to
other people who are actually present with them
5. Pros:
 Allows businesses to know their customers they by knowing customer needs and align them to the
services and products that they offer
 Increase productivity
 For marketing research
Cons:-
 Behavioural targeting does not always on all products and services
 Not all customers are comfortable with receiving email or phone marketing messages

Knowledge Check Questions 4.2

1. True
2. True
3. True

Practical Application 4.2

Statement 1 is clearly illegal and unethical (quadrant IV). Statement 2 is ethical because you made the copy for
your own use, but some software vendors who prohibit making copies might consider it illegal (quadrant II).
Statements 3 and 4 are legal but not ethical (quadrant III). In statement 5, the supervisor’s behaviour is both legal
and ethical. The supervisor has a clear legal reason for firing the programmer, and allowing the programmer to
continue working there would not be ethical.

97 MANCOSA
 Introduction to Information Systems

As a future knowledge worker, watch your own actions, and make sure you behave both legally and ethically. Be
careful about decisions you make that might affect co-workers so you can help maintain an ethical working
environment.

Activity 4.2
1. POPI ACT Benefits: Citizens will be able to provide their information to organisations knowing that their
rights will be protected their personal information will be handled confidentially. The Act applies to anyone
who keeps any type of records relating to the personal information of anyone, unless those records are
subject to other legislation which protects such information more stringently. It therefore sets the minimum
standards for the protection of personal information.
Therefore personal information can only be processed with consent of the data individual, if it is required
by law and if it necessary for entering into a contract.

Knowledge Check Questions 4.3

1. A
2. B
3. True

Case study 4.1

1. Ways of preventing Credit card Skimming:
 Use major credit cards when traveling - they have more consumer fraud protection than debit
cards.
2. Get notified - set up transaction alerts with your credit and debit card companies to monitor fraud.
 Check your bank account frequently
 Create withdrawal alerts
 Understand your bank’s policies about covering losses from fraud
(Ralph Stair, George Reynolds, Principles of Information Systems, 12th Edition)

MANCOSA 98
Introduction to Information Systems

Answers to Revision questions

Unit 1 Answers
1. In general, the problems described are not necessarily a technology issue; it is more to do with the
management of information resources and the use of appropriate policies and procedures. Some examples
that support this argument are as follows:
 Lazy sales staff’ entering data incorrectly. Staff should be monitored correctly and procedures should be in
place to check the accuracy of data as it is entered
 Advances in technology mean greater quantities of information are available but managers do not organise
it properly – information overload?
 There is a tendency to collect large quantities of data without regard for whether or not it is needed/useful.
Mention of ‘information management professionals’ suggests that these experts should be involved in (a)
deciding what information to collect, (b) making sure it is accurate and (c) storing it in an organised manner.
 Duplication of information caused by allowing individual departments to keep their own copies of records,
rather than keeping records centrally
 Companies do not know what information they have and how it is being used! Information resources cannot
be managed correctly if no one knows what they are
 Inaccurate assumptions are being made about the meaning of information (e.g. sales spike), suggesting
that it is not being processed/analysed correctly
 Company systems are unsuitable for handling companies’ data processing needs (e.g. unable to hold
separate addresses for joint account holders). Effective management should/would have identified and
corrected such a problem before it became an issue
 Data/information management processes and systems are unable to deal with new requirements (e.g.
delivering information more quickly and handling unstructured data)

2. A suggested structure for this answer is:

 Definition of knowledge management (KM)
 Explanation of concept of tacit and explicit knowledge
 Summary of what is new about KM, i.e. focus on making use of information (applying intelligence that is
part of managers’ experience and skill set). Use examples of applications. It is a structured rather than ad
hoc approach to capturing and disseminating knowledge
 Assess whether or not it is repackaging using examples of applications and practice. For example,
information on best practice has always been shared, with or without the KM label
 To conclude, discuss whether or not KM has caused a change in practice or change in perspective. A
combination of the two, but mainly in perspective

99 MANCOSA
 Introduction to Information Systems

3. This statement is useful in that it indicates that the impact of the Internet will vary according to the type of
business that an organisation is in. Students should look at a range of industries from those where the impact is
high, e.g. media and information services to those where the impact is low, e.g. retailer. Examples can be taken
from those that have reacted, e.g. easyJet or General Electric in comparison to those that haven’t. The analogy
may also be apt, since the Internet phenomenon may be transitory. This can also be considered.

4. ERP is likely to be restricted to larger organisations due to the cost of customisation of the software for the client.
Mass-produced and, thus, cheaper, off-the-shelf packages are likely to be the most suitable option for the small
organisation. Enterprise resource planning (ERP) software is a single system that gives applications for all the
major business functions discussed in this chapter such as production, distribution, marketing and sales, finance
and human resources management.

It is normally purchased as an off-the-shelf package, with modules for each major business process or business
function that are tailored by a consultant. A single package typically replaces many different previous packages.
The benefits of this approach include:
 reduced cost of buying from a single supplier
 better transfer of information within the organisation since all the modules of the system are compatible
 simplified support and maintenance through a single supplier
 use of ‘best-of-breed solutions’ employed by other companies

The main disadvantage of the use of ERP systems seems to be the high costs charged by suppliers due to the
demand for this type of system. This high demand has also given rise to skills shortages. The other disadvantage
of ERP systems is shared with all off-the-shelf systems, namely, that the business often has to change its
processes or way of working in order to fit the way the software works. This may not present a problem if a company
is looking to reengineer its processes since, then, the ERP software can provide a framework.

Owing to the high cost of ERP solutions, only large companies can afford the cost of the software and the
consultants, which will often be measured in millions of pounds. Smaller companies can take advantage of the
features of integrated accounting packages that now provide modules beyond those of the basic accounting
package.

In summary, there is overwhelming evidence that ERP will replace functional applications in large organisations.
In smaller organisations, the role of ERP applications is likely to be assumed by integrated accounting packages
with similar functions.

MANCOSA 100
Introduction to Information Systems

Unit 2 Answers
1. VoIP stands for Voice over Internet Protocol. It is a service that is used for transmitting telephone calls over
a network, such as the Internet. In order to use VoIP, both users must be connected to the network and both
must have an appropriate handset (or a microphone and speakers) and a computer running a suitable
software. The very latest systems do not need a computer; they can be connected directly to a router and
use wireless handsets.
2. Replacing two networks with one reduces the amount of hardware needed to be bought and maintained. In
turn, this reduces other costs such as training.
IP-based phone networks are easier to manage, resulting in time and cost savings.
Call costs are reduced.
The system can be the basis for new applications e.g. unified messaging.
3. Some major disadvantages:
 The company becomes reliant on its network system; any failure also means the loss of telephone
communications
 Staff needs to be trained to handle new technologies
 Adopting this approach can result in conflict between departments (IT and telecoms)
4. Some ways in which virtualisation can reduce costs:
 Virtual machines can be created to emulate legacy systems, removing the need to maintain outdated
equipment. Since a virtual machine often runs more quickly than the legacy system being emulated, it
can remove the need to migrate to a new, faster system
 Developers can programme and test applications on several operating systems using only a single PC
 Snapshots make it quick and easy to deploy new machines and install updates
 Virtual machines can make use of spare capacity, reducing the need to buy additional hardware
 New software can be tested on a virtual machine before being installed on the company’s network. This
reduces the possibility of crashing the network and makes it easier to determine the source/cause of any
problems
5. This is only true to the extent that virtual machines can be created using almost any kind of hardware/software
platform. However, the following points should be considered:
 Even if emphasis is placed on recovery, hardware and software must still be reliable. Poor quality
hardware or buggy software, for example, may cause repeated crashes
 Virtual machines run more efficiently when multi-core processors are used. Hardware that is slow or
inefficient may make virtual machines unusable

101 MANCOSA
 Introduction to Information Systems

 The views of Steve Randich are based on a faulty assumption: ‘…robustness no longer needs to be
engineered, at great expense, into the application or its operating system’. Robustness describes the ability
of a system to carry on working in spite of errors, partial failures or abnormal conditions. In terms of software,
this usually means that an application should be able to cope with erroneous data and other, unexpected
problems
 An unstable operating system that crashes frequently will not become more reliable because it runs on a
virtual machine – it will remain unreliable and will continue to crash frequently. In this way, it is clear that
the software you buy is important

6. Two features of virtualisation technology allow these actions:

 Virtual machines allow the use of snapshots – disk files containing an exact image of the virtual machine’s
memory and the contents of its hard disk at a specific point in time. These files can be used as backups and
are easily copied to other machines
 Software such as VMWare’s Distribution Resource Scheduler (DRS) constantly monitors available
computing resources and can automatically set up new VMs using spare resources if it detects a need, such
as a sudden increase in web traffic

7. Some of the arguments that might be discussed are given below:

 Network computers are the point at which computer technology and television converge. As interactive
television becomes more popular, consumers will begin to see network computers in the same way as video
recorders and satellite receivers
 Compared to a typical personal computer, network computers have limited functionality
 Since there is sometimes only a small difference in cost, consumers are likely to opt for a more flexible and
more powerful personal computer. This argument also applies to thin clients
 To date, network computers have failed to make an impression on the consumer electronics market. They are
still considered expensive luxuries and have yet to deliver a ‘killer app’
 Network computers are able to deliver some services more effectively and at lower costs than other methods.
Video telephony, for example, is awkward and expensive to provide via a personal computer. Such
applications will ensure the success of network computers. This argument also applies to thin clients
 As technology progresses, it becomes possible to build dedicated devices that offer levels of power and
sophistication similar to that of a personal computer. Since these devices are often multi-functional and are
relatively cheap to buy, they are likely to replace the need for a personal computer for many people. A good
example is the mobile telephone; recent models provide the ability to transmit pictures, access the Internet,
and manage appointments and so on. Although the primary purpose of the telephone is communication, it can
also serve other purposes, such as allowing users to play games or access information services

MANCOSA 102
Introduction to Information Systems

8. Although this is a relatively complex area, students might consider some of the following points:
 All organisations undertake a cycle of improvement and replacement for their computer systems. In a college
or university, for example, all of the institution’s hardware and software might be replaced or renewed during
a five-year cycle. In view of this, it could be said that already organisations ‘…continually upgrade or replace
systems in order to keep abreast of changes in technology’
 Changing an existing system or adopting a new one carries a number of risks; for example, a large financial
outlay may be required to purchase the new system. Such risks are unacceptable when the potential gains to
be made are unclear or uncertain
 Although the hardware and software used by an organisation may be obsolete, it would be difficult to prove
that obsolescence automatically renders a given system worthless. A fully functional system, no matter how
old, will have an intrinsic value to an organisation. Consider the following: what expense would be involved in
carrying out a given set of tasks without the system? If the system performs such tasks more quickly, more
accurately or less expensively, then it has a clear, quantifiable value
 Although a new system may carry out tasks more quickly or more accurately than an existing system, it may
still not be viable in financial terms. The costs associated with implementation may be so high that they
outweigh any benefits gained by adopting the system
 New hardware and software often allow an organisation to maximise the use of its data resources. The ability
to use data-mining software, for example, might allow the organisation to realise cost savings or identify new
products and new markets
 In general, as technology moves forward, the expense involved in purchasing new hardware and software
tends to decline. A system that might have cost many thousands of pounds five years ago may be available
for just a few hundred pounds today. In many cases, it may be possible to adopt a new system for less than
the cost of upgrading an existing one

103 MANCOSA
 Introduction to Information Systems

Unit 3 Answers
Revision Questions
1. This question is a straight analysis of the business benefits compared to the disadvantages of client/server
system. It is a specific instance of a general issue facing businesses with the introduction of any new technology.
Client/server system can be compared to a previous situation in a business where the PCs are not networked or
more likely, a mainframe is used with character-based dumb terminals.

The key benefits of client/server system are as follows:

 The cost-reduction available through downsizing to lower-cost hardware and software
 Improved flexibility for the end users to deploy specialised applications and to write their own applications
using tools such as MS Excel or Access
 Improved ease of use on the client side since traditional applications tend to be character based rather than
using a WIMP interface.
The main disadvantages are as follows:
 The cost-reduction argument is not clear. The experience of implementing client/server system is that
although the purchase price of hardware and software may be lower, the lifetime or total cost of ownership
(TCO) may be higher. Much analysis of TCO has been conducted by the Gartner Group
(www.gartner.com). The high TCO of client/server systems arises from the cost of supporting them; since
it is easy to modify the configuration, it is also possible to stop applications working.
This problem is compounded by the range of networking drivers and software applications that are available
from different vendors. In a traditional mainframe environment, the software would typically be sourced from
a smaller number of vendors.

 The stability or reliability of client/server system is questionable. There are many examples of client/server
system failures mentioned in the UK trade papers such as www.computerweekly.co.uk and
www.computingnet.co.uk. A recent example is that of the roll-out of a UK-wide system for the National
Westminster bank that is based on Windows NT. This rollout has experienced technical difficulties resulting
from software incompatibilities.

 The control and administration of traditional mainframe systems tend to be easier since they are more
centralised, with less opportunity for the end user to configure the software. This is similar to the TCO
argument
 The security of client/server systems may be less robust than mainframe systems
 System designers are still learning about the best way to construct client/server systems. Early
implementations tended to be error prone and difficult to maintain since two-tier architecture had been

MANCOSA 104
Introduction to Information Systems

adopted in which the application logic and data access routines are mixed with the program code for
interacting with the user

Many of the disadvantages of client/server systems result from the relatively new introduction of client/server
techniques in the late 1980s and 1990s. Mainframe technology has been in existence for 30 years and many of
the mistakes currently being made with client/server systems have already been learned by companies and
rectified for mainframes. This is true for many new technologies. For example, both UNIX and Windows NT
operating systems can be used as a basis for developing client/server, but UNIX has a reputation for being more
secure and reliable since it has existed longer. So it can be argued that some of the disadvantages of client/server
systems are greater if the Windows NT environment is used for the implementation.

Since there is no clear cost-reduction argument either way, the overall balance in this discussion is governed by
how important a business considers the improved usability and flexibility of client/server systems are in comparison
to the likelihood of poorer reliability and control.

Students should consider figures on the adoption of client/server systems. Since many businesses have now
adopted them it could be argued that the business benefits are clear, but there are still many disadvantages
inherent in deploying client/server systems.

2. Discussion of this issue can be in two main parts – a brief review of the benefits and disadvantages of
adopting networks.

The principal disadvantages are the cost and potential disruption during implementation and the need to change
working practices. This discussion should focus on the disruption and the changed working practices.

The arguments in favour of the need to change working practices are based on taking advantage of the new
technology. Gains to the business will not occur if existing bad practices are continued. Reasons for the need for
change in practices include the following:
 New software systems will often be introduced as part of the installation of a network. This might include
tools such as e-mail or groupware, or enterprise resource planning (ERP) software. Such software will often
require new working practices. For example, e-mail will only work effectively for a business if there are
guidelines stating it is used in preference to paper or ensuring replies within a set period. This is particularly
true for e-mails received from customers – a company could introduce a rule stating that each e-mail should
be replied to within two days. ERP software may require new business structures to be adopted as part of a
business process redesign exercise

105 MANCOSA
 Introduction to Information Systems

 A network can be used to help a company move towards a ‘paperless office’. This will only occur if there is
management commitment to this. If commitment does not occur, the advantages of the network may be
wasted
 A network can also help promote teamwork in an organisation using groupware and intranets. These help
the staff to collaborate, communicate and work in new ways. For example, the need for travel to meetings
can be reduced through the use of videoconferencing and discussion forums
 A change in purchasing policy is needed in buying shared devices such as printers, rather than purchasing
them by individual departments

Arguments against changing working practices are weak, but could include the following:
 The cost of training and disruption
 The risk of the new working practices being resented by staff
 Discuss the merits and disadvantages of locating company e-business services inside a company,
in comparison with outsourcing to an ISP or ASP.
 Select particular type(s) of e-business services to refer to in answering this question, e.g. site hosting, e-
mail management for questions and accounting packages
 Review the benefits of external location: maintenance costs, expertise, responsiveness to short term
problems, e.g. a new virus and longer-term technological trends
 Review the benefits of internal location: control and security
 Assess the benefits and risks overall

 Discuss the benefits and limitations of RFID technology.

Benefits:
 Decreasing cost
 Requires no line of sight between tag and reader
 Allows tracking and monitoring of virtually everything that moves
 Provides real-time information on movement of stock in supply chain permitting quick response

Disadvantages:
 Costly compared to bar codes
 Limited range between tag and reader

MANCOSA 106
Introduction to Information Systems

Unit 4 Answers
1. CVE-2014-0160 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the
Standard for Information Security Vulnerability Names maintained by MITRE. Due to co-incident discovery a
duplicate CVE, CVE-2014-0346, which was assigned to us, should not be used, since others independently
went public with the CVE-2014-0160 identifier.

2. Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat
extension (RFC6520). When it is exploited, it leads to the leak of memory contents from the server to the
client and from the client to the server.

3. Bugs in single software or library come and go and are fixed by new versions. However, this bug has left
large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease
of exploitation and attacks leaving no trace this exposure should be taken seriously.

4. No. This is implementation problem, i.e. programming mistake in popular OpenSSL library that provides
cryptographic services such as SSL/TLS to the applications and services.

5. Encryption is used to protect secrets that may harm your privacy or security if they leak. In order to coordinate
recovery from this bug we have classified the compromised secrets to four categories: 1) primary key material,
2) secondary key material and 3) protected content and 4) collateral.

6. These are the crown jewels, the encryption keys themselves. Leaked secret keys allows the attacker to
decrypt any past and future traffic to the protected services and to impersonate the service at will. Any
protection given by the encryption and the signatures in the X.509 certificates can be bypassed. Recovery
from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and
redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still
vulnerable to decryption. All this has to be done by the owners of the services.

7. These are for example the user credentials (user names and passwords) used in the vulnerable services.
Recovery from this leaks requires owners of the service first to restore trust to the service according to steps
described above. After these users can start changing their passwords and possible encryption keys
according to the instructions from the owners of the services that have been compromised. All session keys
and session cookies should be invalidated and considered compromised.

107 MANCOSA
 Introduction to Information Systems

8. This is the actual content handled by the vulnerable services. It may be personal or financial details, private
communication such as emails or instant messages, documents or anything seen worth protecting by
encryption. Only owners of the services will be able to estimate the likelihood what has been leaked and they
should notify their users accordingly. Most important thing is to restore trust to the primary and secondary
key material as described above. Only this enables safe use of the compromised services in the future.

9. Leaked collateral are other details that have been exposed to the attacker in the leaked memory content.
These may contain technical details such as memory addresses and security measures such as canaries
used to protect against overflow attacks. These have only contemporary value and will lose their value to the
attacker when OpenSSL has been upgraded to a fixed version.

10. After seeing what we saw by "attacking" ourselves, with ease, we decided to take this very seriously. We
have gone laboriously through patching our own critical services and are dealing with possible compromise
of our primary and secondary key material. All this just in case we were not first ones to discover this and this
could have been exploited in the wild already.

11. If you are a service provider, you have signed your certificates with a Certificate Authority (CA). You need to
check your CA how compromised keys can be revoked and new certificate reissued for the new keys. Some
CAs do this for free, some may take a fee.

12. You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source
cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet.
Your popular social site, your company's site, commerce site, hobby site, site you install software from or even
sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both
to identify themselves to you and to protect your privacy and transactions. You might have networked
appliances with logins secured by this buggy implementation of the TLS. Furthermore, you might have client
side software on your computer that could expose the data from your computer if you connect to compromised
services.

13. Most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined
market shares of just those two out of the active sites on the Internet was over 66% according to Netcraft's
April 2014 Web Server Survey. Furthermore, OpenSSL is used to protect for example email servers (SMTP,
POP and IMAP protocols), chat servers (XMPP protocol), virtual private networks (SSL VPNs), network
appliances and wide variety of client side software. Fortunately, many large consumer sites are saved by their
conservative choice of SSL/TLS termination equipment and software. Ironically smaller and more progressive
services or those who have upgraded to latest and best encryption will be affected most. Furthermore,

MANCOSA 108
Introduction to Information Systems

OpenSSL is very popular in client software and somewhat popular in networked appliances which have most
inertia in getting updates.

Status of different versions:

o OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
o OpenSSL 1.0.1g is NOT vulnerable
o OpenSSL 1.0.0 branch is NOT vulnerable
o OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1
on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

14. The vulnerable versions have been out there for over two years now and they have been rapidly adopted by
modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came
available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the
TLS 1.2 due to earlier attacks against TLS (such as the BEAST).

15. Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:
o Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
o Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
o CentOS 6.5, OpenSSL 1.0.1e-15
o Fedora 18, OpenSSL 1.0.1e-4
o OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
o FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
o NetBSD 5.0.2 (OpenSSL 1.0.1e)
o OpenSUSE 12.2 (OpenSSL 1.0.1c)

Operating system distribution with versions that are not vulnerable:

o Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
o SUSE Linux Enterprise Server
o FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013
o FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013
o FreeBSD 10.0p1 - OpenSSL 1.0.1g (At 8 Apr 18:27:46 2014 UTC)
o FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)

109 MANCOSA
 Introduction to Information Systems

16. Even though the actual code fix may appear trivial, OpenSSL team is the expert in fixing it properly so fixed
version 1.0.1g or newer should be used. If this is not possible software developers can recompile OpenSSL
with the handshake removed from the code by compile time option –
DOPENSSL_NO_HEARTBEATS.

17. Recovery from this bug might have benefitted if the new version of the OpenSSL would both have fixed the
bug and disabled heartbeat temporarily until some future version. Majority, if not almost all, of TLS
implementations that responded to the heartbeat request at the time of discovery were vulnerable versions of
OpenSSL. If only vulnerable versions of OpenSSL would have continued to respond to the heartbeat for next
few months, then large scale coordinated response to reach owners of vulnerable services would become
more feasible. However, swift response by the Internet community in developing online and standalone
detection tools quickly surpassed the need for removing heartbeat altogether.

18. Exploitation of this bug leaves no traces of anything abnormal happening to the logs

19. Although the heartbeat can appear in different phases of the connection setup, intrusion detection and
prevention systems (IDS/IPS) rules to detect heartbeat have been developed. Due to encryption differentiating
between legitimate use and attack cannot be based on the content of the request, but the attack may be
detected by comparing the size of the request against the size of the reply. This implies that IDS/IPS can be
programmed to detect the attack but not to block it unless heartbeat requests are blocked altogether.

20. We don't know. Security community should deploy TLS/DTLS honeypots that entrap attackers and to alert
about exploitation attempts.

21. There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker
can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64
kilobyte chunks of memory content until enough secrets are revealed.

22. No this doesn't require a man in the middle attack (MITM). Attacker can directly contact the vulnerable service
or attack any user connecting to a malicious service. However, in addition to direct threat the theft of the key
material allows man in the middle attackers to impersonate compromised services.

23. No, heartbeat request can be sent and is replied to during the handshake phase of the protocol. This occurs
prior to client certificate authentication.

24. No, OpenSSL Federal Information Processing Standard (FIPS) mode has no effect on the vulnerable
heartbeat functionality.

MANCOSA 110
Introduction to Information Systems

25. Use of Perfect Forward Secrecy (PFS), which is unfortunately rare but powerful, should protect past
communications from retrospective decryption. Please see
https://twitter.com/ivanristic/status/453280081897467905 how leaked tickets may affect this.

26. No, vulnerable heartbeat extension code is activated regardless of the results of the handshake phase
negotiations. Only way to protect yourself is to upgrade to fixed version of OpenSSL or to recompile OpenSSL
with the handshake removed from the code.

27. This bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon
and Neel Mehta of Google Security, who first reported it to the OpenSSL team. Codenomicon team found
heartbleed bug while improving the SafeGuard feature in Codenomicon's Defensics security testing tools and
reported this bug to the NCSC-FI for vulnerability coordination and reporting to OpenSSL team.

28. The SafeGuard feature of the Codenomicon's Defensics security test tools automatically tests the target
system for weaknesses that compromise the integrity, privacy or safety. The SafeGuard is systematic solution
to expose failed cryptographic certificate checks, privacy leaks or authentication bypass weaknesses that have
exposed the Internet users to man in the middle attacks and eavesdropping. In addition to the Heartbleed bug
the new Defensics TLS Safeguard feature can detect for instance the exploitable security flaw in widely used
GnuTLS open source software implementing SSL/TLS functionality and the "goto fail;" bug in Apple's TLS/SSL
implementation that was patched in February 2014.

29. Immediately after our discovery of the bug on 3rd of April 2014, NCSC-FI took up the task of verifying it,
analysing it further and reaching out to the authors of OpenSSL, software, operating system and appliance
vendors, which were potentially affected. However, this vulnerability had been found and details released
independently by others before this work was completed. Vendors should be notifying their users and service
providers. Internet service providers should be notifying their end users where and when potential action is
required.

30. For those service providers who are affected this is a good opportunity to upgrade security strength of the
secret keys used. A lot of software gets updates which otherwise would have not been urgent. Although this
is painful for the security community, we can rest assured that infrastructure of the cyber criminals and their
secrets have been exposed as well.

111 MANCOSA
 Introduction to Information Systems

Bibliography
 Bridgoli, H. (2021) MIS. Tenth Edition. Stamford, USA: Cengage Learning
 Laudon, K.C. and Laudon, J.P. (2019) Essentials of MIS. Thirteenth Edition. United States of America:
Pearson Education.
 Ralph Stair, George Reynolds (2016). Principles of Information Systems, 12th Edition
 Stair R.M, Reynolds G.W, Chesney T (2021). Principles of Business Information Systems 4th Edition.
United Kingdom: Cengage Learning
 Stair, R.M. and Reynolds, G.W. (2018) Fundamentals of Information Systems. Ninth Edition. Boston,
USA: Cengage Learning.
 https//www.content.aws.training
 https://www.cisco.com/
 https://us.norton.com/

MANCOSA 112
Introduction to Information Systems

Reference List
 Bridgoli, H. (2021) MIS. Tenth Edition. Stamford, USA: Cengage Learning.
 Laudon K.C and Laudon J.P. (2022). Management Information Systems, Managing the Digital Firm 17th
Edition. United States of America: Pearson Education
 Laudon, K.C. and Laudon, J.P. (2019) Essentials of MIS. Thirteenth Edition. United States of America:
Pearson Education.
 Laudon, KC and Traver CG. (2019). E-Commerce 2019: Business, Technology and Society .15th Edition.
Pearson
 Madjid Tavana (2017). Enterprise Information Systems and the Digitalization of Business Functions.
Philadelphia, PA,
 Mari-Klara Stein, Robert Galliers (2017). The Routledge Companion to Management Information Systems
 Reynolds, GW. (2018). Ethics in Information Technology. 6th Ed. Kindle Edition. Cengage Learning
 Stair, R and Reynolds G. (2020). Principles of Information Systems (Mind Tap Course List) 14th Edition.
Cengage Learning
 Stair, R.M. and Reynolds, G.W. (2018) Fundamentals of Information Systems. Nineth Edition. Boston,
USA: Cengage Learning.
 Whitman ME, Mattord HJ (2017). Principles of Information Security. 6th Edition. Cengage Learning
 https//www.content.aws.training
 https://www.cisco.com/
 https://us.norton.com/

113 MANCOSA
 Introduction to Information Systems

Glossary
A
802.11b (Wi-Fi): Standard for high-speed wireless LANs that can transmit up to 11 Mbps within a 100-meter area,
providing a low-cost flexible technology for connecting work groups and providing mobile Internet access.
acceptance testing: Provides the final certification that the system is ready to be used in a production setting.
accountability: The mechanisms for assessing responsibility for decisions made and actions taken.
accumulated balance digital payment systems: Systems enabling users to make micropayments and
purchases on the Web, accumulating a debit balance on their credit card or telephone bills.
activity-based costing: Model for identifying all the company activities that cause costs to occur while producing
a specific product or service so that managers can see which products or services are profitable or losing money
and make changes to maximise firm profitability.
administrative controls: Formalised standards, rules, procedures, and disciplines to ensure that the
organisation’s controls are properly executed and enforced.
agency theory: Economic theory that views the firm as a nexus of contracts among self-interested individuals who
must be supervised and managed.
AI shell: The programming environment of an expert system.
antivirus software: Software designed to detect, and often eliminate, computer viruses from an information
system.
application controls: Specific controls unique to each computerised application.
application server: Software that handles all application operations between browser-based computers and a
company’s back-end business applications or databases.
application service provider (ASP): Company providing software that can be rented by other companies over
the Web or a private network.
application software: Programmes written for a specific application to perform functions specified by end users.
application software package: A set of prewritten, pre-coded application software programs that are
commercially available for sale or lease.
analogue signal: A continuous waveform that passes through a communications medium; used for voice
communications.
arithmetic-logic unit (ALU): Component of the CPU that performs the computer’s principal logic and arithmetic
operations.
artificial intelligence (AI): The effort to develop computer-based systems that can behave like humans, with the
ability to learn languages, accomplish physical tasks, use a perceptual apparatus, and emulate human expertise
and decision making.
assembly language: A programming language developed in the 1950s that resembles machine language but
substitutes mnemonics for numeric codes.

MANCOSA 114
Introduction to Information Systems

asynchronous transfer mode (ATM): A networking technology that parcels information into 8-byte cells, allowing
data to be transmitted between computers from different vendors at any speed.
attribute: A piece of information describing a particular entity.
authentication: The ability of each party in a transaction to ascertain the identity of the other party.
automation: Using the computer to speed up the performance of existing tasks.

B
backbone: Part of a network handling the major traffic and providing the primary path for traffic flowing to or from
other networks.
backward chaining: A strategy for searching the rule base in an expert system that acts like a problem solver by
beginning with a hypothesis and seeking out more information until the hypothesis is either proved or disproved.
balanced scorecard: Model for analysing firm performance that supplements traditional financial measures with
measurements from additional business perspectives, such as customers, internal business processes, and
learning and growth.
bandwidth: The capacity of a communications channel as measured by the difference between the highest and
lowest frequencies that can be transmitted by that channel.
banner ad: A graphic display on a Web page used for advertising. The banner is linked to the advertiser’s Web
site so that a person clicking on it will be transported to the advertiser’s Web site.
batch processing: A method of collecting and processing data in which transactions are accumulated and stored
until a specified time when it is convenient or necessary to process them as a group.
baud: A change in signal from positive to negative or vice versa that is used as a measure of transmission speed.
behavioral models: Descriptions of management based on behavioural scientists' observations of what managers
actually do in their jobs.
benchmarking: Setting strict standards for products, services, or activities and measuring organisational
performance against those standards.
best practices: The most successful solutions or problem-solving methods that have been developed by a specific
organisation or industry.
bit: A binary digit representing the smallest unit of data in a computer system. It can only have one of two states,
representing 0 or 1.
Bluetooth: Standard for wireless personal area networks that can transmit up to 720 Kbps within a 10-meter area.
broadband: High-speed transmission technology. Also designates a single communications medium that can
transmit multiple channels of data simultaneously.
bugs: Program code defects or errors.
bullwhip effect: Large fluctuations in inventories along the supply chain resulting from small unanticipated
fluctuations in demand.
bureaucracy: Formal organisation with a clear-cut division of labour, abstract rules and procedures, and impartial
decision making that uses technical qualifications and professionalism as a basis for promoting employees.

115 MANCOSA
 Introduction to Information Systems

bureaucratic models of decision making: Models of decision making where decisions are shaped by the
organisation's standard operating procedures (SOPs).
bus network: Network topology linking a number of computers by a single circuit with all messages broadcast to
the entire network.
business driver: A force in the environment to which businesses must respond and that influences the direction
of business.
business functions: Specialised tasks performed in a business organisation, including manufacturing and
production, sales and marketing, finance, accounting, and human resources.
business intelligence: Applications and technologies that focus on gathering, storing, analysing, and providing
access to data from many different sources to help users make better business decisions.
business model: An abstraction of what an enterprise is and how the enterprise delivers a product or service,
showing how the enterprise creates wealth.
business process reengineering: The radical redesign of business processes, combining steps to cut waste and
eliminating repetitive, paper-intensive tasks in order to improve cost, quality, and service, and to maximise the
benefits of information technology.
business processes: The unique ways in which organisations coordinate and organise work activities,
information, and knowledge to produce a product or service.
business-to-business (B2B) electronic commerce: Electronic sales of goods and services among businesses.
business-to-consumer (B2C) electronic commerce: Electronic retailing of products and services directly to
individual consumers.
byte: A string of bits, usually eight, used to store one number of character in a computer system.

C
C: A powerful programming language with tight control and efficiency of execution; is portable across different
microprocessors and is used primarily with PCs.
C++: Object-oriented version of the C programming language.
cable modem: Modem designed to operate over cable TV lines to provide high-speed access to the Web or
corporate intranets.
call centre: An organisational department responsible for handling customer service issues by telephone and
other channels.
capacity planning: The process of predicting when a computer hardware system becomes saturated to ensure
that adequate computing resources are available for work of different priorities and that the firm has enough
computing power for its current and future needs.
capital budgeting: The process of analysing and selecting various proposals for capital expenditures.
carpal tunnel syndrome (CTS): Type of RSI in which pressure on the median nerve through the wrist’s bony
carpal tunnel structure produces pain.

MANCOSA 116
Introduction to Information Systems

case-based reasoning (CBR): Artificial intelligence technology that represents knowledge as a database of cases
and solutions.
CD-ROM (compact disk read-only memory): Read-only optical disk storage used for imaging, reference, and
database applications with massive amounts of unchanging data and for multimedia.
CD-RW (CD-ReWritable): Optical disk storage that can be rewritten many times by users
cellular telephone (cell phone): A device that transmits voice or data, using radio waves to communicate with
radio antennas placed within adjacent geographic areas called cells.
central processing unit (CPU): Area of the computer system that manipulates symbols, numbers, and letters,
and controls the other parts of the computer system.
centralised processing: Processing that is accomplished by one large central computer.
change agent: In the context of implementation, the individual acting as the catalyst during the change process
to ensure successful organisational adaptation to a new system or innovation.
channel conflict: Competition between two or more different distribution chains used to sell the products or
services of the same company.
channels: The links by which data or voice are transmitted between sending and receiving devices in a network.
chatting: Live, interactive conversations over a public network.
chief information officer (CIO): Senior manager in charge of the information systems function in the firm.
chief knowledge officer (CKO): Senior executive in charge of the organisation’s knowledge management
programme.
choice: Simon's third stage of decision making, when the individual selects among the various solution
alternatives.
classical model of management: Traditional description of management that focused on its formal functions of
planning, organising, coordinating, deciding, and controlling.
clicks-and-mortar: Business model where the Web site is an extension of a traditional bricks-and-mortar
business.
click stream tracking: Tracking data about customer activities at Web sites and storing them in a log.
client: The user point-of-entry for the required function in client/server computing. Normally a desktop computer,
workstation, or laptop computer.
client/server computing: A model for computing that splits processing between “clients” and “servers” on a
network, assigning functions to the machine ablest to perform the function.
clustering: Linking two computers together so that the second computer can act as a backup to the primary
computer or speed up processing.
coaxial cable: A transmission medium consisting of thickly insulated copper wire; can transmit large volumes of
data quickly.
COBOL (Common Business Oriented Language): Major programming language for business applications
because it can process large data files with alphanumeric characters.

117 MANCOSA
 Introduction to Information Systems

cognitive style: Underlying personality dispositions toward the treatment of information, selection of alternatives,
and evaluation of consequences.
collaborative commerce: The use of digital technologies to enable multiple organisations to collaboratively
design, develop, build, and manage products through their lifecycles.
collaborative filtering: Tracking users’ movements on a Web site, comparing the information gleaned about a
user’s behavior against data about other customers with similar interests to predict what the user would like to see
next.
collaborative planning, forecasting, and replenishment (CPFR): Firms collaborating with their suppliers and
buyers to formulate demand forecasts, develop production plans, and coordinate shipping, warehousing, and
stocking activities
communications technology: Physical devices and software that link various computer hardware components
and transfer data from one physical location to another.
community of practice: Informal group of people that may live or work in many different locations but who share
a common professional interest. An important source of expertise for organisations.
competitive forces model: Model used to describe the interaction of external influences, specifically threats and
opportunities, that affect an organisation’s strategy and ability to compete.
compiler: Special system software that translates a high-level language into machine language for execution by
the computer.
computer: Physical device that takes data as an input, transforms the data by executing stored instructions, and
outputs information to a number of devices.
computer abuse: The commission of acts involving a computer that may not be illegal but are considered
unethical.
computer-aided design (CAD): Information system that automates the creation and revision of designs using
sophisticated graphics software.
computer-aided software engineering (CASE): Automation of step-by-step methodologies for software and
systems development to reduce the amounts of repetitive work the developer needs to do.
computer-based information systems (CBIS): Information systems that rely on computer hardware and software
for processing and disseminating information.
computer crime: The commission of illegal acts through the use of a computer or against a computer system.
computer hardware: Physical equipment used for input, processing, and output activities in an information
system.
computer matching: The processing control that matches input data to information held on master files.
computer software: Detailed, pre-programmed instructions that control and coordinate the work of computer
hardware components in an information system.
computer virus: Rogue software programs that are difficult to detect which spread rapidly through computer
systems, destroying data or disrupting processing and memory systems.

MANCOSA 118
Introduction to Information Systems

computer vision syndrome (CVS): Eyestrain condition related to computer display screen use; symptoms include
headaches, blurred vision, and dry and irritated eyes.
concentrator: Telecommunications computer that collects and temporarily stores messages from terminals for
batch transmission to the host computer.
connectivity: A measure of how well computers and computer-based devices communicate and share information
with one another without human intervention.
consumer-to-consumer (C2C) electronic commerce: Consumers selling goods and services electronically to
other consumers.
control totals: A type of input control that requires counting transactions or quantity fields prior to processing for
comparison and reconciliation after processing.
control unit: Component of the CPU that controls and coordinates the other parts of the computer system.
controller: A specialised computer that supervises communications traffic between the CPU and the peripheral
devices in a telecommunications system.
controls: All of the methods, policies, and procedures that ensure protection of the organisation’s assets, accuracy
and reliability of its records, and operational adherence to management standards.
converged network: Network with technology to enable voice and data to run over a single network
conversion: The process of changing from the old system to the new system.
cookie: Tiny file deposited on a computer hard drive when an individual visits certain Web sites. Used to identify
the visitor and track visits to the Web site.
cooptation: Bringing the opposition into the process of designing and implementing the solution without giving up
control over the direction and nature of the change.
copyright: A statutory grant that protects creators of intellectual property against copying by others for any purpose
for a period of 28 years.
core competency: Activity at which a firm excels as a world-class leader.
core systems: Systems that support functions that are absolutely critical to the organisation.
cost–benefit ratio: A method for calculating the returns from a capital expenditure by dividing total benefits by
total costs.
counter implementation: A deliberate strategy to thwart the implementation of an information system or an
innovation in an organisation.
critical success factors (CSFs): A small number of easily identifiable operational goals shaped by the industry,
the firm, the manager, and the broader environment that are believed to assure the success of an organisation.
Used to determine the information requirements of an organisation.
customer decision-support system (CDSS): System to support the decision-making process of an existing or
potential customer.
customer relationship management systems: Information systems for creating a coherent integrated view of all
of the relationships a firm maintains with its customers

119 MANCOSA
 Introduction to Information Systems

customisation: The modification of a software package to meet an organisation’s unique requirements without
destroying the package software’s integrity.

D
data: Streams of raw facts representing events occurring in organisations or the physical environment before they
have been organised and arranged into a form that people can understand and use.
data administration: A special organisational function for managing the organisation’s data resources, concerned
with information policy, data planning, maintenance of data dictionaries, and data quality standards
data cleansing: Correcting errors and inconsistencies in data to increase accuracy so that they can be used in a
standard company-wide format.
data definition language: The component of a database management system that defines each data element as
it appears in the database.
data dictionary: An automated or manual tool for storing and organising information about the data maintained in
a database.
data-driven DSS: A system that supports decision making by allowing users to extract and analyse useful
information that was previously buried in large databases.
data-flow diagram: Primary tool for structured analysis that graphically illustrates a system’s component
processes and the flow of data between them.
data management software: Software used for creating and manipulating lists, creating files and databases to
store data, and combining information for reports.
data manipulation language: A language associated with a database management system that end users and
programmers use to manipulate data in the database.
data mart: A small data warehouse containing only a portion of the organisation’s data for a specified function or
population of users.
data quality audit: A survey and/or sample of files to determine accuracy and completeness of data in an
information system.
data redundancy: The presence of duplicate data in multiple data files.
data security controls: Controls to ensure that data files on either disk or tape are not subject to unauthorised
access, change, or destruction.
data visualisation: Technology for helping users see patterns and relationships in large amounts of data by
presenting the data in graphical form.
data warehouse: A database, with reporting and query tools, that stores current and historical data extracted from
various operational systems and consolidated for management reporting and analysis.
data workers: People, such as secretaries or bookkeepers, who process and disseminate the organisation’s
information and paperwork.
database: A group of related files.

MANCOSA 120
Introduction to Information Systems

database (rigorous definition): A collection of data organised to service many applications at the same time by
storing and managing data so that they appear to be in one location.
database administration: Refers to the more technical and operational aspects of managing data, including
physical database design and maintenance.
database management system (DBMS): Special software to create and maintain a database and enable
individual business applications to extract the data they need without having to create separate files or data
definitions in their computer programs.
database server: A computer in a client/server environment that is responsible for running a DBMS to process
SQL statements and perform database management tasks.
data conferencing: Teleconferencing in which two or more users are able to edit and modify data files
simultaneously.
data mining: Analysis of large pools of data to find patterns and rules that can be used to guide decision making
and predict future behaviour.
debugging: The process of discovering and eliminating the errors and defects—the bugs—in program code.
decisional roles: Mintzberg's classification for managerial roles where managers initiate activities, handle
disturbances, allocate resources, and negotiate conflicts.
decision-support systems (DSS): Information systems at the organisation's management level that combine
data and sophisticated analytical models or data analysis tools to support semi structured and unstructured
decision making.
dedicated lines: Telephone lines that are continuously available for transmission by a lessee. Typically
conditioned to transmit data at high speeds for high-volume applications.
denial of service attack: Flooding a network server or Web server with false communications or requests for
services in order to crash the network.
dense wave division multiplexing (DWDM): Technology for boosting transmission capacity of optical fibre by
using many different wavelengths to carry separate streams of data over the same fibre strand at the same time.
Descartes’ rule of change: A principle that states that if an action cannot be taken repeatedly, then it is not right
to be taken at any time.
design: Simon's second stage of decision making, when the individual conceives of possible alternative solutions
to a problem.
desktop publishing: Technology that produces professional-quality documents combining output from word
processors with design, graphics, and special layout features.
development methodology: A collection of methods, one or more for every activity within every phase of a
development project.
digital cash: Currency represented in electronic form that moves outside the normal network of money.
digital certificate: An attachment to an electronic message to verify the identity of the sender and to provide the
receiver with the means to encode a reply.

121 MANCOSA
 Introduction to Information Systems

digital checking: Systems that extend the functionality of existing checking accounts so they can be used for
online shopping payments.
digital credit card payment system: Secure services for credit card payments on the Internet that protect
information transmitted among users, merchant sites, and processing banks.
digital divide: Large disparities in access to computers and the Internet among different social groups and different
locations.
digital firm: Organisation where nearly all significant business processes and relationships with customers,
suppliers, and employees are digitally enabled, and key corporate assets are managed through digital means.
digital market: A marketplace that is created by computer and communication technologies that link many buyers
and sellers.
Digital Millennium Copyright Act (DMCA): Adjusts copyright laws to the Internet age by making it illegal to make,
distribute, or use devices that circumvent technology-based protections of copyrighted materials
digital signal: A discrete waveform that transmits data coded into two discrete states as 1-bits and 0-bits, which
are represented as on–off electrical pulses; used for data communications.
digital signature: A digital code that can be attached to an electronically transmitted message to uniquely identify
its contents and the sender.
digital subscriber line (DSL): A group of technologies providing high-capacity transmission over existing copper
telephone lines.
digital wallet: Software that stores credit card and owner identification information and provides these data
automatically during electronic commerce purchase transactions.
direct cutover: A risky conversion approach whereby the new system completely replaces the old one on an
appointed day.
disaster recovery plan: Plan for running the business in the event of a computer outage. Includes organisational
procedures as well as backup processing, storage and database capabilities.
disinter mediation: The removal of organisations or business process layers responsible for certain intermediary
steps in a value chain.
distance learning: Education or training delivered over a distance to individuals in one or more locations.
distributed database: A database that is stored in more than one physical location. Parts or copies of the database
are physically stored in one location, and other parts or copies are stored and maintained in other locations.
distributed processing: The distribution of computer processing work among multiple computers linked by a
communications network.
document imaging systems: Systems that convert paper documents and images into digital form so that they
can be stored and accessed by the computer.
documentation: Descriptions of how an information system works from either a technical or an end-user
standpoint.
domain name: The unique name of a collection of computers connected to the Internet.

MANCOSA 122
Introduction to Information Systems

domain name system (DNS): A hierarchical system of servers maintaining databases enabling the conversion of
domain names to their IP addresses.
domestic exporter: A strategy characterised by heavy centralisation of corporate activities in the home country of
origin.
downsizing: The process of transferring applications from large computers to smaller ones.
downtime: Period of time in which an information system is not operational.
drill down: The ability to move from summary data to lower and lower levels of detail.
DSS database: A collection of current or historical data from a number of applications or groups. Can be a small
PC database or a massive data warehouse.
DSS software system: Collection of software tools that are used for data analysis, such as OLAP tools, data
mining tools, or a collection of mathematical and analytical models.
due process: A process in which laws are well-known and understood and there is an ability to appeal to higher
authorities to ensure that laws are applied correctly.
DVD (digital video disk): High-capacity optical storage medium that can store full-length videos and large
amounts of data.
dynamic page generation: Technology for storing the contents of Web pages as objects in a database rather
where they can be accessed and assembled to create constantly changing Web pages.
dynamic pricing: Pricing of items based on real-time interactions between buyers and sellers that determine what
an item is worth at any particular moment.

E
edit checks: Routines performed to verify input data and correct errors prior to processing.
efficient customer response system: System that directly links consumer behaviour back to distribution,
production, and supply chains.
e-learning: Instruction delivered through purely digital technology such as CD-ROMs, the Internet or private
networks.
electronic billing presentment and payment systems: Systems used for paying routine monthly bills that allow
users to view their bills electronically and pay them through electronic funds transfers from banks or credit card
accounts.
electronic business (e-business): The use of Internet and digital technology to execute all the business
processes in the enterprise. Includes e-commerce as well as processes for the internal management of the firm
and for coordination with suppliers and other business partners.
electronic commerce (e-commerce): The process of buying and selling goods and services electronically
involving transactions using the Internet, networks, and other digital technologies.
electronic commerce server software: Software that provides functions essential for running e-commerce Web
sites, such as setting up electronic catalogs and storefronts, and mechanisms for processing customer purchases.

123 MANCOSA
 Introduction to Information Systems

electronic data interchange (EDI): The direct computer-to-computer exchange between two organisations of
standard business transaction documents.
electronic mail (e-mail): The computer-to-computer exchange of messages.
electronic payment system: The use of digital technologies, such as credit cards, smart cards and Internet-based
payment systems, to pay for products and services electronically.
encryption: The coding and scrambling of messages to prevent their being read or accessed without authorisation.
end-user development: The development of information systems by end users with little or no formal assistance
from technical specialists.
end-user interface: The part of an information system through which the end user interacts with the system, such
as on-line screens and commands.
end users: Representatives of departments outside the information systems group for whom applications are
developed.
enterprise analysis: An analysis of organisation-wide information requirements that examines the entire
organisation in terms of organisational units, functions, processes, and data elements; helps identify the key
entities and attributes in the organisation’s data.
enterprise application integration software: Software that ties together multiple applications to support
enterprise integration.
enterprise applications: Systems that can coordinate activities, decisions, and knowledge across many different
functions, levels, and business units in a firm. Include enterprise systems, supply chain management systems,
customer relationship management systems, and knowledge management systems.
enterprise information portal: Application that enables companies to provide users with a single gateway to
internal and external sources of information.
enterprise networking: An arrangement of the organisation’s hardware, software, network, and data resources
to put more computing power on the desktop and create a company-wide network linking many smaller networks.
enterprise software: Set of integrated modules for applications such as sales and distribution, financial
accounting, investment management, materials management, production planning, plant maintenance, and human
resources that allow data to be used by multiple functions and business processes.
enterprise systems: Integrated enterprise-wide information systems that coordinate key internal processes of the
firm, integrating data from manufacturing and distribution, finance, sales, and human resources.
entity: A person, place, thing, or event about which information must be kept.
entity-relationship diagram: A methodology for documenting databases illustrating the relationship between
various entities in the database.
ergonomics: The interaction of people and machines in the work environment, including the design of jobs, health
issues, and the end-user interface of information systems.
ethics: Principles of right and wrong that can be used by individuals acting as free moral agents to make choices
to guide their behaviour.

MANCOSA 124
Introduction to Information Systems

exchange: Third-party Net marketplace that is primarily transaction oriented and that connects many buyers and
suppliers for spot purchasing.
executive support systems (ESS): Information systems at the organisation's strategic level designed to address
unstructured decision making through advanced graphics and communications.
expert system: Knowledge-intensive computer program that captures the expertise of a human in limited domains
of knowledge.
external integration tools: Project management technique that links the work of the implementation team to that
of users at all organisational levels.
extranet: Private intranet that is accessible to authorised outsiders.

F
facsimile (fax): A machine that digitises and transmits documents with both text and graphics over telephone
lines.
Fair Information Practices (FIP): A set of principles originally set forth in 1973 that governs the collection and
use of information about individuals and forms the basis of most U.S. and European privacy laws.
fault-tolerant computer systems: Systems that contain extra hardware, software, and power supply components
that create an environment that provides continuous uninterrupted service.
feasibility study: As part of the systems analysis process, the way to determine whether the solution is achievable,
given the organisation’s resources and constraints.
feedback: Output that is returned to the appropriate members of the organisation to help them evaluate or correct
input.
Fibre-optic cable: A fast, light, and durable transmission medium consisting of thin clear glass fibre bound into
cables. Data are transmitted as light pulses.
field: A grouping of characters into a word, a group of words, or a complete number, such as a person’s name or
age.
file: A group of records of the same type.
file transfer protocol (FTP): Tool for retrieving and transferring files from a remote computer.
finance and accounting information systems: Systems that keep track of the firm’s financial assets and fund
flows.
firewall: Hardware and software placed between an organisation’s internal network and an external network to
prevent outsiders from invading private networks.
floppy disk: Removable magnetic disk storage primarily used with PCs.
focused differentiation: Competitive strategy for developing new market niches for specialised products or
services where a business can compete in the target area better than its competitors.
formal control tools: Project management technique that helps monitor the progress toward completion of a task
and fulfilment of goals.

125 MANCOSA
 Introduction to Information Systems

formal planning tools: Project management technique that structures and sequences tasks, budgeting time,
money, and technical resources required to complete the tasks.
formal system: System resting on accepted and fixed definitions of data and procedures, operating with
predefined rules.
FORTRAN (FORmula TRANslator): A programming language developed in 1956 for scientific and mathematical
applications.
forward chaining: A strategy for searching the rule base in an expert system that begins with the information
entered by the user and searches the rule base to arrive at a conclusion.
fourth-generation language: A programming language that can be employed directly by end users or less-skilled
programmers to develop computer applications more rapidly than conventional programming languages.
frame relay: A shared network service technology that packages data into bundles for transmission but does not
use error-correction routines. Cheaper and faster than packet switching.
framing: Displaying the content of another Web site inside one’s own Web site within a frame or a window.
franchiser: A firm where a product is created, designed, financed, and initially produced in the home country, but
for product-specific reasons must rely heavily on foreign personnel for further production, marketing, and human
resources.
front-end processor: A special purpose computer dedicated to managing communications for the host computer
in a network.
fuzzy logic: Rule-based AI that tolerates imprecision by using non-specific terms called membership functions to
solve problems.

G
"garbage can" model: Model of decision making that states that organisations are not rational and that decisions
are solutions that become attached to problems for accidental reasons.
gateway: A communications processor that connects dissimilar networks by providing the translation from one set
of protocols to another.
general controls: Overall controls that establish a framework for controlling the design, security, and use of
computer programs throughout an organisation.
genetic algorithms: Problem-solving methods that promote the evolution of solutions to specified problems using
the model of living organisms adapting to their environment.
geographic information system (GIS): System with software that can analyse and display data using digitised
maps to enhance planning and decision making.
global culture: The development of common expectations, shared artefacts, and social norms among different
cultures and peoples
graphical user interface (GUI): The part of an operating system users interact with that uses graphic icons and
the computer mouse to issue commands and make selections.

MANCOSA 126
Introduction to Information Systems

group decision-support system (GDSS): An interactive computer-based system to facilitate the solution to
unstructured problems by a set of decision-makers working together as a group.
groupware: Software that provides functions and services that support the collaborative activities of work groups.
H
hacker: A person who gains unauthorised access to a computer network for profit, criminal mischief, or personal
pleasure.
hard disk: Magnetic disk resembling a thin steel platter with a metallic coating; used in large computer systems
and in most PCs.
hierarchical DBMS: Older logical database model that organises data in a treelike structure. A record is subdivided
into segments that are connected to each other in one-to-many parent–child relationships.
high-availability computing: Tools and technologies, including backup hardware resources, to enable a system
to recover quickly from a crash.
hit: An entry into a Web server’s log file generated by each request to the server for a file.
home page: A World Wide Web text and graphical screen display that welcomes the user and explains the
organisation that has established the page.
human resources information systems: Systems that maintain employee records; track employee skills, job
performance, and training; and support planning for employee compensation and career development.
hybrid AI systems: Integration of multiple AI technologies into a single application to take advantage of the best
features of these technologies.
hypermedia database: An approach to data management that organises data as a network of nodes linked in any
pattern the user specifies; the nodes can contain text, graphics, sound, full-motion video, or executable programs.
hypertext mark-up language (HTML): Page description language for creating Web pages and other hypermedia
documents.
hypertext transport protocol: The communications standard used to transfer pages on the Web. Defines how
messages are formatted and transmitted.

I
I-mode: Standard developed by Japan’s NTT DoCoMo mobile phone network for enabling cell phones to received
Web-based content and services.
implementation: Simon's final stage of decision making, when the individual puts the decision into effect and
reports on the progress of the solution.
implementation: All organisational activities working toward the adoption, management, and routinisation of an
innovation.
inference engine: The strategy used to search through the rule base in an expert system; can be forward or
backward chaining.
information: Data that have been shaped into a form that is meaningful and useful to human beings.

127 MANCOSA
 Introduction to Information Systems

information appliance: Device that has been customised to perform a few specialised computing tasks well with
minimal user effort.
information architecture: The particular design that information technology takes in a specific organisation to
achieve selected goals or functions.
information asymmetry: Situation where the relative bargaining power of two parties in a transaction is
determined by one party in the transaction possessing more information essential to the transaction than the other
party.
information centre: A special facility within an organisation that provides training and support for end-user
computing.
information partnership: Cooperative alliance formed between two or more corporations for the purpose of
sharing information to gain strategic advantage.
information policy: Formal rules governing the maintenance, distribution, and use of information in an
organisation.
information rights: The rights that individuals and organisations have with respect to information that pertains to
themselves.
information requirements: A detailed statement of the information needs that a new system must satisfy;
identifies who needs what information, and when, where, and how the information is needed.
informational roles: Mintzberg's classification for managerial roles where managers act as the nerve centres of
their organisations, receiving and disseminating critical information.
information systems department: The formal organisational unit that is responsible for the information systems
function in the organisation.
information systems literacy: Broad-based understanding of information systems that includes behavioural
knowledge about organisations and individuals using information systems as well as technical knowledge about
computers.
information systems managers: Leaders of the various specialists in the information systems department.
information systems plan: A road map indicating the direction of systems development: the rationale, the current
situation, the management strategy, the implementation plan, and the budget.
information systems plan: A road map indicating the direction of systems development: the rationale, the current
situation, the management strategy, the implementation plan, and the budget.
information technology (IT) infrastructure: Computer hardware, software, data, and storage technology, and
networks providing a portfolio of shared information technology resources for the organisation.
information work: Work that primarily consists of creating or processing information.
input: The capture or collection of raw data from within the organisation or from its external environment for
processing in an information system.
input controls: The procedures to check data for accuracy and completeness when they enter the system.

MANCOSA 128
Introduction to Information Systems

instant messaging: Chat service that allows participants to create their own private chat channels so that a person
can be alerted whenever someone on his or her private list is online to initiate a chat session with that particular
individual.
intangible benefits: Benefits that are not easily quantified; they include more efficient customer service or
enhanced decision making.
informed consent: Intangible property created by individuals or corporations that is subject to protections under
trade secret, copyright, and patent law.
integrated software package: A software package that provides two or more applications, such as word
processing and spreadsheets, providing for easy transfer of data between them.
intellectual property: Consent given with knowledge of all the facts needed to make a rational decision.
intelligence: The four stages of decision making, when the individual collects information to identify problems
occurring in the organisation.
intelligent agent: Software program that uses a built-in or learned knowledge base to carry out specific, repetitive,
and predictable tasks for an individual user, business process, or software application.
Integrated Services Digital Network (ISDN): International standard for transmitting voice, video, image, and data
to support a wide range of service over the public telephone lines.
internal integration tools: Project management technique that ensures that the implementation team operates
as a cohesive unit.
internal rate of return (IRR): The rate of return or profit that an investment is expected to earn.
international information systems architecture: The basic information systems required by organisations to
coordinate worldwide trade and other activities.
Internet: International network of networks that is a collection of hundreds of thousands of private and public
networks.
Internet2: Research network with new protocols and transmission speeds that provides an infrastructure for
supporting high-bandwidth Internet applications.
Internet protocol (IP) address: Four-part numeric address indicating a unique computer location on the Internet.
Internet service provider (ISP): A commercial organisation, with a permanent connection to the Internet, that
sells temporary connections to subscribers.
Internet telephony: Technologies that use the Internet Protocol’s packet-switched connections for voice service.
Internetworking: The linking of separate networks, each of which retains its own identity, into an interconnected
network.
interorganisational systems: Information systems that automate the flow of information across organisational
boundaries and link a company to its customers, distributors, or suppliers.
interpersonal roles: Mintzberg's classification for managerial roles where managers act as figureheads and
leaders for the organisation.
intranet: An internal network based on Internet and World Wide Web technology and standards.

129 MANCOSA
 Introduction to Information Systems

intrusion detection system: Tools to monitor the most vulnerable points in a network to detect and deter
unauthorised intruders.
intuitive decision makers: Cognitive style that describes people who approach a problem with multiple methods
in an unstructured manner, using trial and error to find a solution.
investment workstation: Powerful desktop computer for financial specialists, which is optimised to access and
manipulate massive amounts of financial data.
iteration construct: The logic pattern in programming where certain actions are repeated while a specified
condition occurs or until a certain condition is met.
iterative: A process of repeating over and over again the steps to build a system.

J/K
Java: Programming language that can deliver only the software functionality needed for a particular task, such as
a small applet downloaded from a network; can run on any computer and operating system.
joint application design (JAD): Process to accelerate the generation of information requirements by having end
users and information systems specialists work together in intensive interactive design sessions.
key field: A field in a record that uniquely identifies instances of that record so that it can be retrieved, updated, or
sorted.
knowledge-and information-intense products: Products that require a great deal of learning and knowledge to
produce.
knowledge assets: Organisational knowledge regarding how to efficiently and effectively perform its business
processes and create new products and services that enables the business to generate its profits.
knowledge base: Model of human knowledge that is used by expert systems.
knowledge discovery: The process of identifying novel and valuable patterns in large volumes of data through
the selection, preparation, and evaluation of the contents of large databases.
knowledge engineer: A specialist who elicits information and expertise from other professionals and translates it
into a set of rules, or frames, for an expert system.
knowledge frames: A method of organising expert system knowledge into chunks; the relationships are based on
shared characteristics determined by the user.
knowledge-level decision making: Evaluating new ideas for products, services, ways to communicate new
knowledge, and ways to distribute information throughout the organisation.
knowledge-level systems: Information systems that support knowledge and data workers in an organisation.
knowledge management: The set of processes developed in an organisation to create, gather, store, maintain,
and disseminate the firm’s knowledge.
knowledge management systems: Systems that support the creation, capture, storage, and dissemination of
firm expertise and knowledge.
knowledge map: Tool for identifying and locating the organisation’s knowledge resources.

MANCOSA 130
Introduction to Information Systems

knowledge repository: Collection of documented internal and external knowledge in a single location for more
efficient management and utilisation by the organisation.
knowledge work systems (KWS): Information systems that aid knowledge workers in the creation and integration
of new knowledge in the organisation.
knowledge workers: People, such as engineers, scientists, or architects, who design products or services or
create knowledge for the organisation.

L
legacy system: A system that has been in existence for a long time and that continues to be used to avoid the
high cost of replacing or redesigning it.
legitimacy: The extent to which one’s authority is accepted on grounds of competence, vision, or other qualities.
Making judgments and taking actions on the basis of narrow or personal characteristics
liability: The existence of laws that permit individuals to recover the damages done to them by other actors,
systems, or organisations.
Linux: Reliable and compactly designed operating system that is an offshoot of UNIX and that can run on many
different hardware platforms and is available free or at very low cost. Used as alternative to UNIX and Windows
NT.
LISTSERV: Online discussion groups using e-mail broadcast from mailing list servers.
load balancing: Distribution of large numbers of requests for access among multiple servers so that no single
device is overwhelmed.
local area network (LAN): A telecommunications network that requires its own dedicated channels and that
encompasses a limited distance, usually one building or several buildings in close proximity.
logical view: A representation of data as they would appear to an application programmer or end user.
M
machine cycle: Series of operations required to process a single machine instruction.
machine language: A programming language consisting of the 1s and 0s of binary code.
magnetic disk: A secondary storage medium in which data are stored by means of magnetised spots on a hard
or floppy disk.
magnetic tape: Inexpensive, older secondary-storage medium in which large volumes of information are stored
sequentially by means of magnetised and non-magnetised spots on tape.
mainframe: Largest category of computer, used for major business processing.
maintenance: Changes in hardware, software, documentation, or procedures to a production system to correct
errors, meet new requirements, or improve processing efficiency.
management control: Monitoring how efficiently or effectively resources are used and how well operational units
are performing.

131 MANCOSA
 Introduction to Information Systems

management information systems (MIS): Information systems at the management level of an organisation that
serve the functions of planning, controlling, and decision making by providing routine summary and exception
reports.
management-level systems: Information systems that support the monitoring, controlling, decision-making, and
administrative activities of middle managers.
management service provider (MSP): Company that provides network, systems, storage, and security
management for subscribing clients.
managerial roles: Expectations of the activities that managers should perform in an organisation.
man-month: The traditional unit of measurement used by systems designers to estimate the length of time to
complete a project. Refers to the amount of work a person can be expected to complete in a month.
manufacturing and production information systems: Systems that deal with the planning, development, and
production of products and services, and with controlling the flow of production.
mass customisation: The capacity to offer individually tailored products or services on a large scale.
massively parallel computers: Computers that use hundreds or thousands of processing chips to attack large
computing problems simultaneously.
megahertz: A measure of cycle speed, or the pacing of events in a computer; one megahertz equals one million
cycles per second.
message integrity: The ability to ascertain that a transmitted message has not been copied or altered.
micro browser: Web browser software with a small file size that can work with low-memory constraints, tiny
screens of handheld wireless devices, and low bandwidth of wireless networks.
micro payment: Payment for a very small sum of money, often less than $10.
microprocessor: Very large scale integrated circuit technology that integrates the computer’s memory, logic, and
control on a single chip.
microwave: A high-volume, long-distance, point-to-point transmission in which high-frequency radio signals are
transmitted through the atmosphere from one terrestrial transmission station to another.
middle managers: People in the middle of the organisational hierarchy who are responsible for carrying out the
plans and goals of senior management.
middleware: Software that connects two disparate applications, allowing them to communicate with each other
and to exchange data.
midrange computer: Middle-size computer that is capable of supporting the computing needs of smaller
organisations or of managing networks of other computers.
minicomputer: Middle-range computer used in systems for universities, factories, or research laboratories.
mirroring: Duplicating all the processes and transactions of a server on a backup server to prevent any interruption
in service if the primary server fails.
MIS audit: Identifies all the controls that govern individual information systems and assesses their effectiveness.

MANCOSA 132
Introduction to Information Systems

mobile commerce (m-commerce): The use of wireless devices, such as cell phones or handheld digital
information appliances, to conduct both business-to-consumer and business-to-business e-commerce transactions
over the Internet.
mobile data networks: Wireless networks that enable two-way transmission of data files cheaply and efficiently.
model: An abstract representation that illustrates the components or relationships of a phenomenon.
model-driven DSS: Primarily stand-alone system that uses some type of model to perform “what-if” and other
kinds of analyses.
modem: A device for translating digital signals into analogue signals and vice versa.
module: A logical unit of a program that performs one or several functions.
MP3 (MPEG3): Compression standard that can compress audio files for transfer over the Internet with virtually no
loss in quality.
multicasting: Transmission of data to a selected group of recipients.
multimedia: The integration of two or more types of media such as text, graphics, sound, voice, full-motion video,
or animation into a computer-based application.
multinational: A global strategy that concentrates financial management and control out of a central home base
while decentralising production, sales, and marketing operations to units in other countries.
multiplexer: A device that enables a single communications channel to carry data transmissions from multiple
sources simultaneously.

N
net marketplace: A single digital marketplace based on Internet technology linking many buyers to many sellers.
net present value: The amount of money an investment is worth, taking into account its cost, earnings, and the
time value of money.
network: The linking of two or more computers to share data or resources, such as a printer.
network-attached storage (NAS): Attaching high-speed RAID storage devices to a network and so that the
devices in the network can access these storage devices through a specialised server dedicated to file service and
storage.
network computer (NCs): Simplified desktop computer that does not store software programs or data
permanently. Users download whatever software or data they need from a central computer over the Internet or
an organisation’s own internal network.
network DBMS: Older logical database model that is useful for depicting many-to-many relationships.
network economics: Model of strategic systems at the industry level based on the concept of a network where
adding another participant entails zero marginal costs but can create much larger marginal gain.
network operating system (NOS): Special software that routes and manages communications on the network
and coordinates network resources.
neural network: Hardware or software that attempts to emulate the processing patterns of the biological brain.

133 MANCOSA
 Introduction to Information Systems

non-obvious relationship awareness (NORA): Technology that can find obscure hidden connections between
people or other entities by analysing information from many different sources to correlate relationships.
normalisation: The process of creating small stable data structures from complex groups of data when designing
a relational database.

O
object-oriented DBMS: An approach to data management that stores both data and the procedures acting on the
data as objects that can be automatically retrieved and shared; the objects can contain multimedia.
object-oriented development: Approach to systems development that uses the object as the basic unit of
systems analysis and design. The system is modelled as a collection of objects and the relationships between
them.
object-oriented programming: An approach to software development that combines data and procedures into a
single object.
object-relational DBMS: A database management system that combines the capabilities of a relational DBMS for
storing traditional information and the capabilities of an object-oriented DBMS for storing graphics and multimedia.
Office 2000 and Office XP: Integrated software suites with capabilities for supporting collaborative work on the
Web or incorporating information from the Web into documents.
office systems: Computer systems, such as word processing, voice mail, and imaging, that are designed to
increase the productivity of information workers in the office.
online analytical processing (OLAP): Capability for manipulating and analysing large volumes of data from
multiple perspectives.
online processing: A method of collecting and processing data in which transactions are entered directly into the
computer system and processed immediately.
online transaction processing: Transaction processing mode in which transactions entered online are
immediately processed by the computer.
open-source software: Software that provides free access to its program code, allowing users to modify the
program code to make improvements or fix errors.
open systems: Software systems that can operate on different hardware platforms because they are built on
public non-proprietary operating systems, user interfaces, application standards, and networking protocols.
Open Systems Interconnect (OSI): International reference model for linking different types of computers and
networks.
operating system: The system software that manages and controls the activities of the computer.
operational control: Deciding how to carry out specific tasks specified by upper and middle management, and
establishing criteria for completion and resource allocation.
operational-level systems: Information systems that monitor the elementary activities and transactions of the
Organisation.
operational managers: People who monitor the day-to-day activities of the organisation.

MANCOSA 134
Introduction to Information Systems

optical network: High-speed networking technologies for transmitting data in the form of light pulses.
opt-in: Model of informed consent prohibiting an organisation from collecting any personal information unless the
individual specifically takes action to approve information collection and use
opt-out: Model of informed consent permitting the collection of personal information until the consumer specifically
requests that the data not be collected.
organisation (behavioural definition): A collection of rights, privileges, obligations, and responsibilities that are
delicately balanced over a period of time through conflict and conflict resolution
organisation (technical definition): A stable, formal, social structure that takes resources from the environment
and processes them to produce outputs.
organisational culture: The set of fundamental assumptions about what products the organisation should
produce, how and where it should produce them, and for whom they should be produced.
organisational impact analysis: Study of the way a proposed system will affect organisational structure, attitudes,
decision making, and operations.
organisational memory: The stored learning from an organisation’s history that can be used for decision making
and other purposes.
organisational models of decision making: Models of decision making that take into account the structural and
political characteristics of an organisation.
organisational learning: Creation of new standard operating procedures and business processes that reflect
organisations’ experience.
output: The distribution of processed information to the people who will use it or to the activities for which it will be
used.
output controls: Measures that ensure that the results of computer processing are accurate, complete, and
properly distributed.
outsourcing: The practice of contracting computer centre operations, telecommunications networks, or
applications development to external vendors.

P
P3P: Industry standard designed to give users more control over personal information gathered on Web sites they
visit. Stands for Platform for Privacy Preferences.
packet switching: Technology that breaks blocks of text into small, fixed bundles of data and routes them in the
most economical way through any available communications channel.
paging system: A wireless transmission technology in which the pager beeps when the user receives a message;
used to transmit short alphanumeric messages.
paradigm shift: Radical reconceptualisation of the nature of the business and the nature of the organisation.
parallel processing: Type of processing in which more than one instruction can be processed at a time by
breaking down a problem into smaller parts and processing them simultaneously with multiple processors.

135 MANCOSA
 Introduction to Information Systems

parallel strategy: A safe and conservative conversion approach where both the old system and its potential
replacement are run together for a time until everyone is assured that the new one functions correctly.
patent: A legal document that grants the owner an exclusive monopoly on the ideas behind an invention for 20
years; designed to ensure that inventors of new machines or methods are rewarded for their labour while making
widespread use of their inventions.
payback method: A measure of the time required to pay back the initial investment on a project.
peer-to-peer: Network architecture that gives equal power to all computers on the network; used primarily in small
networks.
peer-to-peer computing: Form of distributed processing that links computers via the Internet or private networks
so that they can share processing tasks.
peer-to-peer payment system: Electronic payment system for people who want to send money to vendors or
individuals who are not set up to accept credit card payments.
personal communication services (PCS): A wireless cellular technology that uses lower power, higher frequency
radio waves than does cellular technology and so can be used with smaller size telephones.
personal computer (PC): Small desktop or portable computer.
personal digital assistants (PDA): Small, pen-based, handheld computers with built-in wireless
telecommunications capable of entirely digital communications transmission.
phased approach: Introduces the new system in stages either by functions or by organisational units.
physical view: The representation of data as they would actually be organised on physical storage media.
pilot study: A strategy to introduce the new system to a limited area of the organisation until it is proven to be fully
functional; only then can the conversion to the new system across the entire organisation take place.
political models of decision making: Models of decision making where decisions result from competition and
bargaining among the organisation's interest groups and key leaders.
pop-up ad: Ad that opens automatically and does not disappear until the user clicks on it.
portfolio analysis: An analysis of the portfolio of potential applications within a firm to determine the risks and
benefits, and to select among alternatives for information systems.
portal: Web site or other service that provides an initial point of entry to the Web or to internal company data.
post implementation audit: Formal review process conducted after a system has been placed in production to
determine how well the system has met its original objectives.
present value: The value, in current dollars, of a payment or stream of payments to be received in the future.
primary activities: Activities most directly related to the production and distribution of a firm’s products or services.
primary storage: Part of the computer that temporarily stores program instructions and data being used by the
instructions.
privacy: The claim of individuals to be left alone, free from surveillance or interference from other individuals,
organisations, or the state.
private exchange: Another term for a private industrial network.

MANCOSA 136
Introduction to Information Systems

private industrial networks: Web-enabled networks linking systems of multiple firms in an industry for the
coordination of trans-organisational business processes.
process specifications: Describe the logic of the processes occurring within the lowest levels of a data flow
diagram.
processing: The conversion, manipulation, and analysis of raw input into a form that is more meaningful to
humans.
processing controls: The routines for establishing that data are complete and accurate during updating.
product differentiation: Competitive strategy for creating brand loyalty by developing new and unique products
and services that are not easily duplicated by competitors.
production: The stage after the new system is installed and the conversion is complete; during this time the
system is reviewed by users and technical specialists to determine how well it has met its original goals.
production or service workers: People who actually produce the products or services of the organisation.
profiling: The use of computers to combine data from multiple sources and create electronic dossiers of detailed
information on individuals.
profitability index: Used to compare the profitability of alternative investments; it is calculated by dividing the
present value of the total cash inflow from an investment by the initial cost of the investment.
program: A series of statements or instructions to the computer.
program-data dependence: The close relationship between data stored in files and the software programs that
update and maintain those files. Any change in data organisation or format requires a change in all the programs
associated with those files.
programmers: Highly trained technical specialists who write computer software instructions.
programming: The process of translating the system specifications prepared during the design stage into program
code.
protocol: A set of rules and procedures that govern transmission between the components in a network.
prototype: The preliminary working version of an information system for demonstration and evaluation purposes.
prototyping: The process of building an experimental system quickly and inexpensively for demonstration and
evaluation so that users can better determine information requirements.
pure-play: Business models based purely on the Internet.
“push” technology: Method of obtaining relevant information on networks by having a computer broadcast
information directly to the user based on pre-specified interests.

Q/R
query language: Software tool that provides immediate online answers to requests for information that are not
predefined.
RAID (Redundant Array of Inexpensive Disks): Disk storage technology to boost disk performance by packaging
more than 100 smaller disk drives with a controller chip and specialised software in a single large unit to deliver
data over multiple paths simultaneously.

137 MANCOSA
 Introduction to Information Systems

RAM (Random Access Memory): Primary storage of data or program instructions that can directly access any
randomly chosen location in the same amount of time.
rapid application development (RAD): Process for developing systems in a very short time period by using
prototyping, fourth-generation tools, and close teamwork among users and systems specialists.
rational model: Model of human behaviour based on the belief that people, organisations, and nations engage in
basically consistent, value-maximising calculations.
rationalisation of procedures: The streamlining of standard operating procedures, eliminating obvious
bottlenecks, so that automation makes operating procedures more efficient.
reach: Measurement of how many people a business can connect with and how many products it can offer those
people.
real options pricing models: Models for evaluating information technology investments with uncertain returns by
using techniques for valuing financial options.
record: A group of related fields.
reduced instruction set computing (RISC): Technology used to enhance the speed of microprocessors by
embedding only the most frequently used instructions on a chip.
re-intermediation: The shifting of the intermediary role in a value chain to a new source.
relational DBMS: A type of logical database model that treats data as if they were stored in two-dimensional
tables. It can relate data stored in one table to data in another as long as the two tables share a common data
element.
repetitive stress injury (RSI): Occupational disease that occurs when muscle groups are forced through repetitive
actions with high-impact loads or thousands of repetitions with low-impact loads.
Request for Proposal (RFP): A detailed list of questions submitted to vendors of software or other services to
determine how well the vendor’s product can meet the organisation’s specific requirements.
resource allocation: The determination of how costs, time, and personnel are assigned to different phases of a
systems development project.
responsibility: Accepting the potential costs, duties, and obligations for the decisions one makes.
reverse logistics: The return of items from buyers to sellers in a supply chain.
richness: Measurement of the depth and detail of information that a business can supply to the customer as well
as information the business collects about the customer.
ring network: A network topology in which all computers are linked by a closed loop in a manner that passes data
in one direction from one computer to another.
risk assessment: Determining the potential frequency of the occurrence of a problem and the potential damage
if the problem were to occur. Used to determine the cost/benefit of a control.
Risk Aversion Principle: Principle that one should take the action that produces the least harm or incurs the least
cost.
ROM (read-only memory): Semiconductor memory chips that contain program instructions. These chips can only
be read from; they cannot be written to.

MANCOSA 138
Introduction to Information Systems

router: Device that forwards packets of data from one LAN or WAN to another.
rule base: The collection of knowledge in an AI system that is represented in the form of IF–THEN rules.
rule-based expert system: An AI program that has a large number of interconnected and nested IF–THEN
statements, or rules, that are the basis for the knowledge in the system.
run control totals: The procedures for controlling completeness of computer updating by generating control totals
that reconcile totals before and after processing.

S
sales and marketing information systems: Systems that help the firm identify customers for the firm’s products
or services, develop products and services to meet customers’ needs, promote these products and services, sell
the products and services, and provide ongoing customer support.
satellite: The transmission of data using orbiting satellites that serve as relay stations for transmitting microwave
signals over very long distances.
scalability: The ability of a computer, product, or system to expand to serve a larger number of users without
breaking down.
scoring model: A quick method for deciding among alternative systems based on a system of ratings for selected
objectives.
search costs: The time and money spent locating a suitable product and determining the best price for that
product.
search engine: A tool for locating specific sites or information on the Internet.
secondary storage: Relatively long term, non-volatile storage of data outside the CPU and primary storage.
security: Policies, procedures, and technical measures used to prevent unauthorised access, alteration, theft, or
physical damage to information systems.
selection construct: The logic pattern in programming where a stated condition determines which of two
alternative actions can be taken.
senior managers: People occupying the topmost hierarchy in an organisationwho are responsible for making
long-range decisions.
sensitivity analysis: Models that ask “what-if” questions repeatedly to determine the impact of changes in one or
more factors on the outcomes.
sequence construct: The sequential single steps or actions in the logic of a program that do not depend on the
existence of any condition.
server: Computer specifically optimised to provide software and other resources to other computers over a
network.
server farm: Large group of servers maintained by a commercial vendor and made available to subscribers for
electronic commerce and other activities requiring heavy use of servers.
shopping bot: Software with varying levels of built-in intelligence to help electronic commerce shoppers locate
and evaluate products or service they might wish to purchase.

139 MANCOSA
 Introduction to Information Systems

six sigma: A specific measure of quality, representing 3.4 defects per million opportunities; used to designate a
set of methodologies and techniques for improving quality and reducing costs.
smart card: A credit-card-size plastic card that stores digital information and that can be used for electronic
payments in place of cash.
smart phone: Wireless phone with voice, text, and Internet capabilities.
SOAP (Simple Object Access Protocol): Set of rules that allows Web services applications to pass data and
instructions to one another.
Socio-technical design: Design to produce information systems that blend technical efficiency with sensitivity to
organisational and human needs.
software metrics: The objective assessments of the software used in a system in the form of quantified
measurements.
software package: A prewritten, pre-coded, commercially available set of programs that eliminates the need to
write software programs for certain functions.
source code: Program instructions written in a high-level language programming language that must be translated
into machine language to be executed by the computer.
spamming: The practice of sending unsolicited e-mail and other electronic communication.
spreadsheet: Software displaying data in a grid of columns and rows, with the capability of easily recalculating
numerical data.
standard operating procedures (SOPs): Precise rules, procedures, and practices developed by organisations to
cope with virtually all expected situations.
star network: A network topology in which all computers and other devices are connected to a central host
computer. All communications between network devices must pass through the host computer.
storage area network (SAN): A high-speed network dedicated to storage that connects different kinds of storage
devices, such as tape libraries and disk arrays.
storage service provider (SSP): Third-party provider that rents out storage space to subscribers over the Web,
allowing customers to store and access their data without having to purchase and maintain their own storage
technology.
storage technology: Physical media and software governing the storage and organisation of data for use in an
information system.
stored value payment systems: Systems enabling consumers to make instant online payments to merchants
and other individuals based on value stored in a digital account.
strategic decision making: Determining the long-term objectives, resources, and policies of an organisation.
strategic information systems: Computer systems at any level of the organisation that change goals, operations,
products, services, or environmental relationships to help the organisation gain a competitive advantage.
strategic-level systems: Information systems that support the long-range planning activities of senior
management.

MANCOSA 140
Introduction to Information Systems

strategic transitions: A movement from one level of socio-technical system to another. Often required when
adopting strategic systems that demand changes in the social and technical elements of an organisation.
streaming technology: Technology for transferring data so that they can be processed as a steady and
continuous stream.
structured: Refers to the fact that techniques are carefully drawn up, step by step, with each step building on a
previous one.
structured analysis: A method for defining system inputs, processes, and outputs and for partitioning systems
into subsystems or modules that show a logical graphic model of information flow.
structured chart: System documentation showing each level of design, the relationship among the levels, and the
overall place in the design structure; can document one program, one system, or part of one program.
structured decisions: Decisions that are repetitive, routine, and have a definite procedure for handling them.
structured design: Software design discipline encompassing a set of design rules and techniques for designing
systems from the top down in hierarchical fashion.
structured programming: Discipline for organising and coding programs that simplifies the control paths so that
the programs can be easily understood and modified; uses the basic control structures and modules that have only
one entry point and one exit point.
Structured Query Language (SQL): The standard data manipulation language for relational database
management systems.
supercomputer: Highly sophisticated and powerful computer that can perform very complex computations
extremely rapidly.
supply chain: Network of organisations and business processes for procuring materials, transforming raw
materials into intermediate and finished products, and distributing the finished products to customers.
supply chain management: Close linkage and coordination of activities involved in buying, making and moving
a product.
supply chain management systems: Information systems that automate the relationship between a firm and its
suppliers in order to optimise the planning, sourcing, manufacturing and delivery of products and services.
support activities: Activities that make the delivery of a firm's primary activities possible. Consist of the
organisation’s infrastructure, human resources, technology, and procurement.
switched lines: Telephone lines that a person can access from a terminal to transmit data to another computer,
the call being routed or switched through paths to the designated destination.
switching costs: The expense a customer or company incurs in lost time and resources when changing from one
supplier or system to a competing supplier or system.
system failure: An information system that either does not perform as expected, is not operational at a specified
time, or cannot be used in the way it was intended.
system software: Generalised programs that manage the computer’s resources, such as the central processor,
communications links, and peripheral devices.

141 MANCOSA
 Introduction to Information Systems

system testing: Tests the functioning of the information system as a whole in order to determine if discrete
modules will function together as planned.
systems analysis: The analysis of a problem that the organisationwill try to solve with an information system.
systems analysts: Specialists who translate business problems and requirements into information requirements
and systems, acting as liaisons between the information systems department and the rest of the organisation.
systems design: Details how a system will meet the information requirements as determined by the systems
analysis.
systems development: The activities that go into producing an information systems solution to an organisational
problem or opportunity.
systems lifecycle: A traditional methodology for developing an information system that partitions the systems
development process into formal stages that must be completed sequentially with a very formal division of labour
between end users and information systems specialists.
syndicator: Business aggregating content or applications from multiple sources, packaging them for distribution,
and reselling them to third-party Web sites.
systematic decision makers: Cognitive style that describes people who approach a problem by structuring it in
terms of some formal method.

T
T1 line: A dedicated telephone connection comprising 24 channels that can support a data transmission rate of
1.544 Mbps. Each channel can be configured to carry voice or data traffic.
tacit knowledge: Expertise and experience of Organisational members that has not been formally documented.
tangible benefits: Benefits that can be quantified and assigned a monetary value; they include lower operational
costs and increased cash flows.
team ware: Group collaboration software that is customised for teamwork.
techno stress: Stress induced by computer use; symptoms include aggravation, hostility toward humans,
impatience, and enervation.
telecommunications: The communication of information by electronic means, usually over some distance.
telecommunications system: A collection of compatible hardware and software arranged to communicate
information from one location to another.
teleconferencing: The ability to confer with a group of people simultaneously using the telephone or electronic-
mail group communication software.
Telnet: Network tool that allows someone to log on to one computer system while doing work on another.
test plan: Prepared by the development team in conjunction with the users; it includes all of the preparations for
the series of tests to be performed on the system.
testing: The exhaustive and thorough process that determines whether the system produces the desired results
under known conditions.
topology: The way in which the components of a network are connected.

MANCOSA 142
Introduction to Information Systems

total cost of ownership (TCO): Designates the total cost of owning technology resources, including initial
purchase costs, the cost of hardware and software upgrades, maintenance, technical support, and training.
total quality management (TQM): A concept that makes quality control a responsibility to be shared by all people
in an organisation.
trade secret: Any intellectual work or product used for a business purpose that can be classified as belonging to
that business, provided it is not based on information in the public domain.
traditional file environment: A way of collecting and maintaining data in an organisation that leads to each
functional area or division creating and maintaining its own data files and programs.
transaction cost theory: Economic theory stating that firms grow larger because they can conduct marketplace
transactions internally more cheaply than they can with external firms in the marketplace.
transaction processing systems (TPS): Computerised systems that perform and record the daily routine
transactions necessary to conduct the business; they serve the organisation's operational level.
trans-border data flow: The movement of information across international boundaries in any form.
Transmission Control Protocol/Internet Protocol (TCP/IP): U.S. Department of Defense reference model for
linking different types of computers and networks; used in the Internet.
Trans-national: Truly globally managed firms that have no national head months; value-added activities are
managed from a global perspective without reference to national borders, optimising sources of supply and
demand and taking advantage of any local competitive advantage.
tuple: A row or record in a relational database.
twisted wire: A transmission medium consisting of pairs of twisted copper wires; used to transmit analogue phone
conversations but can be used for data transmission.

U
unified messaging: System combining voice messages, e-mail, and fax so that they can all be obtained from a
single system.
uniform resource locator (URL): The address of a specific resource on the Internet.
unit testing: The process of testing each program separately in the system. Sometimes called program testing.
Uninterruptable Power Supply (UPS): A device that provides power protection for unstable power conditions,
ensuring consistent and reliable connectivity at the most critical moments.
UNIX: Operating system for all types of computers, which is machine independent and supports multi-user
processing, multitasking, and networking. Used in high-end workstations and servers.
unstructured decisions: Non-routine decisions in which the decision maker must provide judgment, evaluation,
and insights into the problem definition; there is no agreed-on procedure for making such decisions.
Usenet: Forums in which people share information and ideas on a defined topic through large electronic bulletin
boards where anyone can post messages on the topic for others to see and to which others can respond.
user–designer communications gap: The difference in backgrounds, interests, and priorities that impede
communication and problem solving among end users and information systems specialists.

143 MANCOSA
 Introduction to Information Systems

user interface: The part of the information system through which the end user interacts with the system; type of
hardware and the series of on-screen commands and responses required for a user to work with the system.
Utilitarian Principle: Principle that assumes one can put values in rank order and understand the consequences
of various courses of action.
utility computing: Model of computing in which companies pay only for the information technology resources they
actually used during a specified time period. Also called on-demand computing or usage-based pricing.

V
value-added network (VAN): Private, multi-path, data-only, third-party-managed network that multiple
organisations use on a subscription basis.
value chain model: Model that highlights the primary or support activities that add a margin of value to a firm’s
products or services where information systems can best be applied to achieve a competitive advantage.
value web: Customer-driven network of independent firms who use information technology to coordinate their
value chains to collectively produce a product or service for a market.
videoconferencing: Teleconferencing in which participants see each other over video screens.
virtual organisation: Organisation using networks to link people, assets, and ideas to create and distribute
products and services without being limited to traditional organisational boundaries or physical locations.
virtual private network (VPN): A secure connection between two points across the Internet to transmit corporate
data. Provides a low-cost alternative to a private network.
visual programming: The construction of software programs by selecting and arranging programming objects
rather than by writing program code.
virtual reality systems: Interactive graphics software and hardware that create computer-generated simulations
that provide sensations that emulate real-world activities.
virtual reality modelling language (VRML): A set of specifications for interactive three-dimensional modelling on
the World Wide Web.
voice mail: A system for digitising a spoken message and transmitting it over a network.
voice over IP (VoIP): Facilities for managing the delivery of voice information using the Internet Protocol (IP).
voice portal: Portal that can accept voice commands for accessing information from the Web.

W
walkthrough: A review of a specification or design document by a small group of people carefully selected based
on the skills needed for the particular objectives being tested.
Web browser: An easy-to-use software tool for accessing the World Wide Web and the Internet.
Web bugs: Tiny graphic files embedded in e-mail messages and Web pages that are designed to monitor online
Internet user behaviour.
Web server: Software that manages requests for Web pages on the computer where they are stored and that
delivers the page to the user’s computer.

MANCOSA 144
Introduction to Information Systems

Web personalisation: The tailoring of Web content directly to a specific user.

Web services: Software components deliverable over the Internet that enable one application to communicate
with another with no translation required using a standard “plug and play” architecture.
Web site: All of the World Wide Web pages maintained by an organisation or an individual.
wide area network (WAN): Telecommunications network that spans a large geographical distance. May consist
of a variety of cable, satellite, and microwave technologies.
Windows 98: Version of the Windows operating system that is closely integrated with the Internet and that supports
hardware technologies such as MMX, digital video disk, videoconferencing cameras, scanners, TV tuner-adapter
cards, and joysticks.
Windows 2000: Windows operating system for high-performance PCs and network servers. Supports networking,
multitasking, multiprocessing, and Internet services.
Windows Millennium Edition (Windows Me): Enhanced Windows operating system for consumer users
featuring tools for working with video, photos, music, and home networking.
Windows .NET server: Most recent Windows operating system for servers.
Windows XP: Powerful Windows operating system that provides reliability, robustness, and ease of use for both
corporate and home PC users.
word processing: Office system technology that facilitates the creation of documents through computerised text
editing, formatting, storing, and printing.
work flow management: The process of streamlining business procedures so that documents can be moved
easily and efficiently from one location to another.
World Wide Web: A system with universally accepted standards for storing, retrieving, formatting, and displaying
information in a networked environment.
Workstation: Desktop computer with powerful graphics and mathematical capabilities and the ability to perform
several complicated tasks at once.
WSDL (Web Services Description Language): Common framework for describing the tasks performed by a Web
service so that it can be used by other applications.
Webmaster: The person in charge of an Organisation’s Web site.
Wireless Web: Web-based applications enabling users to access digital information from the Internet using
wireless mobile computing devices.
Wireless Application Protocol (WAP): System of protocols and technologies that lets cell phones and other
wireless devices with tiny displays, low-bandwidth connections, and minimal memory access Web-based
information and services.
WML (Wireless Mark-up Language): Mark-up language for wireless Web sites; based on XML and optimised for
tiny displays.
Web content management tools: Software to facilitate the collection, assembly, and management of content on
a Web site, intranet, or extranet.

145 MANCOSA
 Introduction to Information Systems

Web hosting service: Company with large Web server computers to maintain the Web sites of fee-paying
subscribers.
Web site performance monitoring tools: Software tools for monitoring the time to download Web pages, perform
Web transactions, identify broken links between Web pages, and pinpoint other Web site problems and
bottlenecks.

X
XHTML (Extensible Hypertext Mark-up Language): Hybrid of HTML and XML that provides more flexibility than
HTML.
XML (extensible Mark-up Language): General-purpose language that describes the structure of a document and
supports links to multiple documents, allowing data to be manipulated by the computer. Used for both Web and
non-Web applications.

MANCOSA 146
Introduction to Information Systems

147 MANCOSA