CHAPTER I BASICS OF INFORMATION TECHNOLOGY Objectives: To help the students understand the basics of information, its need and

importance To assist the student to understand the fundamental concepts of Information Technology
INTRODUCTION: With the advancement in the field of Information Technology the entire world has shrunk to a global village. The present days information age began with the invention of telegraph transmitter and receiver. It was the first instrument to transform information into electrical form and transmit reliably over long distance. NEED FOR INFORMATION: Some of the common needs of information include: Decision Making: Every job or task involves decision making. It is the process of identifying, selecting and implementing the best possible alternative. Right information in the right form and at the right time is essential to make correct decisions.

Communication: Information is vital for communication. Business managers collect data, process and disseminate them to the required sources. Decisions are taken based on this information.

Knowledge:

Information plays a vital role in the accumulation of knowledge. For achieving success one must be well informed and should have clarity of information.

Productivity: Availability of right information at the right time to the right person enhances the productivity in the organisation. For e.g., when customer complaint data when shared with the production department, might help them to redesign the product and thereby increases the efficiency and performance of the product. PREREQUISITES OF INFORMATION: Information is the processed data that plays a vital role in decision making. For decisions to be meaningful and useful, the information must possess the following attributes: Accuracy: To be useful information must be accurate at all levels because all further developments are based on the available information. The cost of inaccurate or distorted information can be extremely high.

Timeliness: Information is appreciated only if it is available on time. Availability of information after the expected time has no significance.

Completeness: Information should be comprehensive in covering all the topics and issues under discussion.

Relevance:

In order to provide complete information, large amount of data is gathered. It is the responsibility of the decision maker to select the precise data that will be relevant to the specific situation or problem. TECHNOLOGY: The word technology originated from the Greek works tecne and logia, where tecne means skill and logia means study of science. Therefore technology may be referred to as a science used for practical purpose. Some of the advantages of technology are: Ease: Technology has provided many sophisticated gadgets that have made our life easier. For e.g., Washing machines, Automobiles etc

Fast: The results obtained by using technology are faster compared to doing the same work manually.

Creativity: Technology helps us to improve our creativity. For e.g., with the help of graphic programs it is possible to edit a movies or picture with respect to colour, background, music etc INFORMATION TECHNOLOGY: It is a branch of engineering that deals with the use of computers and telecommunications to retrieve, store and transmit information. The components of information technology include:

Hardware: It comprises of physical components like monitor, mouse, keyboard, mobile phones, and televisions etc., which can store and transmit information. Software: It is a set of instructions or programs that controls the hardware and allows the user to perform the required task. Data: It is a collection of raw facts. It included numerical, text and graphical data. People: They perform various functions with the help of hardware and software to produce the desired output.

PRESENT SCENARIO: With each passing day, technology is getting advanced. Information technology and computers are playing a vital role in the world's fast growing technological changes. Communications are becoming easier. The place once the mediums of television and radio had in an average person's life are now almost taken up by the computers. The rapid growth of internet utility is bridging the gaps between all humans regardless of region, area or even communities. Five decades ago ENIAC (Electronic Numerical Integrator and Computer) one of the earliest computers stood 10 feet tall and stretched 80 feet wide, while today one can buy a musical greeting card with a silicon chip that is 100 times faster than ENIAC.

Rich internet applications are becoming the norm as connectivity through broadband technology is being made available more readily. Online web surfing is becoming popular and many people have started to work on home based businesses and solutions for their earnings. It gives convenience and freedom of time. Social networking is one of the prime internet utility now a days and it is picking up pace as new web sites and internet users are rapidly growing in number. New forms of knowledge accumulation are developing, as computer-based learning systems are opening new avenues to innovative modes of instruction and learning. The rapid evolution of digital technologies is creating not only new opportunities for the society but also challenges. Corporations and governments are reorganising their work culture to enhance productivity, improve quality, and control costs. Entire industries have been restructured to better align themselves with the realities of the digital age. It is no exaggeration to say that information technology is fundamentally changing the relationship between people and knowledge. ROLE OF INFORMATION TECHNOLOGY: The major areas impacted by the advent of information technology include: Business: Information technology is no longer a business resource, it is the business environment. Ongoing advances in information technology (IT), along with increasing global competition, are adding complexity and uncertainty of several orders of magnitude to the business environment. Information Technology has impacted business be it service or manufacturing in the following ways:

Competitiveness: It offers a reliable and cost-effective means of doing of business. Routine tasks can be automated. The customers can be provided round the clock services. With the advancement in IT sector, corporate are spreading business around the world, thus increasing their presence and entering new markets. Security: With the growth of IT in business, there is more insecurity of data. Therefore almost every organisation has some security programs to avoid illegal access of the companys information by unauthorized persons. Cost benefits: The extensive availability of Internet-based information provides companies with wider choice of suppliers, which leads to more competitive pricing. Due to the presence of internet, the role of middlemen becomes less important as companies can sell their product or services directly to the customer. Marketing: Corporates through websites create brand awareness of their products, thus creating new avenues of promotion of their products. In addition, companies websites can also provide better services such as after sales service to the customer. Public Sector: The IT sector has become a boon for public sector by helping them increase their output and efficiency. The ability to adapt quickly to change and improve service quality using information technology (IT) will offer a greater advantage to public sector organizations. For e.g., IT has enabled automated services for booking of railway tickers, payment of electricity bills etc

Print media: The print media is the most widespread of the media technology. It remains the most widely adopted, portable, flexible and economical media. The most common example of print media is the newspaper, books, magazines etc. The reason for the popularity of this media is that it can be read by anyone, anytime without any special technology. New information technology allows print to be delivered in personalized, interactive formats that may enhance efficacy. Electronic media: Despite the growing popularity of the Internet, radio and television still represent the mode through people around the world receive information about national and international events. This is mainly because of the speed with which information is processed. An event occurring in the remotes area of the world can be easily covered with the help of satellite links. The information provided by these links can then be converted into a viewable form enabling people around the world to know about the happenings. Education: Technology is becoming a powerful tool for communication, problem solving and as a means of research in the field of education. Some of the different ways in which information technology is used education includes: Electronic leaning: Electronic learning (or e-Learning) is a type of Technology supported education/learning where the medium of instruction is through computer

technology, particularly involving digital technologies. The benefits of e-learning include: Reduces environmental impact: E-Learning allows people to avoid travel, thus reducing the overall carbon output. The fact that it takes place in a virtual environment also allows some reduction of paper usage. With virtual notes instead of paper notes and online assessments instead of paper assessments, eLearning is a more environmentally friendly solution. Quality education, made affordable: The fact that instructors of the highest caliber can share their knowledge across borders allows students to attend courses across physical, political, and economic boundaries. Recognized experts have the opportunity of making information available internationally, to anyone interested at minimum costs. This can drastically reduce the costs of higher education, making it much more affordable and accessible to the masses. An internet connection, a computer, and a projector would allow an entire classroom in a third world university to benefit from the knowledge of an opinion leader Convenience and flexibility to learners: The learning sessions are available 24x7. Learners are not bound to a specific day/time to physically attend classes. They can also pause learning sessions at their convenience. The concept of e-learning has led to the emergence of the term virtual classroom. Virtual classroom therefore, is a learning environment that exists

solely in the form of digital content that is stored, accessed, and exchanged through networked computer and information systems. Everything in a virtual classroom occurs in a non-physical environment. Students access the classroom by connecting to the rather than travelling to a real, physical classroom. The students may not even be in the same country as the instructor or teacher, the nature of virtual classrooms means that, in terms of access, the geographic location of students is not an issue. Within the virtual classroom two main styles of learning are evident, these are collaborative learning and independent learning. Collaborative learning is an environment in which: both teachers and learners are active participants in the learning process; knowledge is not something that is delivered to students but rather something that emerges from active dialogue among those who seek to understand and apply concepts and techniques. The virtual classroom demands this kind of learning in order to overcome the absence of face-to-face communication. Independent learning differs from collaborative learning in that the student does not interact with other students. In such environments interaction takes place exclusively between the teacher and the student and learning is completely selfdirected. In this case, the teacher is not the facilitator, but rather they are the provider of information. Students receive and respond to this information without collaboration and feedback from other students. Virtual classrooms tend to encourage collaborative learning, because more information and knowledge can be gained through the interaction and involvement with virtual class members than solely through the reception of information from an instructor. The Internet:

The terms Internet and World Wide Web are often used in every-day speech without much distinction. However, the Internet and the World Wide Web are not one and the same. The Internet is a global data communications system. It is a hardware and software infrastructure that provides connectivity between computers. In contrast, the Web is one of the services communicated via the Internet. Common uses of internet include: Electronic mail: Abbreviated as email, is the transmission of messages over communications networks. The messages can be notes entered from the keyboard or electronic files stored on disk. Most mainframes, minicomputers, and computer networks have an e-mail system. Some electronic-mail systems are confined to a single computer system or network, but most online services and Internet Service Providers (ISPs) have gateways to other computer systems, enabling users to send electronic mail anywhere in the world. Companies that are fully computerized make extensive use of e-mail because it is fast, flexible, and reliable. Most e-mail systems include a rudimentary text editor for composing messages, but many allow you to edit your messages using any editor you want. You then send the message to the recipient by specifying the recipient's address. You can also send the same message to several users at once. This is called broadcasting. Sent messages are stored in electronic mailboxes until the recipient fetches them. To see if you have any mail, you may have to check your electronic mailbox periodically, although many systems alert you when mail is received. After reading your mail, you can store it in a text file, forward it to other users, or delete it. Copies of memos can be printed out on a printer if you want a paper copy.

Although different e-mail systems use different formats, there are some emerging standards that are making it possible for users on all systems to exchange messages. In the PC world, an important e-mail standard is MAPI. Short for Messaging Application Programming Interface, a system built into Microsoft Windows that enables different e-mail applications to work together to distribute mail. As long as both applications are MAPI-enabled, they can share mail messages with each other. The International Telecommunication Union (ITU) is an intergovernmental organization through which public and private organizations develop telecommunications, has defined many important standards for data communications where in X.400 standard attempts to provide a universal way of addressing messages.

Newsgroup: A newsgroup is an Internet-based discussion about a particular topic. These topics range from sports, cars, investing, etc. Users post messages to a news server which then sends them to a bunch of other participating servers. Then other users can access the newsgroup and read the postings. The groups can be either "moderated," where a person or group decides which postings will become part of the discussion, or "unmoderated," where everything posted is included in the discussion. To participate in a newsgroup, you must subscribe to it. It typically doesn't cost anything, but some groups can be hard to get into unless you know people in the group. Nearly all newsgroups are found on Usenet, a worldwide network of news

discussion groups. . Usenet uses the Network News Transfer Protocol (NNTP). Because of the global spectrum of newsgroups, they make up largest bulletin board system (BBS) in the world. Newsgroups are organized into subject hierarchies, with the first few letters of the newsgroup name indicating the major subject category and sub-categories represented by a subtopic name. Some major subject categories are: news, rec (recreation), soc (society), sci (science), comp (computers), and so forth. Users can post to existing newsgroups, respond to previous posts, and create new newsgroups. A Frequently-Asked Questions (FAQs) is provided. The rules can be found when you start to enter the Usenet through your browser or an online service.

Web-cast services: To use the Internet to broadcast live or delayed audio and/or video transmissions, much like traditional television and radio broadcasts. For example, a university may offer on-line courses in which the instructor Webcasts a pre-recorded or live lecture. Users typically must have the appropriate multimedia application in order to view a Webcast. Netcast is another name for Webcast. Intranet: The term intranet is based on intra' meaning internal and net' meaning network. Therefore, intranets are internal networks. They act as an internal communications medium within an organisation. With intranets, companies create a smaller, internal version of the internet that are designed to simply and conveniently facilitate the sharing of different types of company information. Intranets have a

similar structure to the broader internet. However, they differ in that they are smaller networks and less public, being accessible only to the members of an organisation. Uploading company information and resources to intranets provides staff with easy access to shared knowledge and information. Corporate intranets increase productivity within the company as information and knowledge are made more available. Time wasted organising and sorting files is reduced, while collective knowledge within the company is improved. Intranets also simplify the task of updating data and documents. Intranets are usually accessible anytime from anywhere that the internet is available. To access an intranet from outside company premises, users simply require a URL and log-in details, such as a username and password. This enables staff to access information via the intranet at their convenience. As the use of intranets encourages information exchange, employees become more informed, empowering them with the ability to make better, faster decisions. Internet Chatting: Real time communication between two users via computers connected through a network. Internet Relay Chat (IRC) is the protocol required for chatting that involves a set of rules and conventions and client/server software. Most networks and online services offer a chat feature. References: 1. Fundamentals of Computer by V Rajaraman; Prentice Hall of India Pvt. Ltd., New Delhi 2. Computers Today by SK Basandara, Galgotia publication Pvt ltd. Daryaganj, New Delhi

3. MS-Office 2000 for Everyone by Sanjay Saxena; Vikas Publishing House Pvt. Ltd., New Delhi 4. Internet for Every One by Alexis Leon and Mathews Leon; Vikas Publishing House Pvt. Ltd., Jungpura, New Delhi 5. A First Course in Computer 2003 Edition with CD by Sanjay Saxena; Vikas Publishing House Pvt. Ltd., Jungpura,New Delhi 6. Mastering Windows 95, BPB Publication, New Delhi 7. Computer Fundamentals by PK Sinha; BPB Publication, New Delhi 8. Fundamentals of Information Technology by Leon and Leon;Vikas Publishing House Pvt. Ltd., Jungpura, New Delhi 9. Introduction To Information Technology by Itl Education Solutions Limited Web Reference: http://www.looselycoupled.com/glossary/Internet http://en.wikipedia.org/wiki/Internet http://en.wikipedia.org/wiki/Email http://www.autistici.org/en/services/mail/mail_intro.html Questions Section A

Each answer carries 2 marks 1. Give the meaning of Information? 2. Give the meaning of technology 3. What are web cast services? 4. What do you mean by internet chatting? 5. What is an intranet? Give two uses 6. What is a virtual classroom? Section B Each answer carries 8 marks 1. Give the prerequisites of Information technology 2. What is the need for information? 3. Write short notes on Electronic mail. 4. Write notes on Newsgroup. 5. How does the IT sector benefit print and electronic media? 6. How does IT help Business? 7. State and Explain the Components of Information Technology

Section C Each answer carries 12 marks 1. List and explain the role of information technology in various areas. 2. What do you mean by Electronic Leaning? Bring out its significance.

CHAPTER II INFORMATION SYSTEMS Objectives: To help the students understand the concept of data and information To make them understand the different information systems used by Business organisation

DATA & INFORMATION: Data is unprocessed raw information. Data is normally stored in a database or a file. Information is the result of processing, manipulating and organizing data in a way that adds to the knowledge of the person receiving it. INFORMATION SYSTEMS: System concepts underlie all business processes. Therefore it becomes pertinent for us to discuss the fundamentals of generic system concepts and their applications in business processes and Information systems. A system is a group of interrelated components, with clearly defined boundary, working together towards a common goal by accepting inputs and producing outputs in an organised transformation process. A system has three basic components of functions. They are: Input involves capturing and assembling elements that enter the system to be processed. For example raw materials, energy, data, and labour must be secured and organised for processing.

Processing involves transformation processes that convert input into output. Examples are manufacturing process, mathematical calculation etc.

Output involves transferring elements that have been produced by a transformation process to their ultimate destination. For example finished products, management information transferred to the end users.

A manufacturing system accepts raw materials as input produces finished goods as output. An information system is a system that accepts resources (data) as input and processes them into products (information) as output. A business organisation is also a system where economic resources are transformed various business processes into goods and services. Information System Resources: Our basic IS model shows that an information system consists of five major resources: people, hardware, software, data and networks. Lets now discuss briefly the basic concepts and roles these resources play as the fundamental components of information systems. People resources: People are the essential ingredients for the successful operation of all information systems. These people resources include: End users (clients) are people who use an information system or the information it produces. They can be customers, sales person, engineers etc.

IS specialists are people who develop and operate information systems. They include systems analysts, software developers, system operators and other managerial, technical and clerical personnel.

COMPONENTS OF AN INFORMATION SYSTEM (IS)

Hardware resources:

They include all physical devices and materials used in information processing. It includes not only machines such as computers and their peripherals but also data media such as tangible objects on which data is recorded, that is right from sheets of paper to magnetic or optical disks etc. Software resources: The concept of software resources includes all sets of information processing instructions. It includes not only the sets of operation instructions called programs, which direct and control computer hardware, but also the sets of information processing instructions called procedures that people need. Data Resources: Data are the lifeblood of todays organisations and the effective and efficient management of data is considered an integral part of organisation strategy. Data can take many forms, like alphanumeric data, composed of numbers and alphabetical and other characters that describe business transactions and other events and entities. Text data, consisting of sentences and paragraphs used in written communications, image data, such as graphic shapes and figures, and photographic and video images, and audio data, the human voice and other sounds are also important forms of data. The data resources of information systems are typically organised, stored and accessed by variety of data resource management technologies into: Databases that hold processed and organised data

Knowledge bases that hold knowledge in a variety of forms such as facts, rules and case examples about successful business practices

Network Resources: Telecommunications technologies and networks like internet, intranets and extranets are essential for the success of electronic business and commerce. Telecommunications networks consist of computers, communication processors and other devices interconnected by communications media and controlled by communications software. Information System Activities: Lets take a closer look at each of the basic data processing activities that occur in information systems: Input of Data Resources: Input typically takes the form of data entry activities such as recording and editing. Once entered, data may be transferred into a machine-readable medium such a magnetic disk until needed for processing. Processing of Data into Information: Data are subjected to processing activities such as calculating, comparing, sorting, classifying and summarizing. These activities organise, analyse, and manipulate data thus converting them into information for end users. Output of Information products: Information in various forms is transmitted to end users and made available to them in the output activity. The goal of information systems is the production of appropriate information products for end users. Common information products

include messages, reports, forms, and graphic images, which may be provided by video displays, audio responses, paper products and multimedia.

Storage of Data Resources: Storage is a basic system component of information systems. Storage is the information system activity in which data and information are retained in an organised manner for later use. Control of system performance: An important information system activity is the control of system performance. An information system should produce feedback about its input, processing, and output and storage activities. This feedback must be monitored and evaluated to determine if the system is meeting established performance standards. Then appropriate system activities must be adjusted so that proper information products are produced for end users. TYPES OF INFORMATIONS SYSTEMS: Some of the important types of information systems include: Transaction Processing Systems: A Transaction Processing System (TPS) is a type of information system that collects, stores, modifies and retrieves the data transactions of an enterprise. A transaction is any event that passes the ACID test in which data is generated or modified before storage in an information system

Features of Transaction Processing Systems Transaction processing systems offer enterprises the means to rapidly process transactions to ensure the smooth flow of data and the progression of processes throughout the enterprise. Typically, a TPS will exhibit the following characteristics: Rapid Processing: The rapid processing of transactions is vital to the success of any enterprise now more than ever, in the face of advancing technology and customer demand for immediate action. TPS systems are designed to process transactions virtually instantly to ensure that data is available to the processes that require it.

Reliability: Similarly, customers will not tolerate mistakes. TPS systems must be designed to ensure that not only do transactions never slip past the net, but that the systems themselves remain operational permanently. TPS systems are therefore designed to incorporate comprehensive safeguards and disaster recovery systems. These measures keep the failure rate well within tolerance levels.

Standardisation: Transactions must be processed in the same way each time to maximise efficiency. To ensure this, TPS interfaces are designed to acquire identical data for each transaction, regardless of the customer.

Controlled Access:

TPS must be restricted to only those employees who require their use. Restricted access to the system ensures that employees who lack the skills and ability to control it cannot influence the transaction process.

Transactions Processing Qualifiers: In order to qualify as a TPS, transactions made by the system must pass the ACID test. The ACID tests refers to the following four prerequisites:

Atomicity: Atomicity means that a transaction is either completed in full or not at all. For example, if funds are transferred from one account to another, this only counts as a bone fide transaction if both the withdrawal and deposit take place. If one account is debited and the other is not credited, it does not qualify as a transaction. TPS systems ensure that transactions take place in their entirety.

Consistency: TPS systems exist within a set of operating rules (or integrity constraints). If an integrity constraint states that all transactions in a database must have a positive value, any transaction with a negative value would be refused.

Isolation:

Transactions must appear to take place in isolation. For example, when a fund transfer is made between two accounts the debiting of one and the crediting of another must appear to take place simultaneously. The funds cannot be credited to an account before they are debited from another.

Durability: Once transactions are completed they cannot be undone. A log will be created to document all completed transactions.

These four conditions ensure that TPS systems carry out their transactions in a methodical, standardised and reliable manner. Types of Transactions: There are two broad types of transaction, Batch Processing: Batch processing is a resource-saving transaction type that stores data for processing at pre-defined times. Batch processing is useful for enterprises that need to process large amounts of data using limited resources.

Examples of batch processing include credit card transactions, for which the transactions are processed monthly rather than in real time. Credit card transactions need only be processed once a month in order to produce a statement for the customer, so batch processing saves IT resources from having to process each transaction individually.

Real Time Processing:

In many circumstances the primary factor is speed. For example, when a bank customer withdraws a sum of money from his or her account it is vital that the transaction be processed and the account balance updated as soon as possible, allowing both the bank and customer to keep track of funds. Management Information System (MIS): It is basically concerned with processing data into information, which is then communicated to the various Departments in an organization for appropriate decision-making.

Data

Information

Communication

Decisions

MIS plays a vital role in ensuring that an appropriate data is collected from various sources, processed and sent to the needy destinations, fulfills the information needs of an individual, a group and the management functionaries at all levels. MIS satisfys these needs through a variety of systems such as query, analysis, modeling and decision support systems. The figure given below explains the working of MIS. A business transaction can be any business event like a payment or receipt of purchase etc. When a transaction takes place it is first processed through TPS with the help of operational databases. An operational database is a database containing up-to-date modifiable data. From the TPS the transactions move to MIS, which draws inputs from internal and external sources and then stores the updated transaction (output) in application databases to be used either

for internal distribution through intranet or for other systems like the Decision Support systems, Executive support systems and expert systems.

Outputs can also be generated in the form of reports like: Drill down Reports: These are reports that move from summary information to the detailed data that created it. For example, adding totals from all the orders for a year creates gross sales for the year. Drilling down would identify the types of products that were most popular Scheduled reports: Produced periodically, or on a schedule (daily, weekly, monthly) Key-indicator report: It summarizes the previous days critical activities. Typically available at the beginning of each day Demand report: Gives certain information at a managers request Exception report: Automatically produced when a situation is unusual or requires management action Scope of MIS: Include, To provide managerial end users with information products that support much of their day to day decision making needs. To provide variety of reports to the management To retrieve information about internal operations from databases that has been updated by TPS

To obtain data about the business environment from external sources so as to process them to serve the managers in a better way Decision Support Systems: A decision support system (DSS) is a computer program application that analyzes business data and presents it so that users can make business decisions more easily. Typical information that a decision support application might gather and present would be: Comparative sales figures between one week and the next

Projected revenue figures based on new product sales assumptions

The consequences of different decision alternatives, given past experience in a context that is described A decision support system may present information graphically and may be aimed at business executives or some other group of knowledge workers. Executive Support Systems: Also referred to as EIS that is Executive Information System. Executive Support System (ESS) is a reporting tool (software) that allows you to turn your organization's data into useful summarized reports. These reports are generally used by executive level managers for quick access to reports coming from all company levels and departments such as billing, cost accounting, staffing, scheduling, and more.

In addition to providing quick access to organized data from departments, some Executive Support System tools also provide analysis tools that predicts a series of performance outcomes over time using the input data. This type of ESS is useful to executives as it provides possible outcomes and quick reference to statistics needed for decision-making. Data Information Knowledge Action

Office Automation System: It facilitates everyday information processing tasks in offices and business organizations. It provides effective ways to process personal and organizational business data, to perform calculations and to create documents. These systems use a wide range of tools, Word processing A spreadsheet A presentation tool A database A schedule Considering that organizations require increased communication, today, office automation is no longer limited to simply capturing handwritten notes. In particular, it also includes the following activities: Exchange of information Management of administrative documents Handling of numerical data Meeting planning and management of work schedules

INFORMATION SYSTEM LEVELS:

Top Mgmt Middle Mgmt Lower Mgmt Operational Mgmt

The four levels of information systems that exist in a typical business organisation are: Operational Lower management Middle management Top management At the operational level, known as functional level, routine production or clerical operations are performed. Operational systems provide little feedback directly to the employees. For e.g., the materials clerk receives a material requisition, fills the requisition and files a report of action taken. The records of transactions occurring at the operational level constitute data that, when collected, organised and processed becomes the basis for higher level management actions.

Lower management performs supervisory functions. For e.g., the supervisor cross checks the material requisition form submitted by the material clerk at the operational level and takes corrective actions. Middle management functions are known to be tactical in nature. This level is responsible for planning, allocation and control of resources necessary to accomplish the organizational goals. Authority is delegated to the supervisory level and performance is measured. Top management functions are strategic in nature. These include establishment of the goals, long range planning, product development, mergers and acquisitions etc. INFORMATION GENERATORS: Information systems are developed in a company to meet not only its internal reporting needs but also the external reporting needs that arise from its general business environment. The internal information needs are represented by the nine functional business systems. Externally generated needs are represented by nine agencies.

BUSINESS INFORMATION SYSTEM: Business Information System supports the functional areas of business (marketing, production/operations, accounting, finance, and human resource management) through a wide variety of computer-based operational and management information systems.

Other wise called as Cross Functional Information systems as they are integrated combinations of business information systems, thus sharing information resources across the functional units of an organization. Lets now briefly study the application of MIS across the functional units of an organisation. Marketing Information System: It is an Information System that supports planning, control, and transaction processing required for the accomplishment of marketing activities, such as sales management, advertising and promotion Marketing Information System Components/Function

1. Interactive Marketing: A dynamic collaborative process of creating, purchasing, and improving products and services that builds close relationships between business and its customers, using variety of services on the Internet, intranets and extranets. The marketing materials can be put on customers or prospectus computer screens using either Push or Pull technologies. Pull Marketing It relies on the customer to access the services of the internet using the Web browser. For e.g., A customer would use the browser to find and read or download multimedia marketing material from a companys web site. Push Marketing It relies primarily on software called Web broadcasters or net broadcasters. For e.g., Softwares such as PointCast, Backweb, and Castanet automatically transmits a variety of information from the web or other sources to the customers PC Interactive Marketing Process: Step-1 Segment and identify potential customers (Initial market research done by reaching relevant groups-WWW servers, listservs, newsgroups) Step-2 Create promotional, advertising, and educational material (WWW page with multimedia effects-audio and video) Step-3 Put the material on the customers computer screens Push-based marketing-direct marketing using Web broadcasters, newsgroups, listservs, and E-mail

Pull-based marketing- indirect marketing(static)-www pages

Step-4

Interacting with customers Dialogue with the customer, interactive discussion among customer about various features offering endorsements, testimonials, questions/answers.

Step-5

Learning from customer Incorporating feedback from customers in advertising, marketing strategy identifying new markets, using experience in new product development

Step-6

Online customer service Fast, friendly solutions to customer problems

2. Sales Force Automation (SFA): Customer Relationship Marketing grew from a focused application to an enterprise-wide initiative and the growth has everything to do with the very beginnings in sales force automation. SFA were originally meant to improve sales force productivity and encourage salespeople to document and communicate their field activities. But today they are becoming increasingly focused on cultivating customer relationships and improving customer satisfaction. Sales Force Automation Systems (SFA), typically a part of a companys customer relationship management system, is a system that automatically records all the stages in a sales process. SFA includes a contact management system which tracks all contact that has been made with a given customer, the purpose of the contact, and any follow up that might be required. This ensures that sales efforts are not duplicated, reducing the risk of irritating customers. SFA also includes a sales lead tracking system, which lists potential customers through paid phone lists, or customers of related products. Other elements of an SFA system can include sales forecasting,

order management and product knowledge. More developed SFA systems have features where customers can actually model the product to meet their required needs through online product building systems 3. Advertising and Promotions: Marketing Managers try to maximize sales at the lowest possible costs for advertising and promotion. Marketing information systems use market research information and promotion models to help: Select media and promotional methods Allocate financial resources Control and evaluate results of various advertising and promotion campaigns Targeted marketing has become an important tool in developing advertising and promotion strategies for a companys electronic WEB sites. 4. Sales Management: Sales manager must plan, monitor, and support the performance of the salespeople in their organizations. So in most firms, computer based systems produce sales analysis reports that analyze sales by product, product line, customer, type of customer, salesperson, and sales territory. Such reports help marketing managers monitor sales performance of products and salespeople and help them develop sales support programs to improve sales results.

5. Marketing Research and Forecasting:

Market Research information systems provide marketing intelligence to help managers make better marketing forecasts and develop more effective marketing strategies. Marketing information system help researchers to collect, analyze, and maintain an enormous amount of information on a wide variety of market variables that are subject to continual change. This includes information on customers, prospects, consumers, and competitors. Data can be gathered from many sources, including a companys databases, data marts and data warehouse, www sites. Then a variety of statistical software tools can help managers analyze market research data and forecast sales and other important market trends. 6. Customer Service and Support (CRM): CRM is a combination of policies, processes, and strategies implemented by an organization to unify its customer interactions and provide a means to track customer information. It involves the use of technology in attracting new and profitable customers, while forming tighter bonds with existing ones. CRM includes, Front office operations Direct interaction with customers, e.g. face to face meetings, phone calls, e-mail, online services etc.

Back office operations Operations that ultimately affect the activities of the front office (e.g., billing, maintenance, planning, marketing, advertising, finance, manufacturing, etc)

Business relationships Interaction with other companies and partners, such as suppliers/vendors and retail outlets/distributors, industry networks (lobbying

groups, trade associations) This external network supports front and back office activities.

Analysis Key CRM data can be analyzed in order to plan target-marketing campaigns, conceive business strategies, and judge the success of CRM activities (e.g., market share, number and types of customers, revenue, profitability). 7. Product Management: Product Managers need information to plan and control the performance of specific products, product lines, and brands. Computer-based models may be used to evaluate the performances of current products and the prospects for success of proposed products. Manufacturing information systems: They support production/operations function of an organization. Information systems used for operations management and transaction processing, support firms in planning, monitoring, & controlling inventories, purchases & the flow of goods and services. The objectives of Computer Integrated Manufacturing include, To simplify production processes, product designs and factory organization as a vital foundation to automation and integration To automate production processes and the business functions that support them with computers, machines and (possibly) robots To integrate all production and support processes using computer networks, cross-functional business software and other information technologies

Manufacturing Resource Planning: Combines material requirement planning with other manufacturing-related activities to plan the manufacturing process such as: Shop activity control and purchasing Source of demand Customer order entry and forecasting Support functions such as financial management, sales analysis, and data collection Manufacturing Execution Systems (MES): They track, schedule, and control manufacturing processes. Collect data such as: Number of hours a machine operates every day of the month Idle time and the reason behind Engineering System: Engineering information systems aid engineers in designing new products and simulate operations with the help of Computer aided designs, Computer aided engineering etc Human Resource Management Information System: Human Resource Information Systems support, Planning to meet the personnel needs of the business Development of employees to their full potential

Control of personal policies and programs Recruitment Job placement Performance appraisals Employee benefits analysis Training and development Health, safety, & security HRM and the Internet Allows companies to process most common HRM applications over their intranets Allows companies to provide around-the-clock services to their employees Allows companies to disseminate valuable information faster Allows employees to perform HRM tasks online Accounting Information System: An accounting information system (AIS) is the system of records a business keeps to maintain its accounting system. This includes the purchase, sales, and other financial processes of the business. The purpose of AIS is to accumulate data and provide decision makers (investors, creditors, and managers) with information. While this was previously a paper-based process, most businesses now use accounting software. In an electronic financial accounting system, the steps in the accounting cycle are dependent upon the system itself. For example, some systems allow direct journal posting to the various ledgers and others do not. Six widely used accounting systems are,

Order processing: Captures & processes customer orders and produces data needed for sales analysis and inventory control Inventory Control: Helps provide high-quality service while minimizing investment in inventory & inventory carrying costs Accounts Receivable: Keeps records of amounts owed by customers from data generated by customer purchases and payments Accounts Payable: Keeps track of data concerning purchases from, and payments to suppliers Payroll: Receives and maintains data from employee time cards and other work records General Ledger: Consolidates data received from accounts receivable, accounts payable, payroll, & other accounting information systems

Financial Information System: It is a system that accumulates and analyzes financial data in order to make good financial management decisions in running the business. The basic objective of the financial information system is to meet the firm's financial obligations as they come due, using the minimal amount of financial resources consistent with an established margin of safety. Outputs generated by the system include accounting reports, operating and capital budgets, working capital reports, cash flow forecast, and various What-If Analysis reports. The evaluation of financial data may be performed through ratio analysis, trend evaluation, and financial planning modeling. It involves the following steps, Estimate the monthly cash outflows both operating and capital expenditures

Estimate the monthly cash inflows

Compare inflows and outflows. If surplus funds exist, then find ways to use them productively. If there is shortage, then find ways to reduce outflows and increase inflows.

Identify and compare outside funding sources

Establish a system for tracking flow of funds and measuring the return rate on investments

A SYSTEMS APPROACH TO PROBLEM SOLVING The system approach to problem solving uses a systems orientation to define problems and opportunities and develop solutions. Studying a problem and formulating a solution involve the following interrelated activities. Recognize and define a problem or opportunity using systems thinking. Develop and evaluate alternative system solutions Select the system solution that best meets your requirements Design the selected system solution to meet your requirements. Implement and evaluate the success of the designed system. The steps involved in Problem Solving include,

Defining Problems and Opportunities: Problems can be defined as basic condition that is causing undesirable results. Opportunity is a basic condition that presents the potential for desirable results. Symptoms are merely signals of an underlying cause or problem. Example: Symptom Problem Sales of a companys products are declining. Sales person are losing orders they cannot get current information on product prices and availability. We could increase sales significantly if salespersons could receive instant responses to requests for prices quotations and product availability.

Opportunity

Developing Alternative Solutions:

There are usually several different ways to solve any problem or pursue any opportunity. Where do alternative solutions come from? Experience is a good source Past history Advice from others Recommendations of consultants Suggestions of expert Decision support software can be used to development alternative solution

Evaluating Alternative Solutions: These alternative solutions must be evaluated so that the best solution can be identified. Then evaluation criteria need to be developed in order to determine how well each alternative solution meets these criteria. Criteria may be ranked or weighted, based on their importance in meeting our requirements. Example:
Criteria Relative Weights Alternative A
Sales Data Entry by Sales Reps Using Laptop Linked to Company Intranet Web Site

Relative Score

Alternative B
Sales Data Entry by Optical Scanning of Forms Mailed to the Data Center by Sales Reps

Relative Score

 St
artup costs O perat ing costs E ase of use A ccura cy R eliabi lity Overall score

20 30 20 20 10 100

$1 million $100,000/year Good Excellent Excellent

12 25 16 20 10 83

$100,000 $200,000/year Fair Fair Excellent

18 20 12 6 10 66

Advantages

Low operating costs, easy to use, accurate, and reliable High start-up cost

Low start-up cost and reliable

Disadvantages

High operating costs, difficult to use, and not very accurate

Selecting the Best Solution: Once all alternative solutions have been evaluated, you can begin the process of selecting the best solution. Alternative solutions can be compared to each other because they have been evaluated using the same criteria. Therefore in the previous example,

Alternative with a low accuracy evaluation should be rejected.

Therefore, alternative B for sales data entry is rejected, and alternative

A, the use of laptop computers by sales representatives, is selected. Designing and Implementing a Solution: Once a solution has been selected, it must be designed and implemented. An implementation plan specifies the resources, activities, and timing needed for

proper implementation. Using the above example, the following items might be included in the design specifications and implementation plan for a computerbased sales support system: Types and sources of computer hardware, and software to be acquired for the sales representatives Operating procedures for the new sales support system Training of sales reps and other personnel Conversion procedures and timetables for final implementation

SYSTEM DEVELOPMENT CYCLE Using the systems approach to develop information system solution involves a multistep process called the Information systems development cycle (ISDC) also known as the System Development Life Cycle (SDLC).

1. System Investigation- Feasibility Studies: A feasibility study is a preliminary study which investigates the information needs of prospective users and determines the resource requirements, costs, benefits and feasibility of a proposed project.

These are the questions that have to be answered in the systems investigation stage. Do we have a business problem (or opportunity)? What is causing the problem?

Would a new or improved information system help solve the problem? What would be a feasible information system solution to our problem? The feasibility study of proposed system can be evaluated in terms of four major categories. Organizational feasibility: It investigates how well the proposed information system supports the strategic objectives of the organization. Economical feasibility: It is concerned with whether expected cost savings, increased revenue, increased profits, reduction in required investment, and other types of benefits will exceed the cost of developing and operating a proposed system. Technical feasibility: It is concerned with the acquisition or development of reliable hardware and software capable of meeting the needs of a proposed system for the business in the required time. Operational feasibility: It is concerned with the willingness and ability of the management, employees, customers, suppliers, and others to operate, use, and support a proposed system.

2. System Analysis - Functional Requirements: System analysis describes what a system should do to meet the information needs of users. Functional Requirements are end user information requirements that are not tied to the hardware, software, network, data and people resources that end users presently use or might use in the new system. It includes, User interface requirements: The input/output needs of end users that must be supported by the information system, including sources, formats, content, volume and frequency of each type of input and output Processing requirements: Activities required to convert input into output. Includes calculations, decision rules, and other processing operations, and capacity, throughput, turnaround time, and response time needed for processing activities Storage requirements: Organization, content, and size of databases, types and frequency of updating and inquiries, and the length and rationale for record retention Control requirements: Accuracy, validity, safety, security, and adaptability requirements for system input, processing, and output and storage functions. 3. System Design System specifications: System Design specifies how the system will accomplish the objective. System Design can be viewed as the design of user interfaces, data, and processes

System Design

Phase Early

Description Compute, summarise and organise

Examples Calculators, early computer programs, statistical models, simple

Intermediate

management models Find, organise and display Database management decision-relevant systems, MIS, filing information systems Perform decision-relevant Financial models, computations, organise and display the results, what if analysis, interact with decision makers to facilitate formulation and execution of the intellectual steps in the process of decision making. Complex and fuzzy decision situations, using ERP software, the web and electronic commerce spreadsheets, trend exploration, operations research models, CAD systems, DSS, ES, EIS

Current

Just beginning

Second-generation expert system, group support systems, neural computing, knowledge management, Fuzzy logic, intelligent agents, SAP

DECISION MAKING AND PROBLEM SOLVING

Decision making is a process of choosing among alternative course of action for the purpose of attaining a goal or goals. A problem occurs when a system does not meet its established goals, does not yield the predicted results or does not work as planned. Therefore problem solving is more concerned with identifying opportunities. SYSTEMS The acronyms DSS, GSS, EIS and ES include the term systems. The concept of Systems has already been discussed. Let us now analyse the structure of a system,

Systems are divided into three distinct parts, inputs, processes and outputs. They are surrounded by an environment and often include a feedback mechanism. In addition, a human decision maker is considered a part of the system. Inputs: These are elements that enter the system Processes: These are the elements that are required to convert inputs into output. Output: These are finished products. Feedback: There is a flow of information from the output component to the decision maker concerning the systems output or performance. Based on the outputs, the decision maker, who acts as a control, may decide to modify the inputs, the processes or both. This information flow, appearing as a closed loop is called feedback. This is how real systems monitoring occurs. The decision maker compares the outputs to the expected outputs and adjusts the inputs and possibly the processes to move closer to the output targets. The Environment: The Social, political, legal, physical and economical elements on which the decision maker does not have influence constitutes the environment.

The Boundary: The system is separated from the environment by a boundary. A boundary can be physical or non physical. Example of physical boundary: where the department is a system, the boundary can be the building in which it is located. Example of non physical boundary: Where a system is time bound say for 1 year, in such a case we can analyse the system/organisation only for that particular year. Closed and open systems: Because every system is a subsystem of another, the system analysis process might never end. Therefore one must confine the system analysis to defined, manageable boundaries. Such confinement is called closing the system. A closed system is at one extreme of a continuum that reflects the degree of independence of systems. A closed system is totally independent, whereas an open system is very dependent on its environment. An open system accepts inputs from the environment and may deliver outputs to the environment. When determining the impact of decisions on an open system, we must determine its relationship with the environment and with other systems. In a closed system, we need not do this because the system is considered to be isolated. Many computer systems, such as transaction processing systems (TPS) are considered closed systems. Generally, closed systems are fairly simple in nature. A special type of closed system called a black box is one in which inputs and outputs are well defined but the process itself is not specified. Many managers are concerned with how a computer works. Essentially, they prefer to treat them as black boxes. Managers use these devices independent of the operational details

because they understand how the devices function and their tasks do not require them to understand the way they really work. DSS attempt to deal with systems that are fairly open. Such systems are complex and during their analysis one must determine the impacts on and from the environment. MODELS: A model is a simplified representation or abstraction of reality. The representation of systems or problems by models can be done with various degrees of abstraction; therefore models are classified into three groups according to their degree of abstraction: Iconic models: It is the least abstract model. It is a physical replica of a system, usually on a different scale from the original. Analog models: It behaves like the real system but does not look like it. It is more abstract than an iconic model and is a symbolic representation of reality. These models are usually charts or diagrams. Example: Organisation charts Mathematical models: The complexity of relationships in many organisational systems cannot be represented by icons or analogically because they could become cumbersome. Therefore more abstract models are described mathematically. Most DSS analyses are performed numerically with mathematical or quantitative models.

PHASES IN DECISION MAKING PROCESS According to Simon, the four phases in decision making include,

THE INTELLIGENCE PHASE: Intelligence in decision making involves scanning the environment, either intermittently or continuously. It includes, 1. Problem (or opportunity) identification: The intelligence phase begins with the identification of organisational goals and objectives related to an issue and determination of whether they are being met.

Dissatisfaction is the result of a difference between what we do and what is occurring. In this phase, one attempts to determine whether a problem exists, identify its symptoms, determine its magnitude and explicitly define it. Often, what is described as a problem may be only a symptom. It is sometimes difficult to distinguish between the symptoms and the real problem. The existence of problem can be determined by collection and estimation of data. Some issues that may arise during data collections, Non availability of data Obtaining data may be expensive Data estimation is often subjective Important data that influence the results may be qualitative It is assumed that future data will be similar to historical data Once the preliminary investigation is completed, it is possible to determine whether a problem really exists, where it is located and how significant it is. 2. Problem Classification: It is the conceptualization of the problem into definable category according to the degree of structuredness. 3. Programmed versus nonprogrammed problems: Programmed problems are well structured and routine problems where as nonprogrammed problems are highly unstructured and novel problems.

4. Problem decomposition: Many complex problems can be divided into subproblems. Solving the simpler subproblems may help in solving the complex problems. Also, some seemingly poorly structured problems may have some highly structured subproblems. 5. Problem Ownership: In the intelligence phase it is important to establish problem ownership. A problem exists in an organisation only if someone or some group takes on the responsibility of attacking it. When problem ownership is not established, then the problem has to be assigned to someone. Thus the intelligence phase ends with a formal problem statement. THE DESIGN PHASE: It involves developing and analyzing possible courses of action. These include understanding the problem and testing solutions for feasibility. A model of the decision-making problem is constructed, tested and validated. The process of modeling is a combination of art and science. As a science, there many standard model classes available, and with practice an analyst can determine which one is applicable to a given situation. As an art, a level of creativity is required when determining what assumptions can work, how to combine appropriate features of the model classes and how to integrate models to obtain valid solutions. The following aspects should be considered for efficient designing of a model,

 The components of the model The structure of the model Selection of a principle of choice Developing alternatives Predicting outcomes Measuring outcomes Scenarios The Components of model: There are three basic components. They are decision variables, uncontrollable variables and result variable. Decision variables describe the alternative course of action. For example, for an investment problem the amount to invest in bonds is a decision variable. Uncontrollable variables are factors that affect the result variables but are not under the control of the decision maker. Result variables reflect the level of effectiveness of the system; they indicate how well the system performs. The structure of the model: A Relationship should be established to link these components together. In the case of quantitative model mathematical relationship is established where as in the case of qualitative model symbolic or qualitative relationship is established. For example, lets take the simple financial model P = R C, Where P is the profit, R is the revenue and C is the cost. In this model P is the result variable, R is the

uncontrollable variable, as it depends upon various environmental factors, like taste and preference of the consumers, demand etc. and C is the decision variable, General structure of a model

As part of the cost i.e., variable cost can be adjusted and hence it is controllable. The Relationship is established through the expression (R-C). Selection of the principle of choice: A principle of choice is a criterion that describes the acceptability of a solution. It includes two important principles, Normative Descriptive

 Normative It implies that the chosen alternative is demonstrably the best of all possible alternatives. To find it, one should examine all alternatives. Therefore normative modeling involves testing of all the alternatives. Descriptive Descriptive analysis checks the performance of the system for a given set of alternatives rather than for all alternatives. Simulation is an example of descriptive analysis. Therefore these models describe things as they are. Developing alternatives A significant part of the process of designing is generating alternatives. It takes time and costs money. Issues such as when to stop generating alternatives can be very important. It is heavily dependent on the availability and cost of information and requires expertise in the problem area. Predicting the outcome of each alternative To evaluate and compare alternatives, it is necessary to predict the future outcome of each proposed alternative. Decision situations are often classified on the basis of a continuum ranging from complete knowledge to total ignorance.

Therefore there are three categories. They are, Decision making under certainty: In decision making under certainty, it is assumed that complete knowledge is available so that the decision maker knows exactly what the outcome of each course of action will be. For example the alternative of investing in a Fixed deposit of a certain nationalized bank is the one for which there is complete availability of information about the future return on investment.

Decision making under risk: A decision made under risk also known as a probabilistic or stochastic decision making is one in which the decision maker must consider several possible outcomes for each alternative, each with a given probability of occurrence. Therefore risk is estimated for each possible alternative. Decision making under uncertainty: In decision making under uncertainty, the decision maker considers situations in which several outcomes are possible for each course of action. In contrast to the risk situation, the decision maker does not know, or cannot estimate, the probability of occurrence of the possible outcomes. Decision making under uncertainty is more difficult because of insufficient information. Modeling of such situations involves assessment of the decision makers attitude toward risk. Measuring outcomes: The value of an alternative is evaluated in terms of goal attainment. For example profit is an outcome and profit maximization is a goal. Scenarios: A scenario is a narrative description of the operating environment of a particular system. A scenario planning and analysis can help mangers construct series of scenarios, perform computerized analyses and learn more about the system and decision making problem. There may be thousands of possible scenarios for every decision situation. However following are especially useful:

 The worst possible scenario The best possible scenario The most likely scenario The average scenario The scenario determines the context of analysis to be performed. THE CHOICE PHASE The choice phase is the one in which actual decision is made and where the commitment to follow certain course of action is made. The boundary between the design and choice phases is often unclear because certain activities can be performed during both the design and choice phases and because one can return frequently from choice activities to design activities. The choice phase includes search, evaluation and recommendation of an appropriate solution to the model. Search approaches: The choice phase involves a search for an appropriate course of action that can solve the problem. For normative models, either an analytical approach is used or a complete, exhaustive enumeration is applied. For descriptive models, a comparison of a limited number of alternatives is used, either blindly or by employing heuristics. Some of the major search approaches are, 1. Analytical Techniques 2. Blind search 3. Heuristic search 1. Analytical Techniques

Analytical techniques use mathematical formulas to derive an optimal solution directly or to predict a certain result. Analytical techniques are used mainly for solving structured problems, usually of a tactical or operational nature, in areas such as resource allocation or inventory management. 2. Blind search Blind search techniques are arbitrary search approaches that are not guided. There are two types of blind searches: and complete enumeration, for which all the alternatives are considered and therefore an optimal solution is discovered and an incomplete, partial search which continued until a good enough solution is discovered. However the method is not practical for solving very large problems because too many alternatives must be examined before an optimal solution is found.
3. Heuristic search

These methods in most cases employ experimentation and trial-and-error techniques. A heuristic method is particularly used to rapidly come to a solution that is reasonably close to the best possible answer, or 'optimal solution'. Or rather it can also be called an algorithm that is able to produce an acceptable solution to a problem in many practical scenarios.

Formal Search Approaches

Evaluation The search process is coupled with evaluation. Evaluation is the final step that leads to recommended solution. It includes, 1. Multiple Goals 2. Sensitivity analysis 3. Goal seeking 1. Multiple Goals The analysis of management decisions aims at evaluating, how far each alternative advances management toward its goals. Unfortunately managerial problems are seldom evaluated with a single goal. Todays management systems are much more complex and one with a single is rare. Instead, managers want to attain simultaneous goals. Therefore it is often necessary to analyse each alternative in the light of its several goals. For example in addition to profit maximization as its goal the organization may also have goals like growth, shareholders satisfaction, etc. Here is a list of the difficulties that occur when analysing multiple goals, 1. An explicit statement of the organisations goals is usually difficult to obtain 2. The decision maker may change the importance assigned to specific goals over time or for different decision scenarios 3. Goals and subgoals are viewed differently at various levels of the organisation 4. Goals themselves change in response to changes in the organisation and its environment

5. The relationship between alternatives and their determination of goals may be difficult to quantify 6. Complex problems are solved by groups of decision makers with their own agenda 7. Various participants assess the importance of the various goals differently 2. Sensitivity analysis or what- if Sensitivity analysis is used to determine how sensitive a model is to changes in the value of the parameters of the model and to changes in the structure of the model. Sensitivity analysis is very useful when attempting to determine the impact the actual outcome of a particular variable will have if it differs from what was previously assumed. By creating a given set of scenarios, the analyst can determine how changes in one variable(s) will impact the target variable. Sensitivity analysis allows flexibility and adaptation to changing conditions and to the requirement of different decision making situation. It provides a better understanding of the model and the decision making situation. It is structured as what will happen to the solution if an Input variable, an assumption or a parameter value is changed? It tests relationships such as The impact of changes in uncontrollable variable on outcome variable The impact of changes in decision variables on outcome variables The effect of uncertainty in estimating external variables The effects of different, dependent interactions among variables The robustness of decisions under changing conditions

3. Goal Seeking Goal seeking analysis calculates the values of inputs necessary to achieve a desired level of an output. It represents a backward solution approach. Example: What annual R&D budget is needed for an annual growth rate of 15% by 2000? THE IMPLEMENTATION PHASE The implementation of a proposed solution to a problem is, in effect the initiation of a new order of things or the introduction of change. And change must be managed. Many of the generic issues of implementation include, Resistance to change Degree of support of top management User training

HOW DECISIONS ARE SUPPORTED

Support for the Intelligence Phase:

The primary requirement of decision support for the intelligence phase is the ability to scan internal and external information sources for opportunities and problems and interpret what the scanning discovers. Decision support technologies can be very helpful. For example, the major purpose of an EIS is to support the intelligence phase by continuously monitoring both internal and external information, looking for early signs of problems and opportunities. Similarly, data mining (which may include expert systems and neural networks) and online analytic processing (OLAP) also support intelligence phase. ES on the other hand can render advice regarding the nature of the problem, its classification and its seriousness. ES can advice on the suitability of the solution approach and on the likelihood of successfully solving the problem. One of the primary areas of ES success is interpreting information and diagnosing problems. This capability can be exploited in the intelligence phase. Another area of support is reporting. Both routine and ad hoc reports can aid in the intelligence phase. The intelligence phase is a primary target for DSS and other CBIS that deal with nonstuctured problems. Support for the Design Phase: The design phase involves generating alternative courses of action, discussing the criteria for choice and their relative importance, and forecasting the future consequences of using various alternatives. Several of these activities can use standard models provided by a DSS. The generation of alternatives for structured problems can be provided through the use of either standard or special models. However, the generation of alternatives for complex problems requires expertise that can be provided by a human, brainstorming software or an expert system. Most DSS have quantitative analysis capabilities and an internal ES can assist with qualitative methods as well as with the expertise required in selecting quantitative analysis and forecasting models. If the problem requires brainstorming to help

identify important issues and options, GSS may prove helpful. Also tools that provide cognitive mapping can help. Support for the Choice Phase: In addition to providing models that rapidly identify a best or good enough alternative, a DSS can support the choice phase through the what-if and goalseeking analysis. Different scenarios can be tested for the selected option to reinforce the final decision. An ES can be used to assess the desirability of certain solutions as well as to recommend an appropriate solution. If a group makes the decision, a GSS can provide support. Support for the Decision Implementation: DSS benefits the organisation during the implementation phase by providing proper communication among the various levels, explanation of the concepts and procedure, and justification of their suggestions and opinions. ALTERNATIVE DECISION MAKING MODELS: Many decision-making processes are described in the MIS. Let us review some samples. This is a model as proposed by Hammond et al. (1998) 1. Problem: Define your decision problem to solve the right problem 2. Objectives: Clarify what you are really trying to achieve with your decision 3. Alternatives: Create better alternatives from which to choose 4. Consequences: Describe how well each alternative meets your objectives 5. Trade-offs: Make tough compromises when you cant achieve all your objectives at once

6. Uncertainly: Think about and act on uncertainties affecting your decision 7. Risk tolerance: Account for your appetite for risk 8. Linked decisions: Plan ahead by effectively coordinating current and future decisions. Lets now review a sample as proposed by Pounds (1969). There are totally eight steps. The first four involves problem finding while the last four involves problem solving. The steps are: 1. Choose a model 2. Compare a reality 3. Identify differences 4. Select a difference 5. Choose a model 6. Compare to reality 7. Identify differences 8. Select a difference Step 8 returns to Step 1. PERSONALITY TYPES Many studies indicate that there is a strong relationship between personality and decision making. Personality type influences general orientation toward goal attainment, selection of alternatives, treatment of risk and reactions under stress. It also affects a decision makers ability to process large quantities of information, time pressure and reframing. In the 1920s Carl Jung described how people are

fundamentally different though they all have the same set of instincts that drive them internally. In the 1950s Myer-Briggs revived Jungs research and developed the well-known Myers-Briggs Type Indicator along with an interpretation of each type. Myers-Briggs personality types are characterized along four dimensions. They are,

Extraversion (E) to Introversion (I)

Sensation (S) to Intuition (N) Thinking (T) to Feeling (F) Perceiving (P) to Judging (J) Extraversion: Social Introversion: Territorial Sensation: Practical Intuition: innovative Thinking: Impersonal Feeling: Personal Perceiving: Open Judging: Closure

And, if one examines the entire population, the types are distributed approximately as, Extraversion (75%) to Introversion 25% Sensation (75%) to Feeling (50%) Thinking (50%) to Feeling (50%) Perceiving (50%) to Judging (50%) Birkman developed a personality typing called a True Colours. These colour types can be quickly established, discussed and used to build teams in classes and more importantly in decision-making environments. These colours include, Red yellow Green Blue

Green types like to communicate directly and work with people. They like to work in groups and to get people excited about what they are doing. Marketing specialists have a tendency to be green. Red types also like to communicate directly but stay focused on the task at hand, as do yellow types. Red types tend to volunteer t be group leaders and stay focused on getting job done. Yellow types are most comfortable with indirect communication and like to deal with details. They make great accountants and programmers. While Blue types also prefer indirect communication and are innovative, introspective and creative but are easily distracted and may need people nearby to provide their creative spark. Blue types make great researchers but often have to be reminded about the projects they are working on. When a team is formed with members of all different colour types, the team tends to be very creative and productive.

GENDER Powell and Johnson (1995) observe that decision-support systems are designed assuming no gender differences, but that they may take decision in different ways and have different information style preferences. Their extensive review of the recent literature suggests that gender differences are associated with abilities and motivation, risk attitude and confidence as well as decision style. Men are more inclined to take risks than women, in a variety of situations, a difference which does not stem from differences in perceived probability of success. COGNITION THEORY Cognition is the set of activities by which a person resolves differences between internalised view of the environment and what actually exists in the environment. It is the ability to perceive and understand information.

COGNITIVE STYLES Cognitive style is the process through which people perceive, organize and change information during the decision-making process. Generally there two kinds of cognitive style observed in problem solving. They are, Heuristic Analytic But many people are not completely heuristic or analytic but are somewhere in between.

DECISION STYLE Decision style is the manner which decision makers think and react to problems. This includes the way they perceive, their cognitive response, and how values and beliefs vary from individual to individual and from situation to situation. As a result, people make decision differently. Although there is a general process of decision making, it is far from linear. People do not follow the same steps of the process in the same sequence nor they do they use all the steps. Furthermore, the emphasis, time allotment, and priorities given to each step vary significantly, not only from one person to another but also from one situation to the next. The manner in which managers make decisions describes their decisions style. In addition to heuristic and analytic styles, one can distinguish autocratic verses democratic styles, another style s consultative. Of course there are many combinations and variations of styles. For a computerized system successfully support a manger, it should fit the decision situation as well as the decision style. Therefore, the system should be flexible and adaptable to different users. The ability to ask what-if and goal-seeking questions provides flexibility in this direction. Graphics are also desirable feature in supporting certain decision styles. Different decision styles require different types of support. A major factor that determines the type of required support is whether the decision maker is an individual or a group. THE DECISION MAKERS Decisions are often made by individual. In some cases decisions may be fully automated. In either case there may be conflicting objectives. If an MSS is to support decision makers with varying styles, skills and knowledge, it should not

attempt to enforce a specific process. Rather, it should help decision makers use and develop their own styles, skills and knowledge. DECISION SUPPORT SYSTEM Little (1970) defines DSS as model-based set of procedures for processing data and judgments to assist manager in his decision making.He argues that to be successful, such a system must be simple, robust, easy to control, adaptive, complete on important issues, and easy to communicate with. Alter defines DSS by contrasting them with traditional electronic data processing (EDP) systems on five dimensions, as shown in the table, Dimensions Use User Goal Time Horizon Objective DSS Active Line EDP Passive Staff Clerical Mechanical efficiency Past Consistency

and

Management Effectiveness Present and future Flexibility

A DSS is an approach for supporting decision making. It uses an interactive, flexible, adaptable CBIS especially developed for supporting the solution for a specific nonstuctured management problem. It uses data, provides an easy user interface, and can incorporate the decision makers own insights. In addition, a DSS uses models and is built by an interactive iterative process. It supports all phases of decision making and may include a knowledge component. Finally, DSS can be used by a single user on a PC or it can be Web based for use by many people at several locations. A DSS is usually built to support the solution of a certain problem or for evaluation of an opportunity. Therefore it is called as DSS application.

CHARACTERISTICS AND CAPBILITIES OF DSS The major DSS capabilities are as follows, 1. DSS provide support for decision makers mainly in semistructured and unstructured situations by bringing together human judgment and computerized information. Such problems cannot be solved by other computerized systems or by standard quantitative methods or tools 2. Support is provided for various managerial levels, ranging from top executives to line managers.

3. Support is provided to individuals as well as to groups. Less structured problems often require the involvement of several individuals from different departments and organisational levels or even from different organisations. 4. DSS provide support to several interdependent and/or sequential decisions. The decisions may be made once, several times or repeatedly 5. DSS support a variety of decision-making processes and styles 6. DSS support all phases of the decision-making process: intelligence, design, choice and implementation 7. DSS are adaptive over time. The decision maker should be reactive, able to confront changing conditions quickly and able to adapt the DSS to meet these changes. DSS are flexible, and so users can add delete, combine, change, or rearrange basic elements. 8. Users must feel at home with DSS, User friendliness, strong graphical capabilities and English-like interactive human-machine interface can greatly increase the effectiveness of DSS. 9. DSS attempt to improve the effectiveness of decision making rather than its efficiency. 10. The decision maker has complete control over all steps of the decision-making process in solving a problem. A DSS specifically aims to support and not to replace the decision maker. 11. End users should be able to construct and modify simple systems by themselves. Larger systems can be built with assistance from information systems (IS) specialists

12. A DSS usually utilizes models for analysing decision-making situations. The modeling capability enables experimenting with different strategies under different configurations.

COMPONENTS OF DSS The components of DSS comprises of the following Subsystems:

1. Data management Managed by DBMS

2. Model management Managed by MBMS

3. Knowledge Management and organizational knowledge base 4. User interface

1. The Data Management Subsystem The data management subsystem is composed of the following elements DSS database Database management system Data directory Query facility The Database

A database is a collection of interrelated data organized to meet the needs and structure of an organisation and can be used by more than one person for more than one application. There are several possible configurations for a database. For some DSS, data are ported from the data warehouse. For other DSS applications, a special database is constructed as needed. The data in the data base are extracted from internal and external data sources as well as from personal data belonging to one or more users. The extraction results go to the Decision support database or to the corporate data warehouse. Capturing data from various sources can be called as

extraction.

Internal

data

come

mainly

from

the

organisations

Functional departments like marketing, finance etc. External data include industry data, marketing research data, government regulations etc. Database Management System An effective database should support many managerial activities. It should provide for general navigation among records. Support for creating and maintain a diverse set of data relationships and generate reports. The Query Facility The query facility includes a special query language. It involves accepting requests for data from other DSS components, determines how these requests can be filled, formulates the detailed requests and returns the results to the issuer of request. Important functions of DSS query system are selection and manipulation of operations. The Directory The data directory is a catalog of all the data in the database. It contains data definitions, and it main function is to answer questions about the availability of data items, their source and their exact meaning. The directory like any other catalog supports the addition of new entries, deletion and retrieval of information on specific topics.

2. The Model Management Subsystem

Models: There are four major categories: Strategic models Tactical models Operational models Analytical models Strategic models are used to support top managements strategic planning responsibilities. They include developing corporate objectives, planning for mergers and acquisitions, plant location selection etc. Tactical models are used mainly by middle management to assist in allocating and controlling the organisations resources. Tactical models are applicable to department heads. Operational models are used to support day to day working activities of the organisation like work force scheduling, inventory control etc. Operational models normally support supervisory levels. These models normally use internal data. Analytical models are used to perform analysis on the data. These include statistical models, data mining algorithms, financial models etc. The Model Base Management System (MBMS): The functions of Model Base Management Systems are model creation using programming languages or DSS tools, generation of reports, model updating and changing and model data manipulation.

Model Execution, Integration and Command: Model execution is the process of controlling the actual running of the model. Model integration involves combining the operations of several models when needed or integrating the DSS with other applications. A model command processor is used to accept and interpret modeling instructions from the user interface component and route them to MBMS. 3. The Knowledge-Based Management Subsystem Many problems are so complex that they require expertise for their solution. Such expertise can be provided by an expert system or other intelligent system. Therefore advance DSS are equipped with a component called as knowledge-based management subsystem. This component can supply the required expertise for solving some aspects of the problem and provides knowledge that can enhance the operation of other DSS components. 4. The User Interface Subsystem The term user interface covers all aspects of communication between a user and the DSS. It includes not only the hardware and software but also factors that deal with ease of use, accessibility and human-machine interactions. Some Management Support System (MSS) experts feel that the user interface is the most important component because much of the power, flexibility, and ease-of use characteristics of MSS are derived from this component. And because the user sees only this part of MSS for him the user interface is the system. THE USER

The MSS has two broad categories of users Managers and Staff specialists. Staff specialists such as financial analysts, production planners and marketing researchers outnumber manager by at least 2 to 3 times. These staff specialists often allow the mangers to benefit from the DSS without actually having to use the keyboard. Staff specialists include Staff assistant: This person ahs specialized knowledge about management problems and some experience with decision support technology. Expert tool user: This person is skilled in the application of one or more types of specialized problem-solving tools. An expert tool user performs tasks that the problem solver does not have the skill or training to perform. Business Analyst: This person has a general knowledge of the application area, a formal business administration education and considerable skill in using DSS tools Facilitator: This person controls and coordinates the use of software to support the work of people working in groups. The facilitator is also responsible for the conduct of work group sessions. DSS HARDWARE: The major hardware options are the organisations mainframe computer, a work station, a personal computer or a client/server system. Distributed DSS runs on various types of networks including the Internet, intranets and extranets. DIFFERENCE BETWEEN DECISION SUPPORT MANAGEMENT INFORMATION SYSTEM Management Information System (MIS) is, Viewed as an IS infrastructure Generates standard and exceptional reports and summaries SYSTEM AND

Organized along functional areas Developed by IS department Decision Support System (DSS) is, A problem solving tool Used to address ad hoc and unexpected problems An End user tool An example of the differences between an MIS and DSS using sales trends: MIS: All reports are pre-programmed. For example, the MIS might be able to provide reports showing sales by month. The user is required only to select a report. DSS: Rather than providing "reports," a DSS allows interactive analysis of data, more like a spreadsheet. This allows you to do what-if analysis, for example, change certain information and see what happens, such as "if sales are X in March, what will happen to Net Income?" The user can change the data to do forecasting or more detailed analysis. DSS CLASSIFICATION: There are several ways to classify DSS applications. Not every DSS fits neatly into one category, but a mix of two or more architecture in one. Holsapple and Whinston classify DSS into the following six frameworks: Textoriented DSS, Database-oriented DSS, Spreadsheet-oriented DSS, Solver-oriented DSS, Rule-oriented DSS, and Compound DSS.

A compound DSS is the most popular classification for a DSS. It is a hybrid system that includes two or more of the five basic structures described by Holsapple and Whinston The support given by DSS can be separated into three distinct, interrelated categories: Personal Support, Group Support, and Organizational Support. Additionally, the buildup of a DSS is also classified into a few characteristics. 1) Inputs: this is used so the DSS can have factors, numbers, and characteristics to analyze. 2) User knowledge and expertise: This allows the system to decide how much it is relied on, and exactly what inputs must be analyzed with or without the user. 3) Outputs: This is used so the user of the system can analyze the decisions that may be made and then potentially 4) make a decision: This decision making is made by the DSS; however, it is ultimately made by the user in order to decide on which criteria it should use. DSSs which perform selected cognitive decision-making functions and are based on artificial intelligence or intelligent agents technologies are called Intelligent Decision Support Systems (IDSS). The nascent field of Decision engineering treats the decision itself as an engineered object, and applies engineering principles such as Design and Quality assurance to an explicit representation of the elements that make up a decision. References: 1. Power, D.J. A Brief History of Decision Support Systems DSSResources.COM, World Wide Web, version 2.8, May 31, 2003.

2.

Keen, P. G. W. (1978). Decision support systems: an organizational perspective. Reading, Mass., Addison-Wesley Pub. Co. ISBN 0-201-036673 Efraim Turban, Jay E. Aronson, Ting-Peng Liang (2008). Decision Support Systems and Intelligent Systems. p. 574. ^ "Gate Delays at Airports Are Minimised for United by Texas Instruments' Explorer". Computer Business Review. 1987-11-26. http://www.cbronline.com/news/gate_delays_at_airports_are_minimised_for _united_by_texas_instruments_explorer.

3.

4.

5. Haettenschwiler, P. (1999). Neues anwenderfreundliches Konzept der Entscheidungsuntersttzung. Gutes Entscheiden in Wirtschaft, Politik und Gesellschaft. Zurich, vdf Hochschulverlag AG: 189-208. 6. Power, D. J. (2002). Decision support systems: concepts and resources for managers. Westport, Conn., Quorum Books. 7. Gachet, A. (2004). Building Model-Driven Decision Support Systems with Dicodess. Zurich, VDF. 8. Stanhope, P. (2002). Get in the Groove: building tools and peer-to-peer solutions with the Groove platform. New York, Hungry Minds 9. Power, D. J. (1997). What is a DSS? The On-Line Executive Journal for Data-Intensive Decision Support 1(3).
10. Sprague,

R. H. and E. D. Carlson (1982). Building effective decision support

systems. Englewood Cliffs, N.J., Prentice-Hall. ISBN 0-130-86215-0

11. Haag,

Cummings, McCubbrey, Pinsonneault, Donovan (2000). Management

Information Systems: For The Information Age. McGraw-Hill Ryerson Limited: 136-140. ISBN 0-072-81947-2
12.

Marakas, G. M. (1999). Decision support systems in the twenty-first century. Upper Saddle River, N.J., Prentice Hall.

13. Holsapple,

C.W., and A. B. Whinston. (1996). Decision Support Systems: A

Knowledge-Based Approach. St. Paul: West Publishing. ISBN 0-324-035780

14.

Hackathorn, R. D., and P. G. W. Keen. (1981, September). "Organizational Strategies for Personal Computing in Decision Support Systems." MIS Quarterly, Vol. 5, No. 3. Gadomski A.M. et al. (1998). Integrated Parallel Bottom-up and Top-down Approach to the Development of Agent-based Intelligent DSSs for Emergency Management,TIEMS98, Washington, CiteSeerx - alfa:

15.

16. DSSAT4 17. ^ 18. ^

(pdf)

The Decision Support System for Agrotechnology Transfer Stephens, W. and Middleton, T. (2002). Why has the uptake of Decision

Support Systems been so poor? In: Crop-soil simulation models in developing countries. 129-148 (Eds R.B. Matthews and William Stephens). Wallingford:CABI. Questions Section A Each answer carries 2 marks
1.

What is a system?

2. Differentiate decision and problem solving 3. How does Gender play a role in decision making

Section B

Each answer carries 8 marks

1. Differentiate DSS and MIS 2. What is a model? Explain the various categories 3. Explain Cognitive Styles in DSS

Section C

Each answer carries 12 marks

1. Explain the various phases involved in decision making 2. Explain the various components of DSS 3. Explain the various capabilities of DSS

CHAPTER V SECURITY AND ETHICAL CHALLENGES Objectives: This section will help the students understand the various security and ethical challenges faced by the business organisation
The use of information technologies in business has had major impacts on society and thus raises ethical issues in the following areas, 1. Privacy 2. Crime 3. Working Conditions 4. Individuality 5. Health 6. Employment Information technologies have both positive and negative impacts on the society as well as business. For example, Computerization of a manufacturing process may

have adverse effect of eliminating peoples job but at the same time improves the working conditions and efficiency in the organisation. ETHICAL RESPOSIBILITY OF BUSINESS PROFESSIONALS A manager should a responsibility to promote ethical uses of information technology in the work place. Organisations are continuing to invest heavily in computer systems designed to improve efficiency and effectiveness. These new systems are often complex replacing manual processes that previously defied automation introducing new functions into already automated processes. Usually new systems are not simply a matter of giving staff a better tool to do the same work but involve changes to the nature of the work itself. This in turn changes the very fabric of the society in which we live. Careful planning and consultation are needed to implement new systems successfully. All those affected by the change must be involved in an appropriate way. They may include customers, suppliers, regulators, business partners and members of the public as well as employees. The impact of new systems will usually be judged in terms of whether the gains in efficiency and effectiveness are realised as planned, but that is not all. The new systems may involve changes in the staffing levels, organisational structure and social groupings. These changes can affect staff morale inside an organisation and relationships outside, particularly with customers, to such an extent that they may cause disadvantages to the organisation which reduce, or even outweigh, the basic benefits achieved. There is a growing realisation that good ethics is good business. The latest survey by the Institute of Business Ethics shows a dramatic increase in the number of organisations that have a corporate code of ethics. Given the central and essential role of Information Technologies in organisations it is paramount that

this ethical sensitivity percolates decisions and activities related to IT. In particular organisations need to consider:

how to set up a strategic framework for IT that recognises personal and corporate ethical issues; how the methods for systems development balance ethical, economic and technological considerations; the intellectual property issues surrounding software and data; the way information has become a key resource for organisations and how to safeguard the integrity of this information; the increasing organisational responsibility to ensure that privacy rights are not violated as more information about individuals is held electronically; the growing opportunity to misuse IT given the increasing dependence of organisations on it and the organisational duty to minimise this opportunity whilst accepting individuals have a responsibility to resist it; the way advances in IT can cause organisations to change their form - the full impact of such change needs to be considered and, if possible, in advance, and the way the advent of the global information society raises new issues for organisations in how they operate, compete, co-operate and obey legislation; and how to cope with the enormous and rapid change in IT, and how to recognise and address the ethical issues that each advance brings

The steps associated with the use of IT in organisations include: 1. Decide the organisation's policy, in broad terms, in relation to IT. This should:

take account of the overall objectives of the organisation, drawing from such existing sources as the organisational plan or mission statement; use the organisation's established values, possibly set out in its code of practice, for guidance in determining how to resolve ethical issues; set the scope of policy in terms of matters to be covered respect for privacy and confidentiality; avoid IT misuse; avoid ambiguity regarding IT status, use and capability; be committed to transparency of actions and decisions related to IT; adhere to relevant laws and observe the spirit of such laws; support and promote the definition of standards in, for example, development, documentation and training; and abide by relevant professional codes

2. Form a statement of principles related to IT that would probably include:

3. Identify the key areas where ethical issues may arise for the organisation, such as:

ownership of software and data; integrity of data; preservation of privacy; prevention of fraud and computer misuse; the creation and retention of documentation; the effect of change on people both employees and others; and global IT

4. Consider the application of policy and determine in detail the approach to each area of sensitivity that has been identified. 5. Communicate practical guidance to all employees, covering:

the clear definition and assignment of responsibilities; awareness training on ethical sensitivities; the legal position regarding intellectual property, data protection and privacy; the explicit consideration of social cost and benefit of IT application; the testing of systems (including risk assessment where public health, safety and welfare, or environmental concerns arise); documentation standards; and security and data protection

6. Whilst organisations have a responsibility to act ethically in the use of IT so to do individual employees. Those involved in providing IT facilities should support the ethical agenda of the organisation and in the course of their work should:

consider broadly who is affected by their work; examine if others are being treated with respect; consider how the public would view their decisions and actions; analyse how the least empowered will be affected by their decisions and actions; and consider if their decisions and acts are worthy of the model IT professional

Technology Ethics Ethics of technology addresses the ethical questions specific to the Technology Age. Technology itself is incapable of possessing moral or ethical qualities, since

"technology" is merely tool making. Thus, "ethics of technology" refers to two basic subdivisions. 1. The ethics involved in the development of new technologywhether it is right or wrong to invent and implement a technological innovation. 2. Whether technology extends or curtails the power of individuals if so, to what extent. In the former case, ethics of such things as computer security and computer viruses asks whether the very act of innovation is an ethically right or wrong act. Similarly, does a scientist have an ethical obligation to produce or fail to produce a nuclear weapon? What are the ethical questions surrounding the production of technologies that waste or conserve energy and resources? What are the ethical questions surrounding the production of new manufacturing processes that might inhibit employment, or might inflict suffering in the third world? In the latter case, the ethics of technology quickly break down into the ethics of various human endeavors as they are altered by new technologies. For example, bioethics is now largely consumed with questions like the new life-preserving technologies, new cloning technologies, and new technologies for implantation. The old ethical questions of privacy and free speech are given new shape and urgency in an Internet age. Such tracing devices as RFID (Radio Frequency Identification), biometric analysis and identification, genetic screening, all take old ethical questions and amplify their importance. Computer Crime Computer crime encompasses a broad range of potentially illegal activities. Generally, however, it may be divided into one of two types of categories: (1)

crimes that target computer networks or devices directly; (2) crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device Examples of crimes that primarily target computer networks or devices would include: Malware and malicious code Examples of crimes that merely use computer networks or devices would include: Cyber stalking

Specific computer crimes include, Spam Spam, or the unsolicited sending of bulk email for commercial purposes, is unlawful to varying degrees. As applied to email, specific anti-spam laws are relatively new, however limits on unsolicited electronic communications have existed in some forms for some time. Fraud Computer fraud is any dishonest misrepresentation of fact intended to induce another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by: Altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees

altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect; Altering or deleting stored data; or Altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes. This requires real programming skills and is not common. Other forms of fraud may be facilitated using computer systems, including bank fraud, identity theft, extortion, and theft of classified information

Obscene or offensive content The content of websites and other electronic communications may be distasteful, obscene or offensive for a variety of reasons. In some instances these communications may be illegal. Many jurisdictions place limits on certain speech and ban racist, blasphemous, politically subversive, libelous or slanderous, seditious, or inflammatory material that tends to incite hate crimes.

The extent to which these communications are unlawful varies greatly between countries, and even within nations. It is a sensitive area in which the courts can become involved in arbitrating between groups with entrenched beliefs. Harassment Whereas content may be offensive in a non-specific way, harassment directs obscenities and derogatory comments at specific individuals focusing for example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties. Any comment that may be found derogatory or offensive is considered harassment. Drug trafficking Drug traffickers are increasingly taking advantage of the Internet to sell their illegal substances through encrypted e-mail and other Internet Technology. Some drug traffickers arrange deals at internet cafes, use courier Web sites to track illegal packages of pills, and swap recipes for amphetamines in restricted-access chat rooms. The rise in Internet drug trades could also be attributed to the lack of face-to-face communication. These virtual exchanges allow more intimidated individuals to more comfortably purchase illegal drugs.

Cyber terrorism Government officials and IT security specialists have documented a significant increase in Internet problems and server scans since early 2001. There is a growing concern among federal officials that such intrusions are part of an organized effort by cyber terrorists, foreign intelligence services, or other groups to map potential security holes in critical systems. A cyber terrorist is someone who intimidates or

coerces a government or organization to advance his or her political or social objectives by launching computer-based attack against computers, network, and the information stored on them. Cyber terrorism in general, can be defined as an act of terrorism committed through the use of cyberspace or computer resources. As such, a simple propaganda in the Internet, that there will be bomb attacks during the holidays can be considered cyber terrorism. At worst, cyber terrorists may use the Internet or computer resources to carry out an actual attack. Hacking It is the practice of modifying computer hardware and software to accomplish a goal outside of the creators original purpose. People who engage in computer hacking activities are often called hackers. Since the word hack has long been used to describe someone who is incompetent at his/her profession, some hackers claim this term is offensive and fails to give appropriate recognition to their skills. Computer hacking is most common among teenagers and young adults, although there are many older hackers as well. Many hackers are true technology buffs who enjoy learning more about how computers work and consider computer hacking an art form. They often enjoy programming and have expert-level skills in one particular program. For these individuals, computer hacking is a real life application of their problem-solving skills. Its a chance to demonstrate their abilities, not an opportunity to harm others. Since a large number of hackers are self-taught prodigies, some corporations actually employ computer hackers as part of their technical support staff. These individuals use their skills to find flaws in the companys security system so that

they can be repaired quickly. In many cases, this type of computer hacking helps prevent identity theft and other serious computer-related crimes. Computer hacking can also lead to other constructive technological developments, since many of the skills developed from hacking apply to more mainstream pursuits. For example, former hackers Dennis Ritchie and Ken Thompson went on to create the UNIX operating system in the 1970s. This system had a huge impact on the development of Linux, a free UNIX-like operating system. Shawn Fanning, the creator of Napster, is another hacker well known for his accomplishments outside of computer hacking. In comparison to those who develop an interest in computer hacking out of simple intellectual curiosity, some hackers have less noble motives. Hackers who are out to steal personal information, change a corporations financial data, break security codes to gain unauthorized network access, or conduct other destructive activities are sometimes called crackers. This type of computer hacking can earn you a trip to a federal prison for up to 20 years. If you are interested in protecting your home computer against malicious hackers, investing in a good firewall is highly recommended. Its also a good idea to check your software programs for updates on a regular basis. For example, Microsoft offers a number of free security patches for its Internet Explorer browser.

Common Hacking Tactics

1.

Denial of Service: This is becoming a common networking prank. By hammering a website's equipment with too many requests for information, an attacker can effectively clog the system, slowing performance or even

crashing the site. This method of overloading computers is sometimes used to cover up an attack.
2.

Scans: Widespread probes of the Internet to determine types of computers, services and connections. That way the bad guys can take advantage of weaknesses in a particular make of computer or software program.

3.

Sniffer: Programs that covertly search individual packets of data as they pass through the Internet, capturing passwords or entire contents.

4.

Spoofing: Faking an E-mail address or Web page to trick users into passing along critical information like passwords or credit card numbers.

5.

Trojan Horse: A program that, unknown to the user, contains instructions that exploit a known vulnerability in some software.

6.

Back Doors: In case the original entry point has been detected, having a few hidden ways back makes reentry easy and difficult to detect.

7.

Malicious Applets: Tiny programs, sometimes written in the popular java computer language, that misuse your computer's resources, modify files on the hard disk, send fake E-mail, or steal passwords.

8.

War Dialing: Programs that automatically dial thousands of telephone numbers in search of a way in through a modem connection.

9.

Logic Bombs: An instruction in a computer program that triggers a malicious act.

10. Buffer

Overflow: A technique for crashing or gaining control of a computer

by sending too much data to the buffer in a computer's memory

11. Password 12. Social

Crackers: Software that can guess passwords.

Engineering: A tactics used to gain access to computer system by

talking unsuspected company employees out of valuable information such as passwords.

13. Dumpster

Diving: Sifting through a company's garbage to find information

to help break into their computers. Sometimes the information is used to make a stab at social engineering more credible. Cyber Theft: Cyber-Theft is the use of computers and communication systems to steal information in electronic format. Hackers crack into the systems of banks and transfer money into their own bank accounts. This is a major concern, as larger amounts of money can be stolen and illegally transferred. Many newsletters on the internet provide the investors with free advice recommending stocks where they should invest. Sometimes these recommendations are totally bogus and cause loss to the investors. Credit card fraud is also very common. Most of the companies and banks reveal that they have been the victims of cyber -theft because of the fear of losing customers and share holders. Cyber-theft is the most common and the most reported of all cyber-crimes. Cyber-theft is a popular cyber-crime because it can quickly bring experienced cyber-criminal large cash resulting from very little effort. Furthermore, there is little chance a professional cyber-criminal will be apprehended by law enforcement.

Viruses and worms: Viruses and worms is a very major threat to normal users and companies. Viruses are computer programs that are designed to damage computers. It is named virus because it spreads from one computer to another like a biological virus. A virus must be attached to some other program or documents through which it enters the computer. A worm usually exploits loop holes in soft wares or the operating system. Trojan horse is dicey. It appears to do one thing but does something else. The system may accept it as one thing. Upon execution, it may release a virus, worm or logic bomb. A logic bomb is an attack triggered by an event, like computer clock reaching a certain date. Chernobyl and Melissa viruses are the recent examples. Experts estimate that the Mydoom worm infected approximately a quarter-million computers in a single day in January 2004. Back in March 1999, the Melissa virus was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be contained Unauthorised use at work: The unauthorised use of computer systems and networks can be called time and resource theft. This may range from doing private company networks or personal finances or playing video games to unauthorised use of the Internet on company networks. Network monitoring software called sniffers is frequently used to monitor network traffic to evaluate network capacity as well as reveal evidence of improper use.

Internet Abuses General e-mail abuses

Includes propagation

Activity spamming, of

harassment, viruses/worms,

Unauthorised usage and access Copyright Infringement/Plagiarism

defamatory statements Sharing of passwords and access into networks without permission Using illegal or pirated software that costs organisations millions of dollars because of copyright infringements. Copying of websites and copyrighted logos Posting of messages on various nonwork related topics Use of Internet to display or transmit trade secrets Hacking of websites, ranging from denial of service attacks to accessing organisational databases Propagation of software that ties up office bandwidths. Use of programs that allow the transmission of movies, music and graphical materials Shopping, ending e-cards and personal e-mail, gambling online, chatting, game playing, auctioning, stock trading and doing other personal activities Use office resources such as networks and computers to organise and conduct

Newsgroup Postings Transmission of Confidential data Hacking

Non-work related download/upload

Leisure Use of internet

Moonlighting

personal business (side jobs) Privacy Issues: Information technology makes it technically and economically feasible to collect, store, integrate, interchange and retrieve data and information quickly and easily. This characteristic has an important beneficial effect on the efficiency and effectiveness of computer-based information systems. However, the power of information technology to store and retrieve information can have a negative effect on the right to privacy of every individual. As technology continues to advance, so do the methods in which an individual's private information may be procured and misused. This exemplifies the saying that "Freedom is not free". It may be that in an age where terrorism is so prevalent, some degree of surveillance is a necessary evil, but forsaking our freedoms cannot protect freedom. Watched people are not free. Example: Accessing individuals private e-mail conversations and computer records, and collecting and sharing information about individuals gained from their visits to Internet websites and newsgroups. Privacy on the Internet: An increasing number of people are using the Internet, in many instances unaware of the information being collected about them. In contrast, other people concerned about the privacy and security issues are limiting their use of the Internet, abstaining from purchasing products online. Businesses should be aware that consumers are looking for privacy protection and a privacy statement can help to

ease consumers' concerns. In particular, web sites utilizing cookies and statements about them are scanned. Global consistency on Internet privacy protection is important to boost the growth of electronic commerce. To protect consumers in a globally consistent manner, legislation, self-regulation, technical solutions and combination solutions are different ways that can be implemented. Cookies Cookies are tools which are sometimes used for user-tracking, a common concern in the field of privacy. As a result, some types of cookies are classified as a tracking cookie. Although HTML-writers most commonly use cookies for legitimate purposes, cases of abuse can and do occur. An HTTP cookie consists of a piece of information stored on a user's computer during web-browsing. Systems do not generally make the user explicitly aware of the storing of a cookie. The possible consequences of cookies include: the placing of a personally-identifiable tag in a browser to facilitate web profiling use of other techniques to steal information from a user's cookies. Some users choose to disable cookies in their web browsers. Such an action eliminates the potential privacy risks, but may severely limit or prevent the functionality of many websites. All significant web browsers have this disabling ability built-in, with no external program required. As an alternative, users may frequently delete any stored cookies. Some browsers (such as Mozilla Firefox and Opera) offer the option to clear cookies automatically whenever the user closes the browser. A third option involves

allowing cookies in general, but preventing their abuse. There are also a host of wrapper applications that will redirect cookies and cache data to some other location. Profiling The process of profiling (also known as "tracking") assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity. Some organizations engage in the profiling of people's web browsing, collecting the URLs of sites visited. The resulting profiles can potentially link with information that personally identifies the individual who did the browsing. Some web-oriented marketing-research organizations may use this practice legitimately, for example: in order to construct profiles of 'typical Internet users'. Such profiles, which describe average trends of large groups of Internet users rather than of actual individuals, can then prove useful for market analysis. Although the aggregate data does not constitute a privacy violation, some people believe that the initial profiling does. Profiling becomes a more contentious privacy issue when data-matching associates the profile of an individual with personally-identifiable information of the individual. Governments and organizations may set up honey pot websites - featuring controversial topics - with the purpose of attracting and tracking unwary people. This constitutes a potential danger for individuals. ISPs

Consumers obtain Internet access through an Internet Service Provider (ISP). All Internet data to and from the consumer must pass through the consumer's ISP. Given this, any ISP has the capability to observe everything about the consumer's (unencrypted) Internet. However, ISPs are usually prevented from participating in such activities due to legal, ethical, business, or technical issues. Despite these legal and ethical issues, some ISPs, such as British Telecom (BT), are planning to use deep packet inspection technology provided by companies such as Phorm in order to examine the contents of the pages which people visit. By doing so, they can build up a profile of a person's web surfing habits, which can then be sold on to advertisers in order to provide targeted advertising. BT's attempt at doing this will be marketed under the name 'Webwise'. Normally ISPs do collect at least some information about the consumers using their services. From a privacy standpoint, ISPs would ideally collect only as much information as they require in order to provide Internet connectivity (IP address, billing information if applicable, etc). What information an ISP collects, what it does with that information, and whether it informs its consumers, pose significant privacy issues. Beyond the usage of collected information typical of third parties, ISPs sometimes state that they will make their information available to government authorities upon request. In the US and other countries, such a request does not necessarily require a warrant. An ISP cannot know the contents of properly-encrypted data passing between its consumers and the Internet. For encrypting web traffic, https has

become the most popular and best-supported standard. Note however, that even if users encrypt the data, the ISP still knows the IP addresses of the sender and of the recipient. Data logging Many programs and operating systems are set up to perform data logging of usage. This may include recording times when the computer is in use, or which web sites are visited. If a third party has sufficient access to the computer, legitimately or not, the user's privacy may be compromised. This could be avoided by disabling logging, or by clearing logs regularly. Computer Libel and Censorship The opposite side of the privacy debate is the right of people to know about matters others they want to keep private, the right of people to express their opinions about such matters and the right of people to publish those opinions. Some of the biggest battlegrounds in this debate are the bulletin boards, e-mail boxes, and online files of the Internet and public information networks such as American Online and Microsoft Network. The weapons being used in this battle include spamming, flame mail, libel laws and censorship. Spamming is the indiscriminate sending of the unsolicited e-mail messages to many internet users. Flaming is the practice of sending extremely critical, derogatory and vulgar e-mail messages or newsgroup postings to other users on the Internet or online services. There have been many incidents of racist or defamatory messages on the Web that have led to calls for censorship and lawsuits for libel. Other Challenges

Let us now explore some other important challenges that arise from the use of information technologies in business. Employment Challenges Information technologies have created a host of new job opportunities. Many new jobs including Internet Webmasters, e-commerce directors, systems analysts and user consultants have been created because information technologies make possible the production of complex industrial and technical goods and services that would otherwise be impossible t produce. Computer Monitoring One of the most explosive ethical issues concerning workplace privacy and the quality of working conditions in business is computer monitoring. That is computers are being used to monitor the productivity and behavior of millions of employees while they work. It is done so that employers can collect productivity data about their employees to increase the efficiency and quality of service. However, computer monitoring has been criticized as unethical because it monitors individuals not just work and thus violates workers privacy and personal freedom. Challenges to working Conditions: Information technology has eliminated monotonous tasks in the office and the factory. For example, word processing and desktop publishing make producing office documents a lot easier to do, while robots have taken over repetitive welding and spray painting jobs in the automotive industry. In many instances, this allows people to concentrate on more challenging and interesting assignments, upgraded the skill level of the work to be performed, and creates challenging jobs requiring highly developed skills in the computer industry. Thus information technology can

be said to upgrade the quality of work because it can upgrade the quality of working conditions and the content of work activities. Challenges to Individuality A frequent criticism of information systems concerns their negative effects on the individuality of people. Computer based systems are criticised as impersonal systems that dehumanize and depersonalize activities. However many business applications of IT are designed to minimise depersonalization. For example, many e-commerce systems are designed to stress personalisation and features to encourage repeated visits to e-commerce websites. HEALTH ISSUES The use of information technology in the workplace raises a variety of health issues. Heavy use of computers is reportedly causing health problems like job stress, damaged arm and neck muscles, and eye strain and radiation exposure. Such health problems are collectively called as cumulative trauma disorders. In particular, some computer workers may suffer from carpal tunnel syndrome, a painful, crippling ailment of the hand and wrist that typically requires surgery to cure. Ergonomics Ergonomics is concerned with the fit between people and their work. It takes account of the worker's capabilities and limitations in seeking to ensure that tasks, equipment, information and the environment suit each worker. To assess the fit between a person and their work, ergonomists consider the job being done and the demands on the worker; the equipment used (its size, shape, and how appropriate it is for the task), and the information used (how it is presented, accessed, and

changed). There are five aspects of ergonomics: safety, comfort, ease of use, productivity/performance, and aesthetics. Ergonomics in the workplace has to do largely with the safety of employees, both long and short-term. Ergonomics can help reduce costs by improving safety. This would decrease the money paid out in workers compensation. Through ergonomics, workplaces can be designed so that workers do not have to overextend themselves and the manufacturing industry could save billions in workers compensation. SECURITY MANAGEMENT OF INFORMATION TECHNOLOGY The goal of security management is the accuracy, integrity and safety of all information system processes and resources. Thus effective security management can minimise errors, fraud and losses in the information systems that interconnect todays companies and their customers, suppliers and other stakeholders. INTERNETWORKED SECURITY DEFENCES The security of todays networked business enterprises is a major management challenge. Many companies are still in the process of getting fully connected to the Web and the Internet for e-commerce and reengineering their internal business processes with intranets, e-business software and extranet links to customers, suppliers and other business partners. Vital network links and business flows need t be protected from external attack by cyber criminals. This requires a variety of security tools and defensive measures and a coordinated security management program. Some of the important security defences include: Encryption:

In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information. In many contexts, the word encryption also implicitly refers to the reverse process, decryption (that is software for encryption can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted). Encryption has long been used by militaries and governments to facilitate secret communication. Encryption is now commonly used in protecting information within many kinds of civilian systems. Encryption can be used to protect data such as files on computers and storage devices (e.g. USB flash drives). In recent years there have been numerous reports of confidential data such as customers' personal records being exposed through loss or theft of laptops or backup drives. Encryption is also used to protect data in transit, for example data being transferred via networks (e.g. the Internet, e-commerce), mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices and bank automatic teller machines. There have also been numerous reports of data in transit being intercepted in recent years. Encrypting data in transit also helps to secure it as it is often difficult to physically secure all access to networks. Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of the message authentication code (MAC) or a digital signature. Standards and cryptographic software and hardware to perform encryption are widely available, but successfully using encryption to ensure security may be a challenging problem. A single slip-up in system design or execution can allow successful attacks.

Firewall A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting outward communication. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. There are several types of firewall techniques: Packet filters: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing. Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose performance degradation. Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses Denial of Service Defences Major attacks against e-commerce and corporate websites in the past few years have demonstrated that the Internet is extremely vulnerable to a variety of assaults by criminal hackers, especially distributed denial of services (DDOS) attacks. Denial of service assaults through the Internet depends on three layers: The victims website The victims ISP

The victims computer

Defending against Denial of Service At the Victims website: Create backup servers and network connections. Limit connections to each server. Install multiple intrusion-detection systems and multiple routers for incoming traffic reduce choke points. At the Victims ISP: Monitor and block traffic. Filter spoofed IP addresses. Coordinate security with network providers At the victims computer: Set and enforce security policy. Scan regularly for Trojan Horse programs and vulnerability. Close unused ports. Remind users not to open .exe mail attachments. Email Monitoring:

E-mail is also a battleground for attempts by companies to enforce policies against illegal, personal or damaging messages by employees and the demands of some employees and others who see such policies as violations of privacy rights. Virus defences: Thus many companies are building defences against the spread of viruses by centralizing the distribution and updating of antivirus software as responsibility of there is department. Other companies are outsourcing the virus protection responsibility to their Internet service providers or to telecommunications or security management companies. Other Security Measures: Lets now briefly examine other security measures that are commonly used to protect business systems and networks. These include both hardware and software tools. Security Codes A multilevel password system is used for security management. First, an end user logs on to the computer system by entering his or her unique identification code or user ID. The end user is then asked to enter a password in order to gain access into the system. Next, to access an individual file, a unique file name must be entered. In some systems, the password to read the contents of the file is different from that required to write to a file. This feature adds another level of protection to stored data resources. However, for even stricter security, passwords can be scrambled or encrypted to avoid their theft or improper use. In addition smart cards which contain microprocessors that generate random numbers to add to an end users password are used in some secure system.

Backup Files In information technology, backup refers to making copies of data so that these additional copies may be used to restore the original after a data loss event. These additional copies are typically called "backups." Backups are useful primarily for two purposes. The first is to restore a state following a disaster (called disaster recovery). The second is to restore small numbers of files after they have been accidentally deleted or corrupted. Data loss is also very common. 66% of internet users have suffered from serious data loss. Since a backup system contains at least one copy of all data worth saving, the data storage requirements are considerable. Organizing this storage space and managing the backup process is a complicated undertaking. A data repository model can be used to provide structure to the storage. In the modern era of computing there are many different types of data storage devices that are useful for making backups. There are also many different ways in which these devices can be arranged to provide geographic redundancy, data security, and portability. Before data is sent to its storage location, it is selected, extracted, and manipulated. Many different techniques have been developed to optimize the backup procedure. These include optimizations for dealing with open files and live data sources as well as compression, encryption, and de-duplication, among others. Many organizations and individuals try to have confidence that the process is working as expected and work to define measurements and validation techniques. It is also important to recognize the limitations and human factors involved in any backup scheme. Security Monitors

Security of a network may be provided by specialized system software packages known as system security monitors. System security monitors are programs that monitor the use of computer systems and networks and protect them from unauthorised use, fraud and destruction. Such programs provide the security measures needed to allow only authorized users to access the networks. For example, identification codes and passwords are frequently used for this purpose. Security monitors also control the use of the hardware, software and data resources of a computer system. For example even authorized users may be restricted to the use of certain devices, programs and data files. Additionally, security programs monitor the use of computer networks and collect statistics on any attempts a improper use. They then produce reports to assist in maintaining the security of the network. Biometric Security Biometrics refers to methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology, in particular, biometrics is used as a form of identity access management and access control. It is also used to identify individuals in groups that are under surveillance. Biometric characteristics can be divided in two main classes:

Physiological are related to the shape of the body. Examples include, but are not limited to fingerprint, face recognition, DNA, hand and palm geometry, iris recognition, which has largely replaced retina, and odor/scent. Behavioral are related to the behavior of a person. Examples include, but are not limited to typing rhythm, gait, and voice. Some researchers[1] have coined the term behavio-metrics for this class of biometrics

The main operations the system can perform are enrollment and test. During the enrollment, biometric information from an individual is stored. During the test, biometric information is detected and compared with the stored information. Note that it is crucial that storage and retrieval of such systems themselves be secure if the biometric system is to be robust. The first block (sensor) is the interface between the real world and the system; it has to acquire all the necessary data. Most of the times it is an image acquisition system, but it can change according to the characteristics desired. The second block performs all the necessary preprocessing: it has to remove artifacts from the sensor, to enhance the input (e.g. removing background noise), to use some kind of normalization, etc. In the third block features needed are extracted. This step is an important step as the correct features need to be extracted in the optimal way. A vector of numbers or an image

with particular properties is used to create a template. A template is a synthesis of all the characteristics extracted from the source, in the optimal size to allow for adequate identifiability. If enrollment is being performed the template is simply stored somewhere (on a card or within a database or both). If a matching phase is being performed, the obtained template is passed to a matcher that compares it with other existing templates, estimating the distance between them using any algorithm. The matching program will analyze the template with the input. This will then be output for any specified use or purpose (e.g. entrance in a restricted area) Computer Failure Controls: A variety of controls can prevent computer failure or minimise its effects. Computer systems fail for several reasons power failures, electronic circuitry malfunctions, telecommunications network problems, hidden programming errors etc. Highly trained data center personnel and the use of performance and security management software help keep a companys computer system and networks working properly. Fault tolerant systems: Many firms also use fault tolerant computer systems that have redundant processors, peripherals and software that provide a fail-over capability to back up components in the event of system failure. This may provide a fail-safe capability where the computer system continues to operate at the same level even if there is a major hardware or software failure. However many fault tolerant computer systems offer a fail-soft capability where the computer system can continue to operate at a reduced bur acceptable level in the event of a major system failure.

Disaster Recovery: Natural and man-made disasters do happen. Hurricanes, earthquakes, fires, floods, criminal and terrorist acts and human error can all severely damage an organisations computing resources and thus the health of the organisation itself. Many companies, especially online e-commerce retailers and wholesalers, airlines, banks and Internet service providers, for example, are crippled by losing even a few hours of computing power. Many firms could survive only a few days without computing facilities. Thats why organisations develop disaster recovery procedures and formalize them in a disaster recovery plan. It specifies which employees will participate in disaster recovery and what their duties will be what hardware, software and facilities will be used and the priority of applications that will be processed. Arrangements with other companies for use of alternative facilities as disaster recovery site and offsite storage of an organisations databases are also part of an effective disaster recovery effort. System Controls and Audits: Two final security management requirements that need to be mentioned is the development of Information System Controls and Auditing. Information system Controls These are methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities. Information system (IS) controls must be developed to ensure proper data entry, processing techniques, storage methods and information output. Thus IS controls are designed to monitor and maintain the quality and security of the input, processing, output and storage activities of an information system.

Auditing IT Security: An information technology audit, or information systems audit, is an examination of the controls within an Information technology (IT) infrastructure. IT audit is the process of collecting and evaluating evidence of an organization's information systems, practices, and operations. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively and efficiently to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement. IT audits are also known as automated data processing (ADP) audits and computer audits. They were formerly called electronic data processing (EDP) audits. The IT audit's agenda may be summarized by the following questions:

Will the organization's computer systems be available for the business at all times when required? (Availability) Will the information in the systems be disclosed only to authorised users? (Confidentiality) Will the information provided by the system always be accurate, reliable, and timely? (Integrity)

The IT audit focuses on determining risks that are relevant to information assets, and in assessing controls in order to reduce or mitigate these risks. By implementing controls, the effect of risks can be minimized, but cannot completely eliminate all risks. Another important objective of IT audit apart from maintaining security is the testing the integrity of an applications audit trail. An audit trail can be defined as the presence of documentation that allows a transaction to be traced

through all stages of its information processing. This journey may begin with a transactions appearance on a source document and may end with its transformation into information on a final output document or report. The spectrum of IT audits can be described with five categories of audits:

Systems and Applications: An audit to verify that systems and

applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity.

Information Processing Facilities: An audit to verify that the

processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.

Systems Development: An audit to verify that the systems

under development meet the objectives of the organisation and to ensure that the systems are developed in accordance with generally accepted standards for systems development.

Management of IT and Enterprise Architecture: An audit to

verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.

Client/Server, Telecommunications, Intranets, and Extranets:

An audit to verify that controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers. References:

1.Laudon and Laudon: Management Information System: Organization and Technology. 4th edition, Pearson Education/Prentice hall India 1999. 2. Management Information Systems , Waman S Jawadekar, 3rd Edition, Tata McGraw Hill, 2007. 3. Steven Alter: Information Systems, Addison Wesley 1999. 4. Principles of Information Systems, Ralph M Stair and George W Reynolds, 6th Edition, Thomson, 2003. 5. Management Information System, Mahadeo Jaiswal and Monika Mital, 3rd Edition, Oxford University Press, 2006. 6. Management Information Systems Effy Oz, 5th Edition, Thomson Course Technology, 2007. 7.James A.O Brien: Management Information Systems , 4th edition, Tata McGraw Hill 1999 Questions Section A Each answer carries two marks 1. What are cookies? 2. What is encryption? 3. What is ergonomics? 4. What is a fire wall?

Section B Each answer carries eight marks 1. Explain the different methods of Hacking 2. Explain the ethical responsibility of a business organisation with reference to IT.

Section C Each answer carries twelve marks 1. Explain Biometric system 2. Describe the security challenges faced due to advancement in the field of information technology