Management Information Systems-1

(NAIROBI CAMPUS)
COMPUTER SCIENCES DEPARTMENT
DIPLOMA IN ICT MODULE 3
UNIT NAME: MANAGEMENT INFORMATION SYSTEMS
COURSE OBJECTIVES
At the end of this course students will be able to:
1. Understand the role of MIS in an organization.
COURSE SCHEDULE.
NO TOPIC SUBTOPICS HOURS

1 INTRODUCTION  Meaning of management information systems 14
TO MANAGEMENT
INFORMATION  Components of a management information system
SYSTEMS
 Role of information in an organization
 System classification
 Qualities of good information system
 Social-technical view of information systems
2 . USE OF  Meaning and importance of management 12

INFORMATION
SYSTEM IN  Use of IS in management
MANAGEMENT
 Use of IS in management in decision making
 Types of decisions
 Decisions making cycle
3 MANAGEMENT OF  Meaning and importance of information systems 8

INFORMATION planning
SYSTEMS
RESOURCES  Information systems planning process
 Reasons for aligning information systems plan to
Compiled by Samuel Theuri

organization plan
4 INFORMATION  Meaning and importance of information systems 8

SYSTEM planning
PLANNING
 Information systems planning process
 Reasons for aligning information systems plan to

organization plan
5 INFORMATION  Meaning and importance of information system 18

SYSTEM PROJECT project management
MANAGEMENT
 Information system project management techniques
 Signs of a failing information system project
 Causes for information system project failure
 Control measures and techniques of rescuing a

failing information system project
6 INFORMATION  Information system acquisition process 10

SYSTEMS
ACQUISITION  Factors that influence information system
acquisition
 Factors that influence the choice of information

system acquisition method
 Criteria for information system acquisition
7 THE ROLE OF  The application of IS in an organization 4

INFORMATION
SYSTEM IN  Application of IS for competitive advantages in an
ORGANIZATION organization
8 INFORMATION  Meaning and importance of information systems 4

SYSTEMS maintenance
MAINTENANCE
 Techniques of maintaining an information system

9 THE ROLE OF ICT  Meaning of organizational change 10
IN
ORGANIZATIONAL  Impact of IS as an agent of organizational change
CHANGE
 Automation
 Rationalization
 Business process re-engineering
 Considerations for implementing a change program

in an organization
10 INFORMATION  Ethical issues in information systems 10

SYSTEM ETHICS
 Guidelines for responsible use of information
systems
 Computer crime
 Control measures for computer crime
EMERGING  Emerging trends in MIS 12

TRENDS IN
MANAGEMENT  Challenges of emerging trends
INFORMATION
SYSTEMS  Coping with challenges in MIS
ASSESSMENTS
1. Continuous assessment test (CAT 1) - 15 %
2. Continuous assessment test (CAT 2) - 15 %
3. Mock Exams- 70%
REFERENCES
1. Experiencing management.David Kroen
2. MIS Jane P.
3. Instructor: Samuel Theuri.
PHONE: 0716336353

Table of contents
CHAPTER 1 .............................................................................................................................................. 6
INTRO DUCTION TO MANAGEMENT INFORMATION SYSTEMS ............................................................. 6
Characteristics of MIS .......................................................................................................................... 6
ROLES OF INFORMATION IN AN ORGANISATION .................................................................................. 7
Classications of systems. ...................................................................................................................... 8
Characteristics of information............................................................................................................ 16
CHAPTER 2 ............................................................................................................................................ 17
USE OF INFORMATION SYSTEM IN MANAGEMENT ................................................................................ 17
How information systems support management as a function ........................................................... 17
Types of decisions.............................................................................................................................. 18
CHAPTER 3 ............................................................................................................................................ 20
MANAGEMENT OF INFORMATION SYSTEM RESOURCES ........................................................................ 20
People resources ................................................................................................................................... 20
Hardware resources .............................................................................................................................. 20
Data resources ...................................................................................................................................... 21
Network resources ............................................................................................................................ 21
Importance of managing information system resources..................................................................... 21
Information society/information age ................................................................................................. 21
CHAPTER 4 ............................................................................................................................................ 22
INFORMATION SYSTEM PLANNING ........................................................................................................ 22
Importance of information system planning ...................................................................................... 23
Information system planning process ................................................................................................ 23
Elements of information system strategy plan ................................................................................... 24
CHAPTER 5 ............................................................................................................................................ 24
INFORMATION SYSTEM PROJECT MANAGEMENT .................................................................................. 24
Project ............................................................................................................................................... 25
Deliverable ........................................................................................................................................ 25
Project management process ............................................................................................................ 25
Project scheduling ............................................................................................................................. 26
Gantt chart ........................................................................................................................................ 26
Pert chart/network diagram PERT (project evaluation and review technique) .................................... 26

Signs of a failing information system project ...................................................................................... 31
Causes of information system project failure ..................................................................................... 31
Measures of project success .............................................................................................................. 32
CHAPTER 6 ............................................................................................................................................ 32
INFORMATION SYSTEMS ACQUISITION .................................................................................................. 32
Information system acquisition methods ........................................................................................... 33
CHAPTER 7 ............................................................................................................................................ 34
THE STRATEGIC ROLE OF INFORMATION SYSTEM IN AN ORGANIZATION ............................................... 34
CHAPTER 8 ............................................................................................................................................ 40
INFORMATION SYSTEM MAINTENANCE ................................................................................................. 40
Corrective maintenance..................................................................................................................... 40
Adaptive maintenance ....................................................................................................................... 40
Perfective/enhancement maintenance .............................................................................................. 41
Preventive maintenance .................................................................................................................... 41
CHAPTER 9 ............................................................................................................................................ 42
ROLE OF ICT IN AN ORGANIATION ......................................................................................................... 42
Meaning of organizational change ..................................................................................................... 42
Business process re-engineering ........................................................................................................ 42
CHAPTER 10 .......................................................................................................................................... 44
INFORMATION SYSTEMS ETHICS ............................................................................................................ 44
Definition of ethics ............................................................................................................................ 44
Ethical issues in information systems ................................................................................................. 44
Computer crime and security ............................................................................................................. 45
CHAPTER 11 .......................................................................................................................................... 53
INFORMATION SYSTEM RISK MANAGEMENT ......................................................................................... 53
Risk assessment/analysis ................................................................................................................... 53
Risk mitigation ................................................................................................................................... 53
Risk evaluation .................................................................................................................................. 53
CHAPTER 12 .......................................................................................................................................... 54
EMERGING TRENDS IN MANAGEMENT INFORMATION SYSTEMS ........................................................... 54
Electronic commerce ......................................................................................................................... 54
Electronic data interchange(EDI) ........................................................................................................ 54

Data mining ....................................................................................................................................... 54
Cloud computing ............................................................................................................................... 54
CHAPTER 1
INTRO DUCTION TO MANAGEMENT INFORMATION SYSTEMS
Introduction
MIS: is a system that provides the information necessary to manage an organization effectively.MIS and
the information it generates are considered essential components of prudent and reasonable business
decisions.
Components of a management information system
a) Database: It is used to store data or information that an organization uses.

b) Database management system: it is a collection of programs that enable the storage,
modification and manipulation of information from a database.
c) User-interface: Allows the user to interact with the system
d) Model base: It has the required statistical models in order to analyze the large amount of data.
Information system: It’s the interaction of related components working together to store, retrieve and
disseminate or distribute data to achieve an objective.
Characteristics of MIS
 MIS support structured decisions at operational and management control levels. However, they are
useful for planning purpose of senior management staff.
 MIS are generally reporting and control oriented. They are designed to report on existing operations and
therefore to help provide day-to-day control of operations.
 MIS rely on existing corporate data and data flows.
 MIS have little analytical capability.
 MIS generally aid in decision making using past and present data.
 MIS are relatively inflexible.
 MIS have an internal rather than an external orientation.

ROLES OF INFORMATION IN AN ORGANISATION
 Reduction of uncertainty: Uncertainty exists where there is less than perfect knowledge.
Relevant information helps to reduce the unknown. This is particularly relevant in planning and
decision making.
 An aid to monitoring and control: By providing information about performance in the extent of
deviations from planned levels of performance, managers are better able to control operations.
 As a means of communication: Information helps managers to know about development plans,
forecasts etc.
 An aid to simplification: By reducing uncertainty and enhancing understanding, problems and
situations are simplified and become more manageable.
SYSTEM CONCEPTS
System
A system is a set of inter-dependent/interrelated components (some of which may be systems in their
own right), with an identifiable boundary and which collectively accomplish certain objectives/purpose.
Characteristics of a system
A system has 9 characteristics.
 Components
A system is made up of components. A component is an irreducible part or aggregation
Of that make up a system, also called subsystems. We can repair or upgrade the system by changing
individual components without having to make changes throughout the entire system.
The components are interrelated. This means the dependence of one subsystem on one or more
subsystems. The function of one subsystem is tied to the function of others.
 A Boundary
A system has a boundary within which all of its components are contained and which
Establishes the limits of a system, separating the system from other systems. The boundary is the line
that makes the inside and outside of a system and that sends off the system from its environments.
 A purpose
This is the overall goal or function of a system. A system must give priority to the objectives of the
organization as a whole as compared to the objectives of a subsystem.
 An Environment
This is everything external to a system that interacts with the system i.e. everything
outside the system’s boundary, usually the system interacts with its environment, exchanging, in the
case of an information system, data and information.
 Interfaces
This is the point of contact where a system meets its environments or where subsystems
Meet each other. E.g. The interface between an automated system and its users (manual system) and
interfaces between different information systems. It is the design of good interfaces that permits
different systems to work together without being too dependent on each other. Because an interface
exists at the point where a system meets its environment, the interface has several special, important
functions outlined below:-
i. Security - protecting the system from undesirable elements that may want to infiltrate it.

Filtering unwanted data both for elements leaving and entering the system.
Coding and decoding incoming and outgoing messages.
Detecting and correcting errors in its interaction with the environment.
ii. Buffering - providing a layer of slack between the system and its environment, so that the
system and its environment can work on different cycles and at different speeds.
iii. Summarizing raw data and transforming them into the level details and format needed
throughout the system.
 Constraint/ Controls
This is a limit to what a system can accomplish. A system must face constraints in its
Functioning because there are limits – in terms of capacity, speed, or capabilities to what it can do and
how it can achieve its purpose within its environment.
 Input
This is whatever a system gets from its environment, e.g. raw data.
 Output
This is whatever a system returns to its environment in order to fulfill its purpose
Subsystem: A system within a larger system. This means that systems exist on more than one level and
can be composed of subsystems.
Classications of systems.
Classification of Systems
1) Open Systems
These are the system which are connected to and interact with the environment. Examples are, the
biological and social system. All business organizations are also open systems since they must have the
capacity to adopt in the future of changing competition, changing markets etc.
2) Closed Systems
A closed system is that which does not interact with its environment. The system is neither influenced
by nor influences its environment. It does not take in from or give to it. The system behavior occurs
because of internal interaction and is more relevant to scientific than social systems. They do not obtain
modification from their environments. A computer program is a relatively closed system because it
accepts only previously defined outputs. In fact, no system can be a completely closed system for a long
time.
Difference between Open Systems and Closed Systems
Open System Closed System

- Interacts with the environment constantly - Does not interact with the Environment
- Has infinite scope - Limited Scope
- Relevant variables keep on interacting - Self Contained
- Flexible and abstract - Rigid and mathematical

3) Abstract systems
These are conceptual. They are not physical entities. They maybe formulas, representation or model of a
real system.
4) Deterministic Systems (Mechanistic Systems)

These are the systems that function according to some predetermined procedure and have results and
future behavior predicted with certainty provided they are working correctly and under control.
5) Probabilistic Systems (Stochastic Systems)

These are those systems which operate on probability. State and behavior can be predicted only within
certain limits, even when they’re under control.
Cybernetic system (Self Organizing/ Adaptive)
These are systems that have to adapt to their environments/ react to stimuli, they learn from their
mistakes, so that they do not always react in the same way to a particular input. Examples are the social
systems, organizations, plants.
6) Open – Loop System.
This is a system which does not act in a controlled manner, i.e. no feedback, and so no measure of
performance against standards.
7) Closed – Loop System
A system that functions in a controlled manner e.g. A system accepts inputs, work upon them according
to some pre-defined processing rules, and produces outputs, so that it can function in a controlled
manner, must give feedback
8) Artificial Systems
These systems are created rather than occur by nature e.g. computer programs, organization, etc.
They are usually made to support the objective of the designer and user.
Approaches to information systems classification
a) Classification by organizational level supported

i. Strategic level systems help senior manager with long-term planning. The principle concern
at this level is matching changes in the external environment with existing organizational
capabilities. It supports the long-range planning activities of senior management. It also
helps the senior management to tackle and address strategic issues both in the firm and in
the external environment.
ii. Tactical/Management level systems help middle managers monitor and control. It typically
provides periodic reports rather than instant information on operations. It supports the
monitoring, controlling, decision-making and administrative activities of middle managers.
Some of the management level systems support non-routine decision making where they
tend to focus on less-structured decisions for which information requirements are not always
clear.

iii. Knowledge level systems help knowledge and data workers design product, distribute
information and cope with paperwork. The main purpose is to help integrate new
knowledge into the business and to help the organization control the flow of paperwork.
Knowledge level systems, especially in the form of workstations and office systems are the
fastest-growing applications in business today.
iv. Operational level systems help operational manager keep track of the firm’s day-today
activities. The principle purpose is of operational level system is to answer routine questions
and to track the flow of transactions through the organization.
Strategic level
EIS/
ESS
MIS Management level

KMS
TPS Operational level
OAS
b) Classification by functional area supported/Types of information systems from functional

perspective-functional area/department/Enterprise systems (ERP systems)
i. Sales and marketing information system
Are information systems that help the firm identify customers for the firm’s products and services,
develop products and services to meet the customer’s needs, promote these products and services, sells
the products and services and provides ongoing customer support.
At the strategic level, sales and marketing information systems monitor trends affecting new products
and sales opportunities, support planning for new products and services and monitor the performance
of the competitors.
At the management level, sales and marketing information systems support market research,
advertising and promotional campaigns

At knowledge level, they support market analysis
At operational level, they assist in locating and contacting prospective customers, tracking sales,
processing orders, and providing customer service support.
ii. Manufacturing and production information system
Are systems that deal with the planning, development and production of products and services and
controlling the flow of production.
Strategic level manufacturing systems deal with the firm’s long term manufacturing goals such as where
to locate new plants, whether to invest in new manufacturing technology.
At management level, manufacturing and production information systems analyze and monitor
production costs and resources.
At the knowledge level, manufacturing and production information systems create and distribute
designed knowledge to drive the production process.
At operational level, manufacturing and production information systems deal with status of production
tasks.
iii. Finance and accounting information systems.
Are information systems that keep track of the firm’s financial assets and fund flows.
At the strategic level, finance and accounting information systems establish long term investment goals
for the firm and provide long range forecasts of the firm’s financial performance.
At the management level, these information systems help management to oversee and control firm’s
financial resources.
At the operational level, these systems track the flow of funds in the firm through transactions such as
pay cheques and payments to vendors.
iv. Human resource information systems
Are information systems that maintain employee records, employee skills, job performance and training,
and support planning for employee compensation and career development?
These systems support activities such as identifying potential employees, maintaining complete records
on existing employees and creating programs to develop employee talents and skills.
c) Classification of information systems by support provided.

 Transaction processing systems(TPS)
It is a computerized system that performs and records the daily routine transactions necessary to
conduct the business.

These systems serve the operational level of the organization
A business can have several transaction processing systems example is stock control system, inventory
system, billing system, order tracking systems.
They are used by operational level employees to help them make structured decisions.
 Knowledge management system(KMS)
These are systems designed to help businesses create and share information.
They are used in a business where employees create new knowledge which can then be shared with
other people in other organization to create further commercial opportunities. E.g. AUTO-CAD, Arch-
CARD.
 Management information systems(MIS)
It is an information system at the management level of an organization that serves the functions of
planning, controlling and decision making by providing routine summary reports.
They take data from TPS and summarize them into a series of management reports. They make semi-
structured decisions.
 Decision support systems(DSS)
It is an information system at management level of an organization that combines data and

sophisticated analytical models to or data analysis tools to support semi-structured and unstructured
decision making.
A decision is considered unstructured if there are no clear information or procedure for making the
decision.
Components of a DSS
-data management component
Performs the function of storing and maintain information the DSS uses.
-user interface management component
It allows the user to communicate with the DSS.
-Knowledge management component
Provides information about relationships about data that is too complex for a database to represent.
Characteristics of a DSS
 DSS offers users flexibility, adaptability and quick response.

 DSS operate with little or no assistance from professional programmers.
 DSS provide support for decisions and problems whose solutions cannot be specified in advance.
 DSS use sophisticated data analysis and modeling tools.
Group Decision Support System (GDSS) is a type of a DSS that helps a team of decision makers to solve
problems.
 Executive support system(ESS)/Executive information system(EIS)
An information system designed to help senior management to make strategic decisions.
It is used at strategic level of organization to assist in making unstructured decisions.
They gather, summarize and analyze the key internal and external information used by the business.
 Expert information systems
It is a computer based system that emulates the decision making ability of a human expert.
They are designed to solve complex problems by reasoning about knowledge like an expert and not by
following the procedure of a developer as in the case in conventional programming.
Benefits of expert systems
-preservation of knowledge: Expert systems preserve knowledge that might be lost through
retirement, resignation, or death of an expert or acknowledged person in a company.
-it is not subject to human feeling such as fatigue, being too busy or emotional.
-an expert system can effectively be used as a strategic tool in the areas of marketing of
products, cutting costs and improving products
Disadvantages of expert systems
-knowledge designing problem: enormous amount of time and effort is required to extract the expert
knowledge and translate it into IF/THEN rules upon which an expert system is based.
-programming problem: programming the system and monitoring the source code is very difficult
-judgment problem: an expert system cannot apply judgment which is an important ingredient for
problem solving. It has no common sense or judgment.
 Geographic information system(GIS)
It is an information system designed to capture, store and manipulate, analyze, manage and present all
types of geographical data. Example Google earth.

Figure below shows the relationship between the different systems:
Executive
support
system (ESS)
Management Management
systems (MIS) systems (DSS)
Knowledge Transaction
systems (KWS processing
and OAS) system (TPS)

A Business Perspective on Information System
From a business perspective, an information system is an organizational and management solution, based on
information technology, to a challenge posed by the environment. It emphasizes the organizational and
management nature of information system: To understand information system – to be information system
literate as opposed to computer literate – a manager must understand the broader organization, management
and information technology dimensions of systems and their power to provide solutions to challenges and
problems in the business environment
Organizations Technology
Information
System
Management

Contemporary Approaches to Information Systems
Multiple perspectives on IS shows that the study of information systems is a multidisciplinary field,
where no single theory or perspective dominates. Figure 1.3 shows the major disciplines that contribute
problem, issues and solutions. In general, the field can be divided into technical, behavioral and socio-
technical approaches.
Technical approach emphasizes mathematically based, normative models to study information

systems as well as the physical technology and formal capabilities of these systems. Three disciplines that
contribute to this approach are Management Science, Computer Science and Operation Research.
Behavioral approach is more concern with development and long-term maintenance of information
systems, which emphasizes on issues like strategic business integration, design, implementation and
utilization. Three disciplines that contribute to this approach are Psychology, Economics and Sociology.
Computer Science
Management
Operation Research
Science
MIS
Psychology
Economics Sociology
A good IS must be able to produce information that carries the following characteristics:
Characteristics of information
 Relevant – information must pertain to the problem at hand.
 Complete – partial information is often worse than no information.
 Accurate – erroneous information may lead to disastrous decisions.
 Timely – decisions are often based upon the latest information available.
 Economical – in a business setting, the cost of obtaining information must be considered as one cost
element involved in any decision.
 Availability: Should be able to produce the information when required.

CHAPTER 2
USE OF INFORMATION SYSTEM IN MANAGEMENT

Management is the process of planning, organizing, leading and controlling the effort of organization
members and of using all other organization resources to achieve organizational goals.
Functions of management
 Planning
It is the function of management of systematically making decisions about the goals to be achieved and
activities needed to achieve those that an individual or a group will pursue in future.
 Organizing
It is the management function of assembling and coordinating financial resources, information and
other resources needed to achieve organizational goals.
 Leading
It is the management function that involves the manager’s efforts to ensure high performance by
employees and includes directing, motivating, and communicating with employees individually and in
groups.
 Controlling
The function of management of monitoring progress and making changes to make sure that the
organizational goals are achieved.
 Staffing
Involves recruiting the right people with right skills.
How information systems support management as a function

o Information access
Management information systems simplify and speed up information retrieval by storing data in a
central location that is accessed via network. This enables quick and accurate decision making.
o Data collection
Information systems bring together data from inside and outside the organization.by setting up a
network that links a central database to retail outlets, distributors and members of the supply chain
companies can collect and send production data daily and decisions based on the latest information.

o Collaboration
Information systems make it easy managers to make collaborative decisions.
o Interpretation
Information systems help decision makers to understand the implication of their decisions. E.g. a sales
manager can make predictions about the effect of a price change on sales by running simulations within
the system.
o Presentation
The reporting tools within information system enable decision makers to tailor reports to the
information needs of other parties.
Types of decisions.
 Unstructured/un programmed/non-programmed
These are non-routine decisions in which the decision maker must provide judgment, evaluation and
insights into the problem definition.
There is no agreed procedure for making such decisions.
These decisions are normally made by strategic level managers
 Structured decisions/programmed
These are repetitive, routine and have defined procedures
They are made by the operational level employees.
 Semi-structured decisions
These are decisions which are partially unstructured and partially have defined procedure on how they
are supposed to be made or executed.

Strategic level
Unstructured/
Non-programmed
Management level
Semi-structured
Operational level
Structured/programmed
Types of decisions and where they are made in an organization
Decision making cycle/stages of decision making
 Problem definition stage
At this stage, the decision maker identifies the problem clearly.
 Develop alternatives/identify alternatives
The decision maker should state out the alternatives available for a particular problem. The decision
maker should do adequate research to find the best option that will aid in solving the problem.
 Evaluate alternatives
The decision maker should analyze each alternative and come up with advantages and disadvantages of
each option. The decision maker should rank the alternatives logically
 Make decision
This is where the decision maker implements the decision.
 Monitor the solution

Monitoring of solutions at early stage may help to alter the decision if deviations from expectations are
noticed.
CHAPTER 3
MANAGEMENT OF INFORMATION SYSTEM RESOURCES

Information system resources management is the process of planning, organizing, controlling and
directing how information resources should be used.
All information systems consist of five major resources:
 People resources
 Hardware resources
 Software resources
 Data resources
 Network resources
People resources
They include end users and information system specialists
End users are people who use an information system or the information it provides. They can be
customers, sales persons, clerks or accountants
Information specialists are people who develop and operate information systems. They include system
analysts, software developers, database designers and system operators.
System analysts design information systems based on information requirements of end users.
Software developers/programmers create computer programs base on specifications of system analysts.
System operators help to monitor and operate large computer systems and networks.
Hardware resources
They include all devices and materials used in information processing
Hardware includes computers, printers, data media on which data is stored etc.
Software resources
Software includes system software such as operating system and application software.

Data resources
Data can take many forms including alphanumeric data, numbers, letters, images/pictures and other
characters that describe business transactions.
Network resources
Telecommunication networks consist of computers, communication media and network infrastructure.
Importance of managing information system resources

 Improved business processes and operations: proper management of information system
resources/ICT resources can help to make a firm’s operational processes more efficient and its
managerial processes much more effective. This will enable the organization to cut on cost and
improve the quality of customer service.
 Promoting business innovation: proper management of information system resources can result
in development of new products, services and processes. This can help an organization to create
new business opportunities and enable a firm to enter new markets.
 Creating switching costs: effective management of information system resources can make
customers, suppliers to be dependent on the continued use of innovative mutually beneficial
inter-organizational information system.
 Support of decision making by employees: by managing data efficiently, relevant sound
management decisions can be made.
 Improved flow of information from top management to low level management and vice-versa.
Information society/information age

This is a term for a society in which the creation, distribution and manipulation of information has
become the most significant economic and cultural activity.
It is a society characterized by high levels of information intensity in the everyday life of most citizens, in
most organizations and work place.
The machine tools of the information society are computers and telecommunication rather than plough.
Characteristics of information society
 Information is used as an economic resource
Organizations make great use of information to increase their efficiency, stimulate innovation and
increase competitive positions.
 Stratification into new classes of those who are information rich and those who are information
poor.
 Greater use of information among general public
People use information more intensively in the activities as consumers.
 Development of the information sector within the economy

The function of the information sector is to satisfy the general demand for information facilities and
services.
 Globalization of capitalism which is facilitated by and is dependent upon computer networks

permitting economic decision making on wide scale in real time.
Challenges of information society
 Trust and confidence
It is difficult to enhance trust and confidence in ICT and network systems
Threats to ICT systems such as computer virus attacks, hacking, cracking and network outages.
 Privacy challenges
Rights to privacy face new challenges and it must be protected
The collection, storage, processing, use and disclosure of personal data should remain under the control
of people concerned.
 Literacy challenges
Computer literacy has become an essential pre-requisite/requirement to access and use the internet.
 Security challenges
The widespread use of internet has led to the immergence of new security threats to individual and
organization.
The rise of computer crime can compromise security making an organization to lose very important
data.
 Ethical or moral challenges
The use of internet and other telecommunication technologies have changed the culture of different
societies.
CHAPTER 4
INFORMATION SYSTEM PLANNING

Strategic planning of information systems means the process in which the organization identifies and
chooses information system projects that support the realization of its business plans and attainment of
the goals the organization has set.

At the early stages of an information system project, it must prove that it is connected to the business
plan and how this is lined up with corporate purpose.
Importance of information system planning

 An organization can improve its development methods and ensure that user’s goals have been
achieved.
Information system planning process should be based on constant interaction between users and
information system management.
 Enables a shared view of the goals of ICT use in the business between developers and users.
 Acquisition of the right system at minimum cost possible
Through planning, the right system which addresses the organization requirements can be acquired.
Information system planning process

Steps:
 Agreeing on planning objectives and stakeholders
In this phase, stakeholders will formulate the scope and objectives of the plan and select participants.
 Alignment of business objectives and information objectives
Activities in this phase include reviewing existing documents and information resources, performing
business and technology analysis and aligning information system plans with business objectives.
 Analyzing information system resources and technology infrastructure
Activities in this phase include planning the IS/ICT infrastructure, planning information system
organization and evaluating the IS/ICT development manpower.
Stakeholders need to identify the required resources.
 Authorizing the action
Activities during this phase include identifying organizational implications, defining criteria for decision
making and authorizing final decisions.
Reasons for aligning information system plan to organization plan
 Information resources will support business resources

 To streamline key business processes
Strategic alignment can successfully speed up acquisition and placement of ICT that is in harmony or in
line with the competitive needs of the business.

 ICT/IS alignment enables organization to improve on how to manage their business needs,
technology and rivals/competitors.
Elements of information system strategy plan

 Business information strategy
Indicates how information will be used to support the business
 Information system functionality strategy
It indicates what features and performance the organization will need from the system.
 IS/ICT strategy
It defines the policies for software and hardware e.g. any standards to be used or preferred suppliers.
It also defines the organization stand on the information system organization e.g. whether it is to be
centralized or distributed.
CHAPTER 5
INFORMATION SYSTEM PROJECT MANAGEMENT

Information system project management is the process of planning, monitoring, controlling people,
processes and events that occur as software evolves from a preliminary concept to an operational
implementation.
Effective software project management focuses on people, product and process.
People
The software project manager should recruit highly skilled and motivated software developers.
The stake holders should be involved in all phases of development of the product.
Product
Before a project can be planned, product objectives and scope should be established, alternative
solution should be considered, technical and management constraints should be identified. This would
help in defining the estimates on cost of the project.
Process
Software process provides the framework from which a comprehensive plan software development can
be established.

Project
A set of related tasks that is coordinated to achieve a specific objective within a given time limit and
under a specified budget.
Deliverable
It is the end product of a software development life cycle phase.
It can be a report or a working system depending on the software development phase.
Importance of information system project management
 Meeting customer expectation
Project management techniques will enable developers to deliver a system that satisfies user
requirements.
 Satisfying budget constraints
Effective project management will ensure that the system is delivered within budget.
 Satisfying time constraints
Project management will ensure the system is delivered within scheduled time.
 Equal distribution of tasks and responsibilities to members of the development team.
Project management process

 Initiation(initiating the project)
 Planning(planning the project)
 Execution(executing the project)
 Closedown(closing down the project)
Initiation
The manager performs several activities to assess size, scope and complexity of the project and
to establish procedures to support subsequent activities.
Planning
The manager identifies the resources required, scheduled activities using Gantt chart and
network diagrams and prepares a preliminary budget.
Execution
The manager will authorize project activities to start.
Closedown
A project is not complete until it is closed and it is at close down that projects are deemed a
success or a failure.
Projects can conclude with a natural or unnatural termination.

Information system project management techniques
Cost estimation techniques
 Expert judgment
Several experts on software development techniques and the application domain are consulted. They
each estimate the project cost.
These estimates are compared and discussed.
The estimation process iterates/repeats until an agreed estimate is reached.
 Estimation by analogy
This technique is applicable when other projects in the same application domain have been completed.
The cost of a new project is estimated by analogy with these completed projects.
 Pricing to win
The software cost is estimated to be whatever the customer has available to commit to the project.
 Constructive cost model(COCOMO)
It is an approximation of effort needed based on experience of past projects
Project scheduling
It is the process of estimating the duration of activities in a project and presenting the estimation using
tools that are universally accepted.
The two graphical tools that are used in project scheduling are:
 Gantt chart
 PERT chart/Network diagram
Gantt chart
It is a graphical representation of a project that shows each task activity as horizontal bars whose length
is proportional to its time of completion.
Different colors or shades can be used to highlight different activities.
Pert chart/network diagram PERT (project evaluation and review technique)

On the PERT chart, a project is viewed as a network of activities of which some must be completed
before others can begin.
PERT assumptions
 Inter-relations of activities are depicted / shown on a network on directed arrows which denote
sequence of activities.

 The nodes called events represent instance in time when certain activities have been completed
and others can then be started.
 The origin node is the beginning of the project.
Types of network diagrams
 Activity on arrow(AOA)
 Activity on node(AON)
Activity on arrow
 Activities are shown on the arrow

 It is easier to draw and modify
 Non-experts are more likely to understand the network diagram
 Milestone events are readily visible.
Illustration
ACTIVITY PRECEEDING DURATION(WEEKS)

ACTIVITY
A - 5
B - 4
C A 2
D B 3
E B 5
F B 5
G C,D 4
H F 3

Activity on node
7
4
5 8
2
0
12
6
0
1 12
0
4
3
4
9
5
9
EST
N
EST:Earliest Start Time
LST
LCT:Latest Event Start Time
N:node number
Critical path:B-F-H=12 weeks.

Activity on arrow
7 8
5 6
4
2
12 12
0 0
6
1
3
9 9
4 4
EST:Earliest Start Time
LCT:Latest Completion Time

EST LCT
Critical path:B-F-H=12 weeks.
Earliest Start Time
EST at an event is the earliest time activities ahead of that event can start, keeping in mind that all the
activities before the event must be complete. It is calculated in the forward pass.
Activity durations on each path linking to an event are added and then the largest is taken.
The first event has EST value 0

The EST in the last event gives the project duration.
In the above example, the project duration is 12 weeks. Latest Completion Time
LCT at an event is the latest time that preceding activities can complete without delaying any of the
succeeding activities.
It is calculated in backward pass, starting from the last event whose LCT is set to the project duration.
Critical path
It is the sequence of activities that takes the longest time to complete.
It is the sequence of activities that have the same EST and LCT values.
Any delay to an activity in the critical path will cause delay to overall project.
Slack time
It is free time associated with each activity as it represents unused resources that can be averted to the
critical path.
Dummy activity
It is a hypothetical activity which requires zero time and zero resources for completion. A dummy
activity has a completion time of zero.
Dummy arrow represents an activity with zero duration.
It is represented by a dotted line.
Estimation of activity times
Optimistic time
It is the estimate of the maximum time an activity will take
The most optimistic (O) case where everything goes right
Most likely time
The completion time having the highest probability.
The most likely (M) case given normal problems and opportunities
Pessimistic time
An estimate of the longest time that an activity might require.

The most likely (M) case given normal problems and opportunities
The resulting PERT estimate is calculated as (O + 4M + P)/6. This is called a "weighted average"
Signs of a failing information system project

 Poor communication: It is where no one understands what to do and there is no communication
as to current progress.
 Poor planning and estimation: projects that are poorly estimated and planned tend to fail both
in cost and schedule which eventually causes the overall project to fail.
 Poor documentation/minimal documentation: many failed projects reveal that there was too
little documentation to adequately describe the project in its broader terms and serve as a clear
communication channel.
 Poor user requirements: when the user requirements have not been adequately captured it may
lead to misalignment between the project and business objectives.
 Budget overrun: projects that run over budget are likely to be cancelled.
 Poor project control: the project manager may not have the skills or experience required to
manage the project.
 Time overrun: developers may run out of time that they had scheduled.
Causes of information system project failure

 Lack of senior management support and involvement in information system development.
 Lack of user participation
User involvement is necessary to reduce resistance to change and ensure adequate development.
 Shifting user needs
User requirements for ICT change constantly. Changes during an ongoing development process cause a
challenge and may cause the project to fail.
 Poor estimation techniques
When project cost and time are not well estimated, developers may run out of funds and time.
 Inadequate testing and user training
New systems must be tested before installation
Users must be adequately trained on how to use the system.
 Undertrained development staff
Developers may lack the required skills and knowledge/expertise required.
 Lack of standard project and system development methodologies.

 Resistance to change

Users have a natural tendency to resist change.
Control measures and techniques of rescuing a failing information system project
 Pausing the project
Pausing the project creates an opportunity to restore integrity to the project.
 Auditing the project
The purpose of project audit is not to place blame but rather is to find out the root cause why the
project is failing.
 Recognizing early warnings
It is always easier to get projects back on track if they have not drifted too far off the track.
 Assessing the effort to complete the project
The human effort required to complete the project should be reviewed or assessed.
Measures of project success

 The resulting information system is acceptable to the client or users
 The system was developed within the time scheduled.
 The system was delivered within budget.
CHAPTER 6
INFORMATION SYSTEMS ACQUISITION

Factors affecting the choice of information system acquisition method
 Cost of acquisition
Small organizations can prefer to purchase commercial off-the-shelf software rather than developing in-
house programs.
 Capability of in-house ICT team
The number of ICT personnel and the level of their knowledge and skills can determine if the
organization has enough manpower or expertise to develop the system.
 System complexity
If in-house ICT team is not able to manage a complex system, the organization can opt to outsource ICT
services.

 Size of the organization
Small organizations may not be able to develop in-house software and therefore can adopt
other methods like purchasing ready-made software or using open source software.
Information system acquisition methods

 Commercial off-the-shelf purchase
 System development/bespoke development/in-house development
 Outsourcing
 Open source software
 Renting
 Leasing
 Commercial off-the-shelf purchase
This is an acquisition method that involves direct purchase of a pre-written application or system used
by more than one company.
Advantages
-readily available for purchase and use
-cheap
Disadvantages
-the system may lack all the requirements needed.
 System development
This is where an information system is developed from scratch by information system professionals to
suit the business requirements of the organization.
Advantages
-ownership: The organization owns the system completely
-the system has the required features
Disadvantages
-expensive: As it requires both resources and time to develop.
 Outsourcing
It is the practice of subcontracting part or all of an organization’s information system functions to an

external service provider
Advantages

-cost reduction: Focus/concentrate on their core competencies
-knowledge: a way to gain access to new technology and outside expertise.
 Open source software
Software that has no copyright over the code and allows the public to modify the source code and
develop it to their own content.
Software that is developed, tested or improved through public collaboration and distributed with the
idea that it must be shared with others ensuring an open future collaboration.
 Renting
An acquisition method where an organization that requires the hardware, software or computer system
gets them from another company after signing a rental contract.
The computer system or hardware system can only be used for the activities or functions that have been
specified in the contract.
 Leasing
An information system is acquired from another company after signing a lease contract.
The lease contract is longer than that of renting.
CHAPTER 7
THE STRATEGIC ROLE OF INFORMATION SYSTEM IN AN ORGANIZATION

Strategic Information Systems can be defined as computer systems at any level of the organization
that change goals, operations, products, services or environmental relationships to help the organization gain
a competitive advantage. The following describes the eight basic ways to gain competitive advantage.
INITIATIVE BENEFIT
A company can gain advantage if it can sell more units at a lower price
Reduce costs
while providing quality and maintaining or increasing its profit margin.
Raise barriers to market A company can gain advantage if it deters potentials entrants into the
entrants market, leaving less competition and more market potentials.

Establish high A company can gain advantage if it creates high switching costs; making is
switching cost economically infeasible for customers to buy from competitors.
Create new products or A company can gain advantage if it offers a unique product or service.
services
Differentiate products A company can gain advantage if it can attract customers by convincing
or services them its product differs from the competitors.
Enhance products or A company can gain advantage if its product or service is better than
services anyone else’s.
Companies from different industries can help each other gain advantage
Establish alliances
by offering combined packages of goods or services at special prices.
A company can gain advantage if it can lock in either suppliers or buyers,

Lock in suppliers or
making it economically impractical for suppliers or buyers to deal with
buyers
competitors.
Strategic information systems should be distinguish from strategic level systems for senior managers
that focus on long-term, decision making systems where strategic information systems can be used at all levels
of an organization and are far-reaching and deep-rooted than the other kinds of systems. Strategic
information systems fundamentally change a firm’s goals, products, services or internal and external
relationships. In order to use the strategic information systems as competitive weapons, we must understand
where strategic opportunities for businesses are like to be found based on two models of a firm and its
environment: the Competitive Forces Models and the Value Chain Model
2.2.2 Countering Competitive Forces (Competitive Forces Model)

In the competitive forces model (a model used to describe the interaction of external influences,
specially threats and opportunities, that effects an organization’s strategy and ability to compete; illustrates in
Figure 2.2), a firm faces a number of external threats and opportunities:
 The threat of new entrants into its market

 The pressure from substitute products or services
 The bargaining power of customers
 The bargaining power of suppliers

 The positioning of traditional industry competitors
Competitive advantage can be achieved by enhancing the firm’s ability to deal with customers,
suppliers, substitute products and services, and new entrants to its market, which in turn may change the
balance of power between a firm and other competitors in the industry in the firm’s favor.
New market Substitute products

entrants and services
The firm Traditional

competitors
Suppliers Customers
Organization can use four basic competitive strategies to deal with these competitive forces:
 Product differentiation
Firms can develop brand loyalty by product differentiation – creating unique new products and services
that can be easily be distinguished from those of competitors, and that existing competitors or potential new
competitors can’t duplicate. Manufacturers are starting to use information systems to create products and
services that are custom-tailored to fit the precise of individual customers.
 Focused differentiation
Businesses can create new market niche by focused differentiation – identifying a specific target for a
product or service that it can serve in the superior manner. A firm can provide a specialized product or
service that serves this narrow target market better than existing competitors and that discourages new
competitors. An information system can give companies advantage by producing data to improve their sales
and marketing techniques. Sophisticated data-mining software tools find patterns in large pools of data and
infer rules from them that can be used to guide decision making. Data-mining is both a powerful and
profitable tool, but it poses challenges to the protection of individual privacy. Data-mining technology
combines information from many diverse sources to create a detailed “data image” about individuals, such as
the income, hobbies, driving habit, and the question here is whether companies should be allowed to collect
such detailed information about individuals.

 Developing tight linkages to customers and suppliers
Firms can create ties to customers and suppliers that “lick” customers into the firm’s products and that
tie suppliers into a delivery timetable and price structure shaped by the purchasing firm. This raises switching
costs (the cost for customers to switch to competitors’ product and services) and reduces customers’
bargaining power and the bargaining power of suppliers. This is similar to the just-in-time delivery or inventory
systems which reduce the cost of inventory, the space required for warehousing and construction time.
 Becoming the low-cost producer

To prevent new competitors from entering their markets, business can produce goods and services at a
lower price than competitors. Strategically oriented information systems help firms significantly lower their
internal costs, allowing them to deliver products and services at a lower price (and sometimes with higher
quality) then what the competitors can provide. For example, organizations can use supply chain
management to integrate supplier, distributor and customer’s logistics requirements into one cohesive
process. Information systems make supply chain management more efficient by integrating demand
planning, forecasting, materials requisition, order processing, inventory allocation, order fulfillment,
transportation services, receiving, invoicing and payment. Supply chain management can not only lower
inventory costs but also can create efficient customer response systems that deliver the product or service
more rapidly to the customer.
The following show how the above mentioned strategic can be used on the Internet.
Strategy Internet Application
Virtual banking which allows customers to view account statements,

Product differentiation pay bills, check account balance and obtain 24-hour customer service
through the World Wide Web
Hotel room reservation tracking system which provides electronic

information on participating hotels. It can analyze these usage
Focused differentiation
patterns to tailor hospitality-related products more closely to customer
preferences
Links to customers and Access through websites to track or check the status of any shipment
suppliers
Uses EDI (electronic data interchange) to quote any quotation or

Low cost producer
charge any bills.

Elements in Porter's Value Chain
Rather than looking at departments or accounting cost types, Porter's Value Chain focuses on
systems, and how inputs are changed into the outputs purchased by consumers. Using this
viewpoint, Porter described a chain of activities common to all businesses, and he divided them
into primary and support activities, as shown below.
Primary Activities
Primary activities relate directly to the physical creation, sale, maintenance and support of a
product or service. They consist of the following:
 Inbound logistics – These are all the processes related to receiving, storing, and
distributing inputs internally. Your supplier relationships are a key factor in creating
value here.
 Operations – These are the transformation activities that change inputs into outputs that
are sold to customers. Here, your operational systems create value.
 Outbound logistics – These activities deliver your product or service to your customer.
These are things like collection, storage, and distribution systems, and they may be
internal or external to your organization.
 Marketing and sales – These are the processes you use to persuade clients to purchase
from you instead of your competitors. The benefits you offer, and how well you
communicate them, are sources of value here.
 Service – These are the activities related to maintaining the value of your product or
service to your customers, once it's been purchased.
Support Activities

These activities support the primary functions above. In our diagram, the dotted lines show that
each support, or secondary, activity can play a role in each primary activity. For example,
procurement supports operations with certain activities, but it also supports marketing and sales
with other activities.
 Procurement (purchasing) – This is what the organization does to get the resources it
needs to operate. This includes finding vendors and negotiating best prices.
 Human resource management – This is how well a company recruits, hires, trains,
motivates, rewards, and retains its workers. People are a significant source of value, so
businesses can create a clear advantage with good HR practices.
 Technological development – These activities relate to managing and processing
information, as well as protecting a company's knowledge base. Minimizing information
technology costs, staying current with technological advances, and maintaining technical
excellence are sources of value creation.
 Infrastructure – These are a company's support systems, and the functions that allow it
to maintain daily operations. Accounting, legal, administrative, and general management
are examples of necessary infrastructure that businesses can use to their advantage.
Companies use these primary and support activities as "building blocks" to create a valuable
product or service.
Using Porter's Value Chain

To identify and understand your company's value chain, follow these steps.
Step 1 – Identify subactivities for each primary activity
For each primary activity, determine which specific subactivities create value. There are three
different types of subactivities:
 Direct activities create value by themselves. For example, in a book publisher's

marketing and sales activity, direct subactivities include making sales calls to bookstores,
advertising, and selling online.
 Indirect activities allow direct activities to run smoothly. For the book publisher's sales
and marketing activity, indirect subactivities include managing the sales force and
keeping customer records.
 Quality assurance activities ensure that direct and indirect activities meet the necessary
standards. For the book publisher's sales and marketing activity, this might include
proofreading and editing advertisements.
Step 2 – Identify subactivities for each support activity.
For each of the Human Resource Management, Technology Development and Procurement
support activities, determine the subactivities that create value within each primary activity. For
example, consider how human resource management adds value to inbound logistics, operations,

outbound logistics, and so on. As in Step 1, look for direct, indirect, and quality assurance
subactivities.
Then identify the various value-creating subactivities in your company's infrastructure. These
will generally be cross-functional in nature, rather than specific to each primary activity. Again,
look for direct, indirect, and quality assurance activities.
Step 3 – Identify links
Find the connections between all of the value activities you've identified. This will take time, but
the links are key to increasing competitive advantage from the value chain framework. For
example, there's a link between developing the sales force (an HR investment) and sales
volumes. There's another link between order turnaround times, and service phone calls from
frustrated customers waiting for deliveries.
CHAPTER 8
INFORMATION SYSTEM MAINTENANCE

Maintenance is the process of making needed changes to the structure of some information system.
System maintenance is the ongoing maintenance of a system after it has been placed into operation.
Types of information system maintenance
Corrective maintenance
It implies removing errors in a program which might have crept into the system due to faulty design or
wrong assumptions.
Thus, in corrective, it is the process where performance failures are repaired.
Adaptive maintenance
Program functions are changed to enable the information system to satisfy the information needs of the
user.
This type of maintenance may become necessary because of the organizational changes which may
include change in the organizational procedures, change in forms, change in information needs of
managers, change in system controls and security needs, change in organizational objectives and
policies, change in operating system.

Perfective/enhancement maintenance
Perfective maintenance means adding new features or modifying the existing programs to enhance the
performance of the current system.
Perfective maintenance is undertaken to respond to users additional needs which may be due to
changes within or outside the organization.
An example of this type of maintenance is the conversion of text based systems to graphical user
interface design (GUI)
Preventive maintenance
It deals with activities aimed at increasing system maintainability, such as updating documentation,
adding comments and improving the modular structure of the system.
Reasons for information system maintenance
 Changes in business processes
Systems should be modified or updated to enable them address emerging or new business processes.
 New requests from stakeholders ,users and managers

 Bugs or errors in the system
Maintenance is necessary to fix errors.
 Change in operating system or hardware on which the system runs.
 Corporate mergers and acquisitions
 Government policies
The government may come up with new policies which may affect how business organization operates.
Systems must be modified to be in line with the new policies.
System maintenance process
 Obtain maintenance requests i.e. system service request

 Transform requests into formal changes/identify what parts of the system need to be changed.
 Secure resources to implement the change
 Design,code,test and implement changes
 Monitor changes
 Update software and hardware documentation

CHAPTER 9
ROLE OF ICT IN AN ORGANIATION

Meaning of organizational change
Organizational change is about reviewing and modifying management structure and business processes
Organizational change occurs when business strategies or major sections of an organization are altered.
It is a change that has significant effects on the way work is performed in an organization.
New information systems can be powerful instruments for organizational change enabling organization
to redesign their structure, scope, workflows, products and services.
Types of structural organizational change which are enabled by ICT
 Automation
 Rationalization
 Business process re-engineering
 Paradigm shift
Automation
Automation is the use of technology to help people to do their jobs better and faster.
It is using computers to speed up performance of existing tasks.
Rationalization
This is the streamlining of standard operating procedures, eliminating obvious bottlenecks so that
automation can make operating procedures more efficient.
Business process re-engineering

It is the complete redesign of a system with an objective of changing its functions.
BPR is the radical re-design of business processes, combining steps to cut waste and eliminating
repetitive paper intensive tasks in order to reduce costs, improve quality and service and to maximize
the benefits of ICT.
Steps in business process re-engineering
 Develop business vision and process objectives
Senior management need to develop a broad strategic vision which calls for the re-design of business
processes e.g. the management can look for breakthrough to lower cost and accelerate service that
would enable the firm to regain its competitive positions in the industry.

 Identify the processes to be re-designed
Companies should identify a few core processes to be re-designed, focusing on those with the greatest
potential payback.
 Understand and measure the performance of existing processes
Understand the problems that exist in current business processes and avoid them being repeated.
The organization needs to measure time and cost consumed by unchanged process
 Identify the opportunities for applying ICT/IS
The conventional method of designing systems establishes the information requirements of a business
function or process and then determines how they can be supported by ICT.
ICT should be allowed to influence the process design from the start.
 Build a prototype of the new process
The organization should design the new process on an experimental basis and anticipating a series of
revision until the re-designed process wins approval.
 Paradigm shift
It is the radical re-conceptualization of the nature of the business and the nature of the organization.
Factors or considerations before implementing organizational change
 Process to be changed
The organization needs to determine what changes are needed.
In order to lead competent humans into accepting and embracing change, it is better to have a clear
idea of what change should entail.
 Human resistance to change
It is important to be vigilant about how to embrace change and commit to moving away from
complaints.
 Change task force
It should comprise of most influential people in order to change the altitude of people and their
resistance.
 Empowered implementation
All employees should be equipped with the resources needed to effect change.

 Short term goals
The management should establish short term goals that represent successes along the path to the
common vision. This will help maintain the momentum and keep everyone motivated.
 Trust and communication
Trust should be established where there are doubts
The task force should help to achieve the goal building trust by dealing with people on an individual
basis and promoting honest conversation.
CHAPTER 10
INFORMATION SYSTEMS ETHICS

Definition of ethics
They are guidelines or rules of conduct that govern work behavior and communication in both public
and private undertaking
Information system ethics is the study of moral, legal and ethical issues involving the use of information
and communication technologies. It is also called cyber ethics.
Ethical issues in information systems

 Privacy
The right of individuals to retain certain information about themselves without the disclosure and to
have any information collected about them with their consent (knowledge) protected against
unauthorized access.
Privacy includes both the right to have personal information guarded from misuse and the right to be
left alone when solitude is desired.
 Property rights
Intellectual property is the intangible property that results from an individual’s or a corporation’s
creative activity.
Intellectual property is protected by three mechanisms
 Copyright
It is a method of protecting intellectual property that protects the form of expression (e.g. a given
program) rather than the idea itself (e.g. an algorithm)

Copyright may subsist in creative and artistic work (books, movies, music, paintings, photography and
software) and give a copyright holder the exclusive right to control reproduction for a certain period of
time depending on jurisdiction or country.
 Patent
It’s a method of protecting intellectual property that protects non-obvious discovery falling within the
subject matter of the patent act.
A patent may be granted for a new, useful and non-obvious invention and gives the patent holder a right
to prevent others from practicing the invention without a license from the inventor for a certain period
of time.
 Trade secret
Trade secret is non-public information concerning the commercial practices or proprietary knowledge of
a business of which public disclosure may sometimes be illegal.
 Trade mark
A distinctive sign used to distinguish the products or services of different businesses.
 Accuracy
Users of information systems have a duty to ensure that data in the system is up-to-date and accurate.
 Access/information rights
Information system users who hold private information have the ethical obligation to keep their private
information like name, address, and email and phone numbers saved from criminals or others who may
misuse that information.
Computer crime and security

Definition of computer crime/cyber crime
It is any crime committed with the help of a computer or to a computer.
Types of computer crime
 Unauthorized use of a computer
It entails gaining access to another person’s computer system and acquiring sensitive information such
as usernames, passwords and credit card information.
Such details can be used to perpetrate a number of other crimes that most often involve fraud.
 Identity theft

The criminal pretends to be another person using data he/she has acquired illegally
 Developing or spreading computer viruses and worms
Computer criminals can create programs called viruses which inflict considerable harm on the system
they infect.
 Cyber stalking
It entails the use of computer to torment and harass others by sending the malicious emails, bothering
them on online forums and in some cases making effort to damage their computer remotely.
 Denial of service attack(DOS)
It is a situation whereby a company website is flooded with service requests and the website become
overloaded to appoint where it crashes or becomes extremely slow.
Also, in computing, denial of service attack is an attempt to make a machine or network resource
unavailable to its intended users.
 Salami slicing
The practice of diverting small amounts of money from a large number of accounts maintained by the
system.
Example is where programmers round off the interest on account balances to the nearest cent and
transfer the accumulated fractions into their own accounts
 Phishing
This to convince users to reveal confidential data relating to them.
 Click fraud
It is a crime or fraud where an individual or computer program fraudulently clicks on an online advert
without any intention of learning more about the advert or making a purchase.
Information systems security
Security refers to the policies, procedures, and technical measures used to prevent unauthorized access,
alteration, theft or physical damage to information systems.
Objectives of computer security/information security
 Confidentiality
This is keeping information away from people who should not have it (unauthorized people)

 Integrity
Ensuring that the information stored in the computer is never changed in a way that is not appropriate.
Both confidentiality and availability contribute to integrity.
 Availability
Ensuring that the data stored in the computer can be accessed by all authorized people when required.
Threats to information systems/computer security threats
 Malicious threats
 Un intentional threats
 Physical threats/environmental threats
Malicious threats
o Computer viruses/virus threats
A computer virus is a program that is written to alter the way a computer operates without the
permission or knowledge of the user
A virus replicates and executes itself, usually doing damage to the computer in the process.
o Spyware threats/key loggers
A spyware is a program that monitors computer activities without the knowledge of the user in order to
capture personal information.
o Hacking/hackers
Hacking is gaining unauthorized access into a computer system or computer network
A hacker is an individual who intends to gain unauthorized access into a computer system.
o Spoofing
It is getting one computer on a network to pretend to have an identity of another computer, usually one
with special access privileges so as to obtain access to other computers on the network.
o Denial of service attack

o Cyber vandalism
Intentional disruption, defacement or destruction of a website or corporate information system.
o Digital snooping
It is electronic monitoring of digital networks so as to uncover passwords or other data.

o Evil twins
Are wireless networks that act as legitimate internet hotspots that are used to capture personal
information.
o Blue sniffing
The act of stealing personal data, specifically calendar and contact information from a Bluetooth
enabled device.
o Social engineering
Is tricking computer users into revealing their computer security or private information like passwords
and email addresses by exploiting the natural tendency of a person to trust or by exploiting a person’s
emotional response.
Unintentional threats
o Equipment malfunction
The hardware components operate in abnormal or unintended mode.
o Software malfunction
The software behavior is in conflict with intended behavior.
o User/operator errors
In advent alterations, manipulation or destruction of programs, data files or hardware
Physical/environmental threats
o Fire damage
Possible physical destruction of equipment due to fire or smoke.
o Water damage/floods
Possible physical destruction of equipment due to water damage.
o Power loss
It is where computers or vital supporting equipment fail due to lack power.
o Civil disorder
Destruction of computer system as a result of riots.
Information systems security controls/access control categories.

 Physical controls/operational controls
 Technical controls/technological controls
 Administrative controls
Physical controls
Physical security is the use of locks, security guards, badges, electric fences, motion detectors and
similar measures to control access to computers, related equipment and the processing facility itself.
o Preventive physical controls
They are employed to prevent unauthorized personnel from entering computing facility and to help
protect against natural disasters.
Examples of these controls include electric fences, security guards, locks and backup power.
o Detective physical controls
They warn protective services personnel that physical security measures are being violated. Examples of
these include motion detectors, smoke and fire detectors; closed circuit television monitors (CCTV),
sensors and alarms.
Technical controls/technological/logical controls
Logical security uses technology to allow individuals access to information and systems based on who
they are and what their role is within an organization.
Technical security involves the use of safeguards incorporated in computer hardware, application
software, communication hardware and related devices.
o Preventive technical controls
They are used to prevent unauthorized personnel or programs from gaining remote access to computing
resources.
Examples of these controls include:-access control soft wares, antivirus software, passwords,
smartcards, encryption and firewall.
 Access control software
The purpose of access control software is to control sharing of data and programs between users.
Access control software provides the ability to control access to the system by establishing that only
registered users with an authorized log-on ID and password can gain access to the computer system.
 Antivirus software

They are designed to detect and respond to malicious software such as viruses and worms. Responses
may include blocking user access to infected files, cleaning infected files or systems or informing the
user that an infected program was detected.
 Smart cards
They are usually the size of a credit card and contain a chip with logic functions and information that can
be read at a remote terminal to identify a specific user’s privileges.
Smart card carry pre-recorded usually encrypted access control information that is compared with data
that the user provides to verify authorization to access the computer or network.
 Encryption
This is the transformation of plain text (readable data) into cipher text (unreadable data) by
cryptographic techniques.
 Firewall
It is a hardware or software which controls the flow of incoming and outgoing network traffic.
A firewall helps to maintain computer information security by preventing unauthorized access to a

network.
o Detective technical controls
They are practices, processes and tools that identify and possibly react to unauthorized access to
information asset.
They warn personnel of violations or attempted violations of preventive technical controls.
Examples of these include audit trails and intrusion detection systems.
 Audit trail
A record of system activities that enables the reconstruction and examination of the sequence of events
of a transaction, from its inception to output of final results.
Audit systems make it possible to monitor and track system behavior that deviates from expected
standards
They are fundamental tools for detecting, understanding and recovering from security breaches.
 Intrusion detection systems

They are expert systems that track users on the basis of their personal profiles while they are using the
system to determine whether their current activities are consistent with an established norms or
standards.
If not, the user’s session can be terminated or a security officer can be to investigate.
Administrative controls
Administrative or personnel consists of management constraints, operational procedures and

accountability procedures established to provide an acceptable level of protection for computing
resources.
o Preventive administrative controls
Are personnel oriented techniques for controlling people’s behavior to ensure the confidentiality and
availability of computing data and programs.
Examples of these include security and technical training, separation of duties, procedures for recruiting
and terminating employees, security policies and procedures, supervision and user registration for
computer access.
 Security awareness and technical training
Security awareness training is a preventive measure that helps users to understand the benefits of
security practices.
Technical training can help users prevent the most common security problems (errors and omissions) as
well as ensure that they understand how to make appropriate back up files and detect and control
viruses.
 Separation of duties
Roles and responsibilities must be clearly defined and documented so that the management and staff
clearly understand who is responsible for ensuring that an appropriate level of security is implemented
for the most important ICT assets.
 Recruitment and termination procedures.
Appropriate recruitment procedures can prevent the hiring of people who are likely to violate security
policies.
Thorough background investigation should be conducted including checking on the applicant’s criminal
history and references.
In addition, certain procedures should be followed when any employee leaves the company regardless
of the conditions of termination.

 Security policies and procedures
Appropriate security policies and procedures are key to the establishment of an effective information
security program.
Policies should cover the use of computing resources, movement of computing equipment and media
into the facility, disposal of sensitive waste and computer and data security reporting.
Enforcement of these policies is essential to their effectiveness
 Supervision
 User registration for computer access
Formal user registration ensures that all users properly authorized for system and service access.
o Detective administrative controls
They include security reviews and audits, performance evaluations, background investigations and
rotation of duties.
 Security review and audit
Reviews and audits can identify instances in which policies and procedures are not being followed
satisfactory.
 Performance evaluation
Regularly conducted performance evaluations are an important element in encouraging quality

performance.
 Background investigations
Potential risks of future performance
It should be conducted on all employees being considered for promotion or transfer into a position of
trust (sensitive position)
 Rotation of duties
It helps to deter fraud
An additional benefit is that as a result of rotating duties, employees are cross-trained to perform each
other’s function in case of illness, vacation or termination

CHAPTER 11
INFORMATION SYSTEM RISK MANAGEMENT

This is the process of identifying risks, assessing risks and taking steps to reduce risk to an acceptable
level.
It encompasses/consists three levels.
o Risk assessment/analysis
o Risk mitigation
o Risk evaluation
Risk assessment/analysis
It is the process of reviewing risks, threats and vulnerabilities to determine appropriate controls
Risk mitigation
It involves prioritizing, evaluating and implementing the appropriate risk reduction control
recommended from the risk assessment process.
Risk mitigation strategies
 Risk assumption
It is accepting potential risk and continue operating the ICT system or to implement controls to lower
the risk to an acceptable level.
 Risk avoidance
It is to avoid the risk by eliminating the risk cause e.g. ignore certain functions of the system when risks
are identified.
 Risk limitation
It is to limit the risk by implementing controls that minimize the adverse impact of a threat exploiting
vulnerability.
 Risk transference
It is to transfer the risk by using other options to compensate for the loss, such as purchasing insurance.
Risk evaluation
Emphasizes the good practice and need for an ongoing risk evaluation and assessment and factors that
will lead to a successful management program.

CHAPTER 12
EMERGING TRENDS IN MANAGEMENT INFORMATION SYSTEMS

Electronic commerce
This is the buying and selling of goods and services over the internet
Electronic data interchange(EDI)

EDI is an electronic means for transmitting business transactions between organizations.
It promotes a more efficient paper less environment
o Information resource centers(IRC)
It coordinates all information activities within the areas of interest and expertise.
o Data warehousing
This is a massive database serving as a centralized storage of all data generated by all departments of a
large organization.
Advanced data mining software is required to extract meaningful information from a data warehouse.
Data mining
This is the process of discovering meaningful new correlations, patterns and trends by analyzing large
amounts of data stored in data warehouses, using artificial intelligence and mathematical techniques.
o Mobile computing
Refers to the increased use of mobile devices in computing
Cloud computing
Refers to the use of hardware and software as a service
o Outsourcing practices
Outsourcing is a contractual agreement whereby an organization hands over control of part or all of the
functions of the information system department to an external party or company.

Management Information Systems-1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Management Information Systems-1

Uploaded by

Copyright:

Available Formats

(NAIROBI CAMPUS)

COMPUTER SCIENCES DEPARTMENT

DIPLOMA IN ICT MODULE 3

UNIT NAME: MANAGEMENT INFORMATION SYSTEMS

At the end of this course students will be able to:

1. Understand the role of MIS in an organization.

NO TOPIC SUBTOPICS HOURS

 Qualities of good information system

 Social-technical view of information systems

2 . USE OF  Meaning and importance of management 12

 Decisions making cycle

3 MANAGEMENT OF  Meaning and importance of information systems 8

 Reasons for aligning information systems plan to

Compiled by Samuel Theuri

4 INFORMATION  Meaning and importance of information systems 8

 Reasons for aligning information systems plan to

5 INFORMATION  Meaning and importance of information system 18

 Signs of a failing information system project

 Causes for information system project failure

 Control measures and techniques of rescuing a

6 INFORMATION  Information system acquisition process 10

 Factors that influence the choice of information

 Criteria for information system acquisition

7 THE ROLE OF  The application of IS in an organization 4

8 INFORMATION  Meaning and importance of information systems 4

Compiled by Samuel Theuri

 Business process re-engineering

 Considerations for implementing a change program

10 INFORMATION  Ethical issues in information systems 10

 Control measures for computer crime

EMERGING  Emerging trends in MIS 12

1. Continuous assessment test (CAT 1) - 15 %

2. Continuous assessment test (CAT 2) - 15 %

3. Mock Exams- 70%

1. Experiencing management.David Kroen

3. Instructor: Samuel Theuri.

Compiled by Samuel Theuri

Compiled by Samuel Theuri

Compiled by Samuel Theuri

Components of a management information system

a) Database: It is used to store data or information that an organization uses.

Compiled by Samuel Theuri

Compiled by Samuel Theuri

Difference between Open Systems and Closed Systems

Open System Closed System

Compiled by Samuel Theuri

4) Deterministic Systems (Mechanistic Systems)

5) Probabilistic Systems (Stochastic Systems)

Approaches to information systems classification

a) Classification by organizational level supported

Compiled by Samuel Theuri

MIS Management level

TPS Operational level

b) Classification by functional area supported/Types of information systems from functional

Compiled by Samuel Theuri

ii. Manufacturing and production information system

iii. Finance and accounting information systems.

iv. Human resource information systems

c) Classification of information systems by support provided.

Compiled by Samuel Theuri

 Knowledge management system(KMS)

 Management information systems(MIS)

 Decision support systems(DSS)