www.oumstudents.tk Page 1
1) Computer Based Information Systems (CBIS) a) Five Resources of a Firm (Hopeman 1969):
i) Personal ii) Material iii) Machines iv) Money v) Information
b) Two Categories that a Firms resources can be divided into:
i) Physical: Tangible resources: Personal, Material, Machines, Money ii) Conceptual: Used to manage physical resources: Information
c) Information Management: Collection and management of information from one or more sources, and the distribution of that information to one or more audiences.
d) Two main factors that Managers give Priority to Information Systems: i) Changes in Business Environment: In a more complex way. Can be elaborated by:
(1) Emergence of Global Economy: Global business management are connected by IS through networks.
(2) Transformation of Industrial Economies: Manufacturing is shifting to developing countries, while industrial giants are moving to service-‐based ones. Knowledge and information play a key role in this new era.
ii) Improvement in computer skills: The size and speed of computers today are more advanced than before
e) Information System User: Any individual who uses the information system for a specific purpose. Eg: To access
information, update data, process information, conduct transactions or generate a report.
i) Managers: Using the generated information ii) Workers: Access company reports iii) Customers: Receive monthly statements
iv) Stockholders: Receive dividend cheques v) Government Departments: Receive taxation reports
f) Management Levels: Every firm has 3 levels of management:
i) Top-‐level management: Strategic level management.
(1) Scope: Prepare Long Term planning (5-‐10-‐20 years)
(2) Designations: CEO, President, Vice-‐President (3) Strategic Planning: Long term plan, defining overall mission and
objectives of organization. ii) Middle-‐level management: Control level management.
(1) Scope: Prepare Mid-‐term planning (1-‐12 months), Plan actions
for long-‐term planning and ensure firms objectives are achieved.
(2) Designations: Branch Manager, Director, Division Leader
(3) Tactical Planning: Short term plan, action framework based on
strategic plan. Delegate power and responsibility to bottom level managers, and give instructions, resources and feedback on work.
iii) Lower-‐level management: Operational control level.
(1) Scope: Implementing the planning done by top and middle levels
(2) Designations: Head of Department, Supervisor, Coordinator, Project Leader
(3) Daily Planning: Leads the operation staff, coordinate the operational tasks, solves problems and guarantees availability of important resources.
g) Five main functions of a manager:
i) Planning ii) Organising iii) Staffing
iv) Directing v) Controlling
www.oumstudents.tk Page 2
h) Managerial Skills: Important because they are used in daily routine jobs.
i) Communication Skills
ii) Problem-‐Solving Skills
i) Managers Knowledge:
i) Computer literacy refers to the basic knowledge that must be possessed by computer users so that they can
operate the computer efficiently.
ii) Information literacy refers to the understanding of the use of information at every level of the problem-‐solving process, and knowing how to search for information resources and how this information can be shared for
mutual benefit.
j) Manager & System:
i) System is defined as a group of elements that works together to achieve an objective.
ii) System Elements: Every system has a different combination of elements. In general, a system has basic elements such as objectives, control mechanisms, input, transformation and output
iii) Open-‐loop and Closed-‐loop Systems
(1) Open Loop Systems: Systems with no control mechanism.
(2) Closed-‐loop System has three control components, namely the
control mechanism, feedback loop and objective.
iv) Open and Closed Systems
(1) Open System: Connected to its environment by means of resource flows. Eg: Voting system
(2) Closed System: Not connected to its environment. They usually
exist in tightly controlled laboratory systems.
v) Sub-‐System and Super System:
(1) Sub-‐System: A subsystem is simply a system within a system. Meaning that systems exist on more than one
level and can be composed of subsystems or elemental parts.
(2) Super-‐System: When a system is part of a larger system, the
larger system is the super system.
vi) Physical and Conceptual System:
(1) Physical System: A system that originates from tangible physical elements. Eg: Computer System
(2) Conceptual System: A system that uses conceptual resources that cannot be seen physically to represent physical system. Eg: Data & Information stored in the
computer system
vii) The Importance of a System View: A systems view regards business
operations as systems embedded within a larger environmental setting. It’s an abstract way of thinking, but it has
potential value to the manager. The systems view:
(1) Reduces complexity
(2) Requires good objectives (3) Emphasizes working together
(4) Acknowledges interconnections (5) Values feedback
System Input Processor Output User
EIS Overall Data: Internal, External
Graphic simulation; interactive
Forecast respond to inquiry
Senior management
DSS Low volume data or very big data base that are optimised for data analysis; model and data equipment analysis
Interactive; simulation, analysis
Special report; result analysis; responds to the inquiry
Professional; Manager
MIS Summary data transaction; high volume data; simple report
Routine report; simple model; low level analysis
Simple report Middle manager
DAS Document; schedule Document management; schedule; communication
Document; Schedule mail
Clerical staff
TPS/AIS Transaction; events Picking; listing; merging; updating
Detail report; list; summary
Operation Staff; Supervisor
www.oumstudents.tk Page 3
k) Computer-‐Based Information Systems (CBIS):
i) Accounting Information System (AIS, OR Transaction Processing System (TPS)): executes and records the routines or daily transactions of the firm. Eg: Payroll System, Registration System, Customer Request System…
ii) Management Information System (MIS): Provides management information in the supporting, planning,
controlling and decision-‐making functions by generating special and periodic reports.
iii) Office Automation System (OAS): a computer system that consists of electronic devices used for
communication and productivity for managers and workers. Eg: word processor, e-‐mail, electronic calendar…
iv) Decision Support System (DSS): Information System which assists managers to solve problems and make decisions on very specific issues.
v) Knowledge Based System (KBS): A computer system which can replicate the human methods in problem-‐solving such as thinking, learning or giving explanations for a solution by using artificial intelligence and knowledge stored in the database.
vi) Executive Information System (EIS):
vii) Manufacturing Information System:
l) Information Experts: Members of the staff who are responsible for the development and organisation of the firm's information system.
i) System Analysts (SA): Develops a new system or upgrade the current system, cooperating with user and
management.
ii) Database Administrators: develop and maintain the database, which consists of the required data for
producing information for users.
iii) Network Administrators: develop and maintain data communication which connect and allow the sharing of computer resources. Internet development has created new experts in this field, known as web masters or web
designers.
iv) Programmers: write the programming codes in the programming language based on the design documentation, earlier written by the system analysts. The programmers also test the written programme to
ensure it is bug-‐free from any syntaxes and logical errors.
v) Computer Operators: operate large scale computers such as the main framework and mini computer. They operate the routine jobs, operate the printers' data storage and help users troubleshoot .
m) End User Computing (EUC) Trend: Development in information technology has created computer literacy in many
people either at a minimum level or at higher levels. This development helps the computer user to operate or to
develop the computer system without the help of information experts.
i) Factors supporting growth of EUC:
(1) Increased computer literacy
(2) Information services backlog
(3) Low-‐cost hardware (computers)
(4) Pre-‐written software (electronic spreadsheets, DBMSs’)
n) Business Process Re-‐Engineering (BPR): is referred as the thinking and re-‐designing processes in achieving dramatic
growth in terms of cost, quality and services (Hummer et al, 1993). Eg: Credit checking process of six days can be cut short to 4 hours.
www.oumstudents.tk Page 4
2) System Concepts a) Model: The representation of things like an object, a concept or real activity known as entity
i) Types of Models:
(1) Physical Model: Representation of three dimensional entities, which can be seen by the naked eye. Eg: Miniature Car, House models
(2) Narrative Model: Used by managers by explaining the entity through oral and written communication. This is most popular model since it covers all aspects of the business communication.
(3) Graphical Model: Used to visualise the entity via graphs, charts, forms, symbols and lines. Eg: DFD, ERD etc.
(4) Mathematical Model: A formula or mathematical equation that consists of a few variables and constants. Its advantage is that it can forecast the future. Eg: Profit = Sale – Cost
b) Physical System: Transforms the input resources (extracted from the environment) to the output resources (returned to the same environment).
i) Types of Flow:
(1) Material Flow
(2) Personnel Flow
(3) Machinery Flow:
(4) Monetary Flow :
c) Conceptual System:
i) Information Dimensions: Manager evaluates output produced by information processor based on four
information dimensions:
(1) Relevant: Information is relevant if the contents can fulfil the requirement of the problem faced.
(2) Accurate: Information must be accurate without errors. It is important especially in issues involving money
like salary, loans and bills.
(3) On Time: Information must always available when it’s needed.
(4) Complete: Information must be comprehensive and complete but not excessive to the point of being irrelevant to the problem being solved.
d) Standards: The measurement of a firm's performance and are stated in specific terms and can be measured quantitatively in the form of money, numbers, percentage and such.
e) Management Techniques:
i) Management by Exception: When a manager takes an action only if an activity occurs out of fixed performance and norms. Therefore, as long as the firms activity is within the performance parameter, the firm can be
considered as being stable. This technique is implemented by comparing the actual standard and performance of the system produced by the information processor. For example, the total number of fans produced is fixed between 500 to 800 units per day; manager will follow-‐up if the production of fans does not achieve this target.
ii) Critical Success Factors (CSF): Technique used by managers to identify several main factors which bring success to a particular function. Usually the organisation determines several
CSFs that need to be completely fulfilled.
iii) Difference is that CSF remains constant in the long term while management by exception can change according to time
f) Problem Solving:
i) Internal constraint is limited resources in a firm.
ii) External constraint refers to constraints from the firm’s environment which limit the flow of the resource to and from the firm.
www.oumstudents.tk Page 5
iii) Symptom is the situation caused by the problem.
iv) Problem Structure: Problems have a structure that influence the way they are solved.
(1) Structured Problem: A problem that has certain elements and relationship between the elements can be clearly understood and seen. Eg: profit = sale-‐cost, explains why firms profit increases or decreases
(2) Non-‐Structured Problems: Do not have clear elements or relationships that are understood. Eg: Human Behaviour
(3) Semi-‐Structured Problems: Have parts of elements or relationships that are understandable and parts that are not understandable. Eg: Choice to produce new products.
g) System Approach: Guide to solving a problem step-‐by-‐step to ensure the problem can be understood, an alternative solution is identified and the solution chosen is effective
i) The system approach consists of three phases namely the preparation, definition and solution phases. Every phase has certain steps that can be used as guidance.
3) Usage of IT in Strategic Planning a) Strategic Management: Management that can change the objective, operation, product, service and
environmental relationship of an organisation in efforts to assist the organisation to achieve competitive
advantages.
b) Business Level Strategies:
i) Become a low-‐cost producer
ii) Differentiate product and services
iii) Change the scope of competition by enhancing the market to enter the global market
iv) Decrease the market by focusing on smaller niche markets.
c) Value Chain Model: Can assist in increasing competitive forces by identifying the focus point of the critical and specific influence where, at this point, information
technology can be used effectively to reinforce the position in the competition. Activities are categorized into:
i) Primary Activities: activities related to the production
and distribution of products and services which create value for the customers. They are:
(1) Inbound Logistics (2) Operations (3) Outbound Logistics (4) Sales & Marketing
(5) Services ii) Support Activities: Activities that are needed to ensure that primary activities can be implemented. They are:
(1) Administration and management
(2) Human Resources
(3) Technology (4) Procurement
www.oumstudents.tk Page 6
d) Information Partnerships: These partnerships are normally made between information-‐sharing partners in which
two or more firms share data to get mutual advantages (Konsynski and McFanlan, 1990).
i) It Enable Firms to Get: New customers, open new opportunities for cross-‐selling and product targets
ii) Sometimes, traditional competitors can gain benefits from this partnership.
e) Two types of Analytical Models at Industrial Level:
i) Competitive Forces Model:
(1) Competitive advantages can be achieved by increasing the firm’s capability to handle:
(a) Customers, (b) Suppliers, (c) Replacement products and services,
(d) New entrance of competitors into the market,
(2) Where this will probably bring changes to power balance between firm and its competitors in the industry.
ii) Network Economy: When there is a new customer, the marginal cost will not increase, while the marginal
profit will increase. The value of the phone or internet system will increase with more users. The cost involved in managing a television station which has 1000 users and 10 million users is similar.
4) Decision Support System (DSS) a) Decisions: Forms of actions taken to avoid or to reduce the negative effect, or to take advantage of the situation
(Raymon McLeod, 2001).
i) Types of Decisions: (Herbert A. Simon, 1977)
(1) Programmable Decision: Problems encountered are a routine, repeatable structure and that a standard procedure is developed to solve problems if they occur again.
(2) Un-‐Programmable Decision: More complex, is semi or unstructured, vague and cannot be solved using available models or standard procedures because of no or rarely occurring situations.
ii) Decision Making Phases: An interpretation from a systematic approach, by Simon
(1) Intelligence activity: Ability of the human to search for a conducive environment that needed to be solved.
(2) Design activity: Invent, develop and analyse all types of actions possible. (3) Selection activity: Select one type of action from various alternatives provided through design activity.
(4) Evaluation activity: Evaluate selection that has been made.
b) Decision Support System (DSS): support the manager to make
decisions effectively.
i) Two Definitions of DSS:
(1) General definition: DSS is a system that provides facilities
to problem-‐solving and communication in semi-‐structured problem solving.
(2) Specific definition: DSS is a system that supports
managers or a small group of managers who relatively work as a problem-‐solving team that find the solution to semi-‐structured problems and provide information or give
suggestions related to the specific decision.
ii) Four basic analysis modeling activity in DSS:
(1) What-‐If analysis: The decision maker can make changes to the variables, or the relationship between the variables, to observe changes inside another variable.
(2) Awareness analysis: Usually a variable is changed several times and the resulting variable changes are
observed. It is usually used when the decision maker is not sure of how to approximate the value of the key variables.
www.oumstudents.tk Page 7
(3) Objective searching analysis: Changing the analysis direction of What-‐if analysis and Sensitivity analysis.
(4) Optimisation Analysis: A continuation that is very complex, from the information analysis that not only sets one target but also finds the optimum value for one or more targetted variables.
iii) Objectives of DSS: (1) Help and prepare support for the manager in the
decision-‐making process to solve semi and unstructured
problems.
(2) Support the manager in the decision-‐making process but not replace the manager in making decisions.
(3) Concentrate on improving the effective process of decision making by the manager compared to efficiency.
iv) DSS Model: Has the same structure as the Management
Information System and Financial Information System models.
c) Group Decision Support System (GDSS): A computer-‐based system
that supports a group of individuals that cooperate to achieve one aim by providing an interface which use the surroundings that are shared
together.
i) Two Unique Characteristics of GDSS:
(1) Parallel communication occurs when all participants making
statements use the computer at the same time
(2) Anonymity means that no participant knows who is giving certain statements.
ii) Local Decision Network: A small group that uses the local area network (LAN) to interact using an application such as IRC, used when it’s impossible to gather all members in one room at the same time.
iii) Legislative Session: Created when the decision room is too small to be occupied by all members. This session is limited to communication through a few methods (few members given to communicate, limited time
allocation, facilitator selects materials to be displayed etc).
iv) Computerised Conference: is more commonly known as teleconferencing.
(1) Teleconferencing: A computer application that helps a group of humans to communicate even though they
are geographically separated. Teleconferencing involves computer conferencing, audio conferencing and video conferencing.
d) Group Software (Groupware): Software that provides support to a cooperating group through collaboration. It provides mechanism to all members of
the group to share ideas, data, infomation, knowledge & other resources;
i) Components in a GDSS: electronic advisor,
conference or an electronic meeting room, group timetable, calendar, planning, conflict resolution, model development, video conference, document
sharing (such as screen, whiteboard and or live board), voting etc.
www.oumstudents.tk Page 8
5) Executive Information Systems (EIS) a) Executive: Higher-‐level managers in an organisation’s hierarchy.
i) Has the power and authority to set the organisation’s direction through his involvement in outlining strategic plans and organisation’s policies.
ii) Executives are organisation-‐oriented, while managers are unit or department-‐oriented.
b) Fayol Management Function: All executives were doing the same management functions: planning, arranging, administering, and hiring employees, including directing and controlling (McLoud, 2001).
c) Mintzberg Management Roles: Mintzberg (1973) believed that
managers played all roles according to levels except the orientation manager. Higher-‐level managers (executives), negotiate a company merger while lower level managers negotiate with the supplier on the
delivery date of a product.
d) Networking & Kotter Agenda: John P. Kotter (1982) believes that
executives deal with their tasks using the three strategies:
i) Agendas: These are the objectives of the company that need to be achieved. 2 types of agendas: long term and short term.
ii) Networks: Executives need to build networks or relationships between individuals inside and outside the organisation which can or will help in achieving the Agenda above.
iii) Surrounding: Executives need to design a good environment, with good moral values that can help networking members cooperate with each other to achieve the agendas.
e) Classes of Problems that Executives Think About:
i) First class: how to solve work or problems.
ii) Second class: how to manage big issues or general aims of an organisation.
f) Mintzberg Research: First researcher to study information needed by executives by identifying how executives spent their time.
i) Five fundamental activities, that executives spent their time in, according to the research:
(1) 22% on desk work (such as typing, reading or replying e-‐mails, reading reports and others),
(2) 6% in answering and replying calls, (3) 10% to attend unscheduled meetings,
(4) 59% to attend scheduled meetings and
(5) 3% to make visitations.
g) Jones and McLeod Research: Professor Jack W. Jones and Raymond McLeod (1994) saw the importance in
researching deeper on the sources of information and the medium used by executives as reported by Mintzberg.
i) Five Questions, which the research was designed to Answer:
(1) How much information do executives receive?
(2) What is the value of the information received?
(3) What is the executive’s source of information?
(4) What are the types of media used by executives to exchange information and to communicate?
(5) How is the received information used by executives?
www.oumstudents.tk Page 9
ii) Three main findings:
(1) Most of the information received comes from the organisation's environment but company internal information has higher value.
(2) Most of the information received by executives is in written form but those with the highest value are
received orally.
(3) Executives receive little information from the computer.
iii) Conclusion: There are no executive information systems that are totally dependent on computers. What really happens is that the computer is used as a support for the non-‐computerised workflow.
h) Executive Information System (EIS): A computer-‐based method for inexperienced executives and knowledgeable with computers to obtain, create, send information including exploring and searching in detail
about certain information from the needed field by them to make decisions.
i) Input to EIS: Comes from other ISs’, such as Transaction Processing
System, Management Report System, or MIS.
ii) Output of EIS:
(1) Provides standardised reports (2) Graphics and online facilities (3) On-‐demand information
iii) EIS Data: Whatever information needed to make decisions, as well as information deemed necessary by the executive, should be included to EIS.
iv) Application: There are many EIS software and applications available in the market, provided by commercial
software vendors. Usually these software comprise office automation, electronic mail, information management, information connection, and information analysis.
6) Expert System (ES) a) Expert: A person that has the expertise and knowledge of their specialised field (Eg: A cardiology expert and
mathematics expert, among others). Through experience, an expert expands his skills that enable him to solve problems heuristically efficiently and
effectively.
b) Knowledge: A theoretical or practical understanding about a subject or domain.
c) Expert System: An information system that is capable of mimicking human thinking and
makes considerations during decision-‐making.
i) Definitions:
(1) A System that uses stored human knowledge inside a computer to solve problems that need human
expertise (Efraim Turban, 2001).
(1) An intelligent computer programme that uses knowledge and reasoning procedures to solve difficult problems that need certain expertise to solve the problems (Prof. Edward Feigenbaum, 1983).
ii) Two factors for Why We build an Expert System: Either to replace or to help an expert.
iii) Reasons for the need of an Expert System to replace an expert:
(1) Enables the use of expertise after working hours or at a different locations. (2) To automate a routine task that needs human expertise all the time unattended, thus reducing operational
costs.
(3) To replace a retiring or a leaving employee who is an expert.
(4) Hiring an expert is costly.
www.oumstudents.tk Page 10
iv) The Expert System is used to:
(1) Help experts in their routine to improve productivity.
(2) Help experts in some of their more complex and difficult tasks so that the problem can be managed effectively.
(3) Help an expert to obtain information needed by other experts who have forgotten or who are too busy.
v) Application of Expert System (ES) in Banking and Financial Sector:
(1) An ES that helps bank managers make a decision on giving financial loans.
(2) An ES that advises bank managers in giving housing loans.
(3) An ES that advises insurance companies on the risks involved if they are insuring a customer or a company.
(4) An ES that helps banks make a decision on whether a customer is entitled for a credit card
(5) An ES that identifies computerised fraud and controls it.
b) Expert System Architecture:
i) The Basic Components of an Expert System are:
(1) Knowledge base: A DB that stores two important things: facts, and rules or heuristic rules. (a) Facts: Info or data in a designated field. (b) Rules or Heuristic Rules: Explain procedures
of reasoning used to solve a certain problem. Rules are divided into two:
(i) IF, called before (a premise or condition); (ii) THEN, it is called effect (conclusions or actions)
(1) Inference Engine: A computer programme that drives to the conclusion or solution and at the same time
provides the reasoning methodology for information stored in the knowledge database.
(2) Explanation Facility: Acts to help the user understand how an ES achieves a certain decision or conclusion of the problem that needs to be solved.
(3) Knowledge Acquisition Facility: A process to gather and transfer “problem-‐solving expertise” from all sources of knowledge in a computer programme.
b) Expert System Development:
(1) Domain Expert: A person who has the knowledge, experience, skill, steps special consultation skills, able to
guide and possess unique problem solving methods and is better than the rest in the field.
(2) Knowledge Engineer: A person who is responsible for creating, developing and testing the Expert system.
(3) User: One who uses the Expert System when it is fully developed
ii) Three Approaches in Developing an ES:
(1) Programming Language: An ES can be developed using a symbolic language such as LISP or PROLOG, or a conventional higher-‐level language such as FORTRAN, C and PASCAL.
(2) Expert System Shell:
(3) Tools in an artificial environment:
Advantages of an Expert System Disadvantages of an Expert System (1) Consistency (2) Hazardous Working Environments (3) Ability to Solve Complex and Difficult Problems (4) Combination of Knowledge and Expertise from Various
Sources (5) Training Tool for Trainees
(1) Not Widely Used (2) Difficult to Use (3) Limited Scope (4) Probable Decision Error (5) Difficult to Maintain (6) Costly Development (7) Legal and Ethical Dilemma
www.oumstudents.tk Page 11
7) Concepts of Quality in Information Systems a) Standards: Developed to standardise product and services produced or offered by organisations. Standards are
also used to evaluate current products and services
b) ISO 9000: Developed by the International
Standard Organisation (ISO) in 1987.
i) ISO 9001:2000: Application Guideline for computer software. It covers all
aspects, from the development to supplying, acquisition, operation and maintenance of computer software.
i) ISO/IEC 9003:2004: Prepares the guide for organisations by implementing ISO 9001:2000 in terms of acquisition, development, operation and support services. Yet it does not add or change the requirements for ISO 9001:2000. suitable for use in
software development which is jointly developed with other organisations, market-‐relevant goods used to assist the organisational process, available in related hardware products or software services.
c) Capability Maturity Model (CMM): A model to evaluate the maturity of the software development process in organisations. The model helps organisations identify the main practice needed to enhance the maturity of the
processes.
i) Four intended functions to help organisations improve their software process capabilities:
(1) Identify improvements.
(2) Identify risks in selecting contractors. (3) Implement a process improvement program.
(4) Guide definition and development of the software process.
ii) Levels in CMM
(1) Level 1: Initial: (a) Processes: Usually ad-‐hoc, and the organisation does not provide a stable environment. (b) Success: Depends on having high quality people in the organisation, not on use of proven processes. (c) Characterised by:
(i) Tendency to over-‐commit, (ii) Abandon processes in the time of crisis and
(iii) Unable to repeat previous successes. (d) Often produce products & services that work; however, frequently exceed the budget and schedule.
(2) Level 2: Managed: Main Process focuses on the basics of project management control.
(a) Processes: May not be repeated in all the projects in the organisation. Process discipline helps ensure that existing practices are retained during times of stress
(b) Success: Able to repeat. (c) Project Management: May be used rather basically, to track costs and the schedule. (d) Project Status and the delivery of services are visible to management at defined points (e) Risk: Significant risk of exceeding costs and time estimates.
(f) Standards, Process Descriptions and Procedures: May be quite different in each specific instance
(3) Level 3: Defined: Main process aims to resolve issues at the project and organisation levels.
(a) Processes: The organisation’s set of standard processes, is established and improved over time. Processes are qualitatively predictable.
(b) Project Management: Effectively implemented with the help of good project management software.
(c) Standards, Process Descriptions and Procedures: Are tailored from the organisation’s set of standard processes to suit a particular project or organisational unit.
www.oumstudents.tk Page 12
(4) Level 4: Quantitatively Managed: Main process focuses on the quantitative understanding of software
products works and software processes. (a) Control Software Development Efforts: Implemented effectively using precise measurements (b) Processes: Performance of processes is controlled using statistical controls and other quantitative
techniques, and is quantitatively predictable. (i) Processes are concerned with addressing special causes of process variation and providing
statistical predictability of the results.
(ii) Though processes may produce predictable results, the results may be insufficient to achieve the established objectives.
(c) Quantitative Quality Goals: Are set for both software processes and software maintenance.
(5) Level 5: Optimizing: Main process covers organisational issues and projects which consider continuous implementation and measured software process enhancement
(a) Processes: Focus on continually improving process performance through both incremental and innovative technological improvements (i) Processes are concerned with addressing common causes of process variation and changing the
process to improve process performance to achieve the established quantitative process-‐improvement objectives.
(b) Quantitative Process-‐Improvement Objectives: For the organisation are established, continually
revised to reflect changing business objectives, and used as criteria in managing process improvement. (c) Success: Depends on the participation of an empowered workforce aligned with the business values
and objectives of the organisation.
8) Information System Security a) Importance of IS Security:
i) The automated data is more exposed to deletion, falsification, errors and misuse.
ii) Organisations that depend heavily on computers will suffer great financial losses or business malfunctions when their computer systems crash or fail to perform required tasks.
iii) The effects worsen when the period of time where the system does not function increases.
b) Security and the Internet:
i) Firewall is generally located between the internal LAN and WAN, and external networks like the Internet.
(1) Two types of Firewall Technology: Proxy & Real Check (2) Identifies the name, IP address, application and other
traffic features.
(3) Blocks illegal communication into or out of the network, allowing the organisation to enforce security policies on the traffic flow between the network and the Internet (Opptiger, 1997).
ii) E-‐Commerce Security is a main control issue for companies using this facility. Organisations depend on encryption to protect sensitive information being channelled through a network.
(1) Encryption standards in existence includes (a) Data Encryption Standard (DES): Used by the US government, (b) RSA (Data Security RSA), (c) SSL (Secured Socket Layer) (d) S-‐HTTP (Secured-‐ hypertext transportation protocol). SSL and S-‐HTTP are used for traffic-‐based Web.
c) System Security Threats: The act or incident that can and will affect the integrity of an information system, affects
the reliability and privacy of business data.
www.oumstudents.tk Page 13
d) Examples of security threats are as follow:
i) Viruses: A computer virus is a software code that can multiply and propagate itself.
(1) A virus can spread into another computer via e-‐mail, through the downloading of files from the Internet, or the opening of a contaminated file.
(2) Programmed threats are computer programmes that can create a nuisance, alter or damage data, steal information, or cripple system functions. Programmed threats include computer viruses, Trojan horses,
logic bombs, worms, spam, spyware, and adware.
ii) Spyware: Spyware is a computer programme that secretly gathers the user’s personal information and relays it to third parties
(1) Common functionalities of spyware include monitoring keystrokes, scanning files, snooping on other applications such as chat programmes or word processors, installing other spyware programs, reading cookies, changing the default homepage on the Web browser, and consistently relaying information to the
spyware home base.
(2) Unknowing users often install spyware as the result of visiting a website and downloading executable files iii) Adware: A program that can display advertisements such as pop-‐up windows or advertising banners on
webpages and free-‐trial users view sponsored advertisements.
e) To protect computer systems from Virus, Adware & Spyware, Organisations must:
i) Have effective access controls and install and regularly update quarantine software.
ii) Some viruses can infect a computer through operating system vulnerabilities; install critical system security
patches as soon as they are available.
iii) Firewalls & routers should also be installed at network level to eliminate threats before they reach the desktop.
iv) Anti-‐adware and anti-‐spyware software are signature-‐based, thus install more than one type to ensure
effective protection. Installing anti-‐spam software on the server is important because increased spam results in productivity loss and a waste of computing resources.
v) Maintain in-‐house and off-‐site backup copies of corporate data and software so that data and software can be
quickly restored
f) Other security threats: Insider Abuse of Internet Access, Laptop or Mobile Theft, Denial of Service (DOS), Unauthorised Access to Information , Abuse of Wireless Networks, System Penetration, Telecom Fraud ,Theft of Proprietary Information, Financial Fraud, Misuse of Public Web Applications, Website Defacement, Sabotage
i) Inside Abuse of Internet Access: E-‐mail and Internet connections are available in almost all offices to improve productivity, but employees may use them for personal reasons.
(1) As preventive control, every organisation should have a written policy regarding the use of corporate computing facilities and update their monitoring policies periodically.
ii) Laptops and PDAs stolen contain proprietary corporate data, access codes to company networks, and sensitive information.
(1) Minimise theft by: Never leave a notebook or PDA unattended, Install a physical protection device such as a lock and cable or an alarm, Put the notebook in a nondescript bag or case, Install stealth-‐tracking software, no automatic logins, Password protect the stored info, Biometric security if possible and back up
data regularly.
iii) Denial of service (DoS) attack is specifically designed to interrupt normal system functions and affect legitimate users’ access to the system. Hostile users send a flood of fake requests from thousands of hijacked (zombie) computers to a server, overwhelming it and making a connection between the server and legitimate clients
difficult or impossible to establish.
(1) Organisations should evaluate their potential exposure to DoS attacks and determine the extent of control or protection they can afford.
www.oumstudents.tk Page 14
iv) Unauthorised Access to Information:
(1) Computers installed in a public area should be avoided if possible.
(2) Any computer in a public area must be equipped with a physical protection device to control access when there is no business need.
(3) The LAN should be in a controlled environment accessed by authorised employees only.
(4) Employees should be allowed to access only the data necessary for them to perform their jobs
v) Abuse of Wireless Networks:
(1) Attackers do not need to have physical access to the network., thus attackers can take their time cracking
the passwords and reading the network data without leaving a trace.
(2) One option to prevent an attack is to use one of several encryption standards that can be built into wireless network devices.
vi) System Penetration: Hackers penetrate systems illegally to steal information, modify data, or harm the system.
vii) Telecom Fraud: Every PBX/CBX system is equipped with a software program that makes it vulnerable to remote-‐access fraud, and intruders use sophisticated software to find an easy target.
(1) Organisations should install software to monitor service usage at various points on the network, including the VOIP gatekeeper, VOIP media controller, and broadcast server.
viii) Theft of Proprietary Information: Information is a commodity in the e-‐commerce era; there are buyers for sensitive information, including customer data, credit card information, and trade secrets. A company should encrypt all its important data.
ix) Financial fraud includes scam e-‐mail, identity theft and fraudulent transactions. With spam, con artists can send scam e-‐mail to thousands of people in hours.
(1) Phishing is a form of identity theft. Spam is sent claiming to be from an individual’s bank or credit union or a reputable e-‐commerce organisation.
(2) A user should never give out credit card numbers, PINs, or any personal information in response to unsolicited e-‐mail.
x) Misuse of Public Web Applications: Hackers can circumvent traditional network firewalls and intrusion-‐prevention systems and attack web applications directly. They can inject commands into databases via the web application user interfaces and secretly steal data, such as customer and credit card information.
(1) User authentication should be increased.
xi) Website defacement is the sabotage of web pages by hackers inserting or altering information.
(1) Install additional Web application security to counter the defacement risk.
(2) All known vulnerabilities must be patched to prevent unauthorised remote command execution and
privilege escalation.
(3) Only a few authorised users are allowed route access to a website’s contents. (4) Access to different Web server resources, such as executables, processes, data files, and configuration files,
should be monitored.
xii) Sabotage: System security crimes are committed by insiders as much as by outsiders. Potential threat of
unauthorised use is when employees quit or are terminated but there is no coordination between the personnel department and the computer centre.
www.oumstudents.tk Page 15
9) Types of Functional Information Systems a) Marketing Information System: A computer-‐based
system that cooperates with other functional information systems to help the management of the organisation in solving product marketing.
i) It gathers data that explains marketing transactions in the organisation. This data can be acquired using information technology. Eg:
a sales person at the customer’s office can store details of orders by the customer using a computer or laptop.
ii) Periodic report: Prepared according to the period. Eg: monthly reports for sales analysis according to product.
iii) Special report: Prepared when something unexpected occurs. The marketing information prepared by the Accounting Information System in the form of sales analysis.
iv) Sales Analysis: The study of sales activities in the organisation. v) Sales Managers: Plan, monitor and help increase performance of sales staff.
vi) Accounting Information System: Present in most organisations, to generate sales analysis reports that analyse sales by products, customers, type of customers, sales person, sales area and others.
(1) These reports help the Marketing Manager to monitor sales performance of products and sales staff, and
help prepare marketing campaigns.
(2) If an organisation does not have a good Accounting Information System, it cannot give good information to help managers solve marketing problems.
b) Manufacturing Information System: Explains the sub-‐
systems which produce information related to output operation.
i) Material Requirement Planning (MRP): Anticipated
the future by identifying the materials needed, the quantity of materials needed and the period when the materials are needed.
ii) Just-‐In-‐Time (JIT) System (Pull System): It schedules the material flow so that it arrives at each workstation on precisely at the time it is to be used.
(1) Items are pulled back to the next production process as soon as it is ready.
(2) Raw material inventory arrives 'just-‐in-‐time' to be used
by the factory.
(3) Process inventory is completed by a process as soon as it needs to used by the next process.
(4) This approach has less or no stored stocks. The JIT system minimises the inventory cost by producing items
in small quantities.
(5) When forwarding one item to the next production process, when a worker is ready to receive the next item, he will signal the worker before him to send it.
www.oumstudents.tk Page 16
a) Human Resource Information System: Information system
to produce pay slips and staff payment reports, store staff records and analyse the use of staff in business operations of
the organisation.
i) Four (4) main activities done by the Human Resources management:
(1) Staff intake and hiring. (2) Staff education and training. (3) Staff data management.
(4) Staff compensation and benefits
ii) Input Sub-‐System:
(1) Human Resource Research Sub-‐System: Collects data by handling special research projects of below: (a) Inheritance study: Done with the aim to identify eligible staff candidates to fill a position in the
organisation. Eg: The Chief Financial Officer (CFO) is retiring, who is qualified to replace him? (b) Task analysis and evaluation: To study each task in a field to identify its task’s scope. Identify the
knowledge and expertise needed by certain task offered in the organisation.
(c) Complaint Study: Collect all complaints voiced by the organisation's staff.
(1) Human Resource Intelligence Sub-‐System This sub-‐system gathers data related to Human Resources which
is obtained from the organisation’s environment. Eg: Intelligence from Govt, Supplier, Union, Global Community, Financial community, competitor.
ii) Output Sub-‐System:
(1) Work Force Planning Sub System: involves activities that enable the management to identify future staff needs. Eg: Organisation mapping, salary forecasting etc.
(2) Work Recruitment Sub-‐System: New staff is recruited in the organisation
(1) Work Force Managemenr Sub-‐System: Help the Human Resources manager plan and monitor training and development programmess for staff by analysing the success of the staff programmes conducted in the future.
(1) Compensation Sub-‐System: Help analyse the distribution of compensation given to the organisation's staff and make comparisons with the compensation given by other organisations that have the same business
operations.
(2) Benefit Sub-‐System: Giving package benefits to existing and retiring staff.
(1) Environment Report Sub-‐System: Preparing reports to be submitted to government agencies is one of the
main responsibilities of the Human Resources management