UNIT IV: Development of MIS - Systems analysis and design - systems analysis for new

requirement - systems development models - prototype approach - lifecycle approach – spiral model
- rapid application development – end-user development - structured system design -system
development process - tools and techniques of system design - data flow diagram – data structure -
system implementation success and failure - quality control of information system -introduction to
emerging technologies.

*********************************************************************************

System Analysis: Systems analysis is a process of collecting factual data, understand

the processes involved, identifying problems and recommending feasible
suggestions for improving the system functioning. This involves studying the
business processes, gathering operational data, understand the information flow,
finding out bottlenecks and evolving solutions for overcoming the weaknesses of
the system so as to achieve the organizational goals. System Analysis also includes
subdividing of complex process involving the entire system, identification of data
store and manual processes.

The major objectives of systems analysis are to find answers for each business
process:

 What is being done,

 How is it being done,
 Who is doing it, When is he doing it,
 Why is it being done and how can it be improved? . Systems analysis is an
iterative process that continues until a preferred and acceptable solution
emerges.

System analysis can be done in two different scenarios

1. Analysis of the existing system

2. Analysis for a new system

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 72

 Analysis of the existing system is done to improve the existing system by
identifying its limitations and problems with efficiency and effectiveness
whereas analysis for the new system is done to propose a new system where
there is no system is in practice.

It is more of a thinking process and involves the creative skills of the system
analyst. It attempts to give birth to a new efficient system that satisfies the
current needs of the user and has scope for future growth within the
organizational constraints. The result of this process is a logical system design.
System analysis is an interactive process that continues until a preferred and
acceptable solution emerges.

Systems Design
Based on the user requirements and the detailed analysis of the existing system, the
new system must be designed. This is the phase of system designing. It is the most
crucial phase in the development of a system. The logical system design arrived at
as a result of system analysis is converted into physical system design. Normally,
the design proceeds in two stages:
PRELIMINARY OR GENERAL DESIGN
In the preliminary or general design, the features of the new system are specified.
The costs of implementing these features and the benefits to be derived are
estimated. If the project is still considered to be feasible (possible), we move to the
detailed design stage.
STRUCTURED OR DETAILED DESIGN
In the detailed design stage, computer oriented work begins in earnest. At this
stage the design of the system becomes more structured. Structure design is a blue
print of a computer system solution to a given problem having the same
components and inter-relationships among the same components as the original
UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 73
problem. Input, output, databases, forms, codifications schemes and processing
specifications are drawn up in detail. In the design stage, the programming
language and the hardware and software platform in which the new system will
run are also decide.
The system design involves:-
I. Defining precisely the required system output
II. Determining the data requirement for producing the output
III. Determining the medium and format of files and databases
IV. Devising processing methods and use of software to produce output
V. Determine the methods of data capture data input
VI. Designing input forms
VII. Designing codification schemed
VIII. Detailed manual procedures
IX. Documenting the design

MAJOR STEPS IN SYSTEM ANALYSIS AND DESIGN

 Requirement determination
 understand the process
 Identify data used and information generated
 Determine frequency, timing and volume.
 Know the performance controls
Systems development models - prototype approach - lifecycle approach – spiral model - rapid
application development – end-user development

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 74

SYSTEM DEVELOPMENT AND LIFE CYCLE METHOD OR SDLC(MOST IMPORTANT
TOPIC)

1. FEASIBILITY STUDY
Because the process of developing a major information system can be costly, the
systems investigation stage frequently requires a preliminary study called a
feasibility study. A feasibility study is a preliminary study which investigates the
information needs of prospective users and determines the resource requirements,
cost, benefits, and feasibility of a proposed project.
Feasibility of a system can be evaluated in terms of four major categories:

1. Organizational Feasibility - focuses on how well a proposed information

system supports the objectives of the organization and its strategic plan for

information systems.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 75

2. Economic Feasibility - focuses on whether the tangible costs and benefits of

the proposed system will exceed the costs of developing and operating it.

3. Technical Feasibility - focuses on the reliable/capabilities of the hardware

and software to meet the needs of the proposed system, and whether they can

be acquired or developed in the required time.

4. Operation Feasibility - focuses on the willingness and ability of the

management, employees, customers, suppliers, and others to operate, use, and
support the proposed system.

2. SYSTEM ANALYSIS

Systems analysis is an in-depth study of end user information needs which

produces functional requirements that are used as the basis for the design of a new

information system. System analysis traditionally involves a detailed study of:

1. The information needs of the organization and the end users.

2. The activities, resources, and products of any present information systems

3. The information systems capabilities required to meet the information needs of

end users.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 76

Organizational Analysis
Organizational analysis involves evaluating the organizational and environmental

systems and subsystems involved in any situation. Systems analysis traditionally

involves a detailed study of the organizations:

1. Environment

2. Management structure

3. People

4. Business activities

5. Environmental systems it deals with

6. Current information systems

Analysis of the Present System

1. Hardware, software, people resources to convert data resources into

information products, such as reports and displays.

2. Document how the information activities if input, processing, output,

storage, and control are being accomplished.

Functional Requirements Analysis

This step of the systems analysis is one of the most difficult. Steps involve:

1. Determining specific information needs

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 77

2. Determining the information processing capabilities required for each

system activity (input, processing, output, storage, and control) to meet the

needs. Goal is to identify What should be done NOT how to do it.

3. Develop functional requirements (information requirements that are not tied

to the hardware, software, and people resources that end users presently use

or might use in the new system).

3. SYSTEMS DESIGN

System analysis describes what a system should do to meet the information needs

of users. System design specifies how the system will accomplish this objective.

Systems design consists of design activities, which produce systems specifications

satisfying the functional requirements developed in the systems analysis stage.

These specifications are used as the basis for:

1. Software development

2. Hardware acquisition

3. System testing

4. Other activities of the implementation stage.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 78

User Interface, Data, and Process Design
The systems design concept focuses on three major products or deliverables that

should result from the design stage. System design consists of three activities:

1. User Interface Design

2. Data Design

3. Process Design

4. DEVELOPMENT

The fourth phase is when the real work begins—in particular, when a programmer, network
engineer and/or database developer are brought on to do the major work on the project. This
work includes using a flow chart to ensure that the process of the system is properly
organized. The development phase marks the end of the initial section of the process.
Additionally, this phase signifies the start of production. The development stage is also
characterized by instillation and change.

In the development phase, all the documents from the previous phase are transformed into
the actual system. The two primary activities involved in the development phase are as
follows:

 Development of IT infrastructure
 Development of database and code

In the design phase, only the blueprint of the IT infrastructure is provided, whereas in this
phase the organization actually purchases and installs the respective software and hardware
in order to support the IT infrastructure. Following this, the creation of the database and
actual code can begin to complete the system on the basis of given specifications.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 79

 5. TESTING:

Once the software is complete, and it is deployed in the testing environment. The
testing team starts testing the functionality of the entire system. This is done to
verify that the entire application works according to the customer requirement.

During this phase, QA and testing team may find some bugs/defects which they
communicate to developers. The development team fixes the bug and send back to
QA for a re-test. This process continues until the software is bug-free, stable, and
working according to the business needs of that system.

Black box testing is the Software testing method which is used to test the
software without knowing the internal structure of code or program. White box
testing is the software testing method in which internal structure is being known to
tester who is going to test the software

Program test : When the programs have been coded and compiled and brought to
working conditions, they must be individually tested with the prepared test data.
All verification and validation be checked and any undesirable happening must be
noted and debugged (error corrected).

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 80

System Test : After carrying out the program test for each of the programs of the
system and errors removed, then system test is done. At this stage the test is done
on actual data. The complete system is executed on the actual data. When it is
ensured that the system is running error-free, the users are called with their own
actual data so that the system could be shown running as per their requirements.

6. IMPLEMENTATION

After having the user acceptance of the new system developed, the implementation
phase begins. Implementation is the stage of a project during which theory is
turned into practice. The major steps involved in this phase are:

 Acquisition and Installation of Hardware and Software

 Conversion
 User Training
 Documentation

The hardware and the relevant software required for running the system must be
made fully operational before implementation. The conversion is also one of the
most critical and expensive activities in the system development life cycle. The
data from the old system needs to be converted to operate in the new format of the
new system. The database needs to be setup with security and recovery procedures
fully defined.

During this phase, all the programs of the system are loaded onto the user’s
computer. After loading the system, training of the user starts. Main topics of such
type of training are:

 How to execute the package?

 How to enter the data?

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 81

 How to process the data (processing details)?
 How to take out the reports?

After the users are trained about the computerized system, working has to shift
from manual to computerized working. The process is called Changeover. The
following strategies are followed for changeover of the system.

1. Direct Changeover: This is the complete replacement of the old system by

the new system. It is a risky approach and requires comprehensive system
testing and training.
2. Parallel run : In parallel run both the systems, i.e., computerized and
manual, are executed simultaneously for certain defined period. The same
data is processed by both the systems. This strategy is less risky but more
expensive because of the following facts:

 Manual results can be compared with the results of the computerized system.
 The operational work is doubled.
 Failure of the computerized system at the early stage does not affect the
working of the organization, because the manual system continues to work, as it
used to do.

(iii) Pilot run: In this type of run, the new system is run with the data from one or
more of the previous periods for the whole or part of the system. The results are
compared with the old system results. It is less expensive and risky than parallel
run approach. This strategy builds the confidence and the errors are traced easily
without affecting the operations.

The documentation of the system is also one of the most important activity in the
system development life cycle. This ensures the continuity of the system.
Generally following two types of documentations are prepared for any system.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 82

 User or Operator Documentation
 System Documentation

User Documentation: The user documentation is a complete description of the

system from the user’s point of view detailing how to use or operate the system. It
also includes the major error messages likely to be encountered by the user.

System Documentation: The system documentation contains the details of system

design, programs, their coding, system flow, data dictionary, process description,
etc. This helps to understand the system and permit changes to be made in the
existing system to satisfy new user needs.

7. MAINTENANCE

Maintenance is necessary to eliminate errors in the system during its working life
and to tune the system to any variations in its working environments. It must meet
the scope of any future enhancement, future functionality and any other added
functional features to cope up with the latest future needs. It has been seen that
there are always some errors found in the systems that must be noted and
corrected. It also means the review of the system from time to time. The review of
the system is done for:

•knowing the full capabilities of the system

•knowing the required changes or the additional requirements

•studying the performance.

If a major change to a system is needed, a new project may have to be set up to

carry out the change. The new project will then proceed through all the above life
cycle phases.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 83

 SPIRAL MODEL OF SYSTEM DEVELOPMENT
Spiral model is a combination of sequential and prototype model. This model is
best used for large projects which involves continuous enhancements. There are
specific activities which are done in one iteration (spiral) where the output is a
small prototype of the large system. The same activities are then repeated for all
the spirals till the entire System is build.

A spiral model has 4 phases described below:

1. Planning phase
2. Risk analysis phase
3. Engineering phase
4. Evaluation phase.
Activities which are performed in the spiral model phases are shown
below:
Phase Deliverables /
Activities performed
Name Output

Planning -Requirements are studied Requirements

and gathered. understanding
- Feasibility study document
- Reviews and
walkthroughs to streamline Finalized list of
the requirements requirements.

Risk Requirements are studied Document which

Analysis and brain storming sessions highlights all the risks
are done to identify the and its mitigation
potential risks plans.

Once the risks are

identified , risk mitigation
strategy is planned and
finalized

Engineering Actual development and Code

testing if the system takes Test cases and test
place in this phase results
Test summary report
and defect report.

Evaluation users evaluate the system Features implemented

and provide their feedback document

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 84

Phase Deliverables /
Activities performed
Name Output

and approval
When to Use Spiral model?
 Spiral model is used in the following scenarios:
• When the project is large.
• Where the software needs continuous risk evaluation.
• Requirements are a bit complicated and require continuous
clarification.
• Software requires significant changes.
• Where enough time frame is their to get end user feedback.
• Where releases are required to be frequent.
 Advantages of using Spiral Model:
 Advantages of using Spiral model are as follows:
• Development is fast
• Larger projects / software are created and handled in a strategic
way
• Risk evaluation is proper.
• Control towards all the phases of development.
• More and more features are added in a systematic way.
• Software is produced early.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 85

Different colors represent different spiral or iteration. For first iteration,
represented in brown color , all the 4 activities (Planning, risk analysis, engineering
and evaluation) are performed. After the evaluation phase is over for the first
iteration (spiral), second iteration (spiral) starts The second iteration, which is
represented in orange color, here again all the 4 activities (Planning, risk analysis,
engineering and evaluation) are performed. In a similar way, third iteration is done
shown in blue color and so on the process continues.

PROTOTYPE MODEL OF SYSTEM DEVELOPMENT

A prototype is an original model, form or an instance that serves as a basis for
other processes.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 86

The basic idea in Prototype model is that instead of freezing the requirements before a design or
coding can proceed, a throwaway prototype is built to understand the requirements. This
prototype is developed based on the currently known requirements. Prototype model is
a software development model. By using this prototype, the client can get an “actual feel” of
the system, since the interactions with prototype can enable the client to better understand the
requirements of the desired system. Prototyping is an attractive idea for complicated and large
systems for which there is no manual process or existing system to help determining the

requirements.

Advantages of Prototype model:

 Users are actively involved in the development

 Since in this methodology a working model of the system is provided, the users get a
better understanding of the system being developed.
 Errors can be detected much earlier.
 Quicker user feedback is available leading to better solutions.
 Missing functionality can be identified easily
 Confusing or difficult functions can be identified
Requirements validation, Quick implementation of, incomplete, but
functional, application.

Disadvantages of Prototype model:

 Leads to implementing and then repairing way of building systems.

 Practically, this methodology may increase the complexity of the system as scope of
the system may expand beyond original plans.

WATERFALL MODEL OF SYSTEM DEVELOPMENT

In a waterfall model, each phase must be completed before the next phase can
begin and there is no overlapping in the phases. In "The Waterfall" approach, the
whole process of software development is divided into separate phases. In this

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 87

Waterfall model, typically, the outcome of one phase acts as the input for the next
phase sequentially.

 Requirement Gathering and analysis − All possible requirements of the

system to be developed are captured in this phase and documented in a
requirement specification document.

 System Design − The requirement specifications from first phase are

studied in this phase and the system design is prepared. This system design
helps in specifying hardware and system requirements and helps in defining
the overall system architecture.

 Implementation − With inputs from the system design, the system is first
developed in small programs called units, which are integrated in the next
phase. Each unit is developed and tested for its functionality, which is
referred to as Unit Testing.

 Integration and Testing − All the units developed in the implementation

phase are integrated into a system after testing of each unit. Post integration
the entire system is tested for any faults and failures.

 Deployment of system − Once the functional and non-functional testing is

done; the product is deployed in the customer environment or released into
the market.

 Maintenance − There are some issues which come up in the client

environment. To fix those issues, patches are released. Also to enhance the
product some better versions are released. Maintenance is done to deliver
these changes in the customer environment.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 88

All these phases are cascaded to each other in which progress is seen as flowing
steadily downwards (like a waterfall) through the phases. The next phase is started
only after the defined set of goals are achieved for previous phase and it is signed
off, so the name "Waterfall Model". In this model, phases do not overlap.

Some of the major advantages of the Waterfall Model are as follows −

 Simple and easy to understand and use

 Easy to manage due to the rigidity of the model. Each phase has specific deliverables and a
review process.

 Phases are processed and completed one at a time.

 Works well for smaller projects where requirements are very well understood.

The major disadvantages of the Waterfall Model are as follows −

 No working software is produced until late during the life cycle.

 High amounts of risk and uncertainty.

 Not a good model for complex and object-oriented projects.

 Poor model for long and ongoing projects.

 Not suitable for the projects where requirements are at a moderate to high
risk of changing. So, risk and uncertainty is high with this process model.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 89

 RAPID APPLICATION DVELOPMENT
Rapid Application Development process is an adoption of the waterfall model; it
targets at developing software in a short span of time.

RAD model has following phase

 Business Modeling
 Data Modeling
 Process Modeling
 Application Generation
 Testing and Turnover

Different phases of RAD model includes

Phases of RAD
Activities performed in RAD Model
model
Business
 On basis of the flow of information and distribution between various
Modeling

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 90

 business channels, the product is designed

 The information collected from business modeling is refined into a

Data Modeling set of data objects that are significant for the business

 The data object that is declared in the data modeling phase is

transformed to achieve the information flow necessary to implement a
Process Modeling
business function

 Automated tools are used for the construction of the software, to

Application
convert process and data models into prototypes
Generation
 As prototypes are individually tested during every iteration, the
Testing and
overall testing time is reduced in RAD.
Turnover

END USER DEVELOPMENT

End user development refers to activities and tools that allow end users people who
are not professional software developers to programmed computer. End user can
use the End User Development tools to crate or modeling software and complex
data objects without significant knowledge of programming language.

FACTORS CONTRIBUTING TO SUCCESS OF MIS

If a MIS is to be success then it should have all the features listed as follows:

 The MIS is integrated into the managerial functions. It sets clear objectives
to ensure that the MIS focuses on the major issues of the business.
 An appropriate information processing technology required to meet the data
processing and analysis needs of the users of the MIS is selected.
 The MIS is oriented, defined and designed in terms of the user's
requirements and its operational viability is ensured.
 The MIS is kept under continuous surveillance, so that its open system
design is modified according to the changing information needs.
UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 91
  MIS focuses on the results and goals, and highlights the factors and reasons
for non achievement.
 The MIS recognizes that a manager is a human being and therefore, the
systems must consider all the human behavioral factors in the process of the
management
 The MIS recognizes that the different information needs for different
objectives must be met with. The globalization of information in isolation
from the different objectives leads to too much information and information
and its non-use.
 The MIS is easy to operate and, therefore, the design of the MIS has such
features which make up a user-friendly design.
 MIS recognizes that the information needs become obsolete and new needs
emerge. The MIS design, therefore, has a basic potential capability to
quickly meet new needs of information.
 The MIS concentrates on developing the information support to manager
critical success factors. It concentrates on the mission critical applications
serving the needs of the top management.

FACTORS CONTRIBUTING TO FAILURES

 Underestimating the complexity in the business systems and not recognizing
it in the MIS design leads to problems in the successful implementation.
 Adequate attention is not given to the quality control aspects of the inputs,
the process and the outputs leading to insufficient checks and controls in the
MIS.
 Lack of training and appreciation that the users of the information and the
generators of the data are different, and they have to play an important
responsible role in the MIS.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 92

  Lack of administrative discipline in following the standardized systems and
procedures, wrong coding and deviating from the system specifications
result in incomplete and incorrect information.

TOOLS FOR SYSTEM DESIGN

 Data Flow Diagram

 Data Dictionary
 Decision Trees

********************************END OF MODULE 4********************************

UNIT V: SECURING INFORMATION SYSTEMS - System vulnerability and abuse -

wireless security challenges - malicious software - hackers and cyber vandalism - computer
crime and cyber terrorism - business values of security and control - technologies and tools for
protecting information resources - identity management and authentication – firewalls – intrusion
-detection systems - antivirus software - securing wireless networks - encryption and public key
infrastructure – ensuring system availability - security issues for cloud computing and the mobile
digital platform - ensuring software quality.

System vulnerability and abuse

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 93

Wireless network is vulnerable because radio frequency bands are easy to scan.
Both Bluetooth and Wi-Fi networks are susceptible to hacking by eavesdroppers.
Although the range of Wi-Fi networks is only several hundred feet, it can be
extended up to one-fourth of a mile using external antennae. Local area networks
(LANs) using the 802.11 standard can be easily penetrated by outsiders armed
with laptops, wireless cards, external antennae, and hacking software. Hackers
use these tools to detect unprotected networks, monitor network traffic, and, in
some cases, gain access to the Internet or to corporate networks.
The service set identifiers (SSIDs) identifying the access points in a Wi-Fi network
are broadcast multiple times and can be picked up fairly easily by intruders’ sniffer
programs.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 94

A hacker can employ an 802.11 analysis tool to identify the SSID. (Windows,
Vista, and 7 have capabilities for detecting the SSID used in a network and
automatically configuring the radio NIC within the user’s device.) An intruder
that has associated with an access point by using the correct SSID is capable of
accessing other resources on the network, using the Windows operating system
to determine which other users are connected to the network, access their
computer hard drives, and open or copy their files.

MALICIOUS SOFTWARE: VIRUSES, WORMS, TROJAN

HORSES AND SPYWARE

A computer virus is a rogue software program that attaches itself to other

software programs or data files in order to be executed, usually without user
knowledge or permission. Viruses typically spread from computer to computer
when humans take an action, such as sending an e-mail attachment or copying an
infected file.

worms, which are independent computer programs that copy themselves from one
computer to other computers over a network. (Unlike viruses, they can operate on
their own without attaching to other computer program files and rely less on
human behavior in order to spread from computer to computer. This explains why
computer worms spread much more rapidly than computer viruses.) Worms
destroy data and programs as well as disrupt or even halt the operation of computer
networks.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 95

Trojans
A Trojan is another type of malware named after the wooden horse that the Greeks
used to infiltrate Troy. It is a harmful piece of software that looks legitimate. Users
are typically tricked into loading and executing it on their systems. After it is
activated, it can achieve any number of attacks on the host, from irritating the user
(popping up windows or changing desktops) to damaging the host (deleting files,
stealing data, or activating and spreading other malware, such as viruses). Trojans
are also known to create backdoors to give malicious users access to the system.
Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 96

they self-replicate. Trojans must spread through user interaction such as opening
an email attachment or downloading and running a file from the Interne

HACKERS AND COMPUTER CRIME

A hacker is an individual who intends to gain unauthorized access to a computer
system. Within the hacking community, the term cracker is typically used to
denote a hacker with criminal intent, although in the public press, the term shacker
and cracker are used interchangeably. Hackers and crackers gain unauthorized
access by finding weaknesses in the security protections employed by Web sites
and computer systems, often taking advantage of various features of the Internet
that make it an open system that is easy to use.
Ethical Hacker (White hat): A hacker who
gains access to systems with a view to fix
the identified weaknesses. They may also
perform penetration Testing and
vulnerability assessments.( Ideal Hacker)

Cracker (Black hat): A hacker who gains

unauthorized access to computer systems
for personal gain. The intent is usually to
steal corporate data, violate privacy rights,
transfer funds from bank accounts
etc.(Dangerous)

Grey hat: A hacker who is in between

ethical and black hat hackers. He/she
breaks into computer systems without
authority with a view to identify
weaknesses and reveal them to the system
owner.

Types of Hackers

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 97

IDENTITY THEFT
With the growth of the Internet and electronic commerce, identity theft has become
especially troubling. Identity theft is a crime in which an imposter obtains key
pieces of personal information, such as social security identification numbers,
driver’s license numbers, or credit card numbers, to impersonate someone else.
Identify theft has flourished on the Internet, with credit card files a major target of
Web site hackers.

Click Fraud
When you click on an ad displayed by a search engine, the advertiser typically
pays a fee for each click, which is supposed to direct potential buyers to its

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 98

Products. Click fraud occurs when an individual or computer program
fraudulently clicks on an online ad without any intention of learning more about
the advertiser or making a purchase. Click fraud has become a serious problem at
Google and other Web sites that feature pay-per-click online advertising. Some
companies hire third parties (typically from low-wage countries) to fraudulently
click on a competitor’s ads to weaken them by driving up their marketing costs.
Click fraud can also be perpetrated with software programs doing the clicking, and
botnets are often used for this purpose. Search engines such as Google attempt to
monitor click fraud but have been reluctant to publicize their efforts to deal with
the problem.

Cyber-Vandalism accounts to the act of damaging someone’s data from the

computer that in a way disrupts the victim’s business or image due to editing the
data into something invasive, embarrassing or absurd. The thieves create
malevolent programs that prove injurious to the hard disk data or login credentials
of the victim.
SOFTWARE VULNERABILITY
 A major problem with software is the presence of hidden bugs or program code defects.

 Zero defects cannot be achieved in larger programs. Complete testing simply

is not possible. Fully testing programs that contain thousands of choices and
Millions of paths would require thousands of years. Even with rigorous
testing, you would not know for sure that a piece of software was
dependable until the product proved itself after much operational use.

 To correct software flaws once they are identified, the software vendor
creates small pieces of software called patches to repair the flaws without
disturbing the proper operation of the software. An example is Microsoft’s

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 99

 Windows Vista Service Pack 2, released in April 2009, which includes some
security enhancements to counter malware and hackers. It is up to users of
the software to track these vulnerabilities, test, and apply all patches. This
processes called patch management.

TECHNOLOGIES AND TOOLS FOR PROTECTING

INFORMATION RESOURCES
*************************************************************
1. Identity Management: Identity management software automates
the process of keeping track of all the users and their system privilege,
assigning each user a unique digital identity for accessing each
system.
2. Authentication: Authentication refers to the ability to know that a
person is who he or she claims to be. Authentication is often
established by using passwords known only to authorized users. An
end user uses a password to log on to a computer system and may also
use passwords for accessing specific systems and files. However,
users often forget passwords, share them, or choose poor passwords
that are easy to guess, which compromises security.
3. A token is a physical device, similar to an identification card, that is
designed to prove the identity of a single user. Tokens are small
gadgets that typically fit on key rings and display pass codes that
change frequently. A smart card is a device about the size of a credit
card that contains a chip formatted with access permission and other
data. (Smart cards are also used in electronic payment systems.)A
reader device interprets the data on the smart card and allows or
denies access .Biometric authentication uses systems that read and

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 100

 interpret individual human traits, such as fingerprints, irises, and
voices, in order to grant or deny access. Biometric authentication is
based on the measurement of a physical or behavioral trait that makes
each individual unique
4. Encryption: Encryption is the process of transforming plain text or
data into cipher text that cannot be read by anyone other than the
sender and the intended receiver. Data are encrypted by using a secret
numerical code, called an encryption key that transforms plain data
into cipher text. The message must be decrypted by the receiver.
5. Symmetric Key and Public key encryption: In symmetric key
encryption, the sender and receiver establish a secure Internet session
by creating a single encryption key and sending it to the receiver so
both the sender and receiver share the same key. The strength of the
encryption key is measured by its bit length. Today, atypical key will
be 128 bits long (a string of 128 binary digits).
A more secure form of encryption called public key encryption uses
two keys: one shared (or public) and one totally private. The keys
are mathematically related so that data encrypted with one key can be
decrypted using only the other key. To send and receive messages,
communicators first create separate pairs of private and public keys.
The public key is kept in a directory and the private key must be kept
secret. The sender encrypts a message with the recipient’s public key.
On receiving the message, the recipient uses his or her private key to
decrypt it.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 101

 UNIFIED THREAT MANAGEMENT SYSTEMS
To help businesses reduce costs and improve manageability, security vendors have
combined into a single appliance various security tools, including firewalls, virtual
private networks, intrusion detection systems, and Web content filtering and ant
spam software. These comprehensive security management products are called
unified threat management (UTM) systems. Although initially aimed at small
and medium-sized business, UTM products are available for all sizes of networks.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 102

******************************************************************
Digital certificates are data files used to establish the identity of users and
electronic assets for protection of online transactions.
Cloud computing is a general term for anything that involves delivering hosted
services over the Internet. These services are broadly divided into three categories:

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 103

Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-
Service (SaaS).
Security in the Cloud

 When processing takes place in the cloud, accountability and responsibility

for protection of sensitive data still reside with the company owning that
data.

 Understanding how the cloud computing provider organizes its services and
manages the data is critical.
 Cloud users need to confirm that regardless of where their data are stored or
transferred, they are protected at a level that meets their corporate
requirements.

 It’s also important to know how the cloud provider will respond if a disaster
strikes, whether the provider will be able to completely restore your data,
and how long this should take.
 Cloud users should also ask whether cloud providers will submit to external
audits and security certifications.
MIS audit examines the firm’s overall security environment as well as
controls governing individual information systems. The auditor should trace
the flow of sample transactions through the system and perform tests, using,
if appropriate, automated audit software. The MIS audit may also examine
data quality.

Security audits review technologies, procedures, documentation, training,

and personnel. A thorough audit will even simulate an attack or disaster to

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 104

 test the response of the technology, information systems staff, and business
employees.

Disaster recovery planning devises plans for the restoration of computing

and communications services after they have been disrupted. Disaster
recovery plans focus primarily on the technical issues involved in keeping
systems up and running, such as which files to back up and the maintenance
of backup computer systems or disaster recovery services.

A supply chain management (SCM) system is a set of software solutions

that manages and oversees the flow of goods, data, and finances as a
product or service moves from point of origin to its final destination. Supply
chain activities encompass procurement, product lifecycle management
(PLM), supply chain planning (SCP), logistics and order management.
A complete, end-to-end supply chain management system includes the
material handling and software packages for all the parties who work
together to create the product, fulfill orders, and keep track of information
including suppliers, manufacturers, wholesalers, transportation providers,
logistics providers, and retailers.

TYPES OF CYBER ATTACKS/CYBER CRIME

 Denial Of service attack
 Phishing
 Pharming
 E mail Bombing
 Sniffing
 Spoofing

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 105

  Cyber defamation
 Hacking
 Identity Theft
 Electronic Money Laundering
 Salami Slicing attack
 Child pornography
 Cyber Stalking
 Cyber Bullying

Intranet Vs Extra net

Internal network of an organization is known as intranet that is usually
accessible to the internal people inside the organization.
Extranet is the network outside the organization, in which the organization
is communicating. Extranet has limited access to the intranet of the
organization.
***********************END OF MODULE 5*******************

1. Refer Previous year question papers

2. For answering questions like application of MIS in Service and
production industry just explain about the HRIS, MKIS, FIS, PIS, CRM,
SCM systems in various industries such as banking, aviation, hospital
etc.

UNIVERSITY INSTITUTE OF MANAGEMENT, ALAPPUZHA Page 106