403: Management Information System & E-

Commerce

Table of Contents
Unit-1: Management Information Systems ........................................................................ 5
What is MIS? ............................................................................................................................ 5
MIS Meaning ............................................................................................................................ 5
Components of MIS ................................................................................................................. 5
Objectives of MIS ..................................................................................................................... 6
Data Capturing ............................................................................................................................................ 7
Processing of Data ...................................................................................................................................... 7
Storage of Information ............................................................................................................................... 7
Retrieval of Information ............................................................................................................................. 7
Dissemination of Information .................................................................................................................... 7
Characteristics of MIS ............................................................................................................. 7
System Approach ........................................................................................................................................ 8
Management Oriented ................................................................................................................................ 8
Need-Based ................................................................................................................................................. 8
Exception Based .......................................................................................................................................... 8
Future Oriented .......................................................................................................................................... 8
Integrated .................................................................................................................................................... 9
Long Term Planning ................................................................................................................................... 9
Sub-System Concept ................................................................................................................................... 9
Central Database ......................................................................................................................................... 9
Functions of MIS ...................................................................................................................... 9
To Improve Decision-Making................................................................................................................... 10
To Improve Efficiency .............................................................................................................................. 10
To Provide Connectivity ........................................................................................................................... 10
Data Processing......................................................................................................................................... 10
Prediction .................................................................................................................................................. 10
Planning ..................................................................................................................................................... 10
Control ....................................................................................................................................................... 10
Assistance .................................................................................................................................................. 11
Advantage of MIS ...................................................................................................................11
MIS Need for Information Systems ....................................................................................11
Contemporary Approaches to MIS ....................................................................................12
Information as a strategic resource - Use of information for competitive advantage .................15
MIS as an instrument for the organizational change..................................................................17
Unit-2: Information, Management and Decision Making ................................................. 19
HERBERT SIMON MODEL...........................................................................................................19
The Rational/Classical Model: ...................................................................................................20
Features of Classical Model: ...................................................................................................................... 20

PUBLIC 1
 THE ADMINISTRATIVE MODEL: .................................................................................................21
Characteristics of information for decision making ...................................................................24
MIS - Classification of Information ............................................................................................26
Classification by Characteristic ................................................................................................................... 27
Classification by Application ....................................................................................................................... 27

Unit-3: Information Technology ....................................................................................... 28

What Is Information Technology? .............................................................................................28
IT Capability ..............................................................................................................................28
Components of IT Capability (Figure 1.)............................................................................29
Mapping IT Capabilities to Business Capabilities[2] ........................................................30
What is network topology and types of network topology? ......................................................31
Information Technology Enabled Services (ITeS) .......................................................................43
Unit-4: Data Base Management Systems ......................................................................... 45
What is Data Mining? ...........................................................................................................45
What is Data Warehousing?................................................................................................46
Difference between Data Mining and Data Warehousing ...............................................46
Conclusion .............................................................................................................................47
Unit-5: Decision Support Systems..................................................................................... 47
Group Decision Support System (GDSS) ....................................................................................47
Components of Group Decision Support System (GDSS) ............................................................48
Features of Group Decision Support System (GDSS) ..................................................................48
Group Decision Support System (GDSS) Software Tools ............................................................49
Executive Information Systems .................................................................................................50
What Does Executive Information System Mean? ..........................................50
What Are the Characteristics of an Ideal Executive Information System? ...................................... 50
What Are the Components of an Executive Information System? ................................................... 51
What Are the Benefits of Using an Executive Information System? ................................................ 52
What Are the Disadvantages of Using an Executive Information System? .................................... 52
Executive Support Systems - .....................................................................................................53
Examples of Intelligent Information ...................................................................................53
Features of Executive Information System ......................................................................54
Advantages of ESS ...............................................................................................................54
Disadvantage of ESS............................................................................................................55
Expert Systems and Knowledge Based Expert Systems ..............................................................55
Expert System ...........................................................................................................................55
Expert System Components ............................................................................................................... 55
Advantages of Expert System ............................................................................................................ 56
Disadvantages Expert System ........................................................................................................... 56

Unit-6: Introduction to E-Commerce ................................................................................ 57

PUBLIC 2
 Traditional Commerce vs E-commerce .............................................................................58
Traditional Commerce..........................................................................................................58
E-Commerce ..........................................................................................................................58
Comparison Table: ................................................................................................................................ 58
E-Commerce: Concepts, Definitions, and Benefits & Impact ......................................................59
How does e-commerce work?.........................................................................................59
Most common types of e-commerce businesses and examples of how they
work .......................................................................................................................................60
Following are the most common types of e-commerce businesses and examples of what they
mean:......................................................................................................................................................... 60
Advantages of e-commerce................................................................................................61
Disadvantages of e-commerce ..........................................................................................62
What are the benefits of using an e-Catalogue? ................................................................................ 62
What are the key features of e-Catalogues? ...................................................................................... 62
What Is E Supply Chain Management? ............................................................................................ 64
Benefits of E Supply Chain Management ........................................................................................ 64
How Does E Supply Chain Management Work? ........................................................................... 65

Unit-7: E-Commerce Models ............................................................................................ 65

Unit-8: Security & Encryption ........................................................................................... 65
What is Cyber Security?.........................................................................................................66
Importance of Cyber Security in the Digital World ............................................................66
Poorly Written Code ................................................................................................................................ 67
Inadequate Security Measures .............................................................................................................. 67
Third-Party Software ............................................................................................................................... 67
Outdated Software .................................................................................................................................. 68
Insufficient Testing .................................................................................................................................. 68
Human Error ............................................................................................................................................. 68
Malicious Actors ...................................................................................................................................... 68
What is a security policy? ....................................................................................................................... 69
Why are security policies important? .................................................................................................... 69
What is Website Security? ........................................................................................................70
How to secure the Website? ...............................................................................................71
Web Application Firewalls (WAF) .......................................................................................................... 71
SSL Certificate ......................................................................................................................................... 71
A Website Scanner .................................................................................................................................. 72

What is a Firewall? ...................................................................................................... 72

Firewall History .....................................................................................................................72
Types of Firewalls ..................................................................................................................74
• Packet filtering ................................................................................................................................ 74
• Proxy service ................................................................................................................................... 74
• Stateful inspection........................................................................................................................... 74
• Next Generation Firewall (NGFW) ................................................................................................. 74
What Firewalls Do? ................................................................................................................74
Why Do We Need Firewalls? .................................................................................................74

PUBLIC 3
Network Layer vs. Application Layer Inspection ................................................................75
The Importance of NAT and VPN ..........................................................................................75
Next Generation Firewalls and Beyond ...............................................................................76
WHAT IS TRANSACTIONAL SECURITY?................................................................................77
WHO TYPICALLY HANDLES TRANSACTIONAL SECURITY?.................................................77
WHAT ARE SOME SUCCESSFUL EXAMPLES OF TRANSACTIONAL SECURITY? ..................77
Cryptography Digital signatures ................................................................................................78
Model of Digital Signature ...................................................................................................78
Importance of Digital Signature .........................................................................................79
Encryption with Digital Signature ......................................................................................80
What is public key cryptography? ......................................................................................80
What is a cryptographic key? .............................................................................................81
How does TLS/SSL use public key cryptography? .........................................................81
Electronic Mail Security,............................................................................................................82
Email Security Definition .....................................................................................................82
How Secure Is Email? ..........................................................................................................82
Email Security Policies ........................................................................................................83
Email Security Best Practices ............................................................................................83
Email Security Tools ............................................................................................................84
Security Protocol for web Commerce. .......................................................................................84
Measures to ensure Security ..............................................................................................85
Security Protocols in Internet .............................................................................................85
Secure Socket Layer (SSL) .................................................................................................85
Secure Hypertext Transfer Protocol (SHTTP) ................................................................................ 85
Secure Electronic Transaction........................................................................................................... 85

PUBLIC 4
 Unit-1: Management Information Systems

What is MIS?
MIS is an organized integration of hardware and software technologies, data,
processes, and human elements. It is a software system that focuses on the
management of information technology to provide efficient and effective
strategic decision making.
What is MIS? MIS is the acronym for Management Information Systems. MIS is
a set of procedures which, when executed, provides information to support
decision making.

MIS Meaning
MIS Meaning: A management information system is an acronym of three words,
viz., Management, information, system. In order to fully understand the term MIS,
let us try to understand these three words.
1. Management: Management is the art of getting things done through
and with the people in formally organised groups.

2. Information: Information is data that is processed and is presented in a
form which assists decision-making. It may contain an element of
surprise, reduce uncertainty or provoke a manager to initiate an action.

3. System: A system is an orderly grouping of interdependent components
linked together according to a plan to achieve a specific goal. The term
system is the most loosely held term in management literature because
of its use in different contexts.

Components of MIS
The major components of MIS are:

Components of MIS
• People Resources: People are required for the operation of all
information system.
• Data Resources: Database holds processed and organized data.

PUBLIC 5
 • Software Resources: It includes all sets of information processing
instruction.
• Hardware Resources: Include all physical devices and materials used
in information processing.
• Process: is a step undertaken to achieve a goal.
As, We have covered the basic concept of management information system which
includes what is MIS, MIS definition, MIS meaning, MIS components.
Now, let us move further and try to understand MIS objectives, MIS
characteristics, MIS advantages, MIS role, MIS challenges, MIS limitations etc

Objectives of MIS
What is MIS objective: MIS has five major objectives which include:
1. Data Capturing
2. Processing of Data
3. Storage
4. Retrieval
5. Dissemination

Objectives of MIS

PUBLIC 6
These MIS objective are discussed below in detail.
Data Capturing
MIS capture data from various internal and external sources of the organization.
Data capturing may be manual or through computer terminals.

Processing of Data
The captured data is processed to convert into the required information.
Processing of data is done by such activities as calculating, sorting, classifying,
and summarizing.

Storage of Information
MIS stores the processed or unprocessed data for future use. If any information is
not immediately required, it is saved as an organization record, for later use.

Retrieval of Information
MIS retrieves information from its stores as and when required by various users.

Dissemination of Information
Information, which is a finished product of MIS, is disseminated to the users in
the organization. It is periodic or online through a computer terminal.

Characteristics of MIS
What is MIS Characteristic? MIS plays a very important role in every aspect of an
organization. These characteristics are generic in nature.
Following are the characteristics of MIS:
1. System Approach
2. Management Oriented
3. Need-Based
4. Exception Based
5. Future Oriented
6. Integrated
7. Long Term Planning
8. Sub-System Concept
9. Central Database

PUBLIC 7
Characteristics of MIS
System Approach
The information system follows a System’s approach. The system’s approach
implies a holistic approach to the study of system and its performance in the light
for the objective for which it has been constituted.

Management Oriented
The top-down approach must be followed while designing the MIS. The top-down
approach suggests that the system development starts from the determination of
management needs and overall business objectives.

The MIS development plan should be derived from the overall business plan.
Management oriented characteristic of MIS also implies that the management
actively directs the system development efforts.

Need-Based
MIS design and development should be as per the information needs of managers
at different levels, strategic planning level, management control level and
operational control level. In other words, MIS should cater to the specific needs
of managers in an organization’s hierarchy.

Exception Based
MIS should be developed on the exception-based reporting principle, which
means an abnormal situation, i.e. the maximum; minimum or expected values
vary beyond tolerance limits. In such situations, there should BE exception
reporting to the decision-maker at the required level.

Future Oriented
Besides exception-based reporting, MIS should also look at the future. In other
words, MIS should not merely provide past or historical information; rather it

PUBLIC 8
should provide information, on the basis of projections based on which actions
may be initiated.

Integrated
Integration is a necessary characteristic of a management information system.
Integration is significant because of its ability to produce more meaningful
information.

For example, in order to develop an effective production scheduling system, it is

necessary to balance such factors as setup costs, Workforce, Overtime rates,
Production capacity, Inventory level, Capital requirements and Customer
services.

Long Term Planning

MIS is developed over relatively long periods. Such a system does not develop
overnight. A heavy element of planning is involved. The MIS designer must have
the future objectives and needs of the company in mind.

Sub-System Concept
The process of MIS development is quite complex and one is likely to lose insight
frequently. Thus, the system, though viewed as a single entity, must be broken
down into digestible sub-systems which are more meaningful at the planning
stage.

Central Database
A central database is a mortar that holds the functional systems together. Each
system requires access to the master file of data covering inventory, personnel,
vendors, customers, etc. It seems logical to gather data once, validate it properly
and place it on a central storage medium, which can be accessed by any other
subsystem.

Functions of MIS
The broad functions of MIS are as follows:
• To Improve Decision-Making
• To Improve Efficiency
• To Provide Connectivity
• Data Processing
• Prediction
• Planning
• Control
• Assistance

PUBLIC 9
To Improve Decision-Making
The Management Information System (MIS) furnishes relevant information on
diverse matters, thereby enhancing the decision-making prowess of the
management. By utilizing the speedy and precise data provided by the MIS,
managers can make prompt and informed decisions, which ultimately enhances
the quality of decision-making and contributes to the company’s value.

To Improve Efficiency
The Management Information System (MIS) facilitates managers in executing
their duties with enhanced ease and efficiency, resulting in improved
productivity.

To Provide Connectivity
The MIS provides managers with better connectivity with the rest of the
organization.

The Management Information System (MIS) is commonly utilized in decision-

making processes within a system. One such application of MIS is to identify
issues that require prompt attention, offer timely feedback, and inform senior
management of the current progress and areas for improvement.

Therefore, the main functions of MIS may vary depending on the specific tasks
performed by an organization.
Data Processing
Data processing involves collecting, transmitting, storing, and processing data to
generate an output. Prediction involves analyzing data using modern
mathematics, statistics, or simulation to anticipate future scenarios.

Prediction
By utilizing methods of modern mathematics, statistics, or simulation, data
analysis is conducted to predict potential future scenarios.

Planning
The analysis of data of a regular nature may give many indications on likely
future events or situations and this can be utilized in planning or reviewing the
plan already made earlier.

Control
By examining records of daily, monthly, quarterly, or annual activities, certain
factors that require management and control can be identified. If these factors
are identified in a timely manner, they can be managed relatively easily.
However, some factors may require the attention of senior management to

PUBLIC 10
remain under control. It is essential to note that ignoring smaller factors at the
beginning may have the potential to disrupt other factors as well.

Assistance
One of the principal functions of MIS is to support senior management by
analyzing regular records and drawing inferences about various factors related
to the company’s operational performance, such as human resources, financial
resources, material resources, and more.

Advantage of MIS
• Generate Competitive Advantages
• Implementation of Management by Objectives Techniques
• Fast Reaction to Market Changes
• MIS as Strategic Resource
• Change in Industry Structure
• Functional Use
• External and Internal Change
• Availability of Customer Data

MIS Need for Information Systems

Managers make decisions. Decision-making generally takes a four-fold path −
• Understanding the need for decision or the opportunity,
• Preparing alternative course of actions,
• Evaluating all alternative course of actions,
• Deciding the right path for implementation.
MIS is an information system that provides information in the form of standardized
reports and displays for the managers. MIS is a broad class of information systems
designed to provide information needed for effective decision making.
Data and information created from an accounting information system and the reports
generated thereon are used to provide accurate, timely and relevant information
needed for effective decision making by managers.
Management information systems provide information to support management
decision making, with the following goals −
• Pre-specified and preplanned reporting to managers.
• Interactive and ad-hoc support for decision making.
• Critical information for top management.
MIS is of vital importance to any organization, because −

PUBLIC 11
 • It emphasizes on the management decision making, not only processing
of data generated by business operations.
• It emphasizes on the systems framework that should be used for
organizing information systems applications.

Contemporary Approaches to MIS

PUBLIC 12
PUBLIC 13
PUBLIC 14
Information as a strategic resource - Use of information for
competitive advantage

PUBLIC 15
PUBLIC 16
MIS as an instrument for the organizational change.

PUBLIC 17
PUBLIC 18
Unit-2: Information, Management and Decision Making

Models of Decision Making -Classical, Administrative and Herbert Simon's Models

HERBERT SIMON MODEL

Decision-making is a process in which the decision-maker uses to arrive at a decision. The
core of this process is described by Herbert Simon in a model.

He describes the model in three phases as shown in the figure below:

I. Intelligence: raw data collected, processed and examined, Identifies a problem calling for
a decision.
II.Design: inventing, developing and analyzing the different decision alternatives and testing
the feasibility of implementation. Assess the value of the decision outcome.
III. Choice: select one alternative as a decision, based on the selection criteria.

In the intelligence phase, the MIS collects the data. The data is scanned, examined, checked,
and edited. Further, the data is sorted and merged with other data and computations are
made, summarized, and presented. In this process, the attention of the manager is drawn to
all problem situations by highlighting the significant differences between the actual and the
expected, the budgeted or the targeted.

In the design phase, the manager develops a model of the problem situation on which he
can generate and test the different decision alternatives, he then further moves into phase
of selection called as choice. In the phase of choice, the manager evolves selection criteria
such as maximum profit, least cost, minimum wastage, least time taken and highest utility.

The criterion is applied to the various decision alternatives and the one which satisfies the
most is selected. In these phases, if the manager fails to reach a decision, he starts the
process all over again and again. An ideal MIS is supposed to make a decision for the

PUBLIC 19
manager. An example of the Simon model would illustrate further its use in the MIS. For
example, a manager finds on collection and through the analysis of the data that the
manufacturing plant is underutilized and the products which are being sold are not
contributing to the profits as desired.

The problem identified, therefore, is to find a product mix for the plant, whereby the plant is
fully utilized within the raw material and the market constraints, and the profit is
maximized. The manager having identified this as the problem of optimization, now
examines the use of linear programming (LP) model.

The model is used to evolve various decision alternatives. However, selection is made first
on the basis of feasibility and then on the basis of maximum profit. The product mix so given
is examined by the management committee. It is observed that the market constraints were
not realistic in some cases and the present plant capacity can be enhanced to improve the
profit. The same model is used again to tool the revised position. Therefore, additional data
is collected and an analysis is made to find out whether the average 20 percent utilization of
the capacity can be increased. A market research for some products is made and it is found
that some constraints need to be removed and reduced. Based on the revised data linear
programming model is used and a better optimum solution is obtained

The Rational/Classical Model:

The rational model is the first attempt to know the decision-
making-process. It is considered by some as the classical approach
to understand the decision-making process. The classical model
gave various steps in decision-making process which have been
discussed earlier.
Features of Classical Model:

1. Problems are clear.

2. Objectives are clear.

3. People agree on criteria and weights.

4. All alternatives are known.

5. All consequences can be anticipated.

6. Decision makes are rational.

PUBLIC 20
i. They are not biased in recognizing problems.

ii. They are capable of processing ail relevant information

iii. They anticipate present and future consequences of decisions.

iv. They search for all alternatives that maximizes the desired
results.

THE ADMINISTRATIVE MODEL:

A SATISFICING STRATEGY The severe limitations of the classical model make more realistic
conceptual approaches to decision making inevitable. The complexity of problems and the
limited capacity of the human mind prohibit the use of an optimizing strategy on all but the
simplest problems.

Herbert Simon (1947) was the first to introduce an administrative model of decision making
to provide a more accurate description of the way administrators both do and should make
organizational decisions. The basic approach is satisficing—that is, finding a satisfactory and
sufficient solution rather than the best one. The satisficing decision-action-cycle includes the
following steps.

The administrator must:

1. Recognize a problem and then frame it and define it clearly and concisely.

2. Analyze the problem by examining relevant data.

3. Before proceeding: Establish criteria for success—outcomes that are satisfactory and
sufficient.

4. Develop a plan of action by identifying a set of alternatives, considering the likely

consequences of each option. At this stage the decision maker exams all relevant options
and their consequences, deliberates, and selects a multi-step plan of action with
contingencies included in the plan.

5. Initiate the action plan

6. Evaluate the implemented plan in terms of the criteria you have established for a
satisfactory solution.

PUBLIC 21
[These steps are summarized in an action cycle in Figure 1.]

There are some similarities between the classic model (optimizing) and the administration
model (satisficing). The major difference is that the administrative model calls for a decision
that is satisfactory rather than the ultimate best solution. This difference comes into play
early in the decision-making cycle. After the problem has been defined and analyzed, and
before proceeding with the generation of alternatives, the decision maker confronts the
issue of the criteria for a satisfactory outcome. What is the minimum that is acceptable as
an outcome? What is satisfactory in this circumstance? What is sufficient? These questions
are answered before developing a plan of action. If time is short, the process may be limited
to a short list of alternatives, the socalled truncated model of statisficing

In Simon’s work, rationality becomes a variable and he was aware of the limitations of human
rationality as well which are not static but depend on the environment of the organization in which the
decisions take place.

According to Simon, the task of the administration should be to design such an environment in which
the individual approach becomes as rational as practicably be possible.

To understand the concept, we need to understand three important aspects:

• The Economic Man

• The Administrative Man
• Organizational Perspective

PUBLIC 22
The Economic Man is all about the ideal and rational model of decision making. In an organization
the decisions are made on empirical and normative elements, these premises can also be called the
factual or the value premises.

The factual premise is nothing but all the information and knowledge regarding the organization and
its environment.

The value premises on the other hand are the morals and legal constraints.

A rational decision is to choose those alternatives which are appropriate to reach the desired end.
The means and ends have to be connected in the organizational hierarchy.

The Administrative Man depicts the objective rationality, determining whether the selected
alternative’s course of action is good enough. The administrative man’s approach to the world is
simplistic and would take into account only a few most relevant and critical factors unlike the
economic man for whom knowing all the alternatives and its consequences is a complex task.

Lastly, the Organization Perspective criticizes the earlier established principles of administration
which were:

• Specialization
• Hierarchy
• Span of control

Simon argues that the applicability of administrative principles needs to be based on an underlying
understanding of the administrative decision making. Organization manifests its influence through five
mechanisms as identified by Simon. These are:

• Authority - It is defined as the decision making power which in turn guides the actions
of other people. This kind of relational transaction happens in case of a superior and a
subordinate in the organization.
• Communication - It comprises of both the formal and informal communication in an
organization.
• Training - This is to enable individuals to reach satisfactory decisions without constant
authority and guidance. This can be both pre service (educational qualification) and in
service (day to day supervision at work).
• The Criterion of Efficiency - This basically suggests that out of two alternatives which
would bear same cost, the one which shall attain more organizational goals should be
chosen and if the two alternatives are achieving the same degree of organizational
objectives, then the one which does so in lesser cost should be chosen.
• Organizational Identification and Loyalty - An organization consists of several
groups and a person thinks himself to be part of group when in the process of

PUBLIC 23
 evaluating alternatives he/she weighs the option in terms of its consequences on the
entire group.

Therefore, the decision making within an organization is a complex process which is influenced by
several factors. It is advisable to the readers to study more about Herbert Simon and his work on
decision making to be able to appreciate the vastness and complexity of the decision making process
in administrative organizations and economy.

Characteristics of information for decision making

AMANDA WHITE

Information for internal decision making should meet a number of

characteristics.

1. Accurate
2. Complete
3. Reliable
4. Relevant
5. Timely

Accurate information is that recorded correctly from the original

transaction.

Complete information is one where all transactions have been recorded,

with no transactions are missing or purposely omitted.

Reliable information is that which is both accurate and complete,

consistently, so that it can be relied upon for decision making.

Relevant information is that which is useful in the decision making process

(and is highly dependent on the decision being made of course!)

Timely information is that which is produced so that it is available when

decisions need to be made.

Information that managers need to make decisions on a daily basis in a

business must meet all of these requirements. Accurate and complete
information, that then becomes reliable, is the product of strong systems of
internal control and accounting systems. Where information for decision
making is incomplete – managers may not make the best decision for the
business. Decision makers must decide what information is relevant to their
needs, a common deficiency in decision making is simply accepting

PUBLIC 24
whatever reports your business’s information systems provide, rather than
considering what information is really useful in the decision making process
and trying to obtain it. If information is not provided in a timely manner,
managers may not be able to react to the changes in the industry or moves
by competitors quickly enough – resulting in lost customer share, declining
revenues and declining profits.

Therefore, if you’re making decisions in a business – as an accountant, as

a marketing executive, as a supply chain manager – it is wise to keep these
characteristics in mind when evaluating the information available to you to
support decision making.

1) Timeliness
Timeliness means that information must reach the recipients within the prescribed
time frame. Timely information can ensure correct executive action at an early stage.
The characteristic of timeliness, to be effective, should also include current
information.
2) Accuracy
Accuracy is another key-attribute of management information. It means that
information is free from mistakes and errors, is clear and accurately reflects the
meaning of data on which it is based. It conveys an accurate picture to the recipient,
who may require a presentation in graphical form rather than tabular form.
3) Relevance
Relevance is yet another key attribute of management information. Information is said
to be relevant if it answers specifically for the recipient what, why, where, who and
why? In other words, the MIS should serve reports to managers, which are useful,
and the information helps them make decisions.
4) Adequacy
Adequacy means information must be sufficient in quantity. MIS must provide reports
containing information, which is required in deciding processes of decision-making.
5) Completeness
The information, which is provided to a manager, must be complete and should meet
all his needs. Incomplete information may result in wrong decisions and thus may
prove costly to the organization.
6) Explicitness
A report is said to be of good quality if it does not require further analysis by the
recipient for decision-making. Thus the reports should be such that a manager does
not waste any time on the processing of the report, rather he should be able to extract
the required information directly.
7) Security:
Information should be secure so its not leaked to damaging groups like terrorist, etc.

PUBLIC 25
8) Coherence:
Information should be in such a format that it is uncomplicated and easily understood
by end user.
9) Exception based.
Top managers need only exception reports regarding the performance of the
organization. Exception reporting principle states that only those items of information,
which will be of particular interest to a manager, are reported. This approach results
in saving precious time of the top management and enables the managers to devote
more time in pursuit of alternatives for the growth of the organization.

10) Unambiguity:

Clarity of information is an important attribute of good information. Information must

be unambiguous and should be communicated in such a way that it conveys the same
meaning to different users. Modern data bases maintain data dictionaries that clearly
define the variable used in the information in order to standardise the terminology
used in reports.

MIS - Classification of Information

Information can be classified in a number of ways and in this chapter, you will learn
two of the most important ways to classify information.

PUBLIC 26
Classification by Characteristic
Based on Anthony's classification of Management, information used in business for
decision-making is generally categorized into three types −
• Strategic Information − Strategic information is concerned with long
term policy decisions that defines the objectives of a business and
checks how well these objectives are met. For example, acquiring a new
plant, a new product, diversification of business etc, comes under
strategic information.
• Tactical Information − Tactical information is concerned with the
information needed for exercising control over business resources, like
budgeting, quality control, service level, inventory level, productivity level
etc.
• Operational Information − Operational information is concerned with
plant/business level information and is used to ensure proper conduction
of specific operational tasks as planned/intended. Various operator
specific, machine specific and shift specific jobs for quality control checks
comes under this category.
Classification by Application
In terms of applications, information can be categorized as −
• Planning Information − These are the information needed for
establishing standard norms and specifications in an organization. This
information is used in strategic, tactical, and operation planning of any
activity. Examples of such information are time standards, design
standards.
• Control Information − This information is needed for establishing
control over all business activities through feedback mechanism. This
information is used for controlling attainment, nature and utilization of
important processes in a system. When such information reflects a
deviation from the established standards, the system should induce a
decision or an action leading to control.
• Knowledge Information − Knowledge is defined as "information about
information". Knowledge information is acquired through experience and
learning, and collected from archival data and research studies.
• Organizational Information − Organizational information deals with an
organization's environment, culture in the light of its objectives. Karl
Weick's Organizational Information Theory emphasizes that an
organization reduces its equivocality or uncertainty by collecting,
managing and using these information prudently. This information is
used by everybody in the organization; examples of such information are
employee and payroll information.
• Functional/Operational Information − This is operation specific
information. For example, daily schedules in a manufacturing plant that
refers to the detailed assignment of jobs to machines or machines to
operators. In a service oriented business, it would be the duty roster of
various personnel. This information is mostly internal to the organization.
• Database Information − Database information construes large
quantities of information that has multiple usage and application. Such
information is stored, retrieved and managed to create databases. For

PUBLIC 27
 example, material specification or supplier information is stored for
multiple users.

Unit-3: Information Technology

Definition, IT Capabilities and their organizational impact

What Is Information Technology?

Information technology (IT) is the use of computer systems or devices to access
information. Information technology is responsible for such a large portion of our
workforce, business operations and personal access to information that it
comprises much of our daily activities. Whether you are storing, retrieving,
accessing or manipulating information, IT greatly impacts our everyday lives.

Information technology is used by everyone from enterprise companies all the

way down to one-person businesses and local operations. Global companies use
it to manage data and innovate their processes. Even flea market sellers use
smartphone credit card readers to collect payments and street performers give
out a Venmo name to gather donations. If you use a spreadsheet to catalogue
which Christmas presents you bought, you’re using information technology.

IT Capability

IT Capability (information technology capability) refers to an organization’s ability to

identify IT to meet business needs, to deploy IT to improve business processes in a cost-
effective manner and to provide long-term maintenance and support for IT-based
systems (Karimi et al., 2007). It is the ability to leverage different IT resources for
intangible benefits.[1]

Information Technology (IT) Capability is an organization’s ability, by virtue of its IT

assets and know-how, to create Business Value.

This capability can be, and is usually, attributed to the IT function within an
organization. More appropriately, it should be attributed to the organization as a whole
because no function within an organization is an island. Each gain from the other and, in
turn, enriches them. This value “bleed” from one function to another cannot be
quantified meaningfully. However, it exists. It can be positive or negative. When the
organization plays as a team, i.e., the functions collaborate, positive value passes
between functions. In this case, the organization’s capability is greater than the sum of
its parts. The functions are better off together. Conversely, when the organization does
not play as a team, i.e., is dysfunctional, the value bleed is negative. In this case, the
organization’s capability is less than the sum of its parts. It follows that the functions are
better off not being with each other! The net of this phenomenon is that no function

PUBLIC 28
within an organization would create the same value within another organization. For
example, suppose an IT organization is moved from one company to another. In that
case, it will deliver more or less but never the same value as it was created in the
original company. This is true of any team. You may have noticed that a player is
successful or more successful on one team versus the other.

Components of IT Capability (Figure 1.)

IT Capability is comprised of four sub-components or elements. IT’s overall capability
is not the sum total but the synthesis of capabilities of its underlying elements.

Figure 1. Source: CIO Portal

IT Capability comprises the following components:

• IT Strategy
• IT Processes and Metrics
• IT Organization
o Skills
o Structure
o Knowledge/“know-how”
• Assets/Infrastructure
o Hardware
o Software
o Application
o Network

PUBLIC 29
 o Database
o Tools
An organization creates value by utilizing a unique combination and configuration of
these components.

Mapping IT Capabilities to Business Capabilities[2]

From a strategy perspective, the Business Capability analysis is based on the
current definition of functions instead of an organizational structure, as the
organizational structure is quite dynamic and frequent changes, which may create a
chaotic process model, use the value chain or the supply/demand governance model
to map the business capability.

• A pragmatic approach is to look at this from a 'value streams'

perspective:
o Identify major business value streams (end-to-end processes that
deliver customer value).
o Map information technology-related services that support these or
are missing (untapped capability).
o Estimate the 'capability leverage,' preferably in dollars, provided,
or potentially so, by each of these IT services to each value stream
(greater agility, etc.).
o Estimate the business capability (preferably normalized to dollars)
represented by each value stream
• Map IT capabilities to either:
o What the business does - Capabilities or
o How the business does it - Processes\Functions
o Processes are best if you are working at a tactical level
o Capabilities are best for strategic work
Either will help identify business/IT alignment issues

• One Page IT Capability Mapping: It is quite interesting if everything can

be put on one page. It depends on the nature of the enterprise
(diversified), its size, and the age of the enterprise as well. So single
page would include fundamental to any business enterprise the questions
of ‘what do we do', and ‘how do we do it':
o Vision
o Requirements to deliver
o IT capability
o The resources, metrics, applications, and information associated
with capabilities aggregate all the resources, metrics, etc.,
belonging to the business processes that 'work for' the capabilities.
The approach could be to draw an enterprise value chain and expose all the
business capabilities beneath those functions and highlight the activities & identify
the overlaps and gaps, then take it to the next level (with lots of details) on multiple
pages. For all the capabilities, calculate the cost in three categories strategic,
operational, and governance. For all the foundational capabilities like HR, finance,

PUBLIC 30
and others, draw that at the bottom of the sheet across the whole enterprise value
chain.

What is network topology and types of network topology?

Topology is derived from two Greek words topo and logy,
where topo means 'place' and logy means 'study'. In computer
networks, a topology is used to explain how a network is
physically connected and the logical flow of information in
the network. A topology mainly describes how devices are
connected and interact with each other using communication
links.

In computer networks, there are mainly two types of topologies,

they are:

1. Physical Topology: A physical topology describes the way in

which the computers or nodes are connected with each other
in a computer network. It is the arrangement of various
elements(link, nodes, etc.), including the device location and
code installation of a computer network. In other words, we
can say that it is the physical layout of nodes, workstations,
and cables in the network.
2. Logical Topology: A logical topology describes the way,
data flow from one computer to another. It is bound to a
network protocol and defines how data is moved throughout
the network and which path it takes. In other words, it is the
way in which the devices communicate internally.
Network topology defines the layout, virtual shape, or
structure of the network, not only physically but also
logically. A network can have one physical topology and
multiple logical topologies at the same time.

In this blog, we will mainly concentrate on physical topologies.

We'll learn about different types of physical topologies, their
advantages, and disadvantages.

PUBLIC 31
In a computer network, there are mainly six types of physical
topology, they are:

1. Bus Topology
2. Ring Topology
3. Star Topology
4. Mesh Topology
5. Tree Topology
6. Hybrid Topology
Now let us learn these topologies one by one:

Bus Topology
Bus topology is the simplest kind of topology in which a
common bus or channel is used for communication in the
network. The bus is connected to various taps and
droplines. Taps are the connectors, while droplines are the cables
connecting the bus with the computer. In other words, there is
only a single transmission line for all nodes.

PUBLIC 32
When a sender sends a message, all other computers can hear it,
but only the receiver accepts it(verifying the mac address attached
with the data frame) and others reject it. Bus technology is mainly
suited for small networks like LAN, etc.

In this topology, the bus acts as the backbone of the network,

which joins every computer and peripherals in the network. Both
ends of the shared channel have line terminators. The data is sent
only in one direction and as soon as it reaches the end, the
terminator removes the data from the communication line(to
prevent signal bounce and data flow disruption).

In a bus topology, each computer communicates to another

computer on the network independently. Every computer can
share the network's total bus capabilities. The devices share the
responsibility for the flow of data from one point to the other in
the network.

PUBLIC 33
For Example Ethernet cable, etc.

Following are the advantages of Bus topology:

1. Simple to use and install.

2. If a node fails, it will not affect other nodes.
3. Less cabling is required.
4. Cost-efficient to implement.
Following are the disadvantages of Bus topology:

1. Efficiency is less when nodes are more(strength of signal

decreases).
2. If the bus fails, the network will fail.
3. A limited number of nodes can connect to the bus due to
limited bus length.
4. Security issues and risks are more as messages are
broadcasted to all nodes.
5. Congestion and traffic on the bus as it is the only source of
communication.

Ring Topology
Ring topology is a topology in which each computer is
connected to exactly two other computers to form the
ring. The message passing is unidirectional and circular in nature.

PUBLIC 34
This network topology is deterministic in nature, i.e., each
computer is given access for transmission at a fixed time interval.
All the nodes are connected in a closed-loop. This topology mainly
works on a token-based system and the token travels in a loop in
one specific direction.

In a ring topology, if a token is free then the node can capture the
token and attach the data and destination address to the token,
and then leaves the token for communication. When this token
reaches the destination node, the data is removed by the receiver
and the token is made free to carry the next data.

For Example, Token Ring, etc.

Following are the advantages of Ring topology:

1. Easy Installation.

PUBLIC 35
 2. Less Cabling Required.
3. Reduces chances of data collision(unidirectional).
4. Easy to troubleshoot(the faulty node does not pass the
token).
5. Each node gets the same access time.
Following are the disadvantages of Ring topology:

1. If a node fails, the whole network will fail.

2. Slow data transmission speed(each message has to go
through the ring path).
3. Difficult to reconfigure(we have to break the ring).

Star Topology
Star topology is a computer network topology in which all the
nodes are connected to a centralized hub. The hub or switch
acts as a middleware between the nodes. Any node requesting for
service or providing service, first contact the hub for
communication.

PUBLIC 36
The central device(hub or switch) has point to point
communication link(the dedicated link between the devices which
can not be accessed by some other computer) with the devices.
The central device then broadcast or unicast the message based on
the central device used. The hub broadcasts the message, while
the switch unicasts the messages by maintaining a switch table.
Broadcasting increases unnecessary data traffic in the network.

In a star topology, hub and switch act as a server, and the other
connected devices act as clients. Only one input-output port and
one cable are required to connect a node to the central device.
This topology is better in terms of security because the data does
not pass through every node.

For Example High-Speed LAN, etc.

Following are the advantages of Star topology:

PUBLIC 37
 1. Centralized control.
2. Less Expensive.
3. Easy to troubleshoot(the faulty node does not give response).
4. Good fault tolerance due to centralized control on nodes.
5. Easy to scale(nodes can be added or removed to the network
easily).
6. If a node fails, it will not affect other nodes.
7. Easy to reconfigure and upgrade(configured using a central
device).
Following are the disadvantages of Star topology:

1. If the central device fails, the network will fail.

2. The number of devices in the network is limited(due to
limited input-output port in a central device).

Mesh Topology
Mesh topology is a computer network topology in which
nodes are interconnected with each other. In other words,
direct communication takes place between the nodes in the
network.

PUBLIC 38
There are mainly two types of Mesh:

1. Full Mesh: In which each node is connected to every other

node in the network.
2. Partial Mesh: In which, some nodes are not connected to
every node in the network.
In a fully connected mesh topology, each device has a point to
point link with every other device in the network. If there
are 'n' devices in the network, then each device has exactly '(n-
1)' input-output ports and communication links. These links are
simplex links, i.e., the data moves only in one direction. A duplex
link(in which data can travel in both the directions
simultaneously) can replace two simplex links.

If we are using simplex links, then the number of communication

links will be 'n(n-1)' for 'n' devices, while it is 'n(n-1)/2' if we are
using duplex links in the mesh topology.

PUBLIC 39
For Example, the Internet(WAN), etc.

Following are the advantages of Mesh topology:

1. Dedicated links facilitate direct communication.

2. No congestion or traffic problems on the channels.
3. Good Fault tolerance due to the dedicated path for each
node.
4. Very fast communication.
5. Maintains privacy and security due to a separate channel for
communication.
6. If a node fails, other alternatives are present in the network.
Following are the disadvantages of Mesh topology:

1. Very high cabling required.

2. Cost inefficient to implement.
3. Complex to implement and takes large space to install the
network.
4. Installation and maintenance are very difficult.

5. Tree Topology:
Tree topology is a computer network topology in which all
the nodes are directly or indirectly connected to the main bus
cable. Tree topology is a combination of Bus and Star topology.

PUBLIC 40
In a tree topology, the whole network is divided into segments,
which can be easily managed and maintained. There is a main hub
and all the other sub-hubs are connected to each other in this
topology.

Following are the advantages of Tree topology:

1. Large distance network coverage.

2. Fault finding is easy by checking each hierarchy.
3. Least or no data loss.
4. A Large number of nodes can be connected directly or
indirectly.
5. Other hierarchical networks are not affected if one of them
fails.
Following are the disadvantages of Tree topology:

PUBLIC 41
 1. Cabling and hardware cost is high.
2. Complex to implement.
3. Hub cabling is also required.
4. A large network using tree topology is hard to manage.
5. It requires very high maintenance.
6. If the main bus fails, the network will fail.

Hybrid Topology:
A Hybrid topology is a computer topology which is a
combination of two or more topologies. In practical use, they
are the most widely used.

In this topology, all topologies are interconnected according to

the needs to form a hybrid. All the good features of each topology
can be used to make an efficient hybrid topology.

PUBLIC 42
Following are the advantages of Hybrid topology:

1. It can handle a large volume of nodes.

2. It provides flexibility to modify the network according to our
needs.
3. Very Reliable(if one node fails it will not affect the whole
network).
Following are the disadvantages of Hybrid topology:

1. Complex design.
2. Expensive to implement.
3. Multi-Station Access Unit(MSAL) required.
Hence, after learning the various computer network topologies,
we can conclude that some points need to be considered when
selecting a physical topology:

• Ease of Installation.
• Fault Tolerance.
• Implementation Cost.
• Cabling Required.
• Maintenance Required.
• Reliable Nature.
• Ease of Reconfiguration and upgradation.
Information Technology Enabled Services (ITeS)

IT enabled Services (ITeS), also called web-enabled services or remote services, or

Teleworking cover the entire gamut of operations that exploit information technology
for improving the efficiency of an organization. These services provide a wide range of
career options that include opportunities in a call center, medical transcription, medical
billing and coding, back office operations, revenue claims processing, legal databases,
content development, payrolls, logistics management, GIS (Geographical Information
System), HR services, web services, etc.[1]

Information Technology that enables the business by improving the quality of service is
IT-enabled services. The most important aspect is the Value addition of IT-enabled

PUBLIC 43
service. The value addition could be in the form of - Customer relationship
management, improved database, improved look and feel, etc. The outcome of an IT-
enabled service is in two forms:

• Direct Improved Service

• Indirect Benefits.[2]
Whereas direct benefits can be realized immediately, indirect benefits can accrue over a
period of time and can be harnessed very effectively, if planned well upfront.

source: IT Info

Information Technology Enabled Services (ITeS) Processes and Services[3]
ITeS provide a range of IT-intensive processes and services, which includes business
process outsourcing (BPO) and knowledge process outsourcing (KPO), provided
from a distant location and delivered over telecom networks. ITeS focus on verticals
such as content management, finance and accounts, research, and analytics segment.
ITeS includes:

• Customer Interaction services -including call center facilities with adequate

telecom infrastructure, trained consultants, access to requisite databases,
Internet, and other online information infrastructure to provide information
and support to customers
• Back office operations -data entry, data conversion including finance and
accounting and HR services.
• Transcription/Translation services
• Content development/animation/engineering/design and GIS
• Other services including remote education, data search, market research,
network consultancy, and management
The favored application areas are areas where there is a huge amount of data that needs
to be processed and utilized for delivering the results, or the data is the outcome of the
service. In all cases, without the use of IT the task would otherwise be unmanageable.
Some of the most important areas where IT-enabled services can be deployed are:

• Telemarketing
• Helpdesk
• Customer Support Centers
• Data Ware House
• Transcription Centers
• GIS Mapping for Transport tracking
• Electronic Distribution.

PUBLIC 44

Opportunities and Challenges of Information Technology Enabled Services
(ITES)[4]
The changing economic and business conditions, rapid technological innovation, the
proliferation of the internet, and globalization are creating an increasingly competitive
environment. The role of technology has evolved from supporting corporations to
transforming them. Global companies are increasingly turning to offshore technology
service providers in order to meet their need for high-quality and cost-competitive
technology solutions. As such a company can encounter a wide variety of risks and
challenges in its endeavor to create and maintain a seamless, successful, sustainable,
and scalable business. Some of the challenges faced include:

• Ability to create and maintain a truly world-class proven global delivery

model which would allow your organization to provide services to
customers on the best shore basis. This would require round-the-clock
execution capabilities across multiple time zones, access to a large pool of
highly skilled technology professionals, and a knowledge management
system to reuse solutions where appropriate
• Develop and expand strong, comprehensive, best in class-end to end
solutions and service offerings in order to help your clients gain market
differentiation or competitive advantage and thus capture a greater share
of your client’s technology budgets
• Ability to scale when the opportunity arises. This would require constant
investment in infrastructure and rapidly recruiting, training, and deploying
new professionals
• Manage revenue and expenses during the economic downturn, enhance
your organization’s capacity to withstand pricing pressures,
commoditization of services, and decreased utilization rates
• Manage exchange rate volatility and counterparty risk in treasury
operations
• Expand your client list across business verticals to reduce over-dependency
and risk of losing substantial market share
• Maintain superior and sophisticated project management methodology in
line with global quality standards and ensure timely, consistent, and
accurate execution to achieve the highest client satisfaction
• Ensuring successful integration of inorganic growth opportunities that your
organization may undertake from time to time across geographies

Unit-4: Data Base Management Systems

Data mining is a process of extracting useful information and data patterns from data,
whereas a data warehouse is a database management system developed to support
the management functions. Read this article to learn more about Data Mining and
Data Warehousing and how they are different from each other.

What is Data Mining?

Data Mining is a process used to determine data patterns and extract useful
information from data. It can be understood as a general method to extract useful data

PUBLIC 45
 from a set of data. In the data mining process, data is analyzed repeatedly to find
patterns.
Data mining is generally done by business entrepreneurs and engineers to extract
meaningful data. It uses many techniques that includes pattern recognition to identify
patterns in data. It also helps to detect unwanted errors that may occur in the system.
The major advantage of data mining is that it is cost-efficient in comparison to other
statistical data processing techniques. However, it is not completely accurate since
nothing is ideal in the real-world.

What is Data Warehousing?

Data Warehousing is a database system that has been designed to perform
analytics. It combines all the relevant data into a single module.
The process of data warehousing is generally done by engineers. In a data
warehouse, data is stored in a periodic manner. In this process, data is extracted and
stored in a location for ease of reporting. Also, a data warehouse is updated at regular
intervals of time. This is the reason why it is used in major companies, in order to stay
up-to-date. It helps simplify every type of data for business. However, data loss is
possible if the data required for analysis is not integrated with the data warehouse.
A data warehouse stores huge volumes of historical data that helps the user in
analyzing the trends and seasonality to make further predictions.
Now, let us discuss the important differences between data mining and data
warehousing in detail.

Difference between Data Mining and Data

Warehousing

Factor Data Mining Data Warehousing

Data mining is a processing of finding hidden Data warehousing is a large relational

Definition information and patterns in different data sets. database management system designed
to analyze data.

Data mining extracts useful information and Data warehousing combines a large
Function
insights from a large amount of data. about of related data.

Data mining is implemented after data Data warehousing is implemented

warehousing to withdraw useful insights. before data mining in which the data is
Implementation
compiled and stored in a common
database.

Advantages The major advantages of data mining include The advantages of data warehousing
helpful in prediction of trends, financial include easy data access, consistent

PUBLIC 46
 analysis, marketing analysis, and recognition data storage, and enhanced response
of fraudulent. time.

Data mining is performed by business Data warehousing is performed by

Performer
entrepreneurs and engineers. engineers.

Data mining is used to identify the Data warehousing is used to consistently

Applications
relationships and patterns in data. organize very large amount of data.

The following table highlights all the major differences between data mining and data
warehousing −

Conclusion
The most significant difference between the two is that data mining is carried out to
identify relationships, patterns, and extracting useful information from different data
sets; while data warehousing is carried out to combine extremely large sets of related
data.

Unit-5: Decision Support Systems

Group Decision Support System (GDSS)

A group decision support system (GDSS) is an interactive

computer-based system that facilitates a number of decision-
makers (working together in a group) in finding solutions to
problems that are unstructured in nature. They are designed in such
a way that they take input from multiple users interacting
simultaneously with the systems to arrive at a decision as a group.

The tools and techniques provided by the group decision support

system improve the quality and effectiveness of the group
meetings. Groupware and web-based tools for electronic meetings
and videoconferencing also support some of the group decision
making processes, but their main function is to make
communication possible between the decision-makers.

In a group decision support system (GDSS) electronic meeting,

each participant is provided with a computer. The computers are
connected to each other, to the facilitator’s computer and to the file
server. A projection screen is available at the front of the room. The

PUBLIC 47
facilitator and the participants can both project digital text and
images onto this screen.

A group decision support system (GDSS) meeting comprises

different phases, such as idea generation, discussion, voting, vote
counting and so on. The facilitator manages and controls the
execution of these phases. The use of various software tools in the
meeting is also controlled by the facilitator.

Components of Group Decision Support System (GDSS)

• Hardware: It includes electronic hardware like the

computer, equipment used for networking, electronic
display boards and audiovisual equipment. It also
includes the conference facility, including the physical
set up – the room, the tables, and the chairs – laid out in
such a manner that they can support group
discussion and teamwork.
• Software Tools: It includes various tools and
techniques, such as electronic questionnaires, electronic
brainstorming tools, idea organizers, tools for setting
priority, policy formation tool, etc. The use of these
software tools in a group meeting helps the group
decision-makers to plan, organize ideas, gather
information, establish priorities, take decisions and
document the meeting proceedings. As a result,
meetings become more productive.
• People: It compromises the members participating in the
meeting, a trained facilitator who helps with the
proceedings of the meeting, and an expert staff to
support the hardware and software. The GDSS
components together provide a favorable environment
for carrying out group meetings.

Features of Group Decision Support System (GDSS)

• Ease of Use: It consists of an interactive interface that
makes working with GDSS simple and easy.
• Better Decision Making: It provides the conference
room setting and various software tools that facilitate

PUBLIC 48
 users at different locations to make decisions as a group
resulting in better decisions.
• Emphasis on Semi-structured and Unstructured
Decisions: It provides important information that
assists middle and higher-level management in making
semi-structured and unstructured decisions.
• Specific and General Support: The facilitator controls
the different phases of the group decision support
system meeting (idea generation, discussion, voting and
vote counting, etc.) what is displayed on the central
screen and the type of ranking and voting that takes
place, etc. In addition, the facilitator also provides
general support to the group and helps them to use the
system.
• Supports all Phases of the Decision Making: It can
support all the four phases of decision making, viz
intelligence, design, choice, and implementation.
• Supports Positive Group Behavior: In a group
meeting, as participants can share their ideas more
openly without the fear of being criticized, they display
more positive group behavior towards the subject matter
of the meeting.

Group Decision Support System (GDSS) Software Tools

Group decision support system software tools help the decision-
makers in organizing their ideas, gathering required information and
setting and ranking priorities. Some of these tools are as follows:

• Electronic Questionnaire: The information generated

using the questionnaires helps the organizers of the
meeting to identify the issues that need immediate
attention, thereby enabling the organizers to create a
meeting plan in advance.
• Electronic Brainstorming Tools: It allows the
participants to simultaneously contribute their ideas on
the subject matter of the meeting. As the identity of each
participant remains secret, individuals participate in the
meeting without the fear of criticism.

PUBLIC 49
 • Idea Organizer: It helps in bringing together, evaluating
and categorizing the ideas that are produced during the
brainstorming activity.
• Tools for Setting Priority: It includes a collection
of techniques, such as simple voting, ranking in order
and some weighted techniques that are used for voting
and setting priorities in a group meeting.
• Policy Formation Tool: It provides the necessary
support for converting the wordings of policy statements
into an agreement.

Executive Information Systems

What Does Executive Information System Mean?

An executive information system (EIS) is a management support system
that facilitates and supports the decision-making requirements of an
organization’s senior executives. Hence, it is also called an “executive
support system (ESS).”

As a decision-making tool, it gives top executives easy access to internal

and external information relevant to their organizational goals. As such, it is
also considered a specialized decision support system (DSS).

What Are the Characteristics of an Ideal Executive

Information System?
Not all company executives are tech-savvy. As such, an ideal EIS should
have a graphical display that has an easy-to-use interface. Executives
should be able to see all the variables and trends needed to make sound
business decisions in a single dashboard. That way, they can make
comparisons and projections to ensure growth.

PUBLIC 50
Note, too, that each executive specializes in a particular business area. As
such, an ideal EIS should have drill-down capabilities that will enable them
to zoom in on areas that fall under their responsibility.

What Are the Components of an Executive Information

System?
An EIS has four major components, which are:

• Hardware
• Software
• User interface (UI)
• Telecommunications capability

Hardware

An EIS’s hardware should include input devices that executives can use to
enter, check, and update data; a central processing unit (CPU) that controls
the entire system; data storage for saving and archiving useful business
information; and output devices (e.g., monitors, printers, etc.) that show
visual representations of the data executives need to keep or read.

Software

An EIS’s software should be able to integrate all available data into

cohesive results. It should be capable of handling text and graphics;
connected to a database that contains all relevant internal and external
data; and have a model base that performs routine and special statistical,
financial, and other quantitative analyses.

User interface (UI)

This component should be capable of producing scheduled reports, FAQs,

and other information. It would be best if it’s menu-driven, too, allowing

PUBLIC 51
executives to pick from predetermined choices for their needs. And since
not all executives are tech-savvy, it’s ideal for the UI to accept inputs and
produce outputs using programming (i.e., for the tech-savvy) and natural
language (i.e., for the not tech-savvy).

Telecommunications capability

Since most executives often travel, an EIS should have

telecommunications capability. That way, it remains accessible regardless
of location.

What Are the Benefits of Using an Executive Information

System?
Using an EIS provides the following benefits:

• Easy for any executive to use

• Provides the ability to analyze trends
• Augments an executive’s leadership capabilities
• Enhances personal thinking and decision-making
• Makes strategic control flexible
• Enhances an organization’s market competitiveness
• Creates better reports
• Improves consensus building and communication
• Enables office automation
• Reduces time required to find information
• Enables company performance predictions
• Allows detailed examinations of critical success factors

What Are the Disadvantages of Using an Executive

Information System?
Despite providing several advantages, EIS usage has cons, too, such as:

PUBLIC 52
 • Limited functionality
• Hard to quantify the benefits
• Possible information overload on an executive’s part
• System may become slow over time
• May lead to system insecurities
• May be too expensive for small companies

Executive Support Systems -

Executive support systems are intended to be used by the senior managers directly to
provide support to non-programmed decisions in strategic management.
These information are often external, unstructured and even uncertain. Exact scope
and context of such information is often not known beforehand.
This information is intelligence based −

• Market intelligence
• Investment intelligence
• Technology intelligence

Examples of Intelligent Information

Following are some examples of intelligent information, which is often the source of
an ESS −

• External databases
• Technology reports like patent records etc.
• Technical reports from consultants
• Market reports
• Confidential information about competitors
• Speculative information like market conditions
• Government policies
• Financial reports and information

PUBLIC 53
Features of Executive Information System

Advantages of ESS
• Easy for upper level executive to use
• Ability to analyze trends
• Augmentation of managers' leadership capabilities
• Enhance personal thinking and decision-making
• Contribution to strategic control flexibility
• Enhance organizational competitiveness in the market place
• Instruments of change
• Increased executive time horizons.
• Better reporting system
• Improved mental model of business executive
• Help improve consensus building and communication
• Improve office automation

PUBLIC 54
 • Reduce time for finding information
• Early identification of company performance
• Detail examination of critical success factor
• Better understanding
• Time management
• Increased communication capacity and quality
Disadvantage of ESS
• Functions are limited
• Hard to quantify benefits
• Executive may encounter information overload
• System may become slow
• Difficult to keep current data
• May lead to less reliable and insecure data
• Excessive cost for small company

Expert Systems and Knowledge Based Expert Systems

Expert System

An expert system is the highest form of automation of the management

computing office which allows document communication and manipulation.
Decision support systems help with problem-solving by allowing data and
model manipulation. Expert systems go beyond conventional manipulation of
this kind, as they allow experts to 'teach' computers about their fields so that
fewer expert decision-makers can support the system more of the decision-
making process.

Expert systems are one of the most cutting-edge information technology

facts. That is, in some of the most complex and least-understood human
information handling tasks, i.e. decision-making, problem-solving, diagnosis
and learning, they help people. We do this by holding a large amount of
factual information on a subject area, along with lines of reasoning employed
in that field by human experts.

Expert System Components

The key components of Expert System are as followings,

1. User Interface:
It contains a computerized system between the user and the machine
for friendly communication. This system provides an interface to the
user in a graphical way.

PUBLIC 55
 2. Interference Engine:
It regains & determines the data process. It performs this task to deduce
new facts which are subsequently used to draw further conclusions.
This component is associated with an expert system as the brain of the
expert system.
3. Knowledge Base:
This is the most important element of an expert system because it holds
the expert's knowledge of problem-solving. It is here that the expert's
elicited knowledge is stored. It contains the rules, facts and object
descriptions, etc. The knowledge base is always stored in the data with
the newest expert system products. The knowledgebase information is
all that is needed to understand & formulate the problem, and then
solve it.
4. Data Acquisition Subsystem:
The specialist has to learn the information reflected in the knowledge
base. Information acquisition software is used by a person who has
problem experience to build, incorporate or modify the base of
knowledge. Potential knowledge sources include human experts,
research reports, textbooks, databases and the experience of the user
himself.

Advantages of Expert System

Expert System (ES) gives clear responses for routine actions, procedures and
activities .

• Expert System (ES) retains significant levels of the knowledge base.

• Expert System (ES) supports organizations to explain the rationale of
their decision-making.

Disadvantages Expert System

• Expert System (ES) doesn't reply creatively as a human expert in
unusual ways.
• Expert System (ES) requires more technical aspects due to this difficult
in use.
• Highly costlier system.

PUBLIC 56
Unit-6: Introduction to E-Commerce
Traditional Vs. E-Commerce Transactions,

PUBLIC 57
Traditional Commerce vs E-commerce
Overlooked are the days when business activities such as the exchange of goods and services
for money, between 2 parties, had to take place in a traditional environment. The consumer
going to the market, checking out a variety of goods, picking needed items, buying them and
then paying the precise amount is what distinguishes traditional commerce. However, now with
the advent of technological innovations, modern techniques of selling goods and services have
arisen. For example, e-commerce, where people purchase and sell commodities via the Internet.
Both modes have their own merits and demerits, here, the students can learn the meaning of
traditional commerce and e-commerce.

Traditional Commerce
Traditional commerce includes the exchange of goods and services between 2 people. As stated
in the introduction, it is one of the traditional methods of purchasing goods and services. It is
followed by everyone across the globe.

E-Commerce
E-commerce i.e., electronic commerce is similar to traditional commerce. It also includes the
exchange of goods and services. The solitary difference is that it is handled online through an
electronic network – the Internet. Now it has spread across to online social networks. With e-
commerce, support, transactions and communication are done via the use of electronic
communication. All trading activities including selling, ordering, buying, payments are executed
over the internet.
This article is a ready reckoner for the students to learn the comparison between Traditional
Commerce vs Ecommerce.

Comparison Table:
BASIS FOR
TRADITIONAL COMMERCE E-COMMERCE
COMPARISON
Meaning Traditional commerce is a branch e-Commerce means
of business which focuses on the carryng out commercial
exchange of products and transactions or
services, and includes all those exchange of information,
activities which encourages electronically on the
exchange, in some way or the internet.
other.
Processing of Manual Automatic
Transactions
Accessibility Limited Time 24×7×365
Physical Goods can be inspected physically Goods cannot be
inspection before purchase. inspected physically
before purchase.
Customer Face-to-face Screen-to-face
interaction

PUBLIC 58
 BASIS FOR
TRADITIONAL COMMERCE E-COMMERCE
COMPARISON
Scope of Limited to particular area. Worldwide reach
business
Information No uniform platform for exchange Provides a uniform
exchange of information. platform for information
exchange.
Resource focus Supply side Demand side
Business Linear End-to-end
Relationship
Marketing One way marketing One-to-one marketing
Payment Cash, cheque, credit card, etc. Credit card, fund
transfer etc.
Delivery of Instantly Takes time
goods

E-Commerce: Concepts, Definitions, and Benefits & Impact

E-commerce is the buying and selling of goods or services via the internet,
and the transfer of money and data to complete the sales. It’s also known as
electronic commerce or internet commerce.

Online selling has changed tremendously since it began; the evolution and
history of e-commerce is fascinating – and it’s advancing at an even quicker
pace today.

How does e-commerce work?

E-commerce, or electronic commerce, is the exchange of goods and
services, or the transaction of funds or data, over the internet. This process
of buying and selling goods and services online typically consists of the
exchange of data or currency to process a transaction involving more than
one entity or individual.

The customer places the order via the online store using a web browser; the
order details are then relayed to a central backend system – an e-commerce
platform, which facilitates or performs several tasks, including:

• Receiving the order

PUBLIC 59
 • Updating stock or inventory levels and confirming if there’s
sufficient stock
• Processing the payment for the order
• Confirming adequate funds were received to fulfill the order
• Notifying the customer that the order was successfully processed.
• Notifying the shipping department for the order to be shipped to
the customer, or access to the service to be granted.

Most common types of e-commerce

businesses and examples of how they
work
As commerce continues to
evolve, so do the ways that it’s
conducted.
Following are the most common types of e-commerce
businesses and examples of what they mean:
1. Business to Consumer (B2C): B2C e-commerce is the most
popular e-commerce model. Business to consumer means that the
sale is taking place between a business and a consumer, like when
you buy something from an online retailer.

2. Business to Business (B2B): B2B e-commerce refers to a

business selling a good or service to another business, like a
manufacturer and wholesaler, or a wholesaler and a retailer.
Business to business e-commerce isn’t consumer-facing, and
usually involves products like raw materials, software, or products
that are combined. Manufacturers also sell directly to retailers via
B2B ecommerce.

3. Direct to Consumer (D2C): Direct to consumer e-commerce is

the newest model of ecommerce, and trends within this category
are continually changing. D2C means that a brand is selling

PUBLIC 60
 directly to their end customer without going through a retailer,
distributor, or wholesaler. Subscriptions are a popular D2C item,
and social selling via platforms like InstaGram, Pinterest, TikTok,
Facebook, SnapChat, etc. are popular platforms for direct to
consumer sales.

4. Consumer to Consumer (C2C): C2C e-commerce refers to the

sale of a good or service to another consumer. Consumer to
consumer sales take place on platforms like eBay, Etsy, and Fivver.

5. Consumer to Business (C2B): Consumer to business is when

an individual sells their services or products to a business
organization. C2B encompasses influencers offering exposure,
photographers, consultants, freelance writers, etc.

6. Business to Government (B2G): Also known as business-to-

administration (B2A), business to government involves the sale of
goods and services between the business sector as a supplier and a
government entity as a customer. For example, government
agencies may orders goods or services from external third-party
contractors for cleaning and maintaining of public spaces like
parks.

7. Consumer to Government (C2G): Also called consumer-to-

administration (C2A), consumer to government enables
consumers to provide feedback or request information regarding
public agencies directly to the government administration or
authorities. Examples include paying an electricity bill or taxes
through a government website.

Advantages of e-commerce

There are many advantages of e-commerce including:

• Companies can reach a wider audience.

• Companies have lower operational costs.
• Shopping from home is more convenient for the consumer.
• Consumers can easily comparison shop across different brands.
• There's a greater selection of goods available.

PUBLIC 61
Disadvantages of e-commerce

While there are many benefits of ecommerce, there are some potential downsides
as well. Below are some common disadvantages:

• Less personalized service since there's no interaction with sales

clerks
• Shipping charges and waiting for a product to arrive
• Inability to see a product before buying
• Inconvenience of returning products
• Security issues of websites may put consumer information at risk

Electronic Catalogues

An e-Catalogue is an electronic catalogue that provides information on products and

services sold by a vendor. It supports vendors with online ordering and payment
capabilities. An electronic catalogue is an online publication, generally an HTML page,
where a company’s products and services are displayed.
An e-Catalogue or e-brochure is a resource that provides information on your products and
services offered, or your company’s corporate profile. This can then be digitally shared and
distributed simply in the form of a readable and downloadable e-book or catalogue on your
website. They are a digital representation of a company and a powerful e-commerce tool.

What are the benefits of using an e-Catalogue?

• Increased customer satisfaction
• More accurate orders
• Greater consistency
• Accuracy in purchasing processes
• Reduced internal administrative costs
• Punch-Out
• Reduced costs for associated data processing operations
• Customisable and configurable
• Integrated
• No hardware or software requirements
What are the key features of e-Catalogues?
The B2BE e-Catalogue solution provides organisations and their respective users the ability
to search and display product data, provide online ordering capabilities, facilitate catalogue
data exchange between trading partners, and provide punch-out functionality for
companies who have customers with this requirement.
E-Catalogues have a number of key features, including:

PUBLIC 62
Secure customisable access control
The B2BE e-Catalogue has customisable access so you’re able to provide content based on
the type of user visiting the catalogue and presents pricing and content for public users, or
specific content and pricing for account users via a login.

Fully customisable design

B2BE offers a customisable design that allows the e-Catalogue to emulate the same look and
feel of your website to provide a seamless user experience for your clients.

Easy content management and maintenance

Secure accounts ensure easy content management of product information such as images,
pricing and technical specifications. As a result, you have full control over updates ensuring
content remains relevant and accurate.

Attribute management
The B2BE e-Catalogue solution enables you to design the way you wish to set up and
manage products based on key attributes. That is, you can build a logical and uniform way
in which products can be categorised regardless of the actual data managed in the
background and extracted from your ERP environment. Consequently, this means users can
search for your products logically.

Online payment system

The e-Catalogue solution also provides an online payment facility to both your customer
accounts and the public using a secure payment gateway. The B2BE e-Catalogue can also be
linked to your own bank’s payment gateway to provide seamless transactions using your
current banking systems.

Punch Out capability

As your customers become more technically capable they may no longer wish to maintain
your products within their system. The B2BE e-Catalogue supports punch-out functionality,
(both OBI or OCI standards) allowing your clients to punch-out from their system, browse
your catalogue and select products through the online ordering system. The B2BE e-
Catalogue will also support the automation of reverse purchase orders.

Electronic Auctions
An eAuction is a transaction between sellers (the auctioneers) and bidders (suppliers
in the business-to-business scenarios) in an electronic marketplace.

PUBLIC 63
It can occur business-to-business, business-to-consumer, or consumer-to-consumer,
and allows suppliers to bid online against each other for contracts against a
published specification.

This kind of environment encourages competition, resulting in goods and services

being offered at their current market value.

What Is E Supply Chain Management?

E Supply Chain Management (ESCM) is a comprehensive approach to
managing the entire supply chain process. It is a combination of
technology, processes, and people that work together to ensure that
goods and services are delivered to customers in a timely and cost-
effective manner. ESCM is a key component of any successful business,
as it helps to reduce costs, improve customer service, and increase
efficiency. By leveraging the latest technologies, ESCM can help
businesses to streamline their operations and increase their competitive
advantage.

Benefits of E Supply Chain Management

ESCM offers a number of benefits to businesses, including improved
customer service, reduced costs, and increased efficiency. By leveraging
the latest technologies, businesses can streamline their operations and
reduce their costs. Additionally, ESCM can help businesses to improve
their customer service by providing customers with timely and accurate
information about their orders. Finally, ESCM can help businesses to
increase their efficiency by automating processes and reducing manual
labor.

PUBLIC 64
How Does E Supply Chain Management Work?
ESCM is a comprehensive approach to managing the entire supply chain
process. It involves the use of technology, processes, and people to
ensure that goods and services are delivered to customers in a timely and
cost-effective manner. The technology used in ESCM includes software,
hardware, and networks that enable businesses to track and manage their
supply chain processes. Additionally, ESCM involves the use of processes
and people to ensure that goods and services are delivered to customers
in a timely and cost-effective manner.

electronic banking, Use of computers and telecommunications to enable

banking transactions to be done by telephone or computer rather than
through human interaction. Its features include electronic funds transfer
for retail purchases, automatic teller machines (ATMs), and automatic
payroll deposits and bill payments. Some banks offer home banking,
whereby a person with a personal computer can make transactions, either
via a direct connection or by accessing a Web site. Electronic banking has
vastly reduced the physical transfer of paper money and coinage from one
place to another or even from one person to another.

Unit-7: E-Commerce Models

Native Content Based Models, Native Transaction Models, Transplanted Content based
Models, Transplanted Transaction Based Models.

Unit-8: Security & Encryption

In the age of internet, our lives are increasingly dependent on online

shopping, banking, and socializing. We store photos and personal
information on our computers and in the cloud. As more and more aspects
of our lives move online, so does the risk of cybercrime. Cybersecurity is the
practice of protecting computer systems and networks from unauthorized
access or attack.

PUBLIC 65
Individuals, businesses, and governments must invest in cybersecurity to
protect their data and assets from criminals. The importance of
cybersecurity in this progressively internet-centered world is supreme. To
understand what cyber security is and its importance, you can apply for
specialized IT Security certifications online. These courses will upgrade your
intuitive skills and allow you to engage with experts in the industry.

What is Cyber Security?

Cybersecurity is the practice of protecting electronic information by

mitigating information risks and vulnerabilities. Information risks can
include unauthorized access, use, disclosure, interception, or data
destruction.

The importance of cybersecurity in the digital world is immense. It is

because the volume and sophistication of cyberattacks are constantly
increasing. As our dependence on technology grows, so does our
vulnerability to these attacks. Cybersecurity helps to protect our data and
systems from these threats.

Importance of Cyber Security in the Digital World

The importance of cyber security in the digital world cannot be understated.

A single security breach can have far-reaching consequences in today's
interconnected world. For example, the 2017 Equifax breach exposed the
personal information of over 145 million people, and the 2018 Marriott
breach exposed the personal information of over 500 million people.

These breaches had a significant financial impact on the companies involved

and also resulted in a loss of customer trust. Therefore, cyber security is
essential to protect businesses and individuals from the potentially
devastating consequences of a security breach.

To understand why it is important to learn about cybersecurity, you must

first know how a solid cybersecurity system helps and protects students,
businesses, organizations, and the banking sector

PUBLIC 66
Software vulnerabilities are weaknesses in software that can
be exploited by malicious actors to gain access to a system
or network. These vulnerabilities can be caused by a variety
of factors, including coding errors, design flaws, and
inadequate security measures. Understanding the sources of
software vulnerabilities is essential for organizations to
protect their systems and networks from attack.

Poorly Written Code

Poorly written code is one of the most common sources of software
vulnerabilities. This can include coding errors, such as incorrect data
validation, buffer overflows, and SQL injection. Poorly written code can
also lead to design flaws, such as insecure authentication mechanisms,
lack of input validation, and inadequate access control. Poorly written
code can also lead to security vulnerabilities, such as weak encryption
algorithms, lack of secure storage, and insecure communication protocols.

Inadequate Security Measures

Inadequate security measures are another common source of software
vulnerabilities. This can include inadequate authentication mechanisms,
lack of input validation, and inadequate access control. It can also include
weak encryption algorithms, lack of secure storage, and insecure
communication protocols. Inadequate security measures can also lead to
vulnerabilities in the software itself, such as buffer overflows, SQL
injection, and other coding errors.

Third-Party Software
Third-party software is another source of software vulnerabilities. This can
include software libraries, frameworks, and other components that are
used in the development of a software application. Third-party software

PUBLIC 67
can contain vulnerabilities that can be exploited by malicious actors. It is
important for organizations to ensure that any third-party software they
use is secure and up-to-date.

Outdated Software
Outdated software is another source of software vulnerabilities. As
software applications are updated, new security vulnerabilities can be
discovered and patched. If an organization fails to keep their software up-
to-date, they may be vulnerable to attack. It is important for organizations
to ensure that their software is regularly updated to the latest version.

Insufficient Testing
Insufficient testing is another source of software vulnerabilities. If a
software application is not thoroughly tested before it is released, it may
contain security vulnerabilities that can be exploited by malicious actors. It
is important for organizations to ensure that their software is thoroughly
tested before it is released.

Human Error
Human error is another source of software vulnerabilities. This can include
mistakes made by developers, administrators, and users. For example, a
developer may make a coding error that leads to a security vulnerability, or
an administrator may configure a system incorrectly, leading to a security
vulnerability. It is important for organizations to ensure that their staff are
properly trained and aware of security best practices.

Malicious Actors
Malicious actors are another source of software vulnerabilities. Malicious
actors can exploit vulnerabilities in software applications to gain access to
a system or network. It is important for organizations to ensure that their

PUBLIC 68
systems and networks are secure and that any vulnerabilities are patched
as soon as possible.

What is a security policy?

A security policy is a document that states in writing how a company plans to
protect its physical and information technology (IT) assets. Security policies are
living documents that are continuously updated and changing as technologies,
vulnerabilities and security requirements change.

A company's security policy may include an acceptable use policy. These describe
how the company plans to educate its employees about protecting the company's
assets. They also include an explanation of how security measurements will be
carried out and enforced, and a procedure for evaluating the effectiveness of the
policy to ensure that necessary corrections are made.

Why are security policies important?

Security policies are important because they protect an organizations' assets, both
physical and digital. They identify all company assets and all threats to those
assets.

Physical security policies are aimed at protecting a company's physical assets, such
as buildings and equipment, including computers and other IT equipment. Data
security policies protect intellectual property from costly events, like data
breaches and data leaks.

Physical security policies

Physical security policies protect all physical assets in an organization, including
buildings, vehicles, inventory and machines. These assets include IT equipment,
such as servers, computers and hard drives.

Protecting IT physical assets is particularly important because the physical devices

contain company data. If a physical IT asset is compromised, the information it
contains and handles is at risk. In this way, information security policies are
dependent on physical security policies to keep company data safe.

PUBLIC 69
Physical security policies include the following information:

• sensitive buildings, rooms and other areas of an organization;

• who is authorized to access, handle and move physical assets;

• procedures and other rules for accessing, monitoring and handling

these assets; and

• responsibilities of individuals for the physical assets they access and

handle.

Security guards, entry gates, and door and window locks are all used to protect
physical assets. Other, more high-tech methods are also used to keep physical
assets safe. For example, a biometric verification system can limit access to a
server room. Anyone accessing the room would use a fingerprint scanner to verify
they are authorized to enter.

Information security policies

These policies provide the following advantages.

Protect valuable assets. These policies help ensure the confidentiality, integrity
and availability -- known as the CIA triad -- of data. They are often used to protect
sensitive customer data and personally identifiable information.

What is Website Security?

Website Security is a way of protecting the websites and web

application from being hacked or any unauthorized access, done by
creating an extra layer of a protection measure and protocol that
helps in mitigating the attacks. It is not a simple task, and to secure
websites and applications then security comprises a lot of factors
that go into web security and web protection, like up to date
regarding new threats and how to mitigate them and monitor the
traffic.

PUBLIC 70
In today's Digital World, the Internet revolutionized, and everyone is
shifting business online. People are proving their presence on the
Internet to reach as many people as possible and increase revenue.
According to Netcraft, as of September 2014, there were over 1
billion websites on the web, and present statics show around 2
billion sites are on the Internet which means it will become
necessary in the upcoming years. The sites increasing day by day,
but lots of people do not care about the security initially, and such
sites are prone to lots of vulnerabilities, which gives hackers or
attackers a chance to compromise the data.

The major reasons behind adversaries hacking the websites are:

• Site Visitors Exploitation

• Stealing information stored on the server
• Tricking crawlers and bots
• Abusing server resources

How to secure the Website?

The approach to it depends on how organizations adopted security,

and other factors like their network type, and software, but the core
strategy is somewhat similar.

these are the basic requirements for end-to-end website security

Web Application Firewalls (WAF)

Web application firewalls (WAF) are an essential security control
used by the security team to protect Web applications and sites
against various attacks, and known vulnerabilities. Customize it,
after customizing WAF is also able to prevent SQL injection attacks,
XSS attacks, buffer overflows, and session hijacking. All these
features may not be available or performed on traditional network
firewall systems. It's categorized as Network-based, Host-based,
and Cloud-hosted WAFs.Deployed in front of web applications, it
analyzes bi-directional web-based (HTTP) traffic - detecting and
blocking anything malicious.
SSL Certificate
Whenever a browser or server attempts to connect to a website
secured with SSL. The browser/server requests for identification.

PUBLIC 71
Then a copy of the SSL certificate is sent by the webserver to the
browser/server. The browser/server checks to see whether it should
trust the SSL certificate or not. And according to it sends messages
to the webserver. If the certificate looks good, the web server sends
back a digitally signed acknowledgment for starting an SSL
encrypted session. Now the exchange of data proceeds in the
encrypted ways between the browser/server and the webserver.
A Website Scanner
A cyber attack costs more the longer it takes to be found, so time
becomes an essential factor in safeguarding the website. A website
scanner looks for malware, vulnerabilities, and other security issues
so that organizations can moderate them appropriately.

What is a Firewall?
A Firewall is a network security device that monitors and filters incoming
and outgoing network traffic based on an organization’s previously
established security policies. At its most basic, a firewall is essentially the
barrier that sits between a private internal network and the public Internet.
A firewall’s main purpose is to allow non-threatening traffic in and to keep
dangerous traffic out.

Firewall History
Firewalls have existed since the late 1980’s and started out as packet
filters, which were networks set up to examine packets, or bytes,
transferred between computers. Though packet filtering firewalls are still in
use today, firewalls have come a long way as technology has developed
throughout the decades.

• Gen 1 Virus

o Generation 1, Late 1980’s, virus attacks on stand-alone PC’s

affected all businesses and drove anti-virus products.

PUBLIC 72
 • Gen 2 Networks

o Generation 2, Mid 1990’s, attacks from the internet affected all

business and drove creation of the firewall.

• Gen 3 Applications

o Generation 3, Early 2000’s, exploiting vulnerabilities in

applications which affected most businesses and drove
Intrusion Prevention Systems Products (IPS).

• Gen 4 Payload

o Generation 4, Approx. 2010, rise of targeted, unknown,

evasive, polymorphic attacks which affected most businesses
and drove anti-bot and sandboxing products.

• Gen 5 Mega

o Generation 5, Approx. 2017, large scale, multi-vector, mega

attacks using advance attack tools and is driving advance
threat prevention solutions.

Back in 1993, Check Point CEO Gil Shwed introduced the first stateful
inspection firewall, FireWall-1. Fast forward twenty-seven years, and a
firewall is still an organization’s first line of defense against cyber attacks.
Today’s firewalls, including Next Generation Firewalls and Network
Firewalls support a wide variety of functions and capabilities with built-in
features, including:

• Network Threat Prevention

• Application and Identity-Based Control

• Hybrid Cloud Support

• Scalable Performance

PUBLIC 73
Types of Firewalls
• Packet filtering

A small amount of data is analyzed and distributed according to the

filter’s standards.

• Proxy service

Network security system that protects while filtering messages at the

application layer.

• Stateful inspection

Dynamic packet filtering that monitors active connections to

determine which network packets to allow through the Firewall.

• Next Generation Firewall (NGFW)

Deep packet inspection Firewall with application-level inspection.

What Firewalls Do?

A Firewall is a necessary part of any security architecture and takes the
guesswork out of host level protections and entrusts them to your network
security device. Firewalls, and especially Next Generation Firewalls, focus
on blocking malware and application-layer attacks, along with an
integrated intrusion prevention system (IPS), these Next Generation
Firewalls can react quickly and seamlessly to detect and react to outside
attacks across the whole network. They can set policies to better defend
your network and carry out quick assessments to detect invasive or
suspicious activity, like malware, and shut it down.

Why Do We Need Firewalls?

Firewalls, especially Next Generation Firewalls, focus on blocking malware
and application-layer attacks. Along with an integrated intrusion

PUBLIC 74
prevention system (IPS), these Next Generation Firewalls are able to react
quickly and seamlessly to detect and combat attacks across the whole
network. Firewalls can act on previously set policies to better protect your
network and can carry out quick assessments to detect invasive or
suspicious activity, such as malware, and shut it down. By leveraging a
firewall for your security infrastructure, you’re setting up your network with
specific policies to allow or block incoming and outgoing traffic.

Network Layer vs. Application

Layer Inspection
Network layer or packet filters inspect packets at a relatively low level of
the TCP/IP protocol stack, not allowing packets to pass through the
firewall unless they match the established rule set where the source and
destination of the rule set is based upon Internet Protocol (IP) addresses
and ports. Firewalls that do network layer inspection perform better than
similar devices that do application layer inspection. The downside is that
unwanted applications or malware can pass over allowed ports, e.g.
outbound Internet traffic over web protocols HTTP and HTTPS, port 80
and 443 respectively.

The Importance of NAT and VPN

Firewalls also perform basic network level functions such as Network
Address Translation (NAT) and Virtual Private Network (VPN). Network
Address Translation hides or translates internal client or server IP
addresses that may be in a “private address range”, as defined in RFC
1918 to a public IP address. Hiding the addresses of protected devices
preserves the limited number of IPv4 addresses and is a defense against
network reconnaissance since the IP address is hidden from the Internet.

Similarly, a virtual private network (VPN) extends a private network across

a public network within a tunnel that is often encrypted where the contents

PUBLIC 75
of the packets are protected while traversing the Internet. This enables
users to safely send and receive data across shared or public networks.

Next Generation Firewalls and

Beyond
Next Generation Firewalls inspect packets at the application level of the
TCP/IP stack and are able to identify applications such as Skype, or
Facebook and enforce security policy based upon the type of application.

Today, UTM (Unified Threat Management) devices and Next Generation

Firewalls also include threat prevention technologies such as intrusion
prevention system (IPS) or Antivirus to detect and prevent malware and
threats. These devices may also include sandboxing technologies to
detect threats in files.

As the cyber security landscape continues to evolve and attacks become

more sophisticated, Next Generation Firewalls will continue to be an
essential component of any organization’s security solution, whether
you’re in the data center, network, or cloud. To learn more about the
essential capabilities your Next Generation Firewall needs to have,
download the Next Generation Firewall (NGFW) Buyer’s Guide today.

WHAT IS TRANSACTIONAL SECURITY?

Transactional security provides an extra layer of protection against risk for
financial institutions and their customers. In 2022, transactional security has
become more sophisticated than ever, with both physical and electronic
security solutions, and at Wittenbach, we are committed to educating and
empowering your financial institution with best-in-class, first-in-line
solutions. Not only will we explain what transactional security is and how it

PUBLIC 76
works, we will also delve into examples of our offerings to illustrate what is
possible when keeping your branch safe.

WHAT IS TRANSACTIONAL SECURITY?

Transactional Security refers to the safe, professional handling of confidential

information or goods during a given business transaction (credit card
payments, cashing paychecks, etc.). Any banking services which play a
significant role in the functioning of a banking institution are known as
Transactional Banking, or Transaction Banking. For such services,
Transactional Security enables the safe distribution of money, cash
management services, and other operational needs for day-to-day banking
transactions.
WHO TYPICALLY HANDLES TRANSACTIONAL SECURITY?

A bank’s Transactional Banking Division is usually responsible, in both

corporate and financial institutes, for providing these services and
commercial banking products. Its functions include cross-border and/or
domestic payments, international trade finances and trusts, risk management,
depositary, and other related services. The Transactional Banking Division of
a bank is composed of Trade Finance, Trust & Securities Services, and Cash
Management businesses.

WHAT ARE SOME SUCCESSFUL EXAMPLES OF TRANSACTIONAL SECURITY?

One successful approach to keeping branches safe and secure is through

electronic security systems. For example, implementing intrusion alarms and
camera systems allow for modern video surveillance to protect from potential
security threats.
Another innovative way transactional security has evolved is through video
integrating to deposit and withdrawal transactions. These transactions can
run either at the teller line or at an ATM with cameras connected to the
branch NVR network. Then, an open but secure API on the video analytics
allows for transactions to be searched by account number, cash amounts, and
times of day to track each transaction.
In addition, Teller Cash Recyclers (TCRs) are a viable resource for modernized
banking. This technology is capable of authenticating bank notes and securely
storing cash within a vault. TCRs are also capable of automating cash
transactions for the tellers such as cash inventory, deposits, and withdrawals.
Another form of Transactional Security which has stood the tests of time is
physical security. Be it vaults, safes, lockers and/or pneumatic tube systems,

PUBLIC 77
these products will always play an major role in offering security for any
valuable stored items.

Cryptography Digital signatures

Digital signatures are the public-key primitives of message authentication. In the

physical world, it is common to use handwritten signatures on handwritten or typed
messages. They are used to bind signatory to the message.
Similarly, a digital signature is a technique that binds a person/entity to the digital data.
This binding can be independently verified by receiver as well as any third party.
Digital signature is a cryptographic value that is calculated from the data and a secret
key known only by the signer.
In real world, the receiver of message needs assurance that the message belongs to
the sender and he should not be able to repudiate the origination of that message.
This requirement is very crucial in business applications, since likelihood of a dispute
over exchanged data is very high.

Model of Digital Signature

As mentioned earlier, the digital signature scheme is based on public key
cryptography. The model of digital signature scheme is depicted in the following
illustration −

The following points explain the entire process in detail −

• Each person adopting this scheme has a public-private key pair.
• Generally, the key pairs used for encryption/decryption and
signing/verifying are different. The private key used for signing is referred
to as the signature key and the public key as the verification key.
• Signer feeds data to the hash function and generates hash of data.
• Hash value and signature key are then fed to the signature algorithm
which produces the digital signature on given hash. Signature is
appended to the data and then both are sent to the verifier.

PUBLIC 78
 • Verifier feeds the digital signature and the verification key into the
verification algorithm. The verification algorithm gives some value as
output.
• Verifier also runs same hash function on received data to generate hash
value.
• For verification, this hash value and output of verification algorithm are
compared. Based on the comparison result, verifier decides whether the
digital signature is valid.
• Since digital signature is created by ‘private’ key of signer and no one
else can have this key; the signer cannot repudiate signing the data in
future.
It should be noticed that instead of signing data directly by signing algorithm, usually
a hash of data is created. Since the hash of data is a unique representation of data, it
is sufficient to sign the hash in place of data. The most important reason of using hash
instead of data directly for signing is efficiency of the scheme.
Let us assume RSA is used as the signing algorithm. As discussed in public key
encryption chapter, the encryption/signing process using RSA involves modular
exponentiation.
Signing large data through modular exponentiation is computationally expensive and
time consuming. The hash of the data is a relatively small digest of the data,
hence signing a hash is more efficient than signing the entire data.

Importance of Digital Signature

Out of all cryptographic primitives, the digital signature using public key cryptography
is considered as very important and useful tool to achieve information security.
Apart from ability to provide non-repudiation of message, the digital signature also
provides message authentication and data integrity. Let us briefly see how this is
achieved by the digital signature −
• Message authentication − When the verifier validates the digital
signature using public key of a sender, he is assured that signature has
been created only by sender who possess the corresponding secret
private key and no one else.
• Data Integrity − In case an attacker has access to the data and modifies
it, the digital signature verification at receiver end fails. The hash of
modified data and the output provided by the verification algorithm will
not match. Hence, receiver can safely deny the message assuming that
data integrity has been breached.
• Non-repudiation − Since it is assumed that only the signer has the
knowledge of the signature key, he can only create unique signature on
a given data. Thus the receiver can present data and the digital signature
to a third party as evidence if any dispute arises in the future.
By adding public-key encryption to digital signature scheme, we can create a
cryptosystem that can provide the four essential elements of security namely −
Privacy, Authentication, Integrity, and Non-repudiation.

PUBLIC 79
Encryption with Digital Signature
In many digital communications, it is desirable to exchange an encrypted messages
than plaintext to achieve confidentiality. In public key encryption scheme, a public
(encryption) key of sender is available in open domain, and hence anyone can spoof
his identity and send any encrypted message to the receiver.
This makes it essential for users employing PKC for encryption to seek digital
signatures along with encrypted data to be assured of message authentication and
non-repudiation.
This can archived by combining digital signatures with encryption scheme. Let us
briefly discuss how to achieve this requirement. There are two possibilities, sign-
then-encrypt and encrypt-then-sign.
However, the crypto system based on sign-then-encrypt can be exploited by receiver
to spoof identity of sender and sent that data to third party. Hence, this method is not
preferred. The process of encrypt-then-sign is more reliable and widely adopted. This
is depicted in the following illustration −

The receiver after receiving the encrypted data and signature on it, first verifies the
signature using sender’s public key. After ensuring the validity of the signature, he
then retrieves the data through decryption using his private key.

What is public key cryptography?

Public key cryptography is a method of encrypting or signing data with two different
keys and making one of the keys, the public key, available for anyone to use. The
other key is known as the private key. Data encrypted with the public key can only

PUBLIC 80
be decrypted with the private key. Because of this use of two keys instead of one,
public key cryptography is also known as asymmetric cryptography. It is widely
used, especially for TLS/SSL, which makes HTTPS possible.

What is a cryptographic key?

In cryptography, a key is a piece of information used for scrambling data so that it
appears random; often it's a large number, or string of numbers and letters. When
unencrypted data, also called plaintext, is put into a cryptographic algorithm using
the key, the plaintext comes out the other side as random-looking data. However,
anyone with the right key for decrypting the data can put it back into plaintext form.

For example, suppose we take a plaintext message, "hello," and encrypt it with a
key; let's say the key is "2jd8932kd8." Encrypted with this key, our simple "hello"
now reads "X5xJCSycg14=", which seems like random garbage data. However, by
decrypting it with that same key, we get "hello" back.

Plaintext + key = ciphertext:

hello + 2jd8932kd8 = X5xJCSycg14=

Ciphertext + key = plaintext:

X5xJCSycg14= + 2jd8932kd8 = hello

This is an example of symmetric cryptography, in which only one key is used. In

public key cryptography, there would instead be two keys. The public key would
encrypt the data, and the private key would decrypt it.

How does TLS/SSL use public key

cryptography?
Public key cryptography is extremely useful for establishing secure communications
over the Internet (via HTTPS). A website's SSL/TLS certificate, which is shared

PUBLIC 81
publicly, contains the public key, and the private key is installed on the origin
server — it's "owned" by the website.

TLS handshakes use public key cryptography to authenticate the identity of the
origin server, and to exchange data that is used for generating the session keys. A
key exchange algorithm, such as RSA or Diffie-Hellman, uses the public-private key
pair to agree upon session keys, which are used for symmetric encryption once the
handshake is complete. Clients and servers are able to agree upon new session
keys for each communication session, so that bad actors are unable to decrypt
communications even if they identify or steal one of the session keys from a
previous session.

Electronic Mail Security,

Email Security Definition

Email security is a term for describing different procedures and techniques for
protecting email accounts, content, and communication against unauthorized access,
loss or compromise. Email is often used to spread malware, spam and phishing attacks.
Attackers use deceptive messages to entice recipients to part with sensitive
information, open attachments or click on hyperlinks that install malware on the
victim’s device. Email is also a common entry point for attackers looking to gain a
foothold in an enterprise network and obtain valuable company data.

Email encryption involves encrypting, or disguising, the content of email messages to

protect potentially sensitive information from being read by anyone other than
intended recipients. Email encryption often includes authentication.

How Secure Is Email?

Email was designed to be as open and accessible as possible. It allows people in

organizations to communicate with each other and with people in other
organizations. The problem is that the security of email, on its own, is not reliable.
This allows attackers to use email as a way to cause problems in attempt to profit.
Whether through spam campaigns, malware and phishing attacks, sophisticated
targeted attacks, or business email compromise (BEC), attackers try to take
advantage of the lack of security of email to carry out their actions. Since most
organizations rely on email to do business, attackers exploit email in an attempt to
steal sensitive information.

Because email is an open format, it can be viewed by anyone who can intercept it,
causing email security concerns. This became an issue as organizations began
sending confidential or sensitive information through email. An attacker could easily

PUBLIC 82
read the contents of an email by intercepting it. Over the years, organizations have
been increasing email security measures to make it harder for attackers to get their
hands on sensitive or confidential information.

Email Security Policies

Because email is so critical in today’s business world, organizations have established

polices around how to handle this information flow. One of the first policies most
organizations establish is around viewing the contents of emails flowing through their
email servers. It’s important to understand what is in the entire email in order to act
appropriately. After these baseline policies are put into effect, an organization can enact
various security policies on those emails.

These email security policies can be as simple as removing all executable content from
emails to more in-depth actions, like sending suspicious content to a sandboxing tool for
detailed analysis. If email security incidents are detected by these policies, the
organization needs to have actionable intelligence about the scope of the attack. This
will help determine what damage the attack may have caused. Once an organization has
visibility into all the emails being sent, they can enforce email encryption policies to
prevent sensitive email information from falling into the wrong hands.

Email Security Best Practices

One of the first best practices that organizations should put into effect is implementing a
secure email gateway. An email gateway scans and processes all incoming and outgoing
email and makes sure that threats are not allowed in. Because attacks are increasingly
sophisticated, standard security measures, such as blocking known bad file
attachments, are no longer effective. A better solution is to deploy a secure email
gateway that uses a multi-layered approach.

It’s also important to deploy an automated email encryption solution as a best practice.
This solution should be able to analyze all outbound email traffic to determine whether
the material is sensitive. If the content is sensitive, it needs to be encrypted before it is
emailed to the intended recipient. This will prevent attackers from viewing emails, even
if they were to intercept them.

PUBLIC 83


The security of email can depend on the user. Training employees on appropriate email
usage and knowing what is a good and bad email is also an important best practice for
email security. Users may receive a malicious email that slips through the secure email
gateway, so it’s critical that they understand what to look for. Most often they are
exposed to phishing attacks, which have telltale signs. Training helps employees spot
and report on these types of emails.

Email Security Tools

A secure email gateway, deployed either on-premises or in the cloud, should increase
the security of email by offering multi-layered protection from unwanted, malicious and
BEC email; granular visibility; and business continuity for organizations of all sizes.
These controls enable security teams to have confidence that they can secure users
from email threats and maintain email communications in the event of an outage.

An email encryption solution reduces the risks associated with regulatory violations,
data loss and corporate policy violations while enabling essential business
communications. The email security solution should work for any organization that
needs to protect sensitive data, while still making it readily available to affiliates,
business partners and users—on both desktops and mobile devices. An email
encryption solution is especially important for organizations required to follow
compliance regulations, like GDPR, HIPAA or SOX, or abide by security standards like
PCI-DSS.

Security Protocol for web Commerce.

Security is an essential part of any transaction that takes place over the internet.
Customers will lose his/her faith in e-business if its security is compromised. Following
are the essential requirements for safe e-payments/transactions −
• Confidentiality − Information should not be accessible to an
unauthorized person. It should not be intercepted during the
transmission.
• Integrity − Information should not be altered during its transmission over
the network.
• Availability − Information should be available wherever and whenever
required within a time limit specified.
• Authenticity − There should be a mechanism to authenticate a user
before giving him/her an access to the required information.

PUBLIC 84
 • Non-Repudiability − It is the protection against the denial of order or
denial of payment. Once a sender sends a message, the sender should
not be able to deny sending the message. Similarly, the recipient of
message should not be able to deny the receipt.
• Encryption − Information should be encrypted and decrypted only by an
authorized user.
• Auditability − Data should be recorded in such a way that it can be
audited for integrity requirements.
Measures to ensure Security
Major security measures are following −
• Encryption − It is a very effective and practical way to safeguard the
data being transmitted over the network. Sender of the information
encrypts the data using a secret code and only the specified receiver can
decrypt the data using the same or a different secret code.
• Digital Signature − Digital signature ensures the authenticity of the
information. A digital signature is an e-signature authenticated through
encryption and password.
• Security Certificates − Security certificate is a unique digital id used to
verify the identity of an individual website or user.
Security Protocols in Internet
We will discuss here some of the popular protocols used over the internet to ensure
secured online transactions.

Secure Socket Layer (SSL)

It is the most commonly used protocol and is widely used across the industry. It meets
following security requirements −

• Authentication
• Encryption
• Integrity
• Non-reputability
"https://" is to be used for HTTP urls with SSL, where as "http:/" is to be used for HTTP
urls without SSL.
Secure Hypertext Transfer Protocol (SHTTP)
SHTTP extends the HTTP internet protocol with public key encryption, authentication,
and digital signature over the internet. Secure HTTP supports multiple security
mechanism, providing security to the end-users. SHTTP works by negotiating
encryption scheme types used between the client and the server.
Secure Electronic Transaction
It is a secure protocol developed by MasterCard and Visa in collaboration.
Theoretically, it is the best security protocol. It has the following components −
• Card Holder's Digital Wallet Software − Digital Wallet allows the card
holder to make secure purchases online via point and click interface.

PUBLIC 85
• Merchant Software − This software helps merchants to communicate
with potential customers and financial institutions in a secure manner.
• Payment Gateway Server Software − Payment gateway provides
automatic and standard payment process. It supports the process for
merchant's certificate request.
• Certificate Authority Software − This software is used by financial
institutions to issue digital certificates to card holders and merchants, and
to enable them to register their account agreements for secure electronic
commerce.

PUBLIC 86