June 2022 Examination

INFORMATION SYSTEM FOR MANAGERS

Answer 1.

Introduction
The modern organisation, being highly networked, is constantly under threat
from harmful software and from malicious intent of certain people. Viruses
and worms are rampant and infect millions of computers, wreaking heavy
damage on data and productivity. Malicious coders, called crackers, also attack
organisations to infect them or to steal data or money. Some crackers simply
attack services of organisations to bring them down or make them ineffective.
Many technologies have evolved to address the threats from the internal or
external environment of the organisation. These technologies protect data by
encrypting it, or protect organisations by monitoring the incoming and
outgoing network traffic. Wireless technology is used by many organisations,
and it poses unique security challenges.

Concept & Application

Security Threats

All modern organisations use security systems that are networked and
connected to the external world via the internet. Though this brings access to a
vast ocean of useful information and services, it also poses a tremendous
security challenge. Security threats arise from the malicious software that
enters the organisation from outside, from internal users who have malicious
intent or from accidental loss or exposure of internal information. Some of the
threats faced by the organisation are as follows –

1. Malware – Malicious external software that pose a threat to the security

of the organisation come in many forms. One of the most widely
prevalent threats is that of viruses which are software packages the
harm the organisation’s information technology assets. Worm is another
 malicious software application that spreads relentlessly across networks
and chokes them up. A third type of malicious software is called Trojans,
which typically reside in the computer and allow malicious software or
users from outside to invade the computer and use its resources.
Spyware is a type of software that also resides in the computer and
secretly relays information about the usage of the computer to agents
outside. A common term used to describe the various kinds of malicious
software mentioned above is malware. Huge losses caused by malware
are computed on the basis of productivity loss owing to downtime of
computers, the cost of cleaning up and replacing data, the costs for
additional security measures and the costs from the direct loss of
business.
2. SQL Injection – SQL injection is a web security vulnerability that allows
an outside user to interfere with the queries that an application makes
to its database. It is a type of cyber attack that results from inserting
malicious code into a server that uses SQL. When infected, the server
releases information. It generally allows an outside user to view data
that they are not normally able to retrieve. Submitting the malicious
code can be as simple as entering it into a vulnerable website search
box. The data released might relate to sensitive data, such as passwords,
credit card details or personal user information. In many cases and
outside user can modify or delete this data, causing permanent changes
to use information.
3. Cracking and Espionage – The words cracking and hacking are often
used interchangeably. Cracking is the act of breaking into computers or
computer networks illegally. This is usually done by expert programmers
who find ways to break into networks by identifying weaknesses in their
security or by uncovering passwords or some such method that is not
strictly legal. The programmers’ intentions of doing so are often mischief
to show how clever they are at breaking security systems or to steal
information, digital resources or money. Hacking also refers to the same
act, but sometimes hacking is also done for useful reasons, known as
ethical hacking, where expert programmers break into systems to
expose weaknesses rather than to do any harm. Another reason why
crackers break into organisations is for industrial and political espionage.
 After breaking into a system, crackers leave behind software that
forwards email messages from key individuals to certain destinations
that they can access later, or simply log in and read and download files.
4. Phishing and Identity Theft – Phishing is a cyber crime that is
perpetrated through social engineering. Phishing is done with fake
websites that masquerade as real ones. For example, a person receives
an email message from their bank saying that the bank has to upgrade
their login and password details for security reasons. The email also
provides a link on which the person can click and is directly transferred
to the bank’s website. However, when the person does click on the link
they are taken to a web page that looks exactly like their bank’s page but
when they type in their login and password they only get an error
message. What has happened is that the person has been directed to a
fake website and by typing in their login and password into the space
provided on the web page, they inadvertently gave away vital personal
information to somebody. The idea of phishing is identity theft, where
crackers are manipulating unsuspecting users to revealing personal
details that they can exploit later.
5. Denial-of-Service Attack – A denial-of-service or DoS attack is a method
by which crackers pull down or slow down the services of a website.
Attacks of this sort make the website appear to be slow and
unresponsive to normal users. Crackers create DoS attacks by
manipulating web servers to send many connection requests. They also
change the IP address of the requesting server by spoofing the address.
However IP spoofing is easy to detect, so crackers use multiple machines
to launch attacks, and also spoof the IP addresses. This makes it very
difficult to identify the IP address of all the attacking computers and
block them. This is known as distributed DoS or DDoS.

Security Management

In response to the threats being faced by organisations, different types of

technologies have been developed. These technologies counter or deter
threats from malicious software and people, and protect users. Some of these
technologies are as follows –
1. Encryption – Encryption is a technology by which a message or data is
transformed or translated into a form that is not easily readable by
anyone. Encryption allows a message to be coded or scrambled, and also
returned to its original by using keys. In computing terminology, the
original message to be encrypted is usually called a plaintext, whereas a
coded message is called a ciphertext and cipher refers to a key. When an
encrypted message is sent to a party, the key has also to be sent to
them. The process of encryption is known as symmetric key
cryptography. The receiver can use the key to decrypt the message by
reversing the method by which the ciphertext was created.
2. Public-Key Cryptography – The weakness of the symmetric key
cryptography is the need to send across the key. Keys are the weak point
in the encryption process because if a key is leaked, the message can
easily be compromised. Public-key cryptography solves the problem of
having to send a key secretly to the receiver of the message. The
method followed here is of having a pair of keys called the public key
and the private key. Each public key is published and the corresponding
private key is kept secret. Data that is encrypted with the public key can
be decrypted only with the corresponding private key.
3. Firewall – A firewall is filtering and protection device that is usually a
combination of software and hardware. A firewall protects the
organisation against malicious crackers and intruders. At a basic level, a
firewall is a packet device that monitors both outgoing and incoming
packets. Packet-level filtering can be applied to packets of different
protocols and services, to packets with specific source and destination
addresses. In application-level filtering, the user can be authenticated by
the firewall trough a login, and can be allowed to use the application for
the organisation.
4. Virtual Private Network – A virtual private network or VPN is a
technology that enables clients or employees of an organisation, who
are outside the network, to connect to the organisation’s network
security. A VPN is a kind of tunnel through which clients can connect to
the organisation’s network while using the public internet. A VPN allows
employees to securely enter the organisation from outside.
 5. Wireless Sensor Networks – A sensor is an electronic device that is used
to measure some aspect of the environment it is located in. for instance,
sensors can measure temperature, humidity, movement, colours of
light, size of particles and so on. Typically, sensors make a measurement
and report this to whomever or whatever has initiated the sensing.
Wireless sensors are used to sense some parameter and send out signals
about the measured value over a wireless network.

Conclusion
One of the most important tasks of the Chief Information Officer is to manage
the security of and organisation’s information systems. Managing security
means ensuring the organisational users’ confidentiality, authentication,
integrity and access of digital resources. Security management involves
managing people, technology and processes – all of which impact and
determine security – from the perimeter of the network till the client
computer. The security policies, the practices and the choice of technology all
have to be designed and implemented in a manner that ensures security.

Answer 2.

Introduction
E-governance refers to the use of e-commerce and e-business technologies by
governments and their departments to conduct their own business. It also
enables transactions to be conducted across an electronic network where the
basic infrastructure is the same as that of e-business. E-governance has gained
popularity in countries across the world as it enables governments to offer
services in an efficient manner. In India, e-governance gained popularity with
the spread of electronic networks and availability of computing technology
within government departments. The initial phase of computing created a set
of applications for a department’s internal use – for personnel management,
accounts, project management and file management among others. Later,
some citizen-facing services were set up that allowed citizens to access
information and forms on computer terminals maintained at some offices.

Concept & Application

Benefits of E-Governance

Governance entails proper management of resources for its citizens and the
common good. To achieve that, many governments have come up with the e-
governance system. Some of the benefits of e-governance are as follows –

1. The use of e-governance helps make all functions of the business

transparent. All governmental information can be uploaded onto the
internet. The citizens can specifically access whichever information they
want, whenever they want it, at the click of a mouse or the touch of a
finger. However, for this to work, the government has to ensure that all
data is to be made public and uploaded to the government information
forums on the internet.
2. Technology makes communication swifter. Government services swiftly
and directly reach the citizens, saving a lot of time in the process.
Similarly, the people can directly reach out to the government in case of
any queries. This way, there is a quick two-way communication between
both citizens and the entity.
3. E-governance has eliminated the need for traditional methods of storing
data. A lot of government expenditure goes towards the cost of buying
stationary for official purposes. However, replacing letters and written
records that use a lot of stationary with the use of smartphones and the
internet can save huge amounts of money in expenses every year.
4. For any government to survive or maintain or keep control of power,
such government must win the trust of the majority of its citizens. E-
governance can always afford that for any government that embraces it.
It improves services through better understanding of citizens’
requirements.
5. E-governance makes government more accountable and answerable to
citizens and leaves little room for doubt or misrepresentation. This
 improves citizen-government relationship and builds trust between
them.
6. With e-governance, paperwork has been made so simple and intuitive.
This facilitates sharing of information and ideas between all
governments agencies to build one common database. Getting the
government’s decisions and policies across to the citizens is easy as well
since e-governance gives every citizen access to information.
7. The effectiveness of the government is measured by the quality of its
interactions with citizens. The processing of paperwork in a traditional
government system is a difficult task which consumes a lot of resources
and time. By the establishment of a centralised point of communication
through e-governance, governments can achieve high operational
efficiency.
8. The rapid growth of communication technology and its adoption in
governance helps in enhancing the reach of the government – both
spatial and demographic – and also helps enable better participation of
citizens in the process of governance.
9. The information is made available with respect to simple aspects of
governance such as forms, laws, rules, and procedures and extending to
detailed information including reports, public database and decision
making processes.
10. Application of ICT to governance combined with detailed business
process reengineering would lead to simplification of the functioning of
government, enhanced decision making abilities and increased efficiency
across all levels of government.

The e-seva initiative introduced in India delivers services online to consumers

by connecting them to the respective government departments and providing
online information at the point of service delivery. The initiative has become
very popular among the citizens especially for the payment of utility bills.

Conclusion
The government is the supplier of services for governance. For certain services,
it is also a monopoly supplier. The motivations for using e-governance are
strong but different for developing and developed countries. In a developed
country, e-governance serves to reach out to a population that is small but
widely dispersed, and also quite literate with access to the internet. In a
developing country, the problems are more of access and reaching out to a
vast population that is not computer literate. E-governance implementations in
developing countries are prone to failure owing to lack of use or support from
various government changes.

Answer 3(a).

Introduction
Smart city refers to geographical regions that have invested heavily in ICT
infrastructure to facilitate the management of the region, both for business
and for the quality of life of its citizens. The word ‘smart’ alludes to the idea
that the growth and the facilities of the region evolve with coordination,
planning and greater efficiencies, as opposed to an unplanned and carefree or
growth without government or regulatory intervention.

Concept & Application

Bhubaneswar is an emerging hub for education, health and information
technology, as well as a popular tourist destination. It was selected as one of
the first 20 Indian cities to be developed under the Smart Cities Mission and
ranked first in the cities announced in January 2016. The reasons for choosing
Bhubaneswar as benchmark is as follows –

1. Bhubaneswar aims to create a user-friendly transport system that offers

citizens a combination of flexibility, intelligence and sustainable
alternative modes of travel. The city’s integrated land use and
transportation strategy includes the construction of dedicated cycle
tracks and pedestrian footpaths along key transportation corridors.
 Bhubaneswar also plans to transform its existing transportation
networks and is now asking citizens for their feedback on priorities.
2. Like many growing cities, Bhubaneswar has increasing volumes of
wastes generated by a burgeoning population. It is looking at ways to
better manage trash collection, recycling and sewage, as well as
reducing litter, improving access to public toilets and eliminating open
defecation.
3. Bhubaneswar is developing a pilot smart district which implements
smart city tools and solutions in a defined area. The district, votes for by
the public, is 985 acres and brings together people, jobs and services and
prioritizes walking, cycling and public transport. The aim is to make the
district the heart of Bhubaneswar and a hub for people of all ages and
incomes.

Conclusion
Bhubaneswar’s smart city strategy is focused on a taking a citizen-centered
approach and take feedback from the local people. This includes ensuring
sound economic development principles, as well as directing investment
towards initiatives which promote sustainability, inclusiveness and livability,
and using technology to enable it.

Answer 3(b).

Introduction
Smart cities use a variety of software, user interfaces and communication
networks alongside the Internet of Things or IoT to deliver connected
solutions for the public. The IoT is a network of connected devices that
communicate and exchange data. This can include anything from vehicles to
home appliances and on-street sensors. Data collected from these devices
is stored in the cloud or on servers to allow for improvements to be made
to both public and private sector efficiencies and deliver economic benefits
and improvements to the lives of citizens.

Concept & Application

Innovative technology enabled services or facilities that can be introduced
into a smart city are as follows –

1. Sensing and Measuring – One of the foundations of smart cities is

that of perceiving and recording various parameters of the city
environment. This sensing is done by electronic sensors that are
distributed across the city and provide data to connected networks
that store and process this information. Data sensing is done for a
vast number of phenomena such as sensing of transport systems,
sensing of consumption of power and water usage and access to
healthcare facilities.
2. Pollution Control – Pollution control is enabled by monitoring air
quality at different points in the city and aggregating this data to
arrive at a comprehensive picture. Typical measurement sensors
record data pertaining to levels of carbon dioxide, carbon monoxide,
nitrogen dioxide, humidity, temperature and pressure. The data from
the sensors is aggregated and overlaid on the map of the city to
obtain a visual image of where pollution is high. This is used to direct
executive action such as directing traffic away from those areas to
control pollution and air quality.
3. Smart Living – there are many ways in which information technology
is being used by people to enrich their lives. The idea of smart living
in urban areas is that of people collaborating on online or peer-to-
peer communities to sustainably impact and improve some aspect of
their lives. Citizens around the world now collaborate through
smartphones to rate facilities and services in their region such as
restaurants. The ratings provided by citizens who have availed of
these services provide feedback to other citizens and to providers,
largely to help improve the services.
Conclusion
Creating smart connected systems for urban areas provides a great many
benefits for citizens around the world, not only to improve quality of life, but
also to ensure sustainability and the best use of resources. These solutions are
dependent on a unified approach from government as well as the private
sector and residents themselves. With the correct support, infrastructure and
innovative technologies, however, smart cities can use advances such as
Internet of Things to enhance the lives of its residents.