COURSE: DIPLOMA IN INFORMATION

COMMUNICATION TECHNOLOGY (ICT).

(MODULE III- KNEC)

UNIT NAME: MANAGEMENT INFORMATION SYSTEM.

 CHAPTER 1
INTRO DUCTION TO MANAGEMENT INFORMATION SYSTEMS

Introduction

MIS: is a system that provides the information necessary to manage an organization

effectively.MIS and the information it generates are considered essential components of prudent
and reasonable business decisions.

Components of a management information system

a) Database: It is used to store data or information that an organization uses.

b) Database management system: it is a collection of programs that enable the storage,
modification and manipulation of information from a database.
c) User-interface: Allows the user to interact with the system
d) Model base: It has the required statistical models in order to analyze the large amount of
data.

Information system: It’s the interaction of related components working together to store, retrieve
and disseminate or distribute data to achieve an objective.

Characteristics of MIS

➢ MIS support structured decisions at operational and management control levels. However,
they are useful for planning purpose of senior management staff.
➢ MIS are generally reporting and control oriented. They are designed to report on existing
operations and therefore to help provide day-to-day control of operations.
➢ MIS rely on existing corporate data and data flows.
➢ MIS have little analytical capability.
➢ MIS generally aid in decision making using past and present data.
➢ MIS are relatively inflexible.
➢ MIS have an internal rather than an external orientation.
ROLES OF INFORMATION IN AN ORGANISATION

✓ Reduction of uncertainty: Uncertainty exists where there is less than perfect knowledge.
Relevant information helps to reduce the unknown. This is particularly relevant in
planning and decision making.
 ✓ An aid to monitoring and control: By providing information about performance in the
extent of deviations from planned levels of performance, managers are better able to
control operations.
✓ As a means of communication: Information helps managers to know about development
plans, forecasts etc.
✓ An aid to simplification: By reducing uncertainty andenhancing understanding, problems
and situations are simplified and become more manageable.

SYSTEM CONCEPTS

System
A system is a set of inter-dependent/interrelated components (some of which may be systems in
their own right), with an identifiable boundary and which collectively accomplish certain
objectives/purpose.

Characteristics of a system
A system has 9 characteristics.
• Components
A system is made up of components. A component is an irreducible part or aggregation
Of that make up a system, also called subsystems. We can repair or upgrade the system by
changing individual components without having to make changes throughout the entire system.

The components are interrelated. This means the dependence of one subsystem on one or more
subsystems. The function of one subsystem is tied to the function of others.
• A Boundary
A system has a boundary within which all of its components are contained and which
Establishes the limits of a system, separating the system from other systems. The boundary is the
line that makes the inside and outside of a system and that sends off the system from its
environments.
• A purpose
This is the overall goal or function of a system. A system must give priority to the objectives of
the organization as a whole as compared to the objectives of a subsystem.
• An Environment
This is everything external to a system that interacts with the system i.e. everything
outside the system’s boundary, usually the system interacts with its environment, exchanging,
in the case of an information system, data and information.
• Interfaces
This is the point of contact where a system meets its environments or where subsystems
Meet each other. E.g. The interface between an automated system and its users (manual system)
and interfaces between different information systems. It is the design of good interfaces that
permits different systems to work together without being too dependent on each other. Because
an interface exists at the point where a system meets its environment, the interface has several
special, important functions outlined below:-
i. Security - protecting the system from undesirable elements that may want to infiltrate it.
 Filtering unwanted data both for elements leaving and entering the system.
Coding and decoding incoming and outgoing messages.
Detecting and correcting errors in its interaction with the environment.
ii. Buffering - providing a layer of slack between the system and its environment, so that the
system and its environment can work on different cycles and at different speeds.
iii. Summarizing raw data and transforming them into the level details and format needed
throughout the system.

• Constraint/ Controls
This is a limit to what a system can accomplish. A system must face constraints in its
Functioning because there are limits – in terms of capacity, speed, or capabilities to what it can
do and how it can achieve its purpose within its environment.
• Input
This is whatever a system gets from its environment, e.g.raw data.
• Output
This is whatever a system returns to its environment in order to fulfill its purpose

Subsystem: A system within a larger system. This means that systems exist on more than one
level and can be composed of subsystems.

Classications of systems.

Classification of Systems

1) Open Systems
These are the system which are connected to and interact with the environment. Examples are,
the biological and social system. All business organizations are also open systems since they
must have the capacity to adopt in the future of changing competition, changing markets etc.

2) Closed Systems
A closed system is that which does not interact with its environment. The system is neither
influenced by nor influences its environment. It does not take in from or give to it. The system
behavior occurs because of internal interaction and is more relevant to scientific than social
systems. They do not obtain modification from their environments. A computer program is a
relatively closed system because it accepts only previously defined outputs. In fact, no system
can be a completely closed system for a long time.

Difference between Open Systems and Closed Systems

Open System Closed System

- Interacts with the environment constantly - Does not interact with the Environment
- Has infinite scope - Limited Scope
- Relevant variables keep on interacting - Self Contained
- Flexible and abstract - Rigid and mathematical
 3) Abstract systems
These are conceptual. They are not physical entities. They maybe formulas, representation or
model of a real system.
4) Deterministic Systems (Mechanistic Systems)
These are the systems that function according to some predetermined procedure and have
results and future behavior predicted with certainty provided they are working correctly and
under control.

5) Probabilistic Systems (Stochastic Systems)

These are those systems which operate on probability. State and behavior can be predicted only
within certain limits, even when they’re under control.
Cybernetic system (Self Organizing/ Adaptive)
These are systems that have to adapt to their environments/ react to stimuli, they learn from their
mistakes, so that they do not always react in the same way to a particular input. Examples are the
social systems, organizations, plants.
6) Open – Loop System.
This is a system which does not act in a controlled manner, i.e. no feedback, and so no measure
of performance against standards.
7) Closed – Loop System
A system that functions in a controlled manner e.g. A system accepts inputs, work upon them
according to some pre-defined processing rules, and produces outputs, so that it can function in a
controlled manner, must give feedback
8) Artificial Systems
These systems are created rather than occur by nature e.g. computer programs, organization, etc.
They are usually made to support the objective of the designer and user.

Approaches to information systems classification

a) Classification by organizational level supported

i. Strategic level systems help senior manager with long-term planning. The principle
concern at this level is matching changes in the external environment with existing
organizational capabilities. It supports the long-range planning activities of senior
management. It also helps the senior management to tackle and address strategic issues
both in the firm and in the external environment.
ii. Tactical/Management level systems help middle managers monitor and control. It
typically provides periodic reports rather than instant information on operations. It
supports the monitoring, controlling, decision-making and administrative activities of
middle managers. Some of the management level systems support non-routine decision
making where they tend to focus on less-structured decisions for which information
requirements are not always clear.
 iii. Knowledge level systems help knowledge and data workers design product, distribute
information and cope with paperwork. The main purpose is to help integrate new
knowledge into the business and to help the organization control the flow of paperwork.
Knowledge level systems, especially in the form of workstations and office systems are
the fastest-growing applications in business today.
iv. Operational level systems help operational manager keep track of the firm’s day-today
activities. The principle purpose is of operational level system is to answer routine
questions and to track the flow of transactions through the organization.

Strategic level
EIS/

ESS

MIS Management level

KMS

TPS Operational level

OAS

b) Classification by functional area supported/Types of information systems from functional

perspective-functional area/department/Enterprise systems (ERP systems)
i. Sales and marketing information system

Are information systems that help the firm identify customers for the firm’s products and
services, develop products and services to meet the customer’s needs, promote these products
and services, sells the products and services and provides ongoing customer support.

At the strategic level, sales and marketing information systems monitor trends affecting new
products and sales opportunities, support planning for new products and services and monitor the
performance of the competitors.
At the management level, sales and marketing information systems support market research,
advertising and promotional campaigns

At knowledge level, they support market analysis

At operational level, they assist in locating and contacting prospective customers, trackingsales,
processingorders, and providing customer service support.

ii. Manufacturing and production information system

Are systems that deal with the planning, development and production of products and services
and controlling the flow of production.

Strategic level manufacturing systems deal with the firm’s long term manufacturing goals such
as where to locate new plants, whether to invest in new manufacturing technology.

At management level, manufacturing and production information systems analyze and monitor
production costs and resources.

At the knowledge level, manufacturing and production information systems create and distribute
designed knowledge to drive the production process.

At operational level, manufacturing and production information systems deal with status of
production tasks.

iii. Finance and accounting information systems.

Are information systems that keep track of the firm’s financial assets and fund flows.

At the strategic level, finance and accounting information systems establish long term investment
goals for the firm and provide long range forecasts of the firm’s financial performance.

At the management level, these information systems help management to oversee and control
firm’s financial resources.

At the operational level, these systems track the flow of funds in the firm through transactions
such as pay cheques and payments to vendors.

iv. Human resource information systems

Are information systems that maintain employee records, employeeskills, job performance and
training, and support planning for employee compensation and career development?

These systems support activities such as identifying potential employees, maintaining complete
records on existing employees and creating programs to develop employee talents and skills.

c) Classification of information systems by support provided.

 ➢ Transaction processing systems(TPS)

It is a computerized system that performs and records the daily routine transactions necessary to
conduct the business.

These systems serve the operational level of the organization

A business can have several transaction processing systems example is stock control system,
inventorysystem, billingsystem, order tracking systems.

They are used by operational level employees to help them make structured decisions.

➢ Knowledge management system(KMS)

These are systems designed to help businesses create and share information.

They are used in a business where employees create new knowledge which can then be shared
with other people in other organization to create further commercial opportunities. E.g. AUTO-
CAD, Arch-CARD.

➢ Management information systems(MIS)

It is an information system at the management level of an organization that serves the functions
of planning, controlling and decision making by providing routine summary reports.

They take data from TPS and summarize them into a series of management reports. They make
semi-structured decisions.

➢ Decision support systems(DSS)

It is an information system at management level of an organization that combines data and

sophisticated analytical models to or data analysis tools to support semi-structured and
unstructured decision making.

A decision is considered unstructured if there are no clear information or procedure for making
the decision.

Components of a DSS

-data management component

Performs the function of storing and maintain information the DSS uses.

-user interface management component

It allows the user to communicate with the DSS.

-Knowledge management component

Provides information about relationships about data that is too complex for a database to
represent.

Characteristics of a DSS

✓ DSS offers users flexibility, adaptability and quick response.

✓ DSS operate with little or no assistance from professional programmers.
✓ DSS provide support for decisions and problems whose solutions cannot be specified in
advance.
✓ DSS use sophisticated data analysis and modeling tools.
Group Decision Support System (GDSS) is a type of a DSS that helps a team of decision makers
to solve problems.
➢ Executive support system(ESS)/Executive information system(EIS)

An information system designed to help senior management to make strategic decisions.

It is used at strategic level of organization to assist in making unstructured decisions.

They gather, summarize and analyze the key internal and external information used by the
business.

➢ Expert information systems

It is a computer based system that emulates the decision making ability of a human expert.

They are designed to solve complex problems by reasoning about knowledge like an expert and
not by following the procedure of a developer as in the case in conventional programming.

Benefits of expert systems

-preservation of knowledge: Expert systems preserve knowledge that might be lost

through retirement, resignation, or death of an expert or acknowledged person in a
company.
-it is not subject to human feeling such as fatigue, being too busy or emotional.
-an expert system can effectively be used as a strategic tool in the areas of marketing of
products, cutting costs and improving products

Disadvantages of expert systems

-knowledge designing problem: enormous amount of time and effort is required to extract the
expert knowledge and translate it into IF/THEN rules upon which an expert system is based.
-programming problem: programming the system and monitoring the source code is very
difficult

-judgmentproblem: an expert system cannot apply judgment which is an important ingredient for
problem solving. It has no common sense or judgment.

➢ Geographic information system(GIS)

It is an information system designed to capture, store and manipulate, analyze, manage and
present all types of geographical data. ExampleGoogle earth.

Figure below shows the relationship between the different systems:

Executive
support system
(ESS)

Management Management
systems (MIS) systems (DSS)

Knowledge Transaction
systems (KWS processing
and OAS) system (TPS)
A Business Perspective on Information System

From a business perspective, an information system is an organizational and management

solution, based on information technology, to a challenge posed by the environment. It
emphasizes the organizational and management nature of information system: To understand
information system – to be information system literate as opposed to computer literate – a
manager must understand the broader organization, management and information technology
dimensions of systems and their power to provide solutions to challenges and problems in the
business environment

Organizations Technology

Information
System

Management
Contemporary Approaches to Information Systems
Multiple perspectives on IS shows that the study of information systems is a
multidisciplinary field, where no single theory or perspective dominates. Figure 1.3 shows the
major disciplines that contribute problem, issues and solutions. In general, the field can be
divided into technical, behavioral and socio-technical approaches.

Technicalapproach emphasizes mathematically based, normative models to study

information systems as well as the physical technology and formal capabilities of these systems.
Three disciplines that contribute to this approach are Management Science, Computer Science
and Operation Research.

Behavioral approach is more concern with development and long-term maintenance of

information systems, which emphasizes on issues like strategic business integration, design,
implementation and utilization. Three disciplines that contribute to this approach are
Psychology, Economics and Sociology.

Computer Science
Management
Operation Research
Science

MIS
Psychology
Economics Sociology

A good IS must be able to produce information that carries the following characteristics:

• Relevant – information must pertain to the problem at hand.

• Complete – partial information is often worse than no information.
• Accurate – erroneous information may lead to disastrous decisions.
• Timely – decisions are often based upon the latest information available.
• Economical – in a business setting, the cost of obtaining information must be considered as
one cost element involved in any decision.
• Availability: Should be able to produce the information when required.
 CHAPTER 2
USE OF INFORMATION SYSTEM IN MANAGEMENT

Management is the process of planning, organizing, leading and controlling the effort of
organization members and of using all other organization resources to achieve organizational
goals.

Functions of management

▪ Planning

It is the function of management of systematically making decisions about the goals to be

achieved and activities needed to achieve those that an individual or a group will pursue in
future.

▪ Organizing

It is the management function of assembling and coordinating financial resources, information

and other resources needed to achieve organizational goals.

▪ Leading

It is the management function that involves the manager’s efforts to ensure high performance by
employees and includes directing, motivating, and communicating with employees individually
and in groups.

▪ Controlling

The function of management of monitoring progress and making changes to make sure that the
organizational goals are achieved.

▪ Staffing

Involves recruiting the right people with right skills.

How information systems support management as a function

o Information access

Management information systems simplify and speed up information retrieval by storing data in
a central location that is accessed via network. This enables quick and accurate decision making.

o Data collection

Information systems bring together data from inside and outside the organization.by setting up a
network that links a central database to retail outlets, distributors and members of the supply
chain companies can collect and send production data daily and decisions based on the latest
information.

o Collaboration

Information systems make it easy for managers to make collaborative decisions.

o Interpretation

Information systems help decision makers to understand the implication of their decisions. E.g. a
sales manager can make predictions about the effect of a price change on sales by running
simulations within the system.

o Presentation

The reporting tools within information system enable decision makers to tailor reports to the
information needs of other parties.

Types of decisions.

▪ Unstructured/unprogrammed/non-programmed

These are non-routine decisions in which the decision maker must provide judgment, evaluation
and insights into the problem definition.

There is no agreed procedure for making such decisions.

These decisions are normally made by strategic level managers

▪ Structured decisions/programmed

These are repetitive, routine and have defined procedures

They are made by the operational level employees.

▪ Semi-structured decisions

These are decisions which are partially unstructured and partially have defined procedure on how
they are supposed to be made or executed.
 Strategic level

Unstructured/

Non-programmed

Management level
Semi-structured

Operational level
Structured/programmed

Types of decisions and where they are made in an organization

Decision making cycle/stages of decision making

✓ Problem definition stage

At this stage, the decision maker identifies the problem clearly.

✓ Develop alternatives/identify alternatives

The decision maker should state out the alternatives available for a particular problem. The
decision maker should do adequate research to find the best option that will aid in solving the
problem.

✓ Evaluate alternatives

The decision maker should analyze each alternative and come up with advantages and
disadvantages of each option. The decision maker should rank the alternatives logically
 ✓ Make decision

This is where the decision maker implements the decision.

✓ Monitor the solution

Monitoring of solutions at early stage may help to alter the decision if deviations from
expectations are noticed.
 CHAPTER 3
MANAGEMENT OF INFORMATION SYSTEM RESOURCES

Information system resources management is the process of planning, organizing, controlling

and directing how information resources should be used.

All information systems consist of five major resources:

▪ People resources
▪ Hardware resources
▪ Software resources
▪ Data resources
▪ Network resources

People resources

They include end users and information system specialists

End users are people who use an information system or the information it provides. They can be
customers, salespersons, clerks or accountants

Information specialists are people who develop and operate information systems. They include
system analysts, softwaredevelopers, database designers and system operators.

System analysts design information systems based on information requirements of end users.

Software developers/programmers create computer programs base on specifications of system

analysts.

System operators help to monitor and operate large computer systems and networks.

Hardware resources

They include all devices and materials used in information processing

Hardware includes computers, printers, data media on which data is stored etc.

Software resources

Software includes system software such as operating system and application software.

Data resources

Data can take many forms including alphanumeric data, numbers, letters, images/pictures and
other characters that describe business transactions.
Network resources

Telecommunication networks consist of computers, communication media and network

infrastructure.

Importance of managing information system resources

✓ Improved business processes and operations: proper management of information system

resources/ICT resources can help to make a firm’s operational processes more efficient
and its managerial processes much more effective. This will enable the organization to
cut on cost and improve the quality of customer service.
✓ Promoting business innovation: proper management of information system resources can
result in development of new products, services and processes. This can help an
organization to create new business opportunities and enable a firm to enter new markets.
✓ Creating switching costs: effective management of information system resources can
make customers, suppliers to be dependent on the continued use of innovative mutually
beneficial inter-organizational information system.
✓ Support of decision making by employees: by managing data efficiently, relevant sound
management decisions can be made.
✓ Improved flow of information from top management to low level management and vice-
versa.

Information society/information age

This is a term for a society in which the creation, distribution and manipulation of information
has become the most significant economic and cultural activity.

It is a society characterized by high levels of information intensityin the everyday life of most
citizens, in most organizations and work place.

The machine tools of the information society are computers and telecommunication rather than
plough.

Characteristics of information society

• Information is used as an economic resource

Organizations make great use of information to increase their efficiency, stimulate innovation
and increase competitive positions.

• Stratification into new classes of those who are information rich and those who are
information poor.
• Greater use of information among general public

People use information more intensively in the activities as consumers.

 • Development of the information sector within the economy

The function of the information sector is to satisfy the general demand for information facilities
and services.

• Globalization of capitalism which is facilitated by and is dependent upon computer

networks permitting economic decision making on wide scale in real time.

Challenges of information society

➢ Trust and confidence

It is difficult to enhance trust and confidence in ICT and network systems

Threats to ICT systems such as computer virus attacks, hacking, cracking and network outages.

➢ Privacy challenges

Rights to privacy face new challenges and it must be protected

The collection, storage, processing, use and disclosure of personal data should remain under the
control of people concerned.

➢ Literacy challenges

Computer literacy has become an essential pre-requisite/requirement to access and use the
internet.

➢ Security challenges

The widespread use of internet has led to the immergence of new security threats to individual
and organization.

The rise of computer crime can compromise security making an organization to lose very
important data.

➢ Ethical or moral challenges

The use of internet and other telecommunication technologies have changed the culture of
different societies.
 CHAPTER 4

INFORMATION SYSTEM PLANNING

Strategic planning of information systems means the process in which the organization identifies
and chooses information system projects that support the realization of its business plans and
attainment of the goals the organization has set.

At the early stages of an information system project, it must prove that it is connected to the
business plan and how this is lined up with corporate purpose.

Importance of information system planning

✓ An organization can improve its development methods and ensure that user’s goals have
been achieved.

Information system planning process should be based on constant interaction between users and
information system management.

✓ Enables a shared view of the goals of ICT use in the business between developers and
users.
✓ Acquisition of the right system at minimum cost possible

Through planning, the right system which addresses the organization requirements can be
acquired.

Information system planning process

Steps:

• Agreeing on planning objectives and stakeholders

In this phase, stakeholders will formulate the scope and objectives of the plan and select
participants.

• Alignment of business objectives and information objectives

Activities in this phase include reviewing existing documents and information resources,
performing business and technology analysis and aligning information system plans with
business objectives.

• Analyzing information system resources and technology infrastructure

Activities in this phase include planning the IS/ICT infrastructure, planning information system
organization and evaluating the IS/ICT development manpower.

Stakeholders need to identify the required resources.

 • Authorizing the action

Activities during this phase include identifying organizational implications, defining criteria for
decision making and authorizing final decisions.

Reasons for aligning information system plan to organization plan

✓ Information resources will support business resources

✓ To streamline key business processes

Strategic alignment can successfully speed up acquisition and placement of ICT that is in
harmony or in line with the competitive needs of the business.

✓ ICT/IS alignment enables organization to improve on how to manage their business

needs, technology and rivals/competitors.

Elements of information system strategy plan

• Business information strategy

Indicates how information will be used to support the business

• Information system functionality strategy

It indicates what features and performance the organization will need from the system.

• IS/ICT strategy

It defines the policies for software and hardware e.g. any standards to be used or preferred
suppliers.

It also defines the organization stand on the information system organization e.g. whether it is to
be centralized or distributed.
 CHAPTER 5
INFORMATION SYSTEM PROJECT MANAGEMENT

Information system project management is the process of planning, monitoring, controlling

people, processes and events that occur as software evolves from a preliminary concept to an
operational implementation.

Effective software project management focuses on people, product and process.

People

The software project manager should recruit highly skilled and motivated software developers.

The stake holders should be involved in all phases of development of the product.

Product

Before a project can be planned, product objectives and scope should be established, alternative
solution should be considered, technical and management constraints should be identified. This
would help in defining the estimates on cost of the project.

Process

Software process provides the framework from which a comprehensive plan software
development can be established.

Project

A set of related tasks that is coordinated to achieve a specific objective within a given time limit
and under a specified budget.

Deliverable

It is the end product of a software development life cycle phase.

It can be a report or a working system depending on the software development phase.

Importance of information system project management

✓ Meeting customer expectation

Project management techniques will enable developers to deliver a system that satisfies user
requirements.

✓ Satisfying budget constraints

Effective project management will ensure that the system is delivered within budget.
 ✓ Satisfying time constraints

Project management will ensure the system is delivered within scheduled time.

✓ Equal distribution of tasks and responsibilities to members of the development team.

Project management process

• Initiation(initiating the project)

• Planning(planning the project)
• Execution(executing the project)
• Closedown(closing down the project)
Initiation
The manager performs several activities to assess size, scope and complexity of the
project and to establish procedures to support subsequent activities.
Planning
The manager identifies the resources required, scheduled activities using Gantt chart and
network diagrams and prepares a preliminary budget.
Execution
The manager will authorize project activities to start.
Closedown
A project is not complete until it is closed and it is at close down that projects are deemed
a success or a failure.
Projects can conclude with a natural or unnatural termination.
Information system project management techniques
Cost estimation techniques
✓ Expert judgment

Several experts on software development techniques and the application domain are consulted.
They each estimate the project cost.

These estimates are compared and discussed.

The estimation process iterates/repeats until an agreed estimate is reached.

✓ Estimation by analogy

This technique is applicable when other projects in the same application domain have been
completed. The cost of a new project is estimated by analogy with these completed projects.

✓ Pricing to win

The software cost is estimated to be whatever the customer has available to commit to the
project.
 ✓ Constructive cost model(COCOMO)

It is an approximation of effort needed based on experience of past projects

Project scheduling

It is the process of estimating the duration of activities in a project and presenting the estimation
using tools that are universally accepted.

The two graphical tools that are used in project scheduling are:

✓ Gantt chart
✓ PERT chart/Network diagram

Gantt chart

It is a graphical representation of a project that shows each task activity as horizontal bars whose
length is proportional to its time of completion.

Different colors or shades can be used to highlight different activities.

Pert chart/network diagram PERT (project evaluation and review technique)

On the PERT chart, a project is viewed as a network of activities of which some must be
completed before others can begin.

PERT assumptions

▪ Inter-relations of activities are depicted/shown on a network on directed arrows which

denote sequence of activities.
▪ The nodes called events represent instance in time when certain activities have been
completed and others can then be started.
▪ The origin node is the beginning of the project.

Types of network diagrams

✓ Activity on arrow(AOA)
✓ Activity on node(AON)

Activity on arrow

▪ Activities are shown on the arrow

▪ It is easier to draw and modify
▪ Non-experts are more likely to understand the network diagram
▪ Milestone events are readily visible.
Illustration

ACTIVITY PRECEEDING DURATION(WEEKS)

ACTIVITY
A - 5
B - 4
C A 2
D B 3
E B 5
F B 5
G C,D 4
H F 3

Activity on node

7
C 4
5 8 G
2
2 4
0
A
12
5 6
0 D
1 3 12
B E
0
4 5
4
3 H
F
4
9 3
5 5
9

EST

N
EST:Earliest Start Time
LST

LCT:Latest Event Start Time

N:node number

Critical path:B-F-H=12 weeks.

Activity on arrow

7 8

5 6
C 4
G
2 2 12 12
0 0 A 4

5 D 6
1 3 E
B

4
5
3 H
9 9
4 4
F 3

5 5

EST:Earliest Start Time (0)

EST LCT LCT:Latest Completion

Time(12)

Critical path:B-F-H=12 weeks.

Earliest Start Time

EST at an event is the earliest time activities ahead of that event can start, keeping in mind that
all the activities before the event must be complete. It is calculated in the forward pass.

Activity durations on each path linking to an event are added and then the largest is taken.

The first event has EST value 0

The EST in the last event gives the project duration.

In the above example, the project duration is 12 weeks. Latest Completion Time
LCT at an event is the latest time that preceding activities can complete without delaying any of
the succeeding activities.

It is calculated in backward pass, starting from the last event whose LCT is set to the project
duration.

Critical path

It is the sequence of activities that takes the longest time to complete.

It is the sequence of activities that have the same EST and LCT values.

Any delay to an activity in the critical path will cause delay to overall project.

Slack time

It is free time associated with each activity as it represents unused resources that can be averted
to the critical path.

Dummy activity

It is a hypothetical activity which requires zero time and zero resources for completion. Adummy
activity has a completion time of zero.

Dummy arrow represents an activity with zero duration.

It is represented by a dotted line.

Estimation of activity times

Optimistic time

It is the estimate of the maximum time an activity will take

The most optimistic (O) case where everything goes right

Most likely time

The completion time having the highest probability.

The most likely (M) case given normal problems and opportunities

Pessimistic time

An estimate of the longest time that an activity might require.

The most likely (M) case given normal problems and opportunities
The resulting PERT estimate is calculated as (O + 4M + P)/6. This is called a "weighted average"

Signs of a failing information system project

✓ Poor communication: It is where no one understands what to do and there is no

communication as to current progress.
✓ Poor planning and estimation: projects that are poorly estimated and planned tend to fail
both in cost and schedule which eventually causes the overall project to fail.
✓ Poor documentation/minimal documentation: many failed projects reveal that there was
too little documentation to adequately describe the project in its broader terms and serve
as a clear communication channel.
✓ Poor user requirements: when the user requirements have not been adequately captured it
may lead to misalignment between the project and business objectives.
✓ Budget overrun: projects that run over budget are likely to be cancelled.
✓ Poor project control: the project manager may not have the skills or experience required
to manage the project.
✓ Time overrun: developers may run out of time that they had scheduled.

Causes of information system project failure

✓ Lack of senior management support and involvement in information system

development.
✓ Lack of user participation

User involvement is necessary to reduce resistance to change and ensure adequate development.

✓ Shifting user needs

User requirements for ICT change constantly. Changes during an ongoing development process
cause a challenge and may cause the project to fail.

✓ Poor estimation techniques

When project cost and time are not well estimated, developers may run out of funds and time.

✓ Inadequate testing and user training

New systems must be tested before installation

Users must be adequately trained on how to use the system.

✓ Undertrained development staff

Developers may lack the required skills and knowledge/expertise required.

✓ Lack of standard project and system development methodologies.

 ✓ Resistance to change

Users have a natural tendency to resist change.

Control measures and techniques of rescuing a failing information system project

✓ Pausing the project

Pausing the project creates an opportunity to restore integrity to the project.

✓ Auditing the project

The purpose of project audit is not to place blame but rather is to find out the root cause why the
project is failing.

✓ Recognizing early warnings

It is always easier to get projects back on track if they have not drifted too far off the track.

✓ Assessing the effort to complete the project

The human effort required to complete the project should be reviewed or assessed.

Measures of project success

✓ The resulting information system is acceptable to the client or users

✓ The system was developed within the time scheduled.
✓ The system was delivered within budget.
 CHAPTER 6

INFORMATION SYSTEMS ACQUISITION

Factors affecting the choice of information system acquisition method

✓ Cost of acquisition

Small organizations can prefer to purchase commercial off-the-shelf software rather than
developing in-house programs.

✓ Capability of in-house ICT team

The number of ICT personnel and the level of their knowledge and skills can determine if the
organization has enough manpower or expertise to develop the system.

✓ System complexity

If in-house ICT team is not able to manage a complex system, the organization can opt to
outsource ICT services.

✓ Size of the organization

Small organizations may not be able to develop in-house software and therefore can
adopt other methods like purchasing ready-made software or using open source software.

Information system acquisition methods

✓ Commercial off-the-shelf purchase

✓ System development/bespoke development/in-house development
✓ Outsourcing
✓ Open source software
✓ Renting
✓ Leasing
• Commercial off-the-shelf purchase

This is an acquisition method that involves direct purchase of a pre-written application or system
used by more than one company.

Advantages

-readily available for purchase and use

-cheap

Disadvantages

-the system may lack all the requirements needed.

 • System development

This is where an information system is developed from scratch by information system

professionals to suit the business requirements of the organization.

Advantages

-ownership: The organization owns the system completely

-the system has the required features

Disadvantages

-expensive: As it requires both resources and time to develop.

• Outsourcing

It is the practice of subcontracting part or all of an organization’s information system functions

to an external service provider

Advantages

-cost reduction: Focus/concentrate on their core competencies

-knowledge: a way to gain access to new technology and outside expertise.

• Open source software

Software that has no copyright over the code and allows the public to modify the source code
and develop it to their own content.

Software that is developed, tested or improved through public collaboration and distributed with
the idea that it must be shared with others ensuring an open future collaboration.

• Renting

An acquisition method where an organization that requires the hardware, software or computer
system gets them from another company after signing a rental contract.

The computer system or hardware system can only be used for the activities or functions that
have been specified in the contract.

• Leasing

An information system is acquired from another company after signing a lease contract.

The lease contract is longer than that of renting.

 CHAPTER 7

THE STRATEGIC ROLE OF INFORMATION SYSTEM IN AN ORGANIZATION

Strategic Information Systems can be defined as computer systems at any level of the
organization that change goals, operations, products, services or environmental relationships to
help the organization gain a competitive advantage. The following describes the eight basic
ways to gain competitive advantage.

INITIATIVE BENEFIT

A company can gain advantage if it can sell more units at a lower

Reduce costs price while providing quality and maintaining or increasing its
profit margin.

Raise barriers to A company can gain advantage if it deters potentials entrants into
market entrants the market, leaving less competition and more market potentials.

A company can gain advantage if it creates high switching costs;

Establish high
making is economically infeasible for customers to buy from
switching cost
competitors.

Create new products A company can gain advantage if it offers a unique product or
or services service.

Differentiate A company can gain advantage if it can attract customers by

products or services convincing them its product differs from the competitors.

Enhance products or A company can gain advantage if its product or service is better
services than anyone else’s.

Companies from different industries can help each other gain

Establish alliances advantage by offering combined packages of goods or services at
special prices.

A company can gain advantage if it can lock in either suppliers or

Lock in suppliers or
buyers, making it economically impractical for suppliers or
 buyers buyers to deal with competitors.

Strategic information systems should be distinguish from strategic level systems for
senior managers that focus on long-term, decision making systems where strategic information
systems can be used at all levels of an organization and are far-reaching and deep-rooted than the
other kinds of systems. Strategic information systems fundamentally change a firm’s goals,
products, services or internal and external relationships. In order to use the strategic information
systems as competitive weapons, we must understand where strategic opportunities for
businesses are like to be found based on two models of a firm and its environment: the
Competitive Forces Models and the Value Chain Model

2.2.2 Countering Competitive Forces (Competitive Forces Model)

In the competitive forces model (a model used to describe the interaction of external
influences, specially threats and opportunities, that effects an organization’s strategy and ability
to compete; illustrates in Figure 2.2), a firm faces a number of external threats and opportunities:

• The threat of new entrants into its market

• The pressure from substitute products or services
• The bargaining power of customers
• The bargaining power of suppliers
• The positioning of traditional industry competitors
Competitive advantage can be achieved by enhancing the firm’s ability to deal with
customers, suppliers, substitute products and services, and new entrants to its market, which in
turn may change the balance of power between a firm and other competitors in the industry in
the firm’s favor.

New market Substitute products

entrants and services

The firm Traditional

competitors

Suppliers Customers
 Organization can use four basic competitive strategies to deal with these competitive
forces:

✓ Product differentiation
Firms can develop brand loyalty by product differentiation – creating unique new products
and services that can be easily be distinguished from those of competitors, and that existing
competitors or potential new competitors can’t duplicate. Manufacturers are starting to use
information systems to create products and services that are custom-tailored to fit the precise of
individual customers.

✓ Focused differentiation
Businesses can create new market niche by focused differentiation – identifying a specific
target for a product or service that it can serve in the superior manner. A firm can provide a
specialized product or service that serves this narrow target market better than existing
competitors and that discourages new competitors. An information system can give companies
advantage by producing data to improve their sales and marketing techniques. Sophisticated
data-mining software tools find patterns in large pools of data and infer rules from them that can
be used to guide decision making. Data-mining is both a powerful and profitable tool, but it
poses challenges to the protection of individual privacy. Data-mining technology combines
information from many diverse sources to create a detailed “data image” about individuals, such
as the income, hobbies, driving habit, and the question here is whether companies should be
allowed to collect such detailed information about individuals.

✓ Developing tight linkages to customers and suppliers

Firms can create ties to customers and suppliers that “lick” customers into the firm’s products
and that tie suppliers into a delivery timetable and price structure shaped by the purchasing firm.
This raises switching costs (the cost for customers to switch to competitors’ product and
services) and reduces customers’ bargaining power and the bargaining power of suppliers. This
is similar to the just-in-time delivery or inventory systems which reduce the cost of inventory, the
space required for warehousing and construction time.

✓ Becoming the low-cost producer

 To prevent new competitors from entering their markets, business can produce goods and
services at a lower price than competitors. Strategically oriented information systems help firms
significantly lower their internal costs, allowing them to deliver products and services at a lower
price (and sometimes with higher quality) then what the competitors can provide. For example,
organizations can use supply chain management to integrate supplier, distributor and customer’s
logistics requirements into one cohesive process. Information systems make supply chain
management more efficient by integrating demand planning, forecasting, materials requisition,
order processing, inventory allocation, order fulfillment, transportation services, receiving,
invoicing and payment. Supply chain management can not only lower inventory costs but also
can create efficient customer response systems that deliver the product or service more rapidly to
the customer.

The following show how the above mentioned strategic can be used on the Internet.

Strategy Internet Application

Virtual banking which allows customers to view account

Product differentiation statements, pay bills, check account balance and obtain 24-
hour customer service through the World Wide Web

Hotel room reservation tracking system which provides

electronic information on participating hotels. It can analyze
Focused differentiation
these usage patterns to tailor hospitality-related products more
closely to customer preferences

Links to customers and Access through websites to track or check the status of any
suppliers shipment

Uses EDI (electronic data interchange) to quote any quotation

Low cost producer
or charge any bills.
 CHAPTER 8
INFORMATION SYSTEM MAINTENANCE

Maintenance is the process of making needed changes to the structure of some information
system.

System maintenance is the ongoing maintenance of a system after it has been placed into
operation.

Types of information system maintenance

✓ Corrective maintenance

It implies removing errors in a program which might have crept into the system due to faulty
design or wrong assumptions.

Thus, in corrective, it is the process where performance failures are repaired.

✓ Adaptive maintenance

Program functions are changed to enable the information system to satisfy the information needs
of the user.

This type of maintenance may become necessary because of the organizational changes which
may include change in the organizational procedures, change in forms, change in information
needs of managers, change in system controls and security needs, change in organizational
objectives and policies, change in operating system.

✓ Perfective/enhancement maintenance

Perfective maintenance means adding new features or modifying the existing programs to
enhance the performance of the current system.

Perfective maintenance is undertaken to respond to users additional needs which may be due to
changes within or outside the organization.

An example of this type of maintenance is the conversion of text based systems to graphical user
interface design (GUI)

✓ Preventive maintenance

It deals with activities aimed at increasing system maintainability, such as updating

documentation, adding comments and improving the modular structure of the system.

Reasons for information system maintenance

 ✓ Changes in business processes

Systems should be modified or updated to enable them address emerging or new business
processes.

✓ New requests from stakeholders ,users and managers

✓ Bugs or errors in the system
Maintenance is necessary to fix errors.
✓ Change in operating system or hardware on which the system runs.
✓ Corporate mergers and acquisitions
✓ Government policies

The government may come up with new policies which may affect how business organization
operates. Systems must be modified to be in line with the new policies.

System maintenance process

✓ Obtain maintenance requests i.e. system service request

✓ Transform requests into formal changes/identify what parts of the system need to be
changed.
✓ Secure resources to implement the change
✓ Design,code,test and implement changes
✓ Monitor changes
✓ Update software and hardware documentation
 CHAPTER 9
ROLE OF ICT IN AN ORGANIATION

Meaning of organizational change

Organizational change is about reviewing and modifying management structure and business
processes

Organizational change occurs when business strategies or major sections of an organization are
altered.

It is a change that has significant effects on the way work is performed in an organization.

New information systems can be powerful instruments for organizational change enabling
organization to redesign their structure, scope, workflows, products and services.

Types of structural organizational change which are enabled by ICT

✓ Automation
✓ Rationalization
✓ Business process re-engineering
✓ Paradigm shift

Automation

Automation is the use of technology to help people to do their jobs better and faster.

It is using computers to speed up performance of existing tasks.

Rationalization

This is the streamlining of standard operating procedures, eliminating obvious bottlenecks so that
automation can make operating procedures more efficient.

Business process re-engineering

It is the complete redesign of a system with an objective of changing its functions.

BPR is the radical re-design of business processes, combining steps to cut waste and eliminating
repetitive paper intensive tasks in order to reduce costs, improve quality and service and to
maximize the benefits of ICT.

Steps in business process re-engineering

✓ Develop business vision and process objectives

Senior management need to develop a broad strategic vision which calls for the re-design of
business processes e.g. the management can look for breakthrough to lower cost and accelerate
service that would enable the firm to regain its competitive positions in the industry.

✓ Identify the processes to be re-designed

Companies should identify a few core processes to be re-designed, focusing on those with the
greatest potential payback.

✓ Understand and measure the performance of existing processes

Understand the problems that exist in current business processes and avoid them being repeated.

The organization needs to measure time and cost consumed by unchanged process

✓ Identify the opportunities for applying ICT/IS

The conventional method of designing systems establishes the information requirements of a

business function or process and then determines how they can be supported by ICT.

ICT should be allowed to influence the process design from the start.

✓ Build a prototype of the new process

The organization should design the new process on an experimental basis and anticipating a
series of revision until the re-designed process wins approval.

✓ Paradigm shift

It is the radical re-conceptualization of the nature of the business and the nature of the
organization.

Factors or considerations before implementing organizational change

✓ Process to be changed

The organization needs to determine what changes are needed.

In order to lead competent humans into accepting and embracing change, it is better to have a
clear idea of what change should entail.

✓ Human resistance to change

It is important to be vigilant about how to embrace change and commit to moving away from
complaints.

✓ Change task force

It should comprise of most influential people in order to change the altitude of people and their
resistance.

✓ Empowered implementation

All employees should be equipped with the resources needed to effect change.

✓ Short term goals

The management should establish short term goals that represent successes along the path to the
common vision. This will help maintain the momentum and keep everyone motivated.

✓ Trust and communication

Trust should be established where there are doubts

The task force should help to achieve the goal building trust by dealing with people on an
individual basis and promoting honest conversation.
 CHAPTER 10
INFORMATION SYSTEMS ETHICS

Definition of ethics

They are guidelines or rules of conduct that govern work behavior and communication in both
public and private undertaking

Information system ethics is the study of moral, legal and ethical issues involving the use of
information and communication technologies. It is also called cyber ethics.

Ethical issues in information systems

➢ Privacy

The right of individuals to retain certain information about themselves without the disclosure and
to have any information collected about them with their consent (knowledge) protected against
unauthorized access.

Privacy includes both the right to have personal information guarded from misuse and the right
to be left alone when solitude is desired.

➢ Property rights

Intellectual property is the intangible property that results from an individual’s or a corporation’s
creative activity.

Intellectual property is protected by three mechanisms

✓ Copyright

It is a method of protecting intellectual property that protects the form of expression (e.g. a given
program) rather than the idea itself (e.g. an algorithm)

Copyright may subsist in creative and artistic work (books, movies, music, paintings,
photography and software) and give a copyright holder the exclusive right to control
reproduction for a certain period of time depending on jurisdiction or country.

✓ Patent

It’s a method of protecting intellectual property that protects non-obvious discovery falling
within the subject matter of the patent act.

A patent may be granted for a new, useful and non-obvious invention and gives the patent holder
a right to prevent others from practicing the invention without a license from the inventor for a
certain period of time.
 ✓ Trade secret

Trade secret is non-public information concerning the commercial practices or proprietary

knowledge of a business of which public disclosure may sometimes be illegal.

✓ Trade mark

A distinctive sign used to distinguish the products or services of different businesses.

➢ Accuracy

Users of information systems have a duty to ensure that data in the system is up-to-date and
accurate.

➢ Access/information rights

Information system users who hold private information have the ethical obligation to keep their
private information like name, address, and email and phone numbers saved from criminals or
others who may misuse that information.

Computer crime and security

Definition of computer crime/cyber crime

It is any crime committed with the help of a computer or to a computer.

Types of computer crime

• Unauthorized use of a computer

It entails gaining access to another person’s computer system and acquiring sensitive information
such as usernames, passwords and credit card information.

Such details can be used to perpetrate a number of other crimes that most often involve fraud.

• Identity theft

The criminal pretends to be another person using data he/she has acquired illegally

• Developing or spreading computer viruses and worms

Computer criminals can create programs called viruses which inflict considerable harm on the
system they infect.

• Cyber stalking
It entails the use of computer to torment and harass others by sending the malicious emails,
bothering them on online forums and in some cases making effort to damage their computer
remotely.

• Denial of service attack(DOS)

It is a situation whereby a company website is flooded with service requests and the website
become overloaded to appoint where it crashes or becomes extremely slow.

Also, incomputing, denial of service attack is an attempt to make a machine or network resource
unavailable to its intended users.

• Salami slicing

The practice of diverting small amounts of money from a large number of accounts maintained
by the system.

Example is where programmers round off the interest on account balances to the nearest cent and
transfer the accumulated fractions into their own accounts

• Phishing

This to convince users to reveal confidential data relating to them.

• Click fraud

It is a crime or fraud where an individual or computer program fraudulently clicks on an online

advert without any intention of learning more about the advert or making a purchase.

Information systems security

Security refers to the policies, procedures, and technical measures used to prevent unauthorized
access, alteration, theft or physical damage to information systems.

Objectives of computer security/information security

➢ Confidentiality

This is keeping information away from people who should not have it (unauthorized people)

➢ Integrity

Ensuring that the information stored in the computer is never changed in a way that is not
appropriate.

Both confidentiality and availability contribute to integrity.

 ➢ Availability

Ensuring that the data stored in the computer can be accessed by all authorized people when
required.

Threats to information systems/computer security threats

• Malicious threats
• Un intentional threats
• Physical threats/environmental threats

Malicious threats

o Computer viruses/virus threats

A computer virus is a program that is written to alter the way a computer operates without the
permission or knowledge of the user

A virus replicates and executes itself, usually doing damage to the computer in the process.

o Spyware threats/key loggers

A spyware is a program that monitors computer activities without the knowledge of the user in
order to capture personal information.

o Hacking/hackers

Hacking is gaining unauthorized access into a computer system or computer network

A hacker is an individual who intends to gain unauthorized access into a computer system.

o Spoofing

It is getting one computer on a network to pretend to have an identity of another computer,

usually one with special access privileges so as to obtain access to other computers on the
network.

o Denial of service attack

o Cyber vandalism

Intentional disruption, defacement or destruction of a website or corporate information system.

o Digital snooping

It is electronic monitoring of digital networks so as to uncover passwords or other data.

o Evil twins
Are wireless networks that act as legitimate internet hotspots that are used to capture personal
information.

o Blue sniffing

The act of stealing personal data, specifically calendar and contact information from a Bluetooth
enabled device.

o Social engineering

Is tricking computer users into revealing their computer security or private information like
passwords and email addresses by exploiting the natural tendency of a person to trust or by
exploiting a person’s emotional response.

Unintentional threats

o Equipment malfunction

The hardware components operate in abnormal or unintended mode.

o Software malfunction

The software behavior is in conflict with intended behavior.

o User/operator errors

In advent alterations, manipulation or destruction of programs, data files or hardware

Physical/environmental threats

o Fire damage

Possible physical destruction of equipment due to fire or smoke.

o Water damage/floods

Possible physical destruction of equipment due to water damage.

o Power loss

It is where computers or vital supporting equipment fail due to lack power.

o Civil disorder

Destruction of computer system as a result of riots.

Information systems security controls/access control categories.

✓ Physical controls/operational controls

 ✓ Technical controls/technological controls
✓ Administrative controls

Physical controls

Physical security is the use of locks, security guards, badges, electricfences, motion detectors and
similar measures to control access to computers, related equipment and the processing facility
itself.

o Preventive physical controls

They are employed to prevent unauthorized personnel from entering computing facility and to
help protect against natural disasters.

Examples of these controls include electric fences, securityguards, locks and backup power.

o Detective physical controls

They warn protective services personnel that physical security measures are being violated.
Examples of these include motion detectors, smoke and fire detectors; closed circuit television
monitors(CCTV), sensors and alarms.

Technical controls/technological/logical controls

Logical security uses technology to allow individuals access to information and systems based
on who they are and what their role is within an organization.

Technical security involves the use of safeguards incorporated in computer hardware,

applicationsoftware, communication hardware and related devices.

o Preventive technical controls

They are used to prevent unauthorized personnel or programs from gaining remote access to
computing resources.

Examples of these controls include:-access control soft wares, antivirus software, passwords,
smartcards, encryption and firewall.

✓ Access control software

The purpose of access control software is to control sharing of data and programs between users.

Access control software provides the ability to control access to the system by establishing that
only registered users with an authorized log-on ID and password can gain access to the computer
system.

✓ Antivirus software
They are designed to detect and respond to malicious software such as viruses and worms.
Responses may include blocking user access to infected files, cleaning infected files or systems
or informing the user that an infected program was detected.

✓ Smart cards

They are usually the size of a credit card and contain a chip with logic functions and information
that can be read at a remote terminal to identify a specific user’s privileges.

Smart card carry pre-recorded usually encrypted access control information that is compared
with data that the user provides to verify authorization to access the computer or network.

✓ Encryption

This is the transformation of plain text (readable data) into cipher text (unreadable data) by
cryptographic techniques.

✓ Firewall

It is a hardware or software which controls the flow of incoming and outgoing network traffic.

A firewall helps to maintain computer information security by preventing unauthorized access to

a network.

o Detective technical controls

They are practices, processes and tools that identify and possibly react to unauthorized access to
information asset.

They warn personnel of violations or attempted violations of preventive technical controls.

Examples of these include audit trails and intrusion detection systems.

✓ Audit trail

A record of system activities that enables the reconstruction and examination of the sequence of
events of a transaction, from its inception to output of final results.

Audit systems make it possible to monitor and track system behavior that deviates from expected
standards

They are fundamental tools for detecting, understanding and recovering from security breaches.

✓ Intrusion detection systems

They are expert systems that track users on the basis of their personal profiles while they are
using the system to determine whether their current activities are consistent with an established
norms or standards.

If not, theuser’s session can be terminated or a security officer can be to investigate.

Administrative controls

Administrative or personnel consists of management constraints, operational procedures and

accountability procedures established to provide an acceptable level of protection for computing
resources.

o Preventive administrative controls

Are personnel oriented techniques for controlling people’s behavior to ensure the confidentiality
and availability of computing data and programs.

Examples of these include security and technical training, separation of duties, procedures for
recruiting and terminating employees, security policies and procedures, supervision and user
registration for computer access.

✓ Security awareness and technical training

Security awareness training is a preventive measure that helps users to understand the benefits of
security practices.

Technical training can help users prevent the most common security problems (errors and
omissions) as well as ensure that they understand how to make appropriate back up files and
detect and control viruses.

✓ Separation of duties

Roles and responsibilities must be clearly defined and documented so that the management and
staff clearly understand who is responsible for ensuring that an appropriate level of security is
implemented for the most important ICT assets.

✓ Recruitment and termination procedures.

Appropriate recruitment procedures can prevent the hiring of people who are likely to violate
security policies.

Thorough background investigation should be conducted including checking on the applicant’s

criminal history and references.

In addition, certain procedures should be followed when any employee leaves the company
regardless of the conditions of termination.
 ✓ Security policies and procedures

Appropriate security policies and procedures are key to the establishment of an effective
information security program.

Policies should cover the use of computing resources, movement of computing equipment and
media into the facility, disposal of sensitive waste and computer and data security reporting.

Enforcement of these policies is essential to their effectiveness

✓ Supervision
✓ User registration for computer access

Formal user registration ensures that all users properly authorized for system and service access.

o Detective administrative controls

They include security reviews and audits, performanceevaluations, background investigations

and rotation of duties.

✓ Security review and audit

Reviews and audits can identify instances in which policies and procedures are not being
followed satisfactory.

✓ Performance evaluation

Regularly conducted performance evaluations are an important element in encouraging quality

performance.

✓ Background investigations

Potential risks of future performance

It should be conducted on all employees being considered for promotion or transfer into a
position of trust (sensitive position)

✓ Rotation of duties

It helps to deter fraud

An additional benefit is that as a result of rotating duties, employees are cross-trained to perform
each other’s function in case of illness, vacation or termination
 CHAPTER 11
INFORMATION SYSTEM RISK MANAGEMENT

This is the process of identifying risks, assessing risks and taking steps to reduce risk to an
acceptable level.

It encompasses/consists three levels.

o Risk assessment/analysis
o Risk mitigation
o Risk evaluation

Risk assessment/analysis

It is the process of reviewing risks, threats and vulnerabilities to determine appropriate controls

Risk mitigation

It involves prioritizing, evaluating and implementing the appropriate risk reduction control
recommended from the risk assessment process.

Risk mitigation strategies

✓ Risk assumption

It is accepting potential risk and continue operating the ICT system or to implement controls to
lower the risk to an acceptable level.

✓ Risk avoidance

It is to avoid the risk by eliminating the risk cause e.g. ignore certain functions of the system
when risks are identified.

✓ Risk limitation

It is to limit the risk by implementing controls that minimize the adverse impact of a threat
exploiting vulnerability.

✓ Risk transference

It is to transfer the risk by using other options to compensate for the loss, such as purchasing
insurance.

o Risk evaluation
Emphasizes the good practice and need for an ongoing risk evaluation and assessment and
factors that will lead to a successful management program.

CHAPTER 12

EMERGING TRENDS IN MANAGEMENT INFORMATION SYSTEMS

o Electronic commerce

This is the buying and selling of goods and services over the internet

o Electronic data interchange(EDI)

EDI is an electronic means for transmitting business transactions between organizations.

It promotes a more efficient paper less environment

o Information resource centers(IRC)

It coordinates all information activities within the areas of interest and expertise.

o Data warehousing

This is a massive database serving as a centralized storage of all data generated by all
departments of a large organization.

Advanced data mining software is required to extract meaningful information from a data
warehouse.

o Data mining

This is the process of discovering meaningful new correlations, patterns and trends by analyzing
large amounts of data stored in data warehouses, using artificial intelligence and mathematical
techniques.

o Mobile computing

Refers to the increased use of mobile devices in computing

o Cloud computing

Refers to the use of hardware and software as a service

o Outsourcing practices
Outsourcing is a contractual agreement whereby an organization hands over control of part or all
of the functions of the information system department to an external party or company.