BUSINESS - refers to an economic activity
that involves the purchase/procurement,
manufacture/production, sale/exchange
and distribution of goods and services with
a motive to earn profits and satisfy
customers needs.
COMMERCE - refers to the exchange of
goods and services between two or more
entities. It typically involves buying and
selling
things of value. Commerce can take place
between businesses, between consumers,
or between businesses and consumers.
ELECTRONIC BUSINESS - refers to any
method of utilizing digital
information and communication
technologies to support or streamline
business processes from preparation to
implementation.
Computer Network is a system that
connects two or more computing
devices for transmitting and sharing
information or resources.
CATEGORY OF COMPUTER NETWORK
● Geographical Scale
● Organizational Scope
NETWORK STRUCTURE PER
GEOGRAPHICAL SCALE
NANOSCALE NETWORK (NANO) - to a
set of interconnected nanomachines
which are able to perform only very simple
tasks such as computing, data storing,
sensing and actuation.
BODY AREA NETWORK (BAN) - to a
wireless network of wearable computing
devices which may be embedded inside
the body as implants, or thru the use of
wearable technologies or mobile sensor
devices.
PERSONAL AREA NETWORK (PAN) - to
a computer network for interconnecting
electronic devices within an individual
person's workspace. It provides data
transmission among devices such as
computers, smartphones, tablets and
personal digital assistants.
LOCAL AREA NETWORK (LAN) - to a
group of computers and peripheral
devices that share a common
communications line or wireless link to a
server within a distinct, limited area.
CAMPUS AREA NETWORK (CAN) - to a
computer network made up of an
interconnection of local area networks
(LANs) within a limited geographical area.
METROPOLITAN AREA NETWORK
(MAN) - to a computer network that
connects computers within a metropolitan
area, which could be a single large city,
multiple cities and towns, or any given
large area with multiple buildings.
RADIO ACCESS NETWORK (RAN) - to a
network infrastructure that connects
individual devices to other parts of a
network through radio connections. It
resides between the user equipment, such
as a mobile phone, a computer or any
remotely controlled machine, and provides
the connection with its core network.
WIDE AREA NETWORK (WAN) - to
communication networks that span a wider
geographical area such as across cities,
states, or countries (global).
Intranet is a computer network for sharing
information, easier communication,
collaboration tools, operational systems,
and other computing services within an
organization, usually to the exclusion of
access by outsiders.
Internet is the interconnection of multiple
computer networks allowing any pair of
device in the connected network to
exchange messages and information.
Extranet is a controlled private network
that allows access to partners, vendors
and suppliers or an authorized set of
customers – normally to a subset of the
information accessible from an
organization's intranet.
Reach simply means the number of
people, at home or at work, exchanging
information.
Richness is defined by three aspects of
the information itself.
Bandwidth – the amount of information
that can be moved from sender to receiver
in a given time.
Customization – the degree to which the
information can be customized
Interactivity – the aspect of engaging to a
conversation between two or more parties
STRATEGIC RISKS - Inappropriate
approaches and execution resulting to
wrong decision making to invest
PRACTICAL RISKS - Poor customer
service, unsecured systems, data privacy
concerns, issues with online orders, etc.
ELECTRONIC COMMERCE - to the
buying and selling of goods or services
using the internet, and the transfer of
money and data to execute these
transactions.
ADVANTAGES OF E-COMMERCE
● Efficient transactions done anytime
anywhere.
● Quick electronic funds transfer.
● Convenient buying or selling from
home or place of business.
● Reduced cost and time of order
processing.
● Simpler, faster and cheaper supply
chain management.
● Quick reaching of target customers
for small- and medium-sized
enterprises (SMEs).
● User-friendly ordering systems.
DISADVANTAGES
● Lack of privacy of e-transactions.
● Unsecured use of the Internet
(e.g., presence of viruses, hackers,
and so on.
● Depersonalized shopping.
THREATS
● Servers containing important files
and customer information being
stolen.
● Imposters duplicating e-commerce
sites to steal customers’ money.
● Hackers attempting to steal
customer information or mess up
the site.
● Authorized users with hidden
motives attacking e-commerce
systems and/or selling information
to competitors.
FEATURES OF E-COMMERCE
● INFORMATION DENSITY
● INTERACTIVITY
● RICHNESS
● UBIQUITY
● GLOBAL REACH & SECURITY
● UNIVERSAL STANDARDS
BUSINESS MODELS OF E-COMMERCE
● Business-to-Business (B2B) -
business transactions between
different business organizations.
● Business-to-Consumer (B2C) -
business transactions between a
business organization and
consumers wherein the business
sells goods/services to a
consumer.
 ● Consumer-to-Consumer (C2C) -
business transactions between
different consumers
● Consumer-to-Business (C2B) -
business transactions between a
consumer and a business
organization wherein the business
pays for the goods/services offered
by a consumer.
● Business-to-Government (B2G) -
business transactions between a
business organization and the
government wherein the business
sells goods/services to the
government
● Government-to-Business (G2B) -
refers to the relationship between
businesses and government,
where government agencies of
various levels provide services or
information to a
business entity via government
portals or with the help of other IT
solutions.
● Government-to-Citizen (G2C) -
refers to the relationship between
the government and its citizens,
where government agencies of
various levels provide services or
information to its people via
government portals or with the help
of other IT solutions.
E-COMMERCE SECURITY SYSTEMS
● Auditability
● Authenticity
● Availability
● Confidentiality
● Encryption
● Integrity
● Non-repudiation
MOBILE COMMERCE - to the delivery of
e-commerce capabilities directly to mobile
service users by wireless technology.
BENEFITS OF M-COMMERCE
● Security
● Privacy
● Availability
● Ubiquity
● Reachability
● Convenience
M-COMMERCE FORCES
● Personalized Services
● iMode Access Platforms
● Wireless Application Protocol
(WAP)
● Fourth (4th) and Third (3rd)
Generation Technologies
E-BUSINESS
● to performing all type of business
activities through internet.
● Is a broad concept and is
considered as a superset of
E-Commerce.
● Business transactions are
carried out.
● Transactions are not limited.
● Includes activities like procurement
of raw materials/goods, customer
education, supply activities buying
and selling product, making
monetary transactions, etc. over
the internet.
● Requires the use of multiple
websites, CRMs, ERPs that
connect different business
processes.
● Is more appropriate in Business
to Business (B2B)
● Covers internal as well as
external business
process/activities.
● Involves the use of internet,
intranet or extranet.
E-COMMERCE
● to performing online commercial
activities and transactions over
the internet.
● Is a narrow concept and it is
considered as a subset of
E-Business.
 ● Commercial transactions are
carried out.
● Transactions are limited.
● Includes activities like buying and
selling product, making monetary
transactions etc. over the internet.
● Usually requires the use of only a
website.
● Is more appropriate in Business
to Customer (B2C)
● Covers outward/external
business process.
● Involves mandatory use of
internet.
M-COMMERCE
● to mobile commerce.
● Activities are performed with the
help of mobile devices like
smartphones, tablets, personal
digital assistant, etc.
● A subcategory of e-commerce
which does the same activities and
transactions via mobile devices.
● Location tracking capabilities is
so good as mobile apps track and
identify user locations with the help
of GPS technology, and Wi-Fi,
among others.
● Push notification can be
achieved.
FACTORS TO CONSIDER IN
IMPLEMENTING E-COMMERCE
● TAXES, LICENCES & PERMITS
● TRADEMARKS, PATENTS &
COPYRIGHTS
● SHIPPING RESTRICTIONS
● INVENTORY
● BUSINESS RESTRICTIONS
● PAYMENT CARD INDUSTRY
(PCI) COMPLIANCE
PHILIPPINE LAWS GOVERNING
E-COMMERCE
● R.A. 8792 – Electroni: Commerce
Act of 2000
● R.A. 10173 – Data Privacy Act of
2012
● Consumer Protection Regulation –
Transactions through E-Commerce
● Tax Guidelines for E-Commerce
Transactions
FUNCTIONAL AND ENTERPRISE
SYSTEMS
Management Information System (MIS) is
designed to pull together and keep track
of the data from all the systems and
sources you use, and to make it available
for you in one place. Properly collated and
organized data can be used to accurately
predict the most likely potential actions,
and allow you to identify the most
promising courses of action for the future
of your business
EXAMPLES OF FUNCTIONAL MIS
SUBSYSTEMS
● Management / Top Management
- Used mainly for strategic
planning or for resource allocation.
● Logistics - Used for planning,
control and distribution.
● Marketing - Used for planning,
sales forecast, or sales/customer
analysis.
● Human Resources - Used for
planning, sales forecast, or
sales/customer analysis
● Finance & Accounting - Used for
financial and cost analyses, among
others.
USERS OF MIS IN RELATION TO ITS
ACTIVITIES
● Top Management - to users that
would check and analyze reports
regularly, retrieve requests, and
assist in the identification of
problems and opportunities and
decision-making.
 ● Information Specialists - to users
that would analyze information and
assist in planning and reporting.
● Managers - to users that obtain
data related to operations and
assist in scheduling, planning, or
making decisions.
● Clerical Staff - to users that
handle direct transactions, process
the inputs, and answer various
inquiries.
MIS FOR DECISION-MAKING
● STRUCTURED /
PROGRAMMABLE If and only if
the rules of instantly recognizable
decisions rules have been
specified in advance. As the rules
or decisions have been
pre-specified, they can be handled
by any lower-level personnel with
limited knowledge.
● UNSTRUCTURED /
UNPROGRAMMABLE If there
was no pre-established decision
procedure or role.
Transaction Processing System (TPS)
refers to an information system that
captures and processes a company’s
business transactions necessary to
update data and support its basic
operations.
TRANSACTION PROCESSING SYSTEM
● INPUT
● PROCESS
● OUTPUT
● STORAGE
FEATURES OF A TPS
ATOMICITY
▪ Atomicity is a property that ensures that
a database follows the
all or nothing rule. In other words, the
database considers all transaction
operations as one whole unit or atom.
▪ Thus, when a database processes a
transaction, it is either fully
completed or not executed at all. If a
single portion of the transaction fails, the
whole transaction will fail.
CONSISTENCY
▪ Ensures that only valid data following all
rules and constraints is
written in the database.
▪ When a transaction results in invalid
data, the database reverts
to its previous state, which abides by all
customary rules and constraints.
▪ All inconsistent data is discarded, and all
transactions that might cause an
inconsistency are aborted and an error is
created or transcribed into an error log.
ISOLATION
▪ Guarantees the individuality of each
transaction, and prevents them from being
affected from other transactions.
▪ Ensures that concurrent execution of
transactions leaves the database in the
same state that would have been obtained
if the
transactions were executed sequentially.
DURABILITY
▪ Enforces completed transactions,
guaranteeing that once each one of them
has been committed, it will remain in the
system even in case of subsequent
failures.
▪ If a transaction is successful, all changes
generated by it are stored permanently.
TYPES OF TPS
● BATCH PROCESSING ▪ Interprets
sets, or batches, of data by
grouping items based on
similarities.▪ Batch processing can
create a time delay because it
reviews several sets of data
simultaneously, requiring more
computing power.
▪ Examples include electric bills and credit
card transactions.
● ONLINE/REAL-TIME
PROCESSING ▪ Is a method to
process transactions as they
appear.▪ This helps prevent delays
in processing and can provide a
more accurate result.
▪ Examples include reservations systems
and point of sales terminals.
● HYBRID PROCESSING▪
Combination of batch and
online/real-time processing.▪ It
collects data upon entry but
processes them in a specific period
of time, or in intervals.
Customer Relationship Management
(CRM) is a combination of business
strategies, software and processes that
enable companies to manage interactions
and build long-lasting relationships with
their customers.
COMPONENTS OF CRM SYSTEM
● Marketing Automation
● Salesforce Automation
● Contact Center Automation
● Geolocation Technology
● Workflow Automation
● Lead Management
● Human Resource Management
● Analytics
● Artificial Intelligence
Decision Support System (DSS) is a
computerized system that gathers and
analyzes data, synthesizing it to produce
comprehensive information reports.
DIFFERENT TYPES OF DSS
● DATA-DRIVEN DSS Makes
decisions based on data from
internal or external databases.
Uses data mining techniques to
discern trends and patterns for
predicting future events. Often
used to help make decisions about
inventory, sales and other business
processes
● DOCUMENT-DRIVEN DSS Type
of information management system
that uses documents to retrieve
data. Enables users to search
webpages or databases, or find
specific search terms, such as
those related to policies and
procedures, meeting minutes and
corporate records.
● COMMUNICATION DRIVEN DSS
Uses a variety of communication
tools to allow more than one
person to work on the same task.
Increases collaboration between
users and the system; improves
overall efficiency and effectiveness
of a system.
● KNOWLEDGE DRIVEN DSS Data
resides in a continuously updated
knowledge base that’s maintained
by a knowledge management
system. Provides data to users
that’s consistent with a company’s
business processes and
knowledge base.
● MODEL-DRIVEN DSS Customized
according to a predefined set of
user requirements. Used to
analyze different scenarios to meet
user requirements – for example,
assisting with scheduling or
developing financial statements.
OBJECTIVES FOR USING A DSS
● Make decision-making processes
easier and more effective.
● Assist a decision-maker, but not
replace him/her.
● Improve decision made for a
company.
COMPONENTS OF A DSS
● INPUTS
● OUTPUT
● DECISION SUPPORT SYSTEM
 ● USER KNOWLEDGE &
EXPERTISE DECISIONS
Strategic Information System (SIS) is a
system that assists an organization in the
identification, acquisition, maintenance,
use and disposition of its resources.
TYPES OF SIS
● FINANCIAL SYSTEMS
● OPERATIONAL SYSTEMS
● STRATEGIC SYSTEMS
Vendor Management System (VMS) acts
as a mechanism for business to manage
and procure staffing services temporary,
and, in some cases, permanent placement
services – as well as outside contract or
contingent labor.
Accounting information system (AIS) is a
structure that a business uses to collect,
store, manage, process, retrieve, and
report its financial data to be used by
various internal and external stakeholders.
Human Resources Management System
(HRMS) is a suite of software applications
used to manage human resources and
related processes throughout the
employee lifecycle
Enterprise Resource Planning (ERP) is
software designed to manage and
integrate the functions of core business
processes like finance, HR, supply chain
and inventory management in a single
system.
CHARACTERISTICS OF AN ERP
● An integrated system
● Operates in (or near) real time
● A common database that supports
all the applications
● A consistent look and feel across
modules
● Installation of the system with
elaborate application/data
integration
● Deployment options include:
on-premises or cloud hosted
BENEFITS OF ERP IN A BUSINESS
ORGANIZATION
● ERP creates a more agile
company that adapts better to
change.
● ERP can improve data security in a
closed environment.
● ERP provides increased
opportunities for collaboration.
● ERP offers many benefits such as
standardization of common
processes, one integrated system,
standardized reporting, improved
key performance indicators (KPI),
and access to common data.
DISADVANTESG OF USING AN ERP
SYSTEM
● Customization can be problematic.
● Re-engineering business
processes to fit the ERP system
may damage competitiveness or
divert focus from other critical
activities.
● ERP can cost more than less
integrated or less comprehensive
solutions.
● Overcoming resistance to sharing
sensitive information between
departments can divert
management attention.
● Integration of truly independent
businesses can create
unnecessary dependencies.
● Extensive training requirements
take resources from daily
operations.
● Harmonization of ERP systems
can be a mammoth task
(especially for big companies) and
requires a lot of time, planning, and
money.

VENDORS OF ERP
● TIER 1 Refers to an extensive,
highly customizable system
typically implemented by
multilocation, international
companies. ▪ They have massive
capabilities to handle big data at
lightning speed custom
programming resources to put very
diverse company locations on one
system.
● TIER 2 Refers to a mid-size ERP
system that has some features of
Tier 1, but at a lower cost and with
some of the hand-holding benefits
of Tier 3 ▪ There are also Tier 2
ERP systems owned by Tier 1
companies.
● TIER 3 Provides the most “niche”
solutions and usually the most
personal support.▪ These smaller
companies offer “modern ERP”,
which is often developed around
the needs of a specific type of
manufacturer.
IT GOVERNANCE, ETHICAL, AND
SECURITY ISSUES IN INFORMATION
TECHNOLOGY
GOVERNANCE - to the act or process of
governing or overseeing the control and
direction of something (such as a country
or an organization). Encompasses the
system by which an organization is
controlled and operates, and the
mechanisms by which it, and its people,
are held to account.
TYPES OF GOVERNANCE
● CORPORATE GOVERNANCE
Refers to the combination of rules,
processes and laws by which
businesses are operated,
regulated and controlled.
● DATA GOVERNANCE Refers to
the process of managing the
availability, usability, integrity and
security of the data in enterprise
systems, based on internal data
standards and policies that also
control data usage.
● IT GOVERNANCE Defined as the
processes that ensure the effective
and efficient use of IT in enabling
an organization to achieve its
goals. Provides a structure for
aligning IT strategy with business
strategy.
● INFORMATION GOVERNANCE Is
a comprehensive strategy and
strategic framework that
organizations use to manage
information. This not only includes
digital information but also physical
assets such as servers and
computers.
DATA GOVERNANCE FRAMEWORK &
IMPLEMENTATION
● PEOPLE
Before implementing a data
governance framework, owners or
custodians of different data assets,
or designated surrogates, involved
in the governance program should
be identified.
● PROCESS
Once the structure is in place, data
governance policies, data
standards, rules, controls and audit
procedures must be developed
and documented to establish
clarity on how governance is to be
carried out.
● TECHNOLOGY
Data governance software can be
used to automate aspects of
managing a governance program.
While data governance tools aren't
a mandatory framework
component, they support program
and workflow management,
collaboration, development of
 governance policies, process
documentation, and other functions
IT GOVERNANCE FRAMEWORK to a
type of framework that defines the ways
and methods through which an
organization can implement, manage and
monitor IT governance within an
organization.
▪ An ITG framework typically provides
reference models
for:
✓ IT processes;
✓ process inputs and outputs;
✓ key process objectives; and,
✓ performance measurement techniques
COMMONLY USED IT GOVERNANCE
FRAMEWORKS
● Australian Standard (AS)
8015:2005
● ISO/IEC 38500:2015
● COBIT
● IGPMM
● ITIL
● CMM
COBIT - Published by ISACA, Control
Objectives for Information and Related
Technologies (COBIT) is a
comprehensive framework of “globally
accepted practices, analytical tools and
models” designed for governance and
management of enterprise IT. The main
COBIT framework has been created to link
business goals with IT operations. It is
done by providing certain information
metrics as well as maturity models that
help integrate the responsibilities of the IT
and business aspects in an organization
and check the progress.
Information Technology Infrastructure
Library (ITIL) is a set of practices for IT
service management (ITSM) that focuses
on aligning IT services with the needs of
business. The goal of ITIL is for
organizations to create predictable IT
environments and to deliver the best
customer service possible to customers
and clients by streamlining processes and
identifying opportunities to improve
efficiency.
VULNERABILITY - Refers to a weakness
of an asset or control that can be exploited
by one or more threats.
● Unguarded warehouse without any
forms of surveillance
● Use of unauthorized or pirated
software
● Complicated user interface
● Default passwords not changed
● Absence of backup procedures
THREAT - Refers to a potential cause of
an unwanted incident which may result in
harm to a system or an organization.
● Theft
● Lawsuit, virus/malware
● Failure of communication links
● Clerical error during data input
● Flooding
RISK - to the potential that a given threat
will exploit vulnerabilities of an asset or
group of assets and thereby cause harm
to the organization.
Malware, short for “malicious software,”
refers to any intrusive software developed
by cybercriminals (often called “hackers”)
to steal data and damage or destroy
computers and computer systems.
COMMON EXAMPLES OF THREATS TO
IT & IS
● VIRUSES
▪ Refer to malwares attached to a
document or file that supports macros to
execute its code and spread from host to
host.
▪ Once downloaded, the virus will lay
dormant until the file is opened and in use.
▪ Viruses are designed to disrupt a
system’s ability to operate. As a result,
viruses can cause significant operational
issues and data loss.
● WORMS
Refer to malwares that rapidly replicates
and spreads to any device within the
network.
▪ Unlike viruses, worms do not need host
programs to disseminate.
▪ A worm infects a device via a
downloaded file or a network connection
before it multiplies and disperses at an
exponential rate.
▪ Like viruses, worms can severely disrupt
the operations of a device and cause data
loss.
● TROJANS
Refers to a harmful piece of software that
looks legitimate. Users are typically tricked
into loading and executing it on their
systems. After it is activated, it can
achieve any number of attacks on the
host,
▪ Unlike viruses and worms, Trojans do
not reproduce by infecting other files nor
do they self-replicate. Trojans must spread
through user interaction such as opening
an e-mail attachment or downloading and
running a file from the Internet.
● BOTS OR BOTNETS
▪ A bot is a malicious software application
designed to hijack and spread to various
computer devices and create a network of
bots (also called a botnet) that performs
automated tasks on command without end
user interaction.
▪ This type of self-propagating malware
can also connect back to central servers
created by the malware bot instigators.
● ADWARE
Refers to a malicious software used to
collect data on your computer usage and
provide appropriate advertisements to
you.
▪ Adware can redirect your browser to
unsafe sites, and it can even contain
Trojan horses and spyware.
▪ Additionally, significant levels of adware
can slow down your system noticeably.
● SPYWARE
Refers to a malware that runs secretly on
a computer and reports back to a remote
user. Rather than simply disrupting a
device’s
operations, spyware targets sensitive
information and can grant remote access
to predators.
▪ Often used to steal financial or personal
information. A specific type of spyware is a
keylogger, which records your keystrokes
to reveal passwords and personal
information.
● RANSOMWARE
Refers to a malware that gains access to
sensitive information within a system,
encrypts that information so that the user
cannot access it, and then demands a
financial payout for the data to be
released
● ROOTKIT
Refers to a type of clandestine software
that enables hackers to remotely access
and possibly control a computer
undetected.
▪ Rootkits can also conceal other malware,
like keyloggers or spyware. This type of
malware can affect a computer’s
performance and steal personal or
commercial data.
▪ Rootkits can be spread through phishing
emails, malicious attachments, or
compromised shared drives.
THEFT OF INTELLECTUAL PROPERTY -
to the unauthorized use of intellectual
property that is considered as a violation
against intellectual property rights, which
involves copyright and patents, among ● Ensure that the anti-virus software
others. is up-to-date.
● Employ a firewall to protect
IDENTITY THEFT - Refers to the action of networks.
impersonating someone in order to ● Filter all e-mail traffic.
acquire his/her information. This issue is ● Back-up critical data regularly.
popular across ● Educate users about suspicious
social media where a hacker can act like e-mails.
someone else and access the latter’s ● Scan downloads from the Internet.
account with the use of log-in credentials. ● Implement an information security
policy.
INFORMATION EXTORTION - to the ● Implement and monitor user and
stealing of a business systems logs.
organization’s information for a certain ● Create and report an incident
amount of money. An example of response plan.
information extortion is through the use of ● Restrict end-user access to
ransomware where a hacker could lock systems.
information and demand money for its
unlocking. COMMON ISSUES IN INFORMATION
TECHNOLOGY
THEFT OF EQUIPMENT & ● PRIVACY
INFORMATION - to the stealing of ● HACKING
information and physical assets within an ● VIRUS
organization. ● DATA ACCESS RIGHTS
● PLAGIARISM
SABOTAGE - Sabotaging a company with ● ERGONOMY
the use of technology could be through ● HEALTH ISSUES
destroying their website which would lead
to customer dissatisfaction.

MOST COMMON INTERNET THREATS

● COMPUTER VIRUS
● ROGUE SECURITY SOFTWARE
● TROJAN HORSE
● ADWARE & SPYWARE
● COMPUTER WORM
● DOS & DDOS ATTACKS
● PHISHING
● ROOTKIT
● MAN-IN-THE-MIDDLE ATTACK
● SPAM
● KEYLOGGERS
● PHARMING
● SQL INJECTION ATTACK

SOLUTIONS TO OVERCOME SECURITY

THREATS
● Install an anti-virus software.