Professional Documents
Culture Documents
Management Information Systems-1
Management Information Systems-1
COURSE OBJECTIVES
COURSE SCHEDULE.
System classification
Types of decisions
Rationalization
Computer crime
ASSESSMENTS
REFERENCES
2. MIS Jane P.
PHONE: 0716336353
CHAPTER 1
INTRO DUCTION TO MANAGEMENT INFORMATION SYSTEMS
Introduction
MIS: is a system that provides the information necessary to manage an organization effectively.MIS and
the information it generates are considered essential components of prudent and reasonable business
decisions.
Information system: It’s the interaction of related components working together to store, retrieve and
disseminate or distribute data to achieve an objective.
Characteristics of MIS
MIS support structured decisions at operational and management control levels. However, they are
useful for planning purpose of senior management staff.
MIS are generally reporting and control oriented. They are designed to report on existing operations and
therefore to help provide day-to-day control of operations.
MIS rely on existing corporate data and data flows.
MIS have little analytical capability.
MIS generally aid in decision making using past and present data.
MIS are relatively inflexible.
MIS have an internal rather than an external orientation.
SYSTEM CONCEPTS
System
A system is a set of inter-dependent/interrelated components (some of which may be systems in their
own right), with an identifiable boundary and which collectively accomplish certain objectives/purpose.
Characteristics of a system
A system has 9 characteristics.
Components
A system is made up of components. A component is an irreducible part or aggregation
Of that make up a system, also called subsystems. We can repair or upgrade the system by changing
individual components without having to make changes throughout the entire system.
The components are interrelated. This means the dependence of one subsystem on one or more
subsystems. The function of one subsystem is tied to the function of others.
A Boundary
A system has a boundary within which all of its components are contained and which
Establishes the limits of a system, separating the system from other systems. The boundary is the line
that makes the inside and outside of a system and that sends off the system from its environments.
A purpose
This is the overall goal or function of a system. A system must give priority to the objectives of the
organization as a whole as compared to the objectives of a subsystem.
An Environment
This is everything external to a system that interacts with the system i.e. everything
outside the system’s boundary, usually the system interacts with its environment, exchanging, in the
case of an information system, data and information.
Interfaces
This is the point of contact where a system meets its environments or where subsystems
Meet each other. E.g. The interface between an automated system and its users (manual system) and
interfaces between different information systems. It is the design of good interfaces that permits
different systems to work together without being too dependent on each other. Because an interface
exists at the point where a system meets its environment, the interface has several special, important
functions outlined below:-
i. Security - protecting the system from undesirable elements that may want to infiltrate it.
Constraint/ Controls
This is a limit to what a system can accomplish. A system must face constraints in its
Functioning because there are limits – in terms of capacity, speed, or capabilities to what it can do and
how it can achieve its purpose within its environment.
Input
This is whatever a system gets from its environment, e.g. raw data.
Output
This is whatever a system returns to its environment in order to fulfill its purpose
Subsystem: A system within a larger system. This means that systems exist on more than one level and
can be composed of subsystems.
Classications of systems.
Classification of Systems
1) Open Systems
These are the system which are connected to and interact with the environment. Examples are, the
biological and social system. All business organizations are also open systems since they must have the
capacity to adopt in the future of changing competition, changing markets etc.
2) Closed Systems
A closed system is that which does not interact with its environment. The system is neither influenced
by nor influences its environment. It does not take in from or give to it. The system behavior occurs
because of internal interaction and is more relevant to scientific than social systems. They do not obtain
modification from their environments. A computer program is a relatively closed system because it
accepts only previously defined outputs. In fact, no system can be a completely closed system for a long
time.
Strategic level
EIS/
ESS
OAS
Are information systems that help the firm identify customers for the firm’s products and services,
develop products and services to meet the customer’s needs, promote these products and services, sells
the products and services and provides ongoing customer support.
At the strategic level, sales and marketing information systems monitor trends affecting new products
and sales opportunities, support planning for new products and services and monitor the performance
of the competitors.
At the management level, sales and marketing information systems support market research,
advertising and promotional campaigns
At operational level, they assist in locating and contacting prospective customers, tracking sales,
processing orders, and providing customer service support.
Are systems that deal with the planning, development and production of products and services and
controlling the flow of production.
Strategic level manufacturing systems deal with the firm’s long term manufacturing goals such as where
to locate new plants, whether to invest in new manufacturing technology.
At management level, manufacturing and production information systems analyze and monitor
production costs and resources.
At the knowledge level, manufacturing and production information systems create and distribute
designed knowledge to drive the production process.
At operational level, manufacturing and production information systems deal with status of production
tasks.
Are information systems that keep track of the firm’s financial assets and fund flows.
At the strategic level, finance and accounting information systems establish long term investment goals
for the firm and provide long range forecasts of the firm’s financial performance.
At the management level, these information systems help management to oversee and control firm’s
financial resources.
At the operational level, these systems track the flow of funds in the firm through transactions such as
pay cheques and payments to vendors.
Are information systems that maintain employee records, employee skills, job performance and training,
and support planning for employee compensation and career development?
These systems support activities such as identifying potential employees, maintaining complete records
on existing employees and creating programs to develop employee talents and skills.
It is a computerized system that performs and records the daily routine transactions necessary to
conduct the business.
A business can have several transaction processing systems example is stock control system, inventory
system, billing system, order tracking systems.
They are used by operational level employees to help them make structured decisions.
These are systems designed to help businesses create and share information.
They are used in a business where employees create new knowledge which can then be shared with
other people in other organization to create further commercial opportunities. E.g. AUTO-CAD, Arch-
CARD.
It is an information system at the management level of an organization that serves the functions of
planning, controlling and decision making by providing routine summary reports.
They take data from TPS and summarize them into a series of management reports. They make semi-
structured decisions.
A decision is considered unstructured if there are no clear information or procedure for making the
decision.
Components of a DSS
Performs the function of storing and maintain information the DSS uses.
Provides information about relationships about data that is too complex for a database to represent.
Characteristics of a DSS
They gather, summarize and analyze the key internal and external information used by the business.
It is a computer based system that emulates the decision making ability of a human expert.
They are designed to solve complex problems by reasoning about knowledge like an expert and not by
following the procedure of a developer as in the case in conventional programming.
-preservation of knowledge: Expert systems preserve knowledge that might be lost through
retirement, resignation, or death of an expert or acknowledged person in a company.
-it is not subject to human feeling such as fatigue, being too busy or emotional.
-an expert system can effectively be used as a strategic tool in the areas of marketing of
products, cutting costs and improving products
-knowledge designing problem: enormous amount of time and effort is required to extract the expert
knowledge and translate it into IF/THEN rules upon which an expert system is based.
-programming problem: programming the system and monitoring the source code is very difficult
-judgment problem: an expert system cannot apply judgment which is an important ingredient for
problem solving. It has no common sense or judgment.
It is an information system designed to capture, store and manipulate, analyze, manage and present all
types of geographical data. Example Google earth.
Executive
support
system (ESS)
Management Management
systems (MIS) systems (DSS)
Knowledge Transaction
systems (KWS processing
and OAS) system (TPS)
From a business perspective, an information system is an organizational and management solution, based on
information technology, to a challenge posed by the environment. It emphasizes the organizational and
management nature of information system: To understand information system – to be information system
literate as opposed to computer literate – a manager must understand the broader organization, management
and information technology dimensions of systems and their power to provide solutions to challenges and
problems in the business environment
Organizations Technology
Information
System
Management
Behavioral approach is more concern with development and long-term maintenance of information
systems, which emphasizes on issues like strategic business integration, design, implementation and
utilization. Three disciplines that contribute to this approach are Psychology, Economics and Sociology.
Computer Science
Management
Operation Research
Science
MIS
Psychology
Economics Sociology
A good IS must be able to produce information that carries the following characteristics:
Characteristics of information
Relevant – information must pertain to the problem at hand.
Complete – partial information is often worse than no information.
Accurate – erroneous information may lead to disastrous decisions.
Timely – decisions are often based upon the latest information available.
Economical – in a business setting, the cost of obtaining information must be considered as one cost
element involved in any decision.
Availability: Should be able to produce the information when required.
Functions of management
Planning
It is the function of management of systematically making decisions about the goals to be achieved and
activities needed to achieve those that an individual or a group will pursue in future.
Organizing
It is the management function of assembling and coordinating financial resources, information and
other resources needed to achieve organizational goals.
Leading
It is the management function that involves the manager’s efforts to ensure high performance by
employees and includes directing, motivating, and communicating with employees individually and in
groups.
Controlling
The function of management of monitoring progress and making changes to make sure that the
organizational goals are achieved.
Staffing
Management information systems simplify and speed up information retrieval by storing data in a
central location that is accessed via network. This enables quick and accurate decision making.
o Data collection
Information systems bring together data from inside and outside the organization.by setting up a
network that links a central database to retail outlets, distributors and members of the supply chain
companies can collect and send production data daily and decisions based on the latest information.
o Interpretation
Information systems help decision makers to understand the implication of their decisions. E.g. a sales
manager can make predictions about the effect of a price change on sales by running simulations within
the system.
o Presentation
The reporting tools within information system enable decision makers to tailor reports to the
information needs of other parties.
Types of decisions.
Unstructured/un programmed/non-programmed
These are non-routine decisions in which the decision maker must provide judgment, evaluation and
insights into the problem definition.
Structured decisions/programmed
Semi-structured decisions
These are decisions which are partially unstructured and partially have defined procedure on how they
are supposed to be made or executed.
Unstructured/
Non-programmed
Management level
Semi-structured
Operational level
Structured/programmed
The decision maker should state out the alternatives available for a particular problem. The decision
maker should do adequate research to find the best option that will aid in solving the problem.
Evaluate alternatives
The decision maker should analyze each alternative and come up with advantages and disadvantages of
each option. The decision maker should rank the alternatives logically
Make decision
CHAPTER 3
People resources
Hardware resources
Software resources
Data resources
Network resources
People resources
They include end users and information system specialists
End users are people who use an information system or the information it provides. They can be
customers, sales persons, clerks or accountants
Information specialists are people who develop and operate information systems. They include system
analysts, software developers, database designers and system operators.
System analysts design information systems based on information requirements of end users.
System operators help to monitor and operate large computer systems and networks.
Hardware resources
They include all devices and materials used in information processing
Hardware includes computers, printers, data media on which data is stored etc.
Software resources
Software includes system software such as operating system and application software.
Network resources
Telecommunication networks consist of computers, communication media and network infrastructure.
It is a society characterized by high levels of information intensity in the everyday life of most citizens, in
most organizations and work place.
The machine tools of the information society are computers and telecommunication rather than plough.
Organizations make great use of information to increase their efficiency, stimulate innovation and
increase competitive positions.
Stratification into new classes of those who are information rich and those who are information
poor.
Greater use of information among general public
Threats to ICT systems such as computer virus attacks, hacking, cracking and network outages.
Privacy challenges
The collection, storage, processing, use and disclosure of personal data should remain under the control
of people concerned.
Literacy challenges
Computer literacy has become an essential pre-requisite/requirement to access and use the internet.
Security challenges
The widespread use of internet has led to the immergence of new security threats to individual and
organization.
The rise of computer crime can compromise security making an organization to lose very important
data.
The use of internet and other telecommunication technologies have changed the culture of different
societies.
CHAPTER 4
Information system planning process should be based on constant interaction between users and
information system management.
Enables a shared view of the goals of ICT use in the business between developers and users.
Acquisition of the right system at minimum cost possible
Through planning, the right system which addresses the organization requirements can be acquired.
In this phase, stakeholders will formulate the scope and objectives of the plan and select participants.
Activities in this phase include reviewing existing documents and information resources, performing
business and technology analysis and aligning information system plans with business objectives.
Activities in this phase include planning the IS/ICT infrastructure, planning information system
organization and evaluating the IS/ICT development manpower.
Activities during this phase include identifying organizational implications, defining criteria for decision
making and authorizing final decisions.
Strategic alignment can successfully speed up acquisition and placement of ICT that is in harmony or in
line with the competitive needs of the business.
It indicates what features and performance the organization will need from the system.
IS/ICT strategy
It defines the policies for software and hardware e.g. any standards to be used or preferred suppliers.
It also defines the organization stand on the information system organization e.g. whether it is to be
centralized or distributed.
CHAPTER 5
People
The software project manager should recruit highly skilled and motivated software developers.
The stake holders should be involved in all phases of development of the product.
Product
Before a project can be planned, product objectives and scope should be established, alternative
solution should be considered, technical and management constraints should be identified. This would
help in defining the estimates on cost of the project.
Process
Software process provides the framework from which a comprehensive plan software development can
be established.
Deliverable
Project management techniques will enable developers to deliver a system that satisfies user
requirements.
Effective project management will ensure that the system is delivered within budget.
Project management will ensure the system is delivered within scheduled time.
Several experts on software development techniques and the application domain are consulted. They
each estimate the project cost.
Estimation by analogy
This technique is applicable when other projects in the same application domain have been completed.
The cost of a new project is estimated by analogy with these completed projects.
Pricing to win
The software cost is estimated to be whatever the customer has available to commit to the project.
Project scheduling
It is the process of estimating the duration of activities in a project and presenting the estimation using
tools that are universally accepted.
The two graphical tools that are used in project scheduling are:
Gantt chart
PERT chart/Network diagram
Gantt chart
It is a graphical representation of a project that shows each task activity as horizontal bars whose length
is proportional to its time of completion.
PERT assumptions
Inter-relations of activities are depicted / shown on a network on directed arrows which denote
sequence of activities.
Activity on arrow(AOA)
Activity on node(AON)
Activity on arrow
Illustration
7
4
5 8
2
0
12
6
0
1 12
0
4
3
4
9
5
9
EST
N
EST:Earliest Start Time
LST
N:node number
7 8
5 6
4
2
12 12
0 0
6
1
3
9 9
4 4
EST at an event is the earliest time activities ahead of that event can start, keeping in mind that all the
activities before the event must be complete. It is calculated in the forward pass.
Activity durations on each path linking to an event are added and then the largest is taken.
In the above example, the project duration is 12 weeks. Latest Completion Time
LCT at an event is the latest time that preceding activities can complete without delaying any of the
succeeding activities.
It is calculated in backward pass, starting from the last event whose LCT is set to the project duration.
Critical path
It is the sequence of activities that have the same EST and LCT values.
Any delay to an activity in the critical path will cause delay to overall project.
Slack time
It is free time associated with each activity as it represents unused resources that can be averted to the
critical path.
Dummy activity
It is a hypothetical activity which requires zero time and zero resources for completion. A dummy
activity has a completion time of zero.
Optimistic time
The most likely (M) case given normal problems and opportunities
Pessimistic time
The resulting PERT estimate is calculated as (O + 4M + P)/6. This is called a "weighted average"
User involvement is necessary to reduce resistance to change and ensure adequate development.
User requirements for ICT change constantly. Changes during an ongoing development process cause a
challenge and may cause the project to fail.
When project cost and time are not well estimated, developers may run out of funds and time.
The purpose of project audit is not to place blame but rather is to find out the root cause why the
project is failing.
It is always easier to get projects back on track if they have not drifted too far off the track.
The human effort required to complete the project should be reviewed or assessed.
CHAPTER 6
Cost of acquisition
Small organizations can prefer to purchase commercial off-the-shelf software rather than developing in-
house programs.
The number of ICT personnel and the level of their knowledge and skills can determine if the
organization has enough manpower or expertise to develop the system.
System complexity
If in-house ICT team is not able to manage a complex system, the organization can opt to outsource ICT
services.
This is an acquisition method that involves direct purchase of a pre-written application or system used
by more than one company.
Advantages
-cheap
Disadvantages
System development
This is where an information system is developed from scratch by information system professionals to
suit the business requirements of the organization.
Advantages
Disadvantages
Outsourcing
Advantages
Software that has no copyright over the code and allows the public to modify the source code and
develop it to their own content.
Software that is developed, tested or improved through public collaboration and distributed with the
idea that it must be shared with others ensuring an open future collaboration.
Renting
An acquisition method where an organization that requires the hardware, software or computer system
gets them from another company after signing a rental contract.
The computer system or hardware system can only be used for the activities or functions that have been
specified in the contract.
Leasing
An information system is acquired from another company after signing a lease contract.
CHAPTER 7
INITIATIVE BENEFIT
A company can gain advantage if it can sell more units at a lower price
Reduce costs
while providing quality and maintaining or increasing its profit margin.
Raise barriers to market A company can gain advantage if it deters potentials entrants into the
entrants market, leaving less competition and more market potentials.
Create new products or A company can gain advantage if it offers a unique product or service.
services
Differentiate products A company can gain advantage if it can attract customers by convincing
or services them its product differs from the competitors.
Enhance products or A company can gain advantage if its product or service is better than
services anyone else’s.
Companies from different industries can help each other gain advantage
Establish alliances
by offering combined packages of goods or services at special prices.
Strategic information systems should be distinguish from strategic level systems for senior managers
that focus on long-term, decision making systems where strategic information systems can be used at all levels
of an organization and are far-reaching and deep-rooted than the other kinds of systems. Strategic
information systems fundamentally change a firm’s goals, products, services or internal and external
relationships. In order to use the strategic information systems as competitive weapons, we must understand
where strategic opportunities for businesses are like to be found based on two models of a firm and its
environment: the Competitive Forces Models and the Value Chain Model
Suppliers Customers
Organization can use four basic competitive strategies to deal with these competitive forces:
Product differentiation
Firms can develop brand loyalty by product differentiation – creating unique new products and services
that can be easily be distinguished from those of competitors, and that existing competitors or potential new
competitors can’t duplicate. Manufacturers are starting to use information systems to create products and
services that are custom-tailored to fit the precise of individual customers.
Focused differentiation
Businesses can create new market niche by focused differentiation – identifying a specific target for a
product or service that it can serve in the superior manner. A firm can provide a specialized product or
service that serves this narrow target market better than existing competitors and that discourages new
competitors. An information system can give companies advantage by producing data to improve their sales
and marketing techniques. Sophisticated data-mining software tools find patterns in large pools of data and
infer rules from them that can be used to guide decision making. Data-mining is both a powerful and
profitable tool, but it poses challenges to the protection of individual privacy. Data-mining technology
combines information from many diverse sources to create a detailed “data image” about individuals, such as
the income, hobbies, driving habit, and the question here is whether companies should be allowed to collect
such detailed information about individuals.
The following show how the above mentioned strategic can be used on the Internet.
Links to customers and Access through websites to track or check the status of any shipment
suppliers
Rather than looking at departments or accounting cost types, Porter's Value Chain focuses on
systems, and how inputs are changed into the outputs purchased by consumers. Using this
viewpoint, Porter described a chain of activities common to all businesses, and he divided them
into primary and support activities, as shown below.
Primary Activities
Primary activities relate directly to the physical creation, sale, maintenance and support of a
product or service. They consist of the following:
Inbound logistics – These are all the processes related to receiving, storing, and
distributing inputs internally. Your supplier relationships are a key factor in creating
value here.
Operations – These are the transformation activities that change inputs into outputs that
are sold to customers. Here, your operational systems create value.
Outbound logistics – These activities deliver your product or service to your customer.
These are things like collection, storage, and distribution systems, and they may be
internal or external to your organization.
Marketing and sales – These are the processes you use to persuade clients to purchase
from you instead of your competitors. The benefits you offer, and how well you
communicate them, are sources of value here.
Service – These are the activities related to maintaining the value of your product or
service to your customers, once it's been purchased.
Support Activities
Procurement (purchasing) – This is what the organization does to get the resources it
needs to operate. This includes finding vendors and negotiating best prices.
Human resource management – This is how well a company recruits, hires, trains,
motivates, rewards, and retains its workers. People are a significant source of value, so
businesses can create a clear advantage with good HR practices.
Technological development – These activities relate to managing and processing
information, as well as protecting a company's knowledge base. Minimizing information
technology costs, staying current with technological advances, and maintaining technical
excellence are sources of value creation.
Infrastructure – These are a company's support systems, and the functions that allow it
to maintain daily operations. Accounting, legal, administrative, and general management
are examples of necessary infrastructure that businesses can use to their advantage.
Companies use these primary and support activities as "building blocks" to create a valuable
product or service.
For each primary activity, determine which specific subactivities create value. There are three
different types of subactivities:
For each of the Human Resource Management, Technology Development and Procurement
support activities, determine the subactivities that create value within each primary activity. For
example, consider how human resource management adds value to inbound logistics, operations,
Then identify the various value-creating subactivities in your company's infrastructure. These
will generally be cross-functional in nature, rather than specific to each primary activity. Again,
look for direct, indirect, and quality assurance activities.
Find the connections between all of the value activities you've identified. This will take time, but
the links are key to increasing competitive advantage from the value chain framework. For
example, there's a link between developing the sales force (an HR investment) and sales
volumes. There's another link between order turnaround times, and service phone calls from
frustrated customers waiting for deliveries.
CHAPTER 8
System maintenance is the ongoing maintenance of a system after it has been placed into operation.
Corrective maintenance
It implies removing errors in a program which might have crept into the system due to faulty design or
wrong assumptions.
Adaptive maintenance
Program functions are changed to enable the information system to satisfy the information needs of the
user.
This type of maintenance may become necessary because of the organizational changes which may
include change in the organizational procedures, change in forms, change in information needs of
managers, change in system controls and security needs, change in organizational objectives and
policies, change in operating system.
Perfective maintenance is undertaken to respond to users additional needs which may be due to
changes within or outside the organization.
An example of this type of maintenance is the conversion of text based systems to graphical user
interface design (GUI)
Preventive maintenance
It deals with activities aimed at increasing system maintainability, such as updating documentation,
adding comments and improving the modular structure of the system.
Systems should be modified or updated to enable them address emerging or new business processes.
The government may come up with new policies which may affect how business organization operates.
Systems must be modified to be in line with the new policies.
Organizational change occurs when business strategies or major sections of an organization are altered.
It is a change that has significant effects on the way work is performed in an organization.
New information systems can be powerful instruments for organizational change enabling organization
to redesign their structure, scope, workflows, products and services.
Automation
Rationalization
Business process re-engineering
Paradigm shift
Automation
Automation is the use of technology to help people to do their jobs better and faster.
Rationalization
This is the streamlining of standard operating procedures, eliminating obvious bottlenecks so that
automation can make operating procedures more efficient.
BPR is the radical re-design of business processes, combining steps to cut waste and eliminating
repetitive paper intensive tasks in order to reduce costs, improve quality and service and to maximize
the benefits of ICT.
Senior management need to develop a broad strategic vision which calls for the re-design of business
processes e.g. the management can look for breakthrough to lower cost and accelerate service that
would enable the firm to regain its competitive positions in the industry.
Companies should identify a few core processes to be re-designed, focusing on those with the greatest
potential payback.
Understand the problems that exist in current business processes and avoid them being repeated.
The organization needs to measure time and cost consumed by unchanged process
The conventional method of designing systems establishes the information requirements of a business
function or process and then determines how they can be supported by ICT.
ICT should be allowed to influence the process design from the start.
The organization should design the new process on an experimental basis and anticipating a series of
revision until the re-designed process wins approval.
Paradigm shift
It is the radical re-conceptualization of the nature of the business and the nature of the organization.
Process to be changed
In order to lead competent humans into accepting and embracing change, it is better to have a clear
idea of what change should entail.
It is important to be vigilant about how to embrace change and commit to moving away from
complaints.
It should comprise of most influential people in order to change the altitude of people and their
resistance.
Empowered implementation
All employees should be equipped with the resources needed to effect change.
The management should establish short term goals that represent successes along the path to the
common vision. This will help maintain the momentum and keep everyone motivated.
The task force should help to achieve the goal building trust by dealing with people on an individual
basis and promoting honest conversation.
CHAPTER 10
Information system ethics is the study of moral, legal and ethical issues involving the use of information
and communication technologies. It is also called cyber ethics.
The right of individuals to retain certain information about themselves without the disclosure and to
have any information collected about them with their consent (knowledge) protected against
unauthorized access.
Privacy includes both the right to have personal information guarded from misuse and the right to be
left alone when solitude is desired.
Property rights
Intellectual property is the intangible property that results from an individual’s or a corporation’s
creative activity.
Copyright
It is a method of protecting intellectual property that protects the form of expression (e.g. a given
program) rather than the idea itself (e.g. an algorithm)
Patent
It’s a method of protecting intellectual property that protects non-obvious discovery falling within the
subject matter of the patent act.
A patent may be granted for a new, useful and non-obvious invention and gives the patent holder a right
to prevent others from practicing the invention without a license from the inventor for a certain period
of time.
Trade secret
Trade secret is non-public information concerning the commercial practices or proprietary knowledge of
a business of which public disclosure may sometimes be illegal.
Trade mark
Accuracy
Users of information systems have a duty to ensure that data in the system is up-to-date and accurate.
Access/information rights
Information system users who hold private information have the ethical obligation to keep their private
information like name, address, and email and phone numbers saved from criminals or others who may
misuse that information.
It entails gaining access to another person’s computer system and acquiring sensitive information such
as usernames, passwords and credit card information.
Such details can be used to perpetrate a number of other crimes that most often involve fraud.
Identity theft
Computer criminals can create programs called viruses which inflict considerable harm on the system
they infect.
Cyber stalking
It entails the use of computer to torment and harass others by sending the malicious emails, bothering
them on online forums and in some cases making effort to damage their computer remotely.
It is a situation whereby a company website is flooded with service requests and the website become
overloaded to appoint where it crashes or becomes extremely slow.
Also, in computing, denial of service attack is an attempt to make a machine or network resource
unavailable to its intended users.
Salami slicing
The practice of diverting small amounts of money from a large number of accounts maintained by the
system.
Example is where programmers round off the interest on account balances to the nearest cent and
transfer the accumulated fractions into their own accounts
Phishing
Click fraud
It is a crime or fraud where an individual or computer program fraudulently clicks on an online advert
without any intention of learning more about the advert or making a purchase.
Security refers to the policies, procedures, and technical measures used to prevent unauthorized access,
alteration, theft or physical damage to information systems.
Confidentiality
This is keeping information away from people who should not have it (unauthorized people)
Ensuring that the information stored in the computer is never changed in a way that is not appropriate.
Availability
Ensuring that the data stored in the computer can be accessed by all authorized people when required.
Malicious threats
Un intentional threats
Physical threats/environmental threats
Malicious threats
A computer virus is a program that is written to alter the way a computer operates without the
permission or knowledge of the user
A virus replicates and executes itself, usually doing damage to the computer in the process.
A spyware is a program that monitors computer activities without the knowledge of the user in order to
capture personal information.
o Hacking/hackers
A hacker is an individual who intends to gain unauthorized access into a computer system.
o Spoofing
It is getting one computer on a network to pretend to have an identity of another computer, usually one
with special access privileges so as to obtain access to other computers on the network.
o Digital snooping
Are wireless networks that act as legitimate internet hotspots that are used to capture personal
information.
o Blue sniffing
The act of stealing personal data, specifically calendar and contact information from a Bluetooth
enabled device.
o Social engineering
Is tricking computer users into revealing their computer security or private information like passwords
and email addresses by exploiting the natural tendency of a person to trust or by exploiting a person’s
emotional response.
Unintentional threats
o Equipment malfunction
o Software malfunction
o User/operator errors
Physical/environmental threats
o Fire damage
o Water damage/floods
o Power loss
o Civil disorder
Physical controls
Physical security is the use of locks, security guards, badges, electric fences, motion detectors and
similar measures to control access to computers, related equipment and the processing facility itself.
They are employed to prevent unauthorized personnel from entering computing facility and to help
protect against natural disasters.
Examples of these controls include electric fences, security guards, locks and backup power.
They warn protective services personnel that physical security measures are being violated. Examples of
these include motion detectors, smoke and fire detectors; closed circuit television monitors (CCTV),
sensors and alarms.
Logical security uses technology to allow individuals access to information and systems based on who
they are and what their role is within an organization.
Technical security involves the use of safeguards incorporated in computer hardware, application
software, communication hardware and related devices.
They are used to prevent unauthorized personnel or programs from gaining remote access to computing
resources.
Examples of these controls include:-access control soft wares, antivirus software, passwords,
smartcards, encryption and firewall.
The purpose of access control software is to control sharing of data and programs between users.
Access control software provides the ability to control access to the system by establishing that only
registered users with an authorized log-on ID and password can gain access to the computer system.
Antivirus software
Smart cards
They are usually the size of a credit card and contain a chip with logic functions and information that can
be read at a remote terminal to identify a specific user’s privileges.
Smart card carry pre-recorded usually encrypted access control information that is compared with data
that the user provides to verify authorization to access the computer or network.
Encryption
This is the transformation of plain text (readable data) into cipher text (unreadable data) by
cryptographic techniques.
Firewall
It is a hardware or software which controls the flow of incoming and outgoing network traffic.
They are practices, processes and tools that identify and possibly react to unauthorized access to
information asset.
Audit trail
A record of system activities that enables the reconstruction and examination of the sequence of events
of a transaction, from its inception to output of final results.
Audit systems make it possible to monitor and track system behavior that deviates from expected
standards
They are fundamental tools for detecting, understanding and recovering from security breaches.
If not, the user’s session can be terminated or a security officer can be to investigate.
Administrative controls
Are personnel oriented techniques for controlling people’s behavior to ensure the confidentiality and
availability of computing data and programs.
Examples of these include security and technical training, separation of duties, procedures for recruiting
and terminating employees, security policies and procedures, supervision and user registration for
computer access.
Security awareness training is a preventive measure that helps users to understand the benefits of
security practices.
Technical training can help users prevent the most common security problems (errors and omissions) as
well as ensure that they understand how to make appropriate back up files and detect and control
viruses.
Separation of duties
Roles and responsibilities must be clearly defined and documented so that the management and staff
clearly understand who is responsible for ensuring that an appropriate level of security is implemented
for the most important ICT assets.
Appropriate recruitment procedures can prevent the hiring of people who are likely to violate security
policies.
Thorough background investigation should be conducted including checking on the applicant’s criminal
history and references.
In addition, certain procedures should be followed when any employee leaves the company regardless
of the conditions of termination.
Appropriate security policies and procedures are key to the establishment of an effective information
security program.
Policies should cover the use of computing resources, movement of computing equipment and media
into the facility, disposal of sensitive waste and computer and data security reporting.
Supervision
User registration for computer access
Formal user registration ensures that all users properly authorized for system and service access.
They include security reviews and audits, performance evaluations, background investigations and
rotation of duties.
Reviews and audits can identify instances in which policies and procedures are not being followed
satisfactory.
Performance evaluation
Background investigations
It should be conducted on all employees being considered for promotion or transfer into a position of
trust (sensitive position)
Rotation of duties
An additional benefit is that as a result of rotating duties, employees are cross-trained to perform each
other’s function in case of illness, vacation or termination
o Risk assessment/analysis
o Risk mitigation
o Risk evaluation
Risk assessment/analysis
It is the process of reviewing risks, threats and vulnerabilities to determine appropriate controls
Risk mitigation
It involves prioritizing, evaluating and implementing the appropriate risk reduction control
recommended from the risk assessment process.
Risk assumption
It is accepting potential risk and continue operating the ICT system or to implement controls to lower
the risk to an acceptable level.
Risk avoidance
It is to avoid the risk by eliminating the risk cause e.g. ignore certain functions of the system when risks
are identified.
Risk limitation
It is to limit the risk by implementing controls that minimize the adverse impact of a threat exploiting
vulnerability.
Risk transference
It is to transfer the risk by using other options to compensate for the loss, such as purchasing insurance.
Risk evaluation
Emphasizes the good practice and need for an ongoing risk evaluation and assessment and factors that
will lead to a successful management program.
It coordinates all information activities within the areas of interest and expertise.
o Data warehousing
This is a massive database serving as a centralized storage of all data generated by all departments of a
large organization.
Advanced data mining software is required to extract meaningful information from a data warehouse.
Data mining
This is the process of discovering meaningful new correlations, patterns and trends by analyzing large
amounts of data stored in data warehouses, using artificial intelligence and mathematical techniques.
o Mobile computing
Cloud computing
Refers to the use of hardware and software as a service
o Outsourcing practices
Outsourcing is a contractual agreement whereby an organization hands over control of part or all of the
functions of the information system department to an external party or company.