Monday, January 25, 2016

Types of Information System - Pyramid Diagram, TPS, DSS, OLAP

A typical organization is divided into operational, middle, and upper level. The information requirements for users at each level differ. Towards that end, there are number of information systems that support each level in an organization.
This tutorial will explore the different types of information systems, the organizational level that uses them and the characteristics of the particular information system.



In this tutorial, you will learn-

Pyramid Diagram of Organizational levels and information requirements

Understanding the various levels of an organization is essential to understand the information required by the users who operate at their respective levels.
The following diagram illustrates the various levels of a typical organization.
Operational management level
The operational level is concerned with performing day to day business transactions of the organization.
Examples of users at this level of management include cashiers at a point of sale, bank tellers, nurses in a hospital, customer care staff, etc.
Users at this level use make structured decisions. This means that they have defined rules that guides them while making decisions.
For example, if a store sells items on credit and they have a credit policy that has some set limit on the borrowing. All the sales person needs to decide whether to give credit to a customer or not is based on the current credit information from the system.
Tactical Management Level
This organization level is dominated by middle-level managers, heads of departments, supervisors, etc. The users at this level usually oversee the activities of the users at the operational management level.
Tactical users make semi-structured decisions. The decisions are partly based on set guidelines and judgmental calls. As an example, a tactical manager can check the credit limit and payments history of a customer and decide to make an exception to raise the credit limit for a particular customer. The decision is partly structured in the sense that the tactical manager has to use existing information to identify a payments history that benefits the organization and an allowed increase percentage.
Strategic Management Level
This is the most senior level in an organization. The users at this level make unstructured decisions. Senior level managers are concerned with the long-term planning of the organization. They use information from tactical managers and external data to guide them when making unstructured decisions.

Transaction Processing System (TPS)

Transaction processing systems are used to record day to day business transactions of the organization. They are used by users at the operational management level. The main objective of a transaction processing system is to answer routine questions such as;
  • How printers were sold today?
  • How much inventory do we have at hand?
  • What is the outstanding due for John Doe?
By recording the day to day business transactions, TPS system provides answers to the above questions in a timely manner.
  • The decisions made by operational managers are routine and highly structured.
  • The information produced from the transaction processing system is very detailed.
For example, banks that give out loans require that the company that a person works for should have a memorandum of understanding (MoU) with the bank. If a person whose employer has a MoU with the bank applies for a loan, all that the operational staff has to do is verify the submitted documents. If they meet the requirements, then the loan application documents are processed. If they do not meet the requirements, then the client is advised to see tactical management staff to see the possibility of signing a MoU.
Examples of transaction processing systems include;
  • Point of Sale Systems – records daily sales
  • Payroll systems – processing employees salary, loans management, etc.
  • Stock Control systems – keeping track of inventory levels
  • Airline booking systems – flights booking management

Management Information System (MIS)

Management Information Systems (MIS) are used by tactical managers to monitor the organization's current performance status. The output from a transaction processing system is used as input to a management information system.
The MIS system analyzes the input with routine algorithms i.e. aggregate, compare and summarizes the results to produced reports that tactical managers use to monitor, control and predict future performance.
For example, input from a point of sale system can be used to analyze trends of products that are performing well and those that are not performing well. This information can be used to make future inventory orders i.e. increasing orders for well-performing products and reduce the orders of products that are not performing well.
Examples of management information systems include;
  • Sales management systems – they get input from the point of sale system
  • Budgeting systems – gives an overview of how much money is spent within the organization for the short and long terms.
  • Human resource management system – overall welfare of the employees, staff turnover, etc.
Tactical managers are responsible for the semi-structured decision. MIS systems provide the information needed to make the structured decision and based on the experience of the tactical managers, they make judgement calls i.e. predict how much of goods or inventory should be ordered for the second quarter based on the sales of the first quarter.

Decision Support System (DSS)

Decision support systems are used by senior management to make non-routine decisions. Decision support systems use input from internal systems (transaction processing systems and management information systems) and external systems.
The main objective of decision support systems is to provide solutions to problems that are unique and change frequently. Decision support systems answer questions such as;
  • What would be the impact of employees' performance if we double the production lot at the factory?
  • What would happen to our sales if a new competitor entered the market?
Decision support systems use sophisticated mathematical models, and statistical techniques (probability, predictive modeling, etc.) to provide solutions, and they are very interactive.
Examples of decision support systems include;
  • Financial planning systems – it enables managers to evaluate alternative ways of achieving goals. The objective is to find the optimal way of achieving the goal. For example, the net profit for a business is calculated using the formula Total Sales less (Cost of Goods + Expenses). A financial planning system will enable senior executives to ask what if questions and adjust the values for total sales, the cost of goods, etc. to see the effect of the decision and on the net profit and find the most optimal way.
  • Bank loan management systems – it is used to verify the credit of the loan applicant and predict the likelihood of the loan being recovered.

Artificial intelligence techniques in business

Artificial intelligence systems mimic human expertise to identify patterns in large data sets. Companies such as Amazon, Facebook, and Google, etc. use artificial intelligence techniques to identify data that is most relevant to you.
Let's use Facebook as an example, Facebook usually makes very accurate predictions of people that you might know or went with to school. They use the data that you provide to them, the data that your friends provide and based on this information make predictions of people that you might know.
Amazon uses artificial intelligence techniques too to suggest products that you should buy also based on what you are currently getting.
Google also uses artificial intelligence to give you the most relevant search results based on your interactions with Google and your location.
These techniques have greatly contributed in making these companies very successful because they are able to provide value to their customers.

Online Analytical Processing (OLAP)

Online analytical processing (OLAP) is used to query and analyze multi-dimensional data and produce information that can be viewed in different ways using multiple dimensions.
Let's say a company sells laptops, desktops, and mobile device. They have four (4) branches A, B, C and D. OLAP can be used to view the total sales of each product in all regions and compare the actual sales with the projected sales.
Each piece of information such as product, number of sales, sales value represents a different dimension
The main objective of OLAP systems is to provide answers to ad hoc queries within the shortest possible time regardless of the size of the datasets being used.
at 8 comments:

Business Information Technology

Information Technology is the use of hardware, software and telecommunication networks to achieve business objectives.
For example, if a person works for a company that has clients in many different locations, they will be required to visit the clients from time to time.
While travelling, they will need access to their cash and all they have to do to access their cash is to go to the nearest ATM machine.
They can even use mobile money from their phones and withdraw cash from any agent.
The above-described scenario and many more others involve the use of Information Technology (IT).
In this tutorial, you will learn-
  • MIS infrastructure / MIS architectures
  • Computer hardware
  • MIS System software, application software, package software solutions
  • Database features, data management, designing databases
  • Telecommunication systems and networks
  • Data structures and algorithms

MIS infrastructure / MIS architectures

MIS infrastructure refers to the resources i.e. hardware, software, communication resources and services such as consultancy, training, etc. that provide the platform required to run an information system.
The following diagram shows the architecture of a typical MIS infrastructure;


Computer hardware

Computer hardware refers to the physical devices such as servers, desktop computers, laptops, portable devices, networking devices, storage devices and printers, etc. Let's now look at each of these elements separately
Servers – a server is a computer with high computing power and storage space that is used to host shared resources. The server can be used as a database server that stores all of the business transaction. An email server could be used for all emails of the company. A file share could be used for storing the individual files of the organization employees, etc.
Desktop computers – these are workstation clients that usually connect to the server to post, process, and retrieve information. For example, a point of sale system installed on a desktop computer to connect to the POS database on the server to post and retrieve data.
Laptops and Portable devices– laptops have the same computing power as desktop computers but have the advantage of been portable. With the advent of the internet and virtual private networks, employees can travel with their laptops to remote locations and still be able to access the server at the head office.
Tablets are much easier to carry compared to laptops, and many organizations have business applications that run from tablets. They are also capable of connecting to the server via the internet.
Networking devices – networking devices are used to interconnect computing resources so that they can communicate with each other. Common networking devices include networking hubs and switches, Wi-Fi routers, etc. Hubs and switches are used to provide network connectivity via a physical cable, and they are usually used to connect desktop computers. Wi-Fi routers are used to provide wireless networking capabilities. Wi-Fi routers are usually used to connect laptops and mobile devices to the corporate network.
Printers – printers are used to print hardcopies of reports. They vary depending on the use. Some printers have networking capabilities and can be installed on a network and used by more than one person. This reduces the costs of buying individual printers for each computer. Dot-matrix printers are usually very common with the point of sale and bank tellers for printing receipts, deposit slips, etc.
Storage devices – storage devices are used to store data. The data could be in the form of documents, audio, video, software installation packages, database backups, etc. The most common storage devices are external discs. Storage devices with networking capabilities also exist that can be used to share files on a network. The IT department usually creates file storage directories according to departments and type of data to be stored.

MIS System software, application software, package software solutions

The software runs on top of the hardware. Software refers to computer programs that perform specific tasks. The software is usually divided into two major categories namely system and application software.
MIS System Software
System software usually refers to the operating system. An operating system is a computer software that facilitates communication between the hardware and the user. Microsoft Windows is the most commonly used operating system in the world.

Other examples of operating systems include Mac OS developed by Apple and other are Linux-based operating systems such as Ubuntu, Fedora, etc.
Application Software
Application software runs on top of the operating system and performs very specialized tasks. For example, Microsoft Word is an example of an application software that is used to create and edit documents. Microsoft Excel is another example of application software that is used to manipulate numeric data.
Applications such as Excel and Word, are known as off-the-shelf packages. This means you can buy them from authorized dealers and start using them without demanding for any changes. If off the shelf software does not meet the requirements of the organization, then the custom software will have to be developed that meets the specification of the users. Such software is usually developed by companies that specialize in developing software.

Database features, data management, designing databases

A database is a collection of related data stored in one place with minimum redundancy. Most business applications record the day to day business transactions through these databases. There are various databases available for accessing and storing data like RDBMS, NoSQL, XML, etc.
  • The relational database management system (RDBMS) model uses tables to store data, and it is the most commonly used database model.
  • The data is queried using structured query language (SQL).
  • Records in a relational database table are uniquely identified using a primary key which should be unique for each record.
  • A primary key that appears in another table is called a foreign key.
A relational database system can either be standalone or client-server based. The standalone database does not support multiple users at the same time. Examples of standalone database systems include;
  • Microsoft Access
  • SQLIte
  • Microsoft SQL Server Compact
A client-server database can support more than one user at a time. The database engine is usually installed on a server computer and users connect to it from remote workstations. Examples of client-server databases systems include
  • MySQL
  • Microsoft SQL Server
  • Oracle
  • PostgreSQL
Another type of database that is now gaining popularity is NoSQL database. They are non-relational and are used to handle large amounts of data without slowing down the performance of the system. Companies that handle large amounts of data such as Facebook, Google, Amazon, etc. use NoSQL database.
Examples of NoSQL databases include
  • CouchDB
  • Oracle NoSQL database
  • MongoDB
  • Neo4J
Database designing is concerned with understanding the data storage and retrieval requirements of an organization and developing detailed data models of the database.

Telecommunication systems and networks

Telecommunication is the exchange of information over long distances. Telecommunication uses transmitters and receivers to facilitate communication. Signals can be sent via physical cables or the sent via a wireless network.
A telecommunication network refers to multiple transmitters and receivers exchanging data. The internet is an example of a large telecommunication network. Wide Area Networks (WANs), telephone communication networks, etc. are all examples of telecommunication networks.
Networking devices are used to link computers and other telecommunication devices together. The devices used to create a network depend on the type of network work that you want. For example, a wired Local Area Networks (LANs) will require a network switch and RJ-45 cables.
A network router is used to facilitate communication between two or more networks. A wireless router is used to provide wireless access points. A wireless access point is used to connect an electronic device i.e. computer, smartphones, etc. to a computer network

Data structures and algorithms

Think of a business such as Facebook. Every month billions of users submit data to Facebook. Facebook, in turn, uses this data to accurately select posts which are relevant to the user and make friends suggestions which are almost 100% accurate every time.
Data structures and algorithms are an efficient way of organizing and managing data, especially large datasets. Data structures usually refer to the way the data is stored.
For example, a class is a representation of a real-world entity. A customer class will contain properties i.e. name, account number, address, etc. and methods i.e. make a purchase, make a payment, etc.
The following image illustrates the concept of a class;
Other examples of data structures include arrays, records, sets and graphs.
An algorithm refers to the operations that can be performed on the data.
Let's take Amazon as an example. If you have ever purchased an item on Amazon or browsed through the catalogues, Amazon will recommend other items that you might be interested in. Amazon uses historical data to predict other items that you might also be interested in.
Summary:
Information technology as a business tool is used to efficiently archive business goals and reduce operational costs in the long run. At a minimum, an implementation of information technology requires hardware, software, and telecommunication networks.
Hardware refers to the physical devices such as servers, workstations, printers, etc. The software most used included database servers, email servers, spreadsheet applications, word processors, etc. Local area networks and sometimes wide area networks are used to share resources among users.
at No comments:

Role of Management information system & Component of MIS

acebook is one of the most profitable businesses in the world, and its entire existence depends on the use of information technology and information systems.
Other successful companies such as Google, Amazon, eBay, andFinancial Institutions- most of their success is due to technology.
This tutorial will look at the roles of MIS in the organization and how an organization can take advantage of MIS to gain competitive advantage.


In this tutorial, you will learn-
  • Definition of data and information and characteristics of good information
  • Competitive advantage of information and MIS
  • Components of MIS and their relationship
  • Porter's Value chain
  • Influence of IT on organizational goals

Definition of data and information and characteristics of good information

Data refers to raw basic facts i.e. price of a product, the number of products purchased, etc. that haven't yet been processed.
For example, a price of $6 and a quantity of 10 do not convey any meaning to a customer at a point of sale till. Information should be processed data that conveys meaning to the recipient.
For example, multiplying $6 by 10 gives us $60, which is the total bill that the customer should pay.
Good information should be timely and available when it is needed.
The following are the characteristics of good information.
  • Accurate – information must be free from errors and mistakes. This is achieved by following strict set standards for processing data into information. For example, adding $6 + 10 would give us inaccurate information. Accurate information for our example is multiplying $6 by 10.
  • Complete – all the information needed to make a good decision must be available. Nothing should be missing. If TAX is an application to the computation of the total amount that the customer should pay then, it should be included as well. Leaving it out can mislead the customer to think they should pay $60 only when in actual fact, they must pay tax as well.
  • Cost Effective – the cost of obtaining information must not exceed the benefit of the information in monetary terms.
  • User-focused – the information must be presented in such a way that it should address the information requirements of the target user. For example, operational managers required very detailed information, and this should be considered when presenting information to operational managers. The same information would not be appropriate for senior managers because they would have to process it again. To them, it would be data and not information.
  • Relevant – the information must be relevant to the recipient. The information must be directly related to the problem that the intended recipient is facing. If the ICT department wants to buy a new server, information that talks about a 35% discount on laptops would not be relevant in such a scenario.
  • Authoritative – the information must come from a reliable source. Let's say you have a bank account and you would like to transfer money to another bank account that uses a different currency from yours. Using the exchange rate from a bureau de change would not be considered authoritative compared to getting the exchange rate directly from your bank.
  • Timely – information should be available when it is needed. Let's say your company wants to merge with another company. Information that evaluates the other company that you want to merge with must be provided before the merger, and you must have sufficient time to verify the information.

Competitive advantage of information and MIS

Competitive advantage is a position that makes a business more profitable than its competitors. For example, producing products at a lower cost than your competitors makes you more profitable.
Information systems have the capacity to help an organization into such a position. They do so in the following ways
Operational excellence – operational excellence seeks to improve the operations of the business. Let's take an example of a retail store. A retail store can use information systems to automatically place an order with a supplier once the inventory level reaches the re-order limit. This ensures that the retail store never runs out of inventory and customers can always count on it to find what they need.
New business models, products, and services – let's continue with the example of a retail store. The retail store can develop a web based order system or smartphone application that clients can use to buy items from the comfort of their homes or wherever they are. The order system can be linked to a delivery business and have support for online payments. This is a new business model compared to customers walking in to make purchases vs doing it from web based or smartphone apps.
Improved supplier and customer relations – historical data is used to understand the needs of the customers and suppliers. This data is then used to create services and products that address the needs. This leads to long-term relationships with customers and business which puts an organization in a more profitable position.
Improved decision making – information is critical when making decisions. Information systems if designed and operated efficiently, output information that has all the characteristic of good information described in the above section. This enables an organization to make decisions that will profit the organizations.

Components of MIS and their relationship

A management information system is made up of five major components namely people, business processes, data, hardware, and software. All of these components must work together to achieve business objects.
People – these are the users who use the information system to record the day to day business transactions. The users are usually qualified professionals such as accountants, human resource managers, etc. The ICT department usually has the support staff who ensure that the system is running properly.
Business Procedures – these are agreed upon best practices that guide the users and all other components on how to work efficiently. Business procedures are developed by the people i.e. users, consultants, etc.
Data – the recorded day to day business transactions. For a bank, data is collected from activities such as deposits, withdrawals, etc.
Hardware – hardware is made up of the computers, printers, networking devices, etc. The hardware provides the computing power for processing data. It also provides networking and printing capabilities. The hardware speeds up the processing of data into information.
Software – these are programs that run on the hardware. The software is broken down into two major categories namely system software and applications software. System software refers to the operating system i.e. Windows, Mac OS, and Ubuntu, etc. Applications software refers to specialized software for accomplishing business tasks such as a payroll program, banking system, point of sale system, etc.

Porter's Value chain

Think of a company such as Apple Inc. Why are they successful? Why do customers love and buy the iPhone? It is because the iPhone adds value to their lives. This is why Apple Inc. is a successful business. Value chain refers to activities that a company performs to create value for its customers.
The concept of a value chain was developed by Michael Porter. Porter's value chain has two activities namely;
  • Primary activities – these are activities that are related to the creating products/services, marketing and sales, and support. Primary activities consist of inbound logistics, operations, outbound logistics, marketing and sales, and service.
  • Support activities – these are activities that support the primary activities. Support activities consist of procurement (purchasing), human resource management, technological development and infrastructure.
The following diagram depicts the value chain


The following illustration shows the value chain for Apple Inc.
The overall goal of the value chain is to help a business gain competitive advantage. Competitive advantage is a business's position in a market that makes it to be more profitable than its direct competitors.

Influence of IT on organizational goals

Organizational goals refer to objectives and the mission of the organization, especially in the long term. Regardless of the type of business that an organization engages in, the overall goal is to create value for the customers or clients as stated in the above section.
Business Information Technology alignment is concerned with using information technology to effectively achieve business goals.
Two of the most common ways that an organization can provide value is by offering a quality product at a lower price than the competitor or at a high price but with more features that add value to the customers.
Information technology enables businesses to process and analyze large amounts of data at a cheaper cost and within the shortest possible time. This enables organizations to provide quality products at a cheaper price.
Let's take a bank example. A bank can use ATM to allow the clients to withdraw money and other automated means to deposit money. Customers with queries can be directed to a website that has frequently asked questions. Both individuals and businesses can view the statements online if they subscribe to internet banking.
The above IT business practices lead to reduced costs of doing business and creating new products and services. Reduced cost of doing business enables a bank to reduce the bank charges, therefore, offering a quality product or service at a cheaper rate.
Summary:
Business entities exist to make profits. Not for profit organizations exist to deliver quality services or products cost effectively.
Regardless of the type of organization, MIS has a major role to play in achieving the objectives.
MIS enables organizations to make sound decisions by providing decision makers with information.
at No comments:

What is MIS & MIS Definition

MIS is the acronym for Management Information Systems. In a nutshell, MIS is a collection of systems, hardware, procedures and people that all work together to process, store, and produce information that is useful to the organization.







In this tutorial, you will learn-
  • What is MIS?
  • Components of MIS
  • Types of Information Systems
  • Manual Information Systems VS Computerized Information Systems (MIS)
  • Advantages and Dis-advantages of a manual information system
  • Advantages and Disadvantages of a computerized information system (MIS)

What is MIS?

A Management Information System (MIS) is the use of information technology, people, and business processes to record, store and process data to produce information that decision makers can use to make day to day decisions.
The need for MIS
The following are some of the justifications for having an MIS system
  • Decision makers need information to make effective decisions. Management Information Systems (MIS) make this possible.
  • MIS systems facilitate communication within and outside the organization – employees within the organization are able to easily access the required information for the day to day operations. Facilitates such as Short Message Service (SMS) & Email make it possible to communicate with customers and suppliers from within the MIS system that an organization is using.
  • Record keeping – management information systems record all business transactions of an organization and provide a reference point for the transactions.

Components of MIS

The major components of a typical management information system are;
  • People – people who use the information system
  • Data – the data that the information system records
  • Business Procedures – procedures put in place on how to record, store and analyze data
  • Hardware – these include servers, workstations, networking equipment, printers, etc.
  • Software – these are programs used to handle the data. These include programs such as spreadsheet programs, database software, etc.

Types of Information Systems

The type of information system that a user uses depends on their level in an organization. The following diagram shows the three major levels of users in an organization and the type of information system that they use.

Transaction Processing Systems (TPS)
This type of information system is used to record the day to day transactions of a business. An example of a Transaction Processing System is a Point of Sale (POS) system. A POS system is used to record the daily sales.
Management Information Systems (MIS)
Management Information Systems are used to guide tactic managers to make semi-structured decisions. The output from the transaction processing system is used as input to the MIS system.
Decision Support Systems (DSS)
Decision support systems are used by top level managers to make semi-structured decisions. The output from the Management Information System is used as input to the decision support system.DSS systems also get data input from external sources such as current market forces, competition, etc.

Manual Information Systems VS Computerized Information Systems (MIS)

Data is the bloodstream of any business entity. Everyone in an organization needs information to make decisions. An information system is an organized way of recording, storing data, and retrieving information.
In this section, we will look at manual information systems vs. computerized information systems.
Manual Information System
A manual information system does not use any computerized devices. The recording, storing and retrieving of data is done manually by the people, who are responsible for the information system.
The following are the major components of a manual information system
  • People –people are the recipients of information system
  • Business Procedures –these are measures put in place that define the rules for processing data, storing it, analyzing it and producing information
  • Data –these are the recorded day to day transactions
  • Filing system – this is an organized way of storing information
  • Reports –the reports are generated after manually analyzing the data from the filing system and compiling it.
The following diagram illustrates how a typical manual information system works

Advantages and Dis-advantages of a manual information system

Advantages:
The following are the advantages of manual information systems
  • Cost effective – it is cheaper compared to a computerized system because there is no need to purchase expensive equipment such as servers, workstations, printers, etc.
  • Flexible –evolving business requirements can easily be implemented into the business procedures and implemented immediately
Disadvantages:
The following are some of the disadvantages of a manual information system.
  • Time consuming –all data entries need to be verified before filing, this is a time consuming task when done by humans. Retrieving data from the filing system also takes a considerable amount of time
  • Prone to error – the accuracy of the data when verified and validated by human beings is more prone to errors compared to verification and validation done by computerized systems.
  • Lack of security – the security of manual systems is implemented by restricting access to the file room. Experience shows unauthorized people can easily gain access to the filing room
  • Duplication of data –most departments in an organization need to have access to the same data. In a manual system, it is common to duplicate this data to make it easy to accessible to all authorized users. The challenge comes in when the same data needs to be updated
  • Data inconsistency – due to the duplication of data, it is very common to update data in one file and not update the other files. This leads to data inconsistency
  • Lack of backups – if the file get lost or mishandled, the chances of recovering the data are almost zero.
Computerized information system
Computerized systems were developed to address the challenges of manual information systems. The major difference between a manual and computerized information system is a computerized system uses a combination of software and hardware to record, store, analyze and retrieve information.

Advantages and Disadvantages of a computerized information system (MIS)

The following are some of the disadvantages of a computerized information system.
Advantages:
The following are the advantages of computerized information systems
  • Fast data processing and information retrieval – this is one of the biggest advantages of a computerized information system. It processes data and retrieves information at a faster rate. This leads to improved client/customer service
  • Improved data accuracy – easy to implement data validation and verification checks in a computerized system compared to a manual system.
  • Improved security – in addition to restricting access to the database server, the computerized information system can implement other security controls such as user’s authentication, biometric authentication systems, access rights control, etc.
  • Reduced data duplication – database systems are designed in such a way that minimized duplication of data. This means updating data in one department automatically makes it available to the other departments
  • Improved backup systems – with modern day technology, backups can be stored in the cloud which makes it easy to recover the data if something happened to the hardware and software used to store the data
  • Easy access to information – most business executives need to travel and still be able to make a decision based on the information. The web and mobile technologies make accessing data from anywhere possible.
Disadvantages:
  • It is expensive to set up and configure – the organization has to buy hardware and the required software to run the information system. In addition to that, business procedures will need to be revised, and the staff will need to be trained on how to use the computerized information system.
  • Heavy reliance on technology – if something happens to the hardware or software that makes it stop functioning, then the information cannot be accessed until the required hardware or software has been replaced.
  • Risk of fraud – if proper controls and checks are not in place, an intruder can post unauthorized transactions such as an invoice for goods that were never delivered, etc.
Summary
  • MIS is the acronym for Management Information System. It is a collection of people, procedures, data, and information technology that aids managers to make informed decisions.
  • Computerized information systems are more efficient compared to manual information systems. Manual information systems are cheaper compared to computerized information systems.
  • Transaction processing systems (TPS) are by operational staff to record day to day business transactions, and they are used to make structured decisions
  • Management Information Systems (MIS) are used by middle-level managers to make semi-structured decisions
  • Decision Support Systems are used by top level managers, and they help top level managers to make unstructured decisions.
at No comments:

Ethical and Social issue in Information system security

Information systems have made many businesses successful today. Some companies such as Google, Facebook, EBay, etc. would not exist without information technology. However, improper use of information technology can create problems for the organization and employees.
Criminals gaining access to credit card information can lead to financial loss to the owners of the cards or financial institute. Using organization information systems i.e. posting inappropriate content on Facebook or Twitter using a company account can lead to lawsuits and loss of business.
This tutorial will address such challenges that are posed by information systems and what can be done to minimize or eliminate the risks.
In this tutorial, you will learn –
  • Cyber-crime
  • Information system Security
  • Information system Ethics
  • Information Communication Technology (ICT) policy

Cyber-crime

Cyber-crime refers to the use of information technology to commit crimes. Cyber-crimes can range from simply annoying computer users to huge financial losses and even the loss of human life. The growth of smartphones and other high-end mobile devices that have access to the internet have also contributed to the growth of cyber-crime.


Types of cyber-crime
Identity theft
Identity theft occurs when a cyber-criminal impersonates someone else identity to practice malfunction. This is usually done by accessing personal details of someone else. The details used in such crimes include social security numbers, date of birth, credit and debit card numbers, passport numbers, etc.
Once the information has been acquired by the cyber-criminal, it can be used to make purchases online while impersonating himself to be someone else. One of the ways that cyber-criminals use to obtain such personal details is phishing. Phishing involves creating fake websites that look like legitimate business websites or emails.
For example, an email that appears to come from YAHOO may ask the user to confirm their personal details including contact numbers and email password. If the user falls for the trick and updates the details and provides the password, the attacker will have access to personal details and the email of the victim.
If the victim uses services such as PayPal, then the attacker can use the account to make purchases online or transfer funds.
Other phishing techniques involve the use of fake Wi-Fi hotspots that look like legitimate ones. This is common in public places such as restaurants and airports. If an unsuspecting user logons into the network, then cyber-crimes may try to gain access to sensitive information such as usernames, passwords, credit card numbers, etc.
According to the US Department of Justice, a former state department employee used email phishing to gain access to email and social media accounts of hundreds of women and accessed explicit photos. He was able to use the photos to extort the women and threatened to make the photos public if they did not give in to his demands.
Copyright infringement
Piracy is one of the biggest problems with digital products. Websites such as the pirate bay are used to distribute copyrighted materials such as audio, video, software, etc. Copyright infringement refers to the unauthorized use of copyrighted materials.
Fast internet access and reducing costs of storage have also contributed to the growth of copyright infringement crimes.
Click fraud
Advertising companies such as Google AdSense offer pay per click advertising services. Click fraud occurs when a person clicks such a link with no intention of knowing more about the click but to make more money. This can also be accomplished by using automated software that makes the clicks.

Advance Fee Fraud
An email is sent to the target victim that promises them a lot of money in favor of helping them to claim their inheritance money.
In such cases, the criminal usually pretends to be a close relative of a very rich well-known person who died. He/she claims to have inherited the wealth of the late rich person and needs help to claim the inheritance. He/she will ask for financial assistance and promise to reward later. If the victim sends the money to the scammer, the scammer vanishes and the victim loses the money.
Hacking
Hacking is used to by-pass security controls to gain unauthorized access to a system. Once the attacker has gained access to the system, they can do whatever they want. Some of the common activities done when system is hacked are;
  • Install programs that allow the attackers to spy on the user or control their system remotely
  • Deface websites
  • Steal sensitive information. This can be done using techniques such as SQL Injection, exploiting vulnerabilities in the database software to gain access, social engineering techniques that trick users into submitting ids and passwords, etc.
Computer virus
Viruses are unauthorized programs that can annoy users, steal sensitive data or be used to control equipment that is controlled by computers.

Information system Security

MIS security refers to measures put in place to protect information system resources from unauthorized access or being compromised. Security vulnerabilities are weaknesses in a computer system, software, or hardware that can be exploited by the attacker to gain unauthorized access or compromise a system.
People as part of the information system components can also be exploited using social engineering techniques. The goal of social engineering is to gain the trust of the users of the system.
Let's now look at some of the threats that information system face and what can be done to eliminate or minimize the damage if the threat were to materialize.


Computer viruses – these are malicious programs as described in the above section. The threats posed by viruses can be eliminated or the impact minimized by using Anti-Virus software and following laid down security best practices of an organization.
Unauthorized access – the standard convention is to use a combination of a username and a password. Hackers have learnt how to circumvent these controls if the user does not follow security best practices. Most organizations have added the use of mobile devices such as phones to provide an extra layer of security.
Let's take Gmail as an example, if Google is suspicious of the login on an account, they will ask the person about to login to confirm their identity using their android powered mobile devices or send an SMS with a PIN number which should supplement the username and password.
If the company does not have enough resources to implement extra security like Google, they can use other techniques. These techniques can include asking questions to users during signup such as what town they grew up in, the name of their first pet, etc. If the person provides accurate answers to these question, access is granted into the system.
Data loss – if the data center caught fire or was flooded, the hardware with the data can be damaged, and the data on it will be lost. As a standard security best practice, most organizations keep backups of the data at remote places. The backups are made periodically and are usually put in more than one remote area.
Biometric Identification – this is now becoming very common especially with mobile devices such as smartphones. The phone can record the user fingerprint and use it for authentication purposes. This makes it harder for attackers to gain unauthorized access to the mobile device. Such technology can also be used to stop unauthorized people from getting access to your devices.

Information system Ethics

Ethics refers to rules of right and wrong that people use to make choices to guide their behaviors. Ethics in MIS seek to protect and safeguard individuals and society by using information systems responsibly. Most professions usually have defined a code of ethics or code of conduct guidelines that all professionals affiliated with the profession must adhere to.
In a nutshell, a code of ethics makes individuals acting on their free will responsible and accountable for their actions. An example of a Code of Ethics for MIS professionals can be found on the British Computer Society (BCS) website.

Information Communication Technology (ICT) policy

An ICT policy is a set of guidelines that defines how an organization should use information technology and information systems responsibly. ICT policies usually include guidelines on;
  • Purchase and usage of hardware equipment and how to safely dispose them
  • Use of licensed software only and ensuring that all software is up to date with latest patches for security reasons
  • Rules on how to create passwords (complexity enforcement), changing passwords, etc.
  • Acceptable use of information technology and information systems
  • Training of all users involved in using ICT and MIS
Summary:
With great power comes great responsibility. Information systems bring new opportunities and advantages to how we do business but they also introduce issues that can negatively affect society (cybercrime). An organization needs to address these issues and come up with a framework (MIS security, ICT policy, etc.) that addresses them.
at No comments:
Subscribe to: Posts (Atom)

Evil Twin attack

Evil Twin Attack is attack is frequently carried upon wireless access points with malicious intentions. This attack happens when...