GEORGE USHINDI

21/00906

BIT 04101: STRATEGIC MANAGEMENT INFORMATION SYSTEMS

May 2024 Class

CAT

Due date - Submission deadline – Saturday 27th July 2024

1. a) Define a Management Information System.

- is a computer-based system that collects, processes, stores, and distributes
information to support decision-making, planning, and control functions within an
organization.
[2 Marks]

b) Describe the ICT infrastructure necessary for an information system to operate

effectively
i. Hardware:
a. Servers: Powerful computers that store and manage data, applications, and
network resources.
b. Storage Devices: Hard drives, SSDs, and tape drives for data storage and
backup.
ii. Software:
a. Operating Systems: Software that manages computer hardware and software
resources.
b. Database Management Systems: Software for storing, retrieving, and
managing data.
c. Application Software: Software for specific tasks, such as word processing,
spreadsheets, and MIS applications.
d. Network Software: Software for managing network communication and
resources.
e. Security Software: Firewalls, antivirus, and intrusion detection systems to
protect data.
iii. Networks:
a. Local Area Network: Connects devices within a building.
b. Wide Area Network: Connects devices across geographic locations.
c. Internet: A global network connecting millions of computers.
d. Intranet: A private network within an organization using internet
technologies.
 e. Extranet: A controlled network accessible to external parties.
iv. Human Resources:
a. IT Personnel: System analysts, programmers, network administrators, and
database administrators.
b. End-Users: Employees who utilize the information system for their tasks.

[8 Marks]
c) Highlight the ethical considerations that can ensure responsible use of information
systems

Privacy

• Data Protection: Safeguarding personal information from unauthorized access,

use, or disclosure.
• Informed Consent: Obtaining explicit permission from individuals before
collecting and using their data.

Accuracy and Integrity

• Data Quality: Ensuring data is accurate, complete, consistent, and relevant.

• Data Validation: Implementing checks to verify data accuracy before processing.
• Data Security: Protecting data from corruption, loss, or unauthorized modification.

Accessibility

• Universal Design: Creating systems that are usable by people with disabilities.
• Digital Divide: Addressing disparities in access to technology and information.
• Openness: Promoting open access to information and knowledge.

Property Rights

• Intellectual Property: Respecting copyrights, patents, and trademarks.

• Software Licensing: Complying with software licensing agreements.
• Cybertheft: Preventing the theft of digital assets.

Accountability and Liability

• System Responsibility: Establishing clear accountability for system development,

maintenance, and use.
• Error Correction: Implementing procedures for identifying and rectifying system
errors.
• Liability Management: Managing potential legal and financial risks associated
with system failures.
Social Impact

• Ethical Decision Making: Using information systems to support ethical decision-

making processes.
• Social Responsibility: Considering the broader societal implications of system
development and use.
• Environmental Impact: Minimizing the environmental impact of information
systems.

[5 Marks]

2. a) Justify the statement – ‘Operational systems are the core information systems without
which organizations cannot survive’
Core Functions of Operational Systems:

• Transaction Processing: These systems handle the core business activities, such as
sales. Without these, an organization cannot conduct its basic functions.
• Data Capture: Operational systems collect and store essential data about
customers, products, employees, and financial transactions. This data forms the
foundation for decision-making and planning.
• Process Automation: Many routine tasks are automated through operational
systems, increasing efficiency and reducing errors. This frees up human resources
to focus on more strategic activities.
• Real-Time Information: Operational systems provide up-to-date information about
the organization's status, enabling managers to make timely decisions.

Impact of Operational System Failures:

• Disruption of Business Processes: A breakdown in operational systems can halt

critical business functions, leading to financial losses and customer dissatisfaction.
• Loss of Data: Data loss due to operational system failures can be catastrophic, as it
can impact decision-making, financial reporting, and customer relationships.
• Reduced Efficiency: Manual processes often replace automated ones during
system failures, leading to decreased productivity and increased costs.

In conclusion, operational systems are the nerve center of any organization.

[6 Marks]
b) What is a Decision Support System (DSS)? State and explain any three types of DSS
 - is a computer-based information system that supports decision-making activities by
analyzing large volumes of data and presenting information in a way that helps
decision-makers identify and solve problems and make informed choices.

Data-Driven DSS:

• Relies heavily on data analysis and reporting.

• Provides access to large volumes of data from various sources.
• Includes tools for data mining, statistical analysis, and data visualization.
• Examples: Sales analysis systems, financial forecasting systems.

Model-Driven DSS:

• Utilizes mathematical and statistical models to simulate different scenarios.

• Allows users to experiment with different inputs and observe the impact on
outputs.
• Often used in areas like finance, marketing, and operations.
• Examples: Optimization models, simulation models, forecasting models.

Knowledge-Driven DSS:

• Incorporates expert knowledge and experience to support decision-making.

• Uses artificial intelligence techniques like expert systems and decision trees.

[9 Marks]

3. a) Outline possible information security risks that can compromise the effective use of
MIS in organisations.
Internal Threats
• Insider Threats: Employees, contractors, or partners with authorized access misuse
their privileges for personal gain or malicious intent.
• Human Error: Accidental mistakes or negligence can lead to data loss, system
failures, or security breaches.
External Threats
• Cyberattacks: Malicious activities targeting computer systems and networks,
including:
Natural Disasters: Fires, floods, earthquakes, and other natural events can damage
hardware, disrupt operations, and compromise data integrity.
Unauthorized Access: Gaining access to systems or data without proper authorization.
Data Loss or Corruption: Accidental or intentional deletion or modification of data.
[6 Marks]
 b) Suggest appropriate controls that can help manage the risks stated in 3(a) above
Internal Threats
• Access Controls: Implement strong password policies, role-based access controls,
and regular access reviews.
• Employee Awareness Training: Educate employees about security best practices,
social engineering tactics, and the importance of data protection.
• Monitoring and Auditing: Monitor system and user activities for anomalies and
conduct regular audits to identify vulnerabilities.
External Threats
• Network Security: Employ firewalls, intrusion detection and prevention systems,
and secure network configurations.
• Data Encryption: Encrypt sensitive data both at rest and in transit to protect against
unauthorized access.
• Backup and Disaster Recovery: Regularly back up critical data and have a disaster
recovery plan in place.
• Patch Management: Keep software and operating systems up-to-date with the latest
patches to address vulnerabilities.
• Incident Response Plan: Develop and test an incident response plan to handle
security breaches effectively.

[9 Marks]