MGT 533: INFORMATION SYSTEMS AND CYBER SECURITY

UNIT I

Management Information System (MIS) Concept and Role - Information Needs and Structure of MIS - Components
and Structure- Organizational and Functional - information requirements by level of management activity –
transaction processing systems – information support systems - role of MIS - impact of MIS - MIS as a support to
the management - MIS and organizational effectiveness - System concept - MIS for a digital firm – Cyber security-
A comprehensive overview of existing security vulnerabilities. Critical analysis of the state of-the-art mitigation
techniques and their pros and cons.- New cyber-attack patterns in emerging technologies.

UNIT II

Planning & Decision Making - Concepts in planning and control, Decision making and information systems -
systems for decision support - Executive Support Systems (ESS) - Group Decision Support Systems (GDSS) - the
process of developing DSS - individual and organizational model - - knowledge management- enterprise-wide
knowledge management systems - knowledge work systems - intelligent techniques - Knowledge Based Expert
Systems (KBES) - Enterprise Resource Planning – Cloud based Decision support Decision Making -Executive
Information Systems -

UNIT III

Information System for Control - System Analysis - System Design and Development - DataBase and Data Base
Management Systems Databases and Information Management - - database models - capabilities of DBMS -
RDBMS - using databases to improve business performance and decision making – client-server architecture. –
Computer Based Management Information System • Computer Networking and Communication Technology - Big
Data Analytics and Cloud Computing - Information Systems for Managerial Decisions – The Future Cyber Security
and its problems-Intervention Strategies: - Introduction to the Legal Perspectives of Cybercrimes and Cyber security,
Cybercrime and the Legal Landscape, The Indian IT Act, - Cybercrime and Punishment, Cyber law.

UNIT IV

Systems development models - prototype approach – classical SDLC approach - structured system design - system
development process - tools and techniques of system design - data flow diagram - data structure - system
implementation success and failure - quality control of information system - introduction to emerging technologies

UNIT V

Securing Information Systems - System vulnerability and abuse - wireless security challenges - malicious software -
hackers and cyber vandalism - computer crime and cyber terrorism - business values of security and control -
firewalls – intrusion - detection systems - antivirus software - securing wireless networks - encryption and public
key infrastructure – ensuring system availability - security issues for cloud computing and the mobile digital
platform

1
UNIT 1: MANAGEMENT INFORMATION SYSTEM

It is a computer-based system that provides managers with

the tools to run their department effectively. MIS is used
by mid-level management to support ongoing operations.
Information is collected within the organization on an
ongoing basis and an MIS processes this information, so
managers get the summarized reports. Information is
typically in the form of reports on a daily or weekly basis.
MIS relies mostly on internal sources of information. One
of the important roles of an MIS is to provide theS right
information to the right person in the right format at the
right time.

Information System

An information system (IS) can be

defined technically as a set of
interrelated components that collect (or
retrieve), process, store, and distribute
information to support decision
making, coordinating, and control in
an organization. In addition,
information systems may also help
managers and workers analyze
problems, visualize complex subjects,
and create new products
A set of interrelated components that
collect (or retrieve), process, store, and distribute information to support decision making and
control in an organization .
Information systems contain information about significant people, places, and things within
the organization or in the environment surrounding it

Need of Information System

● Increasing impact of information processing for organizational decision making.
● Dependency of services sector including banking, financial organization, health care,
entertainment, tourism and travel, education and numerous others on information.
● Changing employment scene world over, shifting base from manual agricultural to
machine-based manufacturing and other industry related jobs.

2
 ● Information revolution and the overall development scenario.
● Growth of IT industry and its strategic importance.
● Strong growth of information services fuelled by increasing competition and reduced
product life cycle.
● Need for sustainable development and quality life.
● Improvement in communication and transportation brought in by use of information
processing.
● Use of information processing in reduction of energy consumption, reduction in
pollution and a better ecological balance in future.
● Use of information processing in land record management, legal delivery system,
educational institutions, natural resource planning, customer relation management and
so on.
Types of Information System
There are six specific types of IS that correspond to each organizational levels as follows:
1. Executive Support Systems (ESS)
2. Decision Support Systems (DSS)
3. Management Information Systems (MIS)
4. Knowledge Management Systems (KMS)
5. Office Automation Systems
6. Transaction Processing Systems (TPS)

1. Transaction Processing Systems (TPS)

It is the computer based system that used by operational level of the organization
Computerized systems that performs and records the daily routine transactions necessary to
conduct business Including sales order entry, hotel reservation systems, payroll, employee
record keeping, and shipping At the operational level, tasks, resources, and goals are
predefined and highly structured.
Transaction processing systems (TPS) provide this kind of information. A transaction
processing system is a computerized system that performs and records the daily routine
transactions necessary to conduct business, such as sales order entry, hotel reservations,
payroll, employee record keeping, and shipping.

3
 2. Office Automation
Office automation (OA) refers to the collective hardware, software and processes that enable
automation of the information processing and communication tasks in an organization. It
involves using computers and software to digitize, store, process and communicate most
routine tasks and processes in a standard office.
It refers to the integration of office functions usually related to managing information. There
are many tools used to automate office functions and the spread of electronic processors
inside computers as well as inside copiers and printers is at the center of most recent
advances in office automation. Raw data storage, electronic data transfer, and the
management of electronic business information comprise the basic activities of an office
automation system.

3. Knowledge Management System (KMS)

Knowledge management systems (KMS) collect all relevant knowledge and experience in
the firm and make it available wherever and whenever it is needed to improve business
processes and management decisions. They also link the firm to external sources of
knowledge

4. Management Information System (MIS)

4
The term management information systems (MIS) also designates a specific category of
information systems serving middle management. MIS provides middle managers with
reports about the organization’s current performance. Managers use this information to
monitor and control the business and predict future performance.
MIS summarizes and reports on the company’s basic operations using data supplied by
transaction processing systems. MIS typically provide answers to routine questions that have
been specified in advance and have a predefined procedure for answering them.

5. Decision Support System

A decision support system (DSS) is a computerized program used to support determinations,
judgments, and courses of action in an organization or a business. A DSS sifts through and
analyzes massive amounts of data, compiling comprehensive information that can be used to
solve problems and in decision-making.
● To also serve the management level of the organization by helping managers make
decisions that are unique, rapidly changing, and not easily specified in advance
● Using internal information from TPS and MIS and also external information such as
current stock prices or product prices of competitors
● Having more analytical power than other systems and addressing problems where the
procedure for arriving at a solution may not be fully predefined in advance
● Being designed so that users can work with them directly with user-friendly software
and so interactive that the user can change assumptions, ask new questions, and
include new data
● Including a system for contract cost analysis, Production analysis ,demand Analysis ,
HR allocation etc

5
Process of Decision Support System

Group Decision Support System (GDSS)

A group decision support system (GDSS) is an interactive computer-based system that

facilitates a number of decision-makers (working together in a group) in finding solutions to
problems that are unstructured in nature. They are designed in such a way that they take input
from multiple users interacting simultaneously with the systems to arrive at a decision as a
group

6
6. Executive Support System
● To serve senior managers who are making decisions at the strategic level of the
organization
● To address non routine decisions requiring judgment, evaluation, and insight
● Creating a generalized computing and communications environment (including
historical and competitive data) rather than providing any fixed application or specific
capability
● Being designed to incorporate data about external events such as new tax laws or
competitors and draw summarized information from internal MIS and DSS
● Employing the most advanced and easy-to-use graphics software (interactive graphic
interfaces) and can deliver graphs and data from many sources immediately to a
senior executive’s office or to a boardroom
● Including systems that conduct a 5-year operating plan or answer questions of: what
business we should be in; and what the competitors are doing

7
Structure and Components of MIS

Hardware

Hardware refers to the physical data processing equipment and peripheral devices, For
example, CPU, monitor, Keyboard, printer, dives, tapes, communication devices, etc.

Software

Software is a board term given to the instructions or programs that direct the operating of the
hardware. Software cloud be of two types, i.e. system software and application software.

Database

The database consists of all data utilized by application software. Data is stored in files.

Procedure

A central server in your facilities handles processing. It runs the core program that calls up
data from the database and performs the necessary calculations. When you want a report on
sales and profit totals each year over the last five years, the raw data are in the database but
the totals may not be. The server takes your request, finds the individual sales and profit
figures, adds them and displays the result. If you now decide a percentage change for each
year would be more useful, the server calculates that.

Formal operating procedures, which are required to operate a system, such as manuals, are
also regarded as physical elements.

8
Operating Personnel

Personnel like computer operators, computer programmers, system analysts, system

managers, etc., are the opertong people of the information system.

Input and Output various physical inputs and outputs from the information system, existing i
forms like printout, reports etc.

Input and Output

Input

Employees working with the fundamental information for your business such as orders
received, sales, invoices and payments input the data into desktop computers. The computers
each link to routers and central servers via the special cables of an ethernet network. When
evaluating a management information system, make sure the input data include the
information you need and that they are transmitted securely to the servers.

Output

The server processing your request completes the calculations and outputs the res4ults
through the ethernet network to your computer. As a first step, it usually displays the results
on your screen. Often you can configure the output report to display the data in tables or
graphs and request a format that lets you distribute a paper report or email a digital file. The
server processes your request and provides you with the corresponding output file for
printing out or emailing.

Medium and message

A medium is a third-party or element through which a message is communicated. This seems

to apply to information technology as well as to seances. In information technology, a
medium can be:

● A physical transmission medium such as optical fiber

● A presentation medium (and thus the terms multimedia and advertising media)

Organizational and Functional system of MIS

IS can be classified by the specific organizational function they serve as well as by

organizational level as follows:

1. Sales and marketing systems

9
 2. Manufacturing and production systems
3. Finance and accounting systems
4. Human resources systems

Sales and Marketing System

- Strategic level
● To monitor trends affecting new products and sales opportunities, and the
performance of competitors
● To support planning for new products and services

- Management level
● To support market research, advertising and promotional campaigns, and
pricing decisions
● To analyze sales performance and the performance of the sales staff

- Knowledge level
● To support marketing analysis workstations

- Operational level
● To assist in locating and contacting prospective customers, tracking sales,
processing orders, and providing customer service support

Manufacturing and Production System

- Strategic level
To deal with the firm’s long-term manufacturing goals, such as where to locate
new plants or whether to invest in new manufacturing technology

- Management level
To analyze and monitor manufacturing and production costs and resources

- Knowledge level
To create and distribute design knowledge or expertise to drive the production
process

- Operational level
To deal with the status of production tasks
Finance and Accounts System

- Strategic level
● To establish long-term investment goals for the firm
● To provide long-range forecasts of the firm’s financial performance

10
 - Management level
To help managers oversee and control the firm’s financial resources

- Knowledge level
To support finance and accounting by providing analytical tools and workstations
for designing the right mix of investments to maximize returns for the firm

- Operational level
To track the flow of funds in the firm through transactions such as paychecks,
payments to vendors, securities reports, and receipts

Human Resource Systems

- Strategic level
To identify the manpower requirements (skills, educational level, types of
positions, number of positions, and cost) for meeting the firm’s long-term business
plans

- Management level
To help managers monitor and analyze the recruitment, allocation, and
compensation of employees

- Knowledge level
To support analysis activities related to job design, training, and the modeling of
employee career paths and reporting relationships

- Operational level
To track the recruitment and placement of the firm’s employees

Information requirements by level of management activity

Information, as required at different levels of manage­ment, can be classified as operational,

tactical and strategic.

1. Operational information:

Operational information relates to the day-to-day operations of the organization and thus, is
useful in ex­ercising control over the operations that are repetitive in nature. Since such
activities are controlled at lower levels of management, operational information is needed by
the lower management.

11
For example, the information regarding the cash position on a day-to-day basis is monitored
and controlled at the lower levels of manage­ment. Similarly, in marketing function, daily and
weekly sales in­formation is used by lower level managers to monitor the perform­ance of the
sales force.

2. Tactical information:

Tactical information helps middle level man­agers allocate resources and establish controls to
implement the top level plans of the organization. For example, information regarding the
alternative sources of funds and their uses in the short run, opportunities for deployment of
surplus funds in short- term securities, etc. may be required at the middle levels of
man­agement.

The tactical information is generally predictive, focusing on short-term trends. It may be

partly current and partly histori­cal, and may come from internal as well as external sources.

3. Strategic information:

While the operational information is needed to find out how the given activity can be
performed better, strategic information is needed for making choices among the busi­ness
options.

The strategic information helps in identifying and evaluating these options so that a manager
makes informed choices which are different from the competitors and the limita­tions of what
the rivals are doing or planning to do. Such choices are made by leaders only.

Role of MIS

A management information system (MIS) plays an important role in business organizations.

What is MIS role: There are many roles of MIS and some of the important MIS role are
discussed below:

Decision making
Coordination among the department
Finding out Problems
Comparison of Business Performance
Strategies for an Organization

Decision making: Management Information System (MIS) plays a significant role in the
decision-making process of any organization. In any organization, a decision is made on the
basis of relevant information which can be retrieved from the MIS.

12
Coordination among the department: Management Information System satisfies multiple
needs of an organization across the different functional departments.

Finding out Problems: As we know that MIS provides relevant information about every
aspect of activities. Hence, if any mistake is made by the management then MIS, information
will help in finding out the solution to that problem.

Comparison of Business Performance: MIS stores all past data and information in its
Database. That is why the management information system is very useful to compare
business organization performance.

Strategies for an Organization: Today each business is running in a competitive market.

An MIS supports the organization to evolve appropriate strategies for the business to assent
in a competitive environment.

Impact of MIS

MIS plays a very important role in the organization; it creates an impact on the organization’s
functions, performance and productivity.

The impact of MIS on the functions is in its management with a good MIS supports the
management of marketing, finance, production and personnel becomes more efficient.

The functional managers are informed about the progress, achievements and shortfalls in the
activity and the targets. The manager is kept alert by providing certain information indicating
and probable trends in the various aspects of business. This helps in forecasting and
long-term perspective planning. The manager’s attention is brought to a situation which is
expected in nature, inducing him to take an action or a decision in the matter.

The MIS creates another impact in the organization which relates to the understanding of the
business itself. The MIS begins with the definition of data, entity and its attributes. It uses a
dictionary of data, entity and attributes, respectively, designed for information generation in
the organization. Since all the information systems use the dictionary, there is common
understanding of terms and terminology in the organization bringing clarity in the
communication and a similar understanding of an event in the organization.

The goals and objectives of the MIS are the products of business goals and objectives. It
helps indirectly to pull the entire organization in one direction towards the corporate goals
and objectives by providing the relevant information to the organization.

A well designed system with a focus on the manager makes an impact on the managerial
efficiency. The fund of information motivates an enlightened manager to use a variety of

13
tools of management. It helps him to resort to such exercises as experimentation and
modeling. The use of computers enables him to use the tools and techniques which are
impossible to use manually. The ready-made packages make this task simple. The impact is
on the managerial ability to perform. It improves decision-making ability considerably high

Since, the MIS work on the basic system such as transaction processing and database, the
drudgery of the clerical work is transferred to the computerized system, relieving the human
mind for better work. It will be observed that a lot of manpower is engaged in this activity in
the organization. Seventy (70) percent of the time is spent in recording, searching, processing
and communicating. This MIS has a direct impact on this overhead. It creates information
–based working culture in the organization..

MIS as a support to the management

The management process is executed through a variety of decisions taken at each step of
planning, organizing, staffing, directing coordinating and control. If the management is able
to spell out the decisions required to be taken, the MIS can be designed suitably. The
decisions required to be taken in these steps are tabulated in Table below.

The objective of the MIS is to provide information for a decision support in the process of
management. It should help in such a way that the business goals are achieved in the most
efficient manner. Since the decision making is not restricted to a particular level, the MIS is
expected to support all the levels of the management in conducting the business operations.
Unless the MIS becomes a management aid, it is not useful to the organization.

14
System concept

A system is an organized collection of highly integrated parts or subparts to complete a

specific purpose target. The system has several inputs which go under certain procedures to
generate particular outputs, all of which fulfill the specified objective of the system.

Three basic concepts of the system:

● The system was created or designed in such a way that to complete specific
predetermined objectives.
● Parts and subparts of the system must have interdependence and interrelationships
among them.
● The goals of the organization always have high priority rather than the goals of the
subsystem.

Characteristics for a System

1. ORGANIZATION:
● This implies structure and order.
● It can also be defined as the arrangement of components that help to achieve
objectives.
● For example, Hierarchical system in a company.
2. INTERACTION:

15
 ● This shows the manner in which each component functions with other components of
the system.
● It specifies there should be an interrelationship between every component of a system.
● For example, the main memory holds the data that has to be operated by the ALU.
3. INTERDEPENDENCE
● This means the components of a computer system depend on one another.
● Each component should depend on other components of the system.
● One component depends on the input of another component for proper functioning.
● The output of one subsystem is the required input for another subsystem.
● For example, A decision to computerize an application is initiated by the user,
analyzed and designed by the analyst, programmed and tested by the computer
operator. None of the persons can perform properly without the required input from
others in the computer center subsystem.
4. INTEGRATION
● It is concerned with how a system is tied together.
● It is more than sharing physical components or locations.
● It means that components of the system work together within the system even though
each component performs a unique function.
5. CENTRAL OBJECTIVE
● Systems always have a central goal.
● These goals may be real or stated.
● The important point is that users must know the central objective of a computer
application early in the analysis for a successful design and conversion.

MIS for a digital firm

The Digital Firm is a kind of organization that has enabled core business relationships
through digital networks In these digital networks are supported by enterprise class
technology platforms that have been leveraged within an organization to support critical
business functions and services.

Some examples of these technology platforms are Customer Relationship Management

(CRM), Supply Chain Management (SCM), Enterprise Resource Planning (ERP),
Knowledge Management System (KMS), Enterprise Content Management (ECM), and
Warehouse Management System (WMS) among others. The purpose of these technology
platforms is to digitally enable seamless integration and information exchange within the
organization to employees and outside the organization to customers, suppliers, and other
business partners.

Advantages

16
Through digital networks and information systems, the digital firm is able to operate core
business services and functions continuously and more efficiently. This digital enablement of
business processes creates highly dynamic information systems allowing for more efficient
and productive management of an organization.

Additionally, digital enablement of core business functions and services provides an

organization with opportunities to:

● Operate business continuously ("Time Shifting")

● Operate business in a global workplace ("Space Shifting")
● Adapt business strategies to meet market demands
● Create business value from technology investments
● Drive efficiency improvements in inventory and supply chain
● Enhance the management of customer relationships
● Improve organizational productivity

Cyber security

Cyber security is the application of technologies, processes and controls to protect systems,
networks, programs, devices and data from cyber attacks.

It aims to reduce the risk of cyber attacks and protect against the unauthorized exploitation of
systems, networks and technologies.

Cyber security is the practice of defending computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks. It's also known as information
technology security or electronic information security. The term applies in a variety of

17
contexts, from business to mobile computing, and can be divided into a few common
categories.

● Network security is the practice of securing a computer network from intruders,

whether targeted attackers or opportunistic malware.
● Application security focuses on keeping software and devices free of threats. A
compromised application could provide access to the data it's designed to protect.
Successful security begins in the design stage, well before a program or device is
deployed.
● Information security protects the integrity and privacy of data, both in storage and in
transit.
● Operational security includes the processes and decisions for handling and
protecting data assets. The permissions users have when accessing a network and the
procedures that determine how and where data may be stored or shared all fall under
this umbrella.
● Disaster recovery and business continuity define how an organization responds to a
cyber-security incident or any other event that causes the loss of operations or data.
Disaster recovery policies dictate how the organization restores its operations and
information to return to the same operating capacity as before the event. Business
continuity is the plan the organization falls back on while trying to operate without
certain resources.
● End-user education addresses the most unpredictable cyber-security factor: people.
Anyone can accidentally introduce a virus to an otherwise secure system by failing to
follow good security practices. Teaching users to delete suspicious email attachments,
not plug in unidentified USB drives, and various other important lessons is vital for
the security of any organization.

Types of Cyber threats

The threats countered by cyber-security are three-fold:

1. Cybercrime includes single actors or groups targeting systems for financial gain or to
cause disruption.
2. Cyber-attack often involves politically motivated information gathering.
3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear

A comprehensive overview of existing security vulnerabilities.

Mistakes happen, even in the process of building and coding technology. What’s left behind
from these mistakes is commonly referred to as a bug. While bugs aren’t inherently harmful

18
(except to the potential performance of the technology), many can be taken advantage of by
nefarious actors—these are known as vulnerabilities. Vulnerabilities can be leveraged to
force software to act in ways it’s not intended to, such as gleaning information about the
current security defenses in place.

Generally speaking, a vulnerability scanner will scan and compare your environment against
a vulnerability database, or a list of known vulnerabilities; the more information the scanner
has, the more accurate its performance. Once a team has a report of the vulnerabilities,
developers can use penetration testing as a means to see where the weaknesses are, so the
problem can be fixed and future mistakes can be avoided. When employing frequent and
consistent scanning, you'll start to see common threads between the vulnerabilities for a
better understanding of the full system.

A Security Vulnerability is a weakness, flaw, or error found within a security system that has
the potential to be leveraged by a threat agent in order to compromise a secure network.

There are a number of Security Vulnerabilities, but some common examples are

● Broken Authentication: When authentication credentials are compromised, user

sessions and identities can be hijacked by malicious actors to pose as the original user.
● SQL Injection: As one of the most prevalent security vulnerabilities, SQL injections
attempt to gain access to database content via malicious code injection. A successful
SQL injection can allow attackers to steal sensitive data, spoof identities, and
participate in a collection of other harmful activities.
● Cross-Site Scripting: Much like an SQL Injection, a Cross-site scripting (XSS)
attack also injects malicious code into a website. However, a Cross-site scripting
attack targets website users, rather than the actual website itself, which puts sensitive
user information at risk of theft.
● Cross-Site Request Forgery: A Cross-Site Request Forgery (CSRF) attack aims to
trick an authenticated user into performing an action that they do not intend to do.
This, paired with social engineering, can deceive users into accidentally providing a
malicious actor with personal data.
● Security Misconfiguration: Any component of a security system that can be
leveraged by attackers due to a configuration error can be considered a “Security
Misconfiguration.”

New cyber-attack patterns in emerging technologies.

In the last few years, we’ve seen digital transformation take over the mindset of businesses
and there has been a huge push to ensure that organizations in all sectors are adopting

19
technology that is at the forefront of innovation. Every sector from marketing to
manufacturing now has some aspect of digitalization and we’re seeing everything from AI to
quantum computing being embraced to leverage greater efficiency, service and profitability.

So out of the myriad new technologies being introduced into the CNI space, which are
providing the biggest risk?

1. Internet of Things

IoT is now a fact of life. From our phones to our fridges, from fitness monitoring to coffee
machines, IoT is everywhere, and this goes for the CNI space too. More and more we’re
seeing an integration of IoT into everyday operations and processes – everything from the
monitoring of industrial equipment to medical equipment to defense communication systems.
IoT can certainly help organizations become more effective – but they also create new risks
and threats to critical infrastructure and services.

Many companies only think about the individual device and forget the fact that one device
connects to an entire ecosystem. An IoT freight cargo is also connected to the whole shipping
and the entire network of similar devices, databases and reports its data feeds into. One small
compromise can result in the larger system falling victim to the cyber-attack. Security is only
as strong as the weakest link.

2. Artificial Intelligence

AI is changing the way businesses operate. From the factory floor to back-end IT, automation
is increasing speed and productivity, constantly learning and developing based on the vast
quantities of data it processes. In theory then, AI is the perfect solution for cybersecurity
where security monitoring data is growing at an almost exponential rate and conventional
methods of processing it are starting to fail – something malicious actors recognize and are
developing new methods of attack to take advantage of.

3. 5G

The recent arrival of 5G, with significantly faster speeds, increased capacity and lower
latency, will change existing operating environments forever. However, these benefits come
at the expense of growth in the attack surface. The 5G-enabled devices and networks that
underpin CNI operation could be compromised by new and traditional attacks, causing major
chaos.

20
 UNIT 2: PLANNING AND DECISION MAKING

Concepts in planning and control,

The objective of an MIS is to provide information for decision making on planning,

initiating, organizing and controlling the operations of subsystems of the firm and to provide
a synergistic organization in the process. MIS is the automation of routine and structured
tasks to support decision making.

Planning:

Planning is the fundamental management function, which involves deciding beforehand,

what is to be done, when it is to be done, how it is to be done and who is going to do it. It is
an intellectual process which lays down an organization’s objectives and develops various
courses of action, by which the organization can achieve those objectives. It chalks out
exactly how to attain a specific goal.

The plan for development and its implementation is a basic necessity for MIS. In MIS the
information is recognized as a major resource like capital and time. If this resource has to be
managed well, it calls upon the management to plan for it and control it, so that the
information becomes a vital resource for the system.

Strategy for Plan Achievement : The designer has to take a number of strategic decisions
for the achievement of MIS goals and objectives. They are

a. Development Strategy : Ex. an online, batch , real time.

b. System Development Strategy : Designer selects an approach to system development
like operational versus functional, accounting versus analysis.
c. Resources for the Development : Designer has to select resources. Resources can be
in-house versus external, customized or use of packages.
d. Manpower Composition : The staff should have the staff of an analyst, and
programmer.

Controlling:

Control is a function of management which helps to check errors in order to take corrective
actions. This is done to minimize deviation from standards and ensure that the stated goals of
the organization are achieved in a desired manner.

In order that the information system perform effective control functions it must:

21
 1. It Measures and Determines Deviations From Desirable Performance: This
implies that in addition to the rules of measurement we must have the means for
generating appropriate signals on the basis of observed differences in performance.
2. Coordinate the Various Activities: The way it is used here, coordination implies
reconciliation of interdependencies so that destructive interferences be eliminated and
complementarities be accentuated Note that if we were dealing with perfectly
competitive markets, coordinate controls would be unnecessary. But under such
circumstances economies of specialization, research and development and innovation
would also be relatively absent, and the firms would not be earning a profit but
something close to a financial rent
3. Encourage Learning by Making Available Specialized Information: One of the
most important purposes of the control process is not to generate signals for reward
and punishment but to provide information at the operating level for learning and
specialization,
4. Motivate Those Who Determine the Allocation of Resources to Do So Efficiently:
Every aspect of the information and control system of an organization as viewed here
has motivational purposes. If the recipients of information cannot be influenced
through information, it is useless to provide it. There seems to be a lot of confusion
approaching schizophrenia on this issue within many organizations
5. Aid Management in Replanning at Whatever Level in the Hierarchy
is Necessary: The above control functions complete the feedback loop
and the planning process starts all over again

Decision making and information systems

Decision-making is a cognitive process that results in the selection of a course of

action among several alternative scenarios.

Decision-making is a daily activity for any human being. There is no exception

about that. When it comes to business organizations, decision-making is a habit
and a process as well.Therefore, corporate decision-making is the most critical
process in any organization. In a decision-making process, we choose one course
of action from a few possible alternatives. In the process of decision-making, we
may use many tools, techniques, and perceptions.

In addition, we may make our own private decisions or may prefer a collective
decision. Usually, decision-making is hard. Majority of corporate decisions
involve some level of dissatisfaction or conflict with another party.

22
Systems for decision support ( Decision Support System)

A decision support system (DSS) is a computerized program used to support determinations,

judgments, and courses of action in an organization or a business. A DSS sifts through and
analyzes massive amounts of data, compiling comprehensive information that can be used to
solve problems and in decision-making.

Typical information used by a DSS includes target or projected revenue, sales figures or past
ones from different time periods, and other inventory- or
operations-related data.

DSSs serve the management, operations and planning

levels of an organization (usually mid and higher
management) and help people make decisions about
problems that may be rapidly changing and not easily
specified in advance—i.e. unstructured and semi-structured
decision problems. Decision support systems can be either
fully computerized or human-powered, or a combination of
both. DSSs include knowledge-based systems. A properly
designed DSS is an interactive software-based system
intended to help decision makers compile useful
information from a combination of raw data, documents,
and personal knowledge, or business models to identify and
solve problems and make decisions.

Components of DSS

The three main components of a DSS framework are:

1. Model Management System:The model management system stores models that managers
can use in their decision-making. The models are used in decision-making regarding the
financial health of the organization and forecasting demand for a good or service.

2. User Interface: The user interface includes tools that help the end-user of a DSS to
navigate through the system.

3. Knowledge Base: The knowledge base includes information from internal sources
(information collected in a transaction process system) and external sources (newspapers and
online databases).

Types of DSS

23
There are a number of Decision Support Systems. These can be categorized into five types:

- Communication-driven DSS

Most communications-driven DSSs are targeted at internal teams, including partners. Its
purpose is to help conduct a meeting, or for users to collaborate. The most common
technology used to deploy the DSS is a web or client server. Examples: chats and instant
messaging softwares, online collaboration and net-meeting systems.

- Data-driven DSS

Most data-driven DSSs are targeted at managers, staff and also product/service suppliers. It is
used to query a database or data warehouse to seek specific answers for specific purposes. It
is deployed via a main frame system, client/server link, or via the web. Examples:
computer-based databases that have a query system to check (including the incorporation of
data to add value to existing databases.

- Document-driven DSS

Document-driven DSSs are more common, targeted at a broad base of user groups. The
purpose of such a DSS is to search web pages and find documents on a specific set of
keywords or search terms. The usual technology used to set up such DSSs are via the web or
a client/server system. Examples:

- Knowledge-driven DSS:

Knowledge-driven DSSs or 'knowledge base' as they are known, are a catch-all category
covering a broad range of systems covering users within the organization setting it up, but
may also include others interacting with the organization - for example, consumers of a
business. It is essentially used to provide management advice or to choose products/services.
The typical deployment technology used to set up such systems could be client/server
systems, the web, or software running on stand-alone PCs.

- Model-driven DSS

Model-driven DSSs are complex systems that help analyze decisions or choose between
different options. These are used by managers and staff members of a business, or people
who interact with the organization, for a number of purposes depending on how the model is
set up - scheduling, decision analyses etc. These DSSs can be deployed via
software/hardware in stand-alone PCs, client/server systems, or the web

Group Decision Support Systems (GDSS)

24
A GDSS is an interactive computer based system that facilitates a number of decision
makers (working together in a group ) in finding solutions to problems that are unstructured
in nature. They are designed in such a way that they take input from multiple users
interacting simultaneously with the systems to arrive at a decision as a group .

The tools and techniques provided by the group decision support system improve the quality
and effectiveness of the group meetings. Groupware and web-based tools for electronic
meetings and videoconferencing also support some of the group decision making processes,
but their main function is to make communication possible between the decision-makers.

In a group decision support system (GDSS) electronic meeting, each participant is provided
with a computer. The computers are connected to each other, to the facilitator’s computer and
to the file server. A projection screen is available at the front of the room. The facilitator and
the participants can both project digital text and images onto this screen.

A group decision support system (GDSS) is composed of 3 main components, namely

hardware, software tools, and people.

- Hardware: It includes electronic hardware like the computer, equipment used for
networking, electronic display boards and audiovisual equipment. It also includes the
conference facility, including the physical set up – the room, the tables, and the chairs
– laid out in such a manner that they can support group discussion and teamwork.
- Software Tools: It includes various tools and techniques, such as electronic
questionnaires, electronic brainstorming tools, idea organizers, tools for setting
priority, policy formation tool, etc. The use of these software tools in a group meeting

25
 helps the group decision-makers to plan, organize ideas, gather information, establish
priorities, take decisions and document the meeting proceedings. As a result, meetings
become more productive.
- People: It compromises the members participating in the meeting, a trained facilitator
who helps with the proceedings of the meeting, and an expert staff to support the
hardware and software. The GDSS components together provide a favorable
environment for carrying out group meetings.

Features of GDSS
● Ease of Use: It consists of an interactive interface that makes working with GDSS
simple and easy.
● Better Decision Making: It provides the conference room setting and various
software tools that facilitate users at different locations to make decisions as a group
resulting in better decisions.
● Emphasis on Semi-structured and Unstructured Decisions: It provides important
information that assists middle and higher-level management in making
semi-structured and unstructured decisions.
● Specific and General Support: The facilitator controls the different phases of the
group decision support system meeting (idea generation, discussion, voting and vote
counting, etc.) what is displayed on the central screen and the type of ranking and
voting that takes place, etc. In addition, the facilitator also provides general support to
the group and helps them to use the system.
● Supports all Phases of Decision Making: It can support all the four phases of
decision making, viz intelligence, design, choice, and implementation.
● Supports Positive Group Behavior: In a group meeting, as participants can share
their ideas more openly without the fear of being criticized, they display more
positive group behavior towards the subject matter of the meeting.

Executive Support Systems (ESS)

An executive information system (EIS), also known as an executive support system (ESS),is
a type of management support system that facilitates and supports senior executive
information and decision-making needs. It provides easy access to internal and external
information relevant to organizational goals. It is commonly considered a specialized form of
decision support system (DSS)

EIS emphasizes graphical displays and easy-to-use user interfaces. They offer strong
reporting and drill-down capabilities. In general, EIS are enterprise-wide DSS that help
top-level executives analyze, compare, and highlight trends in important variables so that

26
they can monitor performance and identify opportunities and problems. EIS and data
warehousing technologies are converging in the marketplace.

They serve senior managers who are making decisions at the strategic level of the
organization, they mainly address non routine decisions requiring judgment , evaluation and
insight

Components of ESS

EIS components can typically be classified as:

● Hardware
● Software
● User interface
● Telecommunications

Hardware

When talking about computer hardware for an EIS environment, we should focus on the
hardware that meets the executive's needs. The executive must be put first and the executive's
needs must be defined before the hardware can be selected. The basic hardware needed for a
typical EIS includes four components:

● Input data-entry devices. These devices allow the executive to enter, verify, and
update data immediately
● The central processing unit (CPU), which is the most important because it controls the
other computer system components
● Data storage files. The executive can use this part to save useful business information,
and this part also helps the executive to search historical business information easily
● Output devices, which provide a visual or permanent record for the executive to save
or read. This device refers to the visual output device such as monitor or printer

27
Software

Choosing the appropriate software is vital to an effective EIS.[citation needed] Therefore, the
software components and how they integrate the data into one system are important. A
typical EIS includes four software components:

● Text: handling software—documents are typically text-based

● Database: heterogeneous databases on a range of vendor-specific and open computer
platforms help executives access both internal and external data
● Graphic base: graphics can turn volumes of text and statistics into visual information
for executives. Typical graphic types are: time series charts, scatter diagrams, maps,
motion graphics, sequence charts, and comparison-oriented graphs (i.e., bar charts)
● Model base—EIS models contain routine and special statistical, financial, and other
quantitative analysis

User interface

An EIS must be efficient to retrieve relevant data for decision makers, so the user interface is
very important. Several types of interfaces can be available to the EIS structure, such as
scheduled reports, questions/answers, menu driven, command language, natural language,
and input/output.

Telecommunication

As decentralizing is becoming a trend in companies, telecommunications plays a pivotal role

in networked information systems. Transmitting data from one place to another has become
crucial for establishing a reliable network. In addition, telecommunications within an EIS can
accelerate the need for access to distributed data. It can be both by scientific and business
means.

The process of developing DSS

There are a number of paradigms to describe human decision making. Among them the
paradigm proposed by Simon is widely tested and used. It consists of three phases,
intelligence, design and choice. Later implementation phase is added. (Lakhmi C. Jain).

The process begins with the Intelligence phase. In this phase a decision maker establishes
an understanding of the associated opportunities and the problem domain by observing the
reality a. In the Design phase, using a specific model the decision criteria and alternatives
are developed, with the relevant uncontrollable events identified. The relationships between
the alternatives, events and decisions have to be clearly specified and measured. This enables

28
the decision events and alternative to be evaluated logically in the next phase i.e. Choice
phase. In the Implementation phase, the decision makers need to reconsider the decision
evaluation and analyses, as well as to weigh the consequences of the recommendation

Knowledge Management System (KMS)

29
A knowledge management system is any kind of IT system that stores and retrieves
knowledge to improve understanding , collaboration and process alignment . Knowledge
management systems can exist within organizations or teams , but they can also be used to
center your knowledge base for your users or customers.
Set of processes to Creates, gathers, stores, maintains, disseminates and applies knowledge
in respective domains.
Knowledge Management Systems Some firms perform better than others because they have
better knowledge about how to create, produce, and deliver products and services.
Knowledge management systems (KMS) collect all relevant knowledge and experience in
the firm and make it available wherever and whenever it is needed to improve business
processes and management decisions. They also link the firm to external sources of
knowledge.

Types of KMS

There are three main types of knowledge management systems that aid you in business
knowledge sharing and managing. They are knowledge work systems, intelligent techniques,
and enterprise-wide knowledge management systems.

1. Enterprise-wide knowledge management systems

An enterprise-wide knowledge management system delivers the crucial benefit of

maintaining organizational productivity and streamlining work. A significant advantage of
such a system is that it permits the organization to aim at the business processes rather than
on data. In turn, this helps upsurge efficiency at the administrative level.

30
Moreover, it aids businesses in decreasing production costs. The enterprise knowledge
management system is an application that helps in simplifying access points from various
sources and databases too. Certain communities may define it as the knowledge community
management software as it functions by utilizing the data gathered.There are three types of
Enterprise wide knowledge management system;

1. Knowledge Repository
● A collection of internal and external knowledge in a single location for management
and utilization by the organization
2. Structured Knowledge System
● Knowledge repository for explicit knowledge –formal, structured text documents and
reports or presentations
● Needs to be accessible
3. Semi-structured Knowledge Systems
● Knowledge repository for less-structured documents, such as e-mail, voicemail, chat
room exchanges, videos, digital images, brochures, bulletin boards
● Also known as digital asset management systems

2. Knowledge work systems

The knowledge work system is the system that offers enterprise-wide KM. It focuses on
dissimilar systems. This subsection of the systems may comprise a knowledge database,
knowledge repository, and knowledge graph.

These three kinds of information systems will deliver the best outcomes for assembling
work-related data. Each knowledge management system tends to be suitable in different
industries. Hence, it is best to select an ideal system that fits the current model of the
organization. It also has diverse techniques that apply to definite business needs.

31
 3. Intelligent techniques

Companies can utilize artificial intelligence to capture and preserve tacit knowledge. It can
also be helpful for knowledge discovery, generating solutions to precise issues that are too
complex and massive to be analyzed by humans on their own, and helping firms search and
filter data.

Artificial intelligence lacks the breadth, generality of human intelligence, and flexibility, but
it can be used to codify, extend, and capture organizational knowledge. Types of intelligent
techniques are;

1.

Components of an Expert System

User Interface : is the method by which the expert system interacts with a user. These can
be through dialog boxes, command prompts, forms, or other input methods.

Agenda : When rules are satisfied by the program, they are added to a queue called
the agenda. The agenda is an unordered list of all the rules whose antecedents are currently
satisfied.

Knowledge Acquisition Facility: The individual or group whose expertise and knowledge is
captured for use in an expert system.

Working Memory : Working memory contains the rules , data that is received from the user
during the expert system session and acts as temporary memory during the system process.
Explanation Facility: The method by which an expert system reaches a conclusion may not
be obvious to a human user, so many expert systems will include a method for explaining the
reasoning process that lead to the final answer of the system.

Interface Engine: The inference engine is the main processing element of the expert system.
The inference engine chooses rules from the agenda to initiate an expert system .

32
 2. CASE BASED REASONING(CBR)

How case based reasoning works

3. FUZZY LOGIC SYSTEMS

Fuzzy logic is a rule-based technology that can represent such imprecision by creating rules
that use approximate or subjective values. It can describe a particular phenomenon or process
linguistically and then represent that description in a small number of flexible rules.
Organizations can use fuzzy logic to create software systems that capture tacit knowledge
where there is linguistic ambiguity.
Most people do not think in terms of traditional IF–THEN rules or precise numbers. Humans

33
tend to categorize things imprecisely using rules for making decisions that may have many
shades of meaning.

4. NURAL NETWORKS

For solving complex ,poorly understood problems requires a large amount of data. The
system solve the problem almost in human way of analyzing

4. INTELLIGENTAGENTS

34
 5. ARTIFICIAL INTELLIGENCE
● Computers can be imparted with human behaviors through using extreme
programming and transducers .
● Wide application in S&T
● Its application in management is very limited. Eg, Robotics, CAM, Transportation

HYBRID AI SYSTEMS

6. GENETIC ALGORITHMS

Genetic algorithms (also referred to as adaptive computation) are used for finding the optimal
solution for a specific problem by examining a very large number of possible solutions for
that problem. Their problem-solving techniques are conceptually based on the method that
living organisms use to adapt to their environments—the process of evolution. They are
programmed to work the way populations solve problems—by changing and reorganizing
their component parts using processes such as reproduction, mutation, and natural selection

7. DATA MINING

Data mining is the process of finding anomalies, patterns and correlations within large data
sets to predict outcomes. Using a broad range of techniques, you can use this information to
increase revenues, cut costs, improve customer relationships, reduce risks and more.

Features of Data mining

● Sift through all the chaotic and repetitive noise in your data.
● Allows understanding what is relevant and then making good use of that information
to assess likely outcomes.
● Accelerate the pace of making informed decisions.

Knowledge Based Expert Systems (KBES)

35
As society and industry become more knowledge oriented, they rely on different experts for
solving problems and decision making. Here, KBES becomes a productive tool as it provides
collective knowledge of one or more experts. It acts as an expert on demand, anytime,
anywhere and also helps in saving money by getting cheaper expert knowledge and letting
users' function at a higher level with consistency.

KBES is a computer-based system which uses and produces knowledge from data,
information and knowledge. These systems have the ability to understand the information
that is being processed and can take a final decision based on it. This is different from the
traditional computer systems that do not have any idea about the data/information which they
are processing.

Features of Knowledge Based Expert System

The key features of the knowledge-based expert system in MIS are as described below:

1) High-Level Expertise : The high-level expertise provided to help in problem solving is

one of the most valuable features of an expert system. This expertise is analogous to the best
thinking by top experts in the specific field providing solutions which are creative, precise
and efficient.

2) Predictive Modeling Power : Predictive modeling power is another useful feature of an

expert system. It acts as a model of problem solving in the given domain and throws up
answers for given problem situations and also reflects the change in them (given new
situations explaining the reason for change). This helps the user to assess the potential effect
of new facts or data and know about their relationship to the results.

3) Institutional Memory : Institutional memory refers to the body of knowledge which

defines the ability of an expert system. When people in important positions leave an
organization, their expertise gets reserved as institutional memory. This is significant and
critical for vital military and government institutions where personnel transfers are frequent.

4) Ability to Provide a Training Facility : An expert system is also capable of providing

training to important personnel. As expert systems already have the knowledge and reasoning
ability, they can train various employees when required.

Components of Knowledge Based Expert System

A knowledge base, the Inference Engine (IE) (a search program) and user interface are
included in Knowledge Based Expert System (KBES) :

36
1) Inference Engine (IE) : IE is used to understand the knowledge present in the knowledge
base.
2) Knowledge Base : Knowledge base is the storehouse of different forms of knowledge.
3) User Interface : An appropriate user interface must be present which should have the
natural. language processing facility.

Enterprise Resource Planning

Enterprise resource planning ( ERP ) systems, it is a system to integrate business processes

in manufacturing and production, finance and accounting, sales and marketing, and human
resources into a single software system. Information that was previously fragmented in many
systems is stored in a single
comprehensive data repository where
it can be used by many parts of the
business

ERP is based on a suite of integrated

software modules and a common
central database. The database collects
data from many divisions and
departments in a firm and from a large
number of key business processes in
manufacturing and production,
finance and accounting, sales and
marketing, and human resources,
making the data available for
applications that support nearly all an
organization’s internal business
activities. When new information is entered by one process, the information is made
immediately available to other business processes

ERP in business

ERP systems have become table stakes for businesses looking to use resources wisely. They
can help leaders reallocate human and financial capital or build more efficient core business
processes that save money without sacrificing on quality or performance.

An ERP is also an asset when it comes to planning and coordination. Employees can see
current available inventory and customer orders in detail, then compare supplier purchase
orders and forecasted future demand. If necessary, they can make adjustments to head off

37
problems. ERP software improves communication and collaboration as well because workers
can check on the status of other departments to guide their own decisions.

As a comprehensive source of data, an ERP system also provides a host of reports and
analytics that can be difference-makers for the business. Turning a vast trove of information
into charts and graphs that clearly illustrate trends and help model possible results is an ERP
capability executives find invaluable.

Components of ERP

Five Main Components of the ERP system are as

follows :

1. Finance : It keeps a track on all your financial

data including Accounts receivable, Accounts
payable, General ledger, costs, budgets and
forecasts. It helps to keep a record of cash flow,
lower costs, increase profits and make sure that
all the bills are paid on time. The growing
complexity of the business makes important the
need to have a single system to manage all of the financial transactions and accounting for
multiple business units or product line

2. Human Resources (HR) : It is a software

handling all personal-related tasks for managers and
employees. Employees play a very important role in
any organization, without them business would not
exist. This component is responsible for automated
payments to employees, payment of taxes,
generating performance reports, attendance
tracking, promotions, deciding working hours and
holiday hours of the staff.

3. Manufacturing and logistics : It is a group of applicants for planning, production, taking

orders and delivering the products to the customers. It provides you a view of the demanded
and achieved levels which is very important to check whether you are achieving your targets
or not. It provides all the stock summary and production plans beneficial for the business. It
includes Production planning , order entry and processing also the warehouse management

38
4. Supply Chain Management (SCM) : A supply chain management is a network of
facilities that perform the procurement of the materials and transformation of these materials
into intermediate and finalized products and distribution of these products to the customers.
Planning, Manufacturing, Marketing, Distribution and the purchasing organizations through
a supply chain operate independently. These organizations have their own goals and
objectives.

5. Customer Relationship Management (CRM) : This component interacts with the

customers using data analysis to study a large amount of information. They target the
audience and observe what is beneficial for them. The component gathers customer data
from multiple channels. Hence, CRM stores detailed information on overall purchase history,
personal info, and even purchasing behavior patterns. The benefit it gains is by keeping a
track on the customer’s buyer history and suggesting additional purchases.

Cloud based Decision support Decision Making

A cloud-based system, often known as cloud computing, is a broad term for anything that
involves the delivery of hosted services via the internet. A cloud can be either private or
public. A public cloud sells services to anybody who has access to the internet.

A private cloud is a proprietary network or data center that provides services for a small
group of individuals with limited access and rights. Cloud computing, whether private or
public, aims to give easy access to computer resources and information technology services.

39
Cloud computing enables software producing organizations to replace in-house IT
infrastructure and provides them with scalable computing and flexible low cost. As cloud
vendors and services on offer increase rapidly, cloud service provider selection is becoming a
significant challenge for businesses.

The Cloud based DSS reduces the deployment and processing time, ameliorates the
communication and the cooperation between the decision makers, facilitates the
accessibility and decreases the cost. We propose a DSS built on the Cloud Computing
architecture which can improve effectiveness of urban project evaluation decisions in a
sustainable local development context.

A well-designed cloud that uses redundancy can be reliable, secure, and suitable for business
applications. Using a cloud to deliver decision support can reduce capital expenses and
reduce operating cost

Other benefits claimed are agility, accessibility to software and device and location
independence. In summary, benefits include:

● Greater reliability. A DSS is more likely to perform when and where it is needed.
● More secure. Proper implementation of safeguards result in a system that is less
vulnerable to physical and cyber attacks.
● More suitable for distributed business operations.
● Reduce capital expenses. Rent versus own. Outsource technology and support.
● Reduce direct and indirect operating cost for IT and IT dependent tasks. Pay for only
what you use.
● Agility. Faster to create and deploy new decision support applications.
● Accessibility. Available anywhere and anytime.
● Available on many diverse devices.
● Scalable. Expand and contract capability to meet needs.
● Disaster backup. Cloud infrastructure is a remote capability with backup to protect
against disaster.
● Expertise. Cloud vendors and staff become part of a company's information
technology capability.

Executive Information Systems or Executive Support System

Executive support systems (ESS) help senior management make these decisions. They
address nonroutine decisions requiring judgment, evaluation, and insight because there is no
agreed-on procedure for arriving at a solution. ESS presents graphs and data from many
sources through an interface that is easy for senior managers to use. Often the information is

40
delivered to senior executives through a portal, which uses a web interface to present
integrated personalized business content.

ESS are designed to incorporate data about external events such as new tax laws or
competitors, but they also draw summarized information from internal MIS and DSS. They
filter, compress, and track critical data, displaying the data of greatest importance to senior
managers. Increasingly, such systems include business intelligence analytics for analyzing
trends, forecasting, and drilling down to data at greater levels of detail.

EIS components can typically be classified as:

1. Hardware
2. Software
3. User interface
4. Telecommunications

Hardware: When talking about computer hardware for an EIS environment, we should
focus on the hardware that meets the executive's need. The executive must be put first and
the executive's needs must be defined before the hardware can be selected. The basic
hardware needed for a typical EIS includes four components:

● Input data-entry devices. These devices allow the executive to enter, verify, and
update data immediately
● The central processing unit (CPU), which is the most important because it controls the
other computer system components
● Data storage files. The executive can use this part to save useful business information,
and this part also helps the executive to search historical business information easily
● Output devices, which provide a visual or permanent record for the executive to save
or read. This device refers to the visual output device such as monitor or printer

In addition, with the advent of local area networks (LAN), several EIS products for
networked workstations became available. These systems require less support and less
expensive computer hardware. They also increase EIS information access to more company
users.

Software: Choosing the appropriate software is vital to an effective EIS.[citation needed]

Therefore, the software components and how they integrate the data into one system are
important. A typical EIS includes four software components:

● Text: handling software—documents are typically text-based

41
 ● Database: heterogeneous databases on a range of vendor-specific and open computer
platforms help executives access both internal and external data
● Graphic base: graphics can turn volumes of text and statistics into visual information
for executives. Typical graphic types are: time series charts, scatter diagrams, maps,
motion graphics, sequence charts, and comparison-oriented graphs (i.e., bar charts)
● Model base—EIS models contain routine and special statistical, financial, and other
quantitative analysis

User interface: An EIS must be efficient to retrieve relevant data for decision makers, so the
user interface is very important. Several types of interfaces can be available to the EIS
structure, such as scheduled reports, questions/answers, menu driven, command language,
natural language, and input/output.

Telecommunication: As decentralizing is becoming a trend in companies,

telecommunications plays a pivotal role in networked information systems. Transmitting data
from one place to another has become crucial for establishing a reliable network. In addition,
telecommunications within an EIS can accelerate the need for access to distributed data. It
can be both by scientific and business means.

Advantages of EIS

● Easy for upper-level executives to use, extensive computer experience is not required
in operations
● Provides strong drill-down capabilities to better analyze the given information.
● Information that is provided is better understood
● It provides timely delivery of information. Management can make decisions promptly.
● Improves tracking information
● Offers efficiency to decision makers

Disadvantages of EIS

● System dependent
● Limited functionality, by design
● Information overload for some managers
● Benefits hard to quantify
● High implementation costs
● System may become slow, large, and hard to manage
● Need good internal processes for data management
● May lead to less reliable and less secure data
● Excessive cost for small company

42
 UNIT 3: INFORMATION SYSTEM AND CONTROL

System Analysis
It is a process of collecting and interpreting facts, identifying the problems, and
decomposition of a system into its components.
System analysis is conducted for the purpose of studying a system or its parts in order to
identify its objectives. It is a problem solving technique that improves the system and
ensures that all the components of the system work efficiently to accomplish their purpose.
The following diagram shows the elements of a system −

System Design and Development

System design is the phase that bridges
the gap between the problem domain and
the existing system in a manageable way.
This phase focuses on the solution
domain, i.e. “how to implement?”
It is the phase where the System
Requirement and Specification (SRS)
document is converted into a format that
can be implemented and decides how the
system will operate.In this phase, the
complex activity of system development
is divided into several smaller
sub-activities, which coordinate with each
other to achieve the main objective of system development.
Systems development is the process of defining, designing, testing, and implementing a new
software application or program. It could include the internal development of customized

43
systems, the creation of database systems, or the acquisition of third party developed
software.
DataBase
A database is an integrated collection of well defined data and information, centrally
controlled in all its aspects, created and stored in a typical structure for an organization. In an
organization the database could be one or more, depending upon the needs and the operations
of the organization. The data structure and its storage should be such that it facilities share
ability, availability, evolvability and integrity of the data. The database separates a design of
the information system from the data design, and its management.
The data in many systems are common, and there is repetition of data storage in various
systems. This is called data redundancy. The redundancy of data gives rise to problems of
keeping the data current and same in all the files. Data management is complex in such a
situation. The reports generated out of such files show discrepancies in the information.
Since the data files are different for different systems, data sharing is not possible.
Transaction updating is also carried out at different times. It requires the increase of a
magnetic media for storage because the systems are developed independently. The
redundancy causes lack of integrity and inconsistency of the data in the various files

Advantages of Database
1. Data abstraction
2. Controlling data redundancy
3. Minimized data inconsistency
4. Data manipulation easily
5. Data can be shared
6. Data security
7. Support multi users views
8. Concurrent access
9. Helps for decision making

Disadvantages of Database
1. Cost of hardware and software
2. Cost of data conversion
3. Cost of staff training

Database models
A database model is a type of data model that determines the logical structure of a database.
It fundamentally determines in which manner data can be stored, organized and manipulated.

44
The most popular example of a database model is the relational model, which uses a
table-based format.

Database Management system

Is a software that enables an organization to centralize data, manage them efficiently, and
provide access to the sorted data by application programs. The DBMS acts as an interface
between application programs and the physical data files.

There are four common types of database models that are useful for different types of data or
information. Depending upon your specific needs, one of these models can be used.

1. Hierarchical databases.
2. Network databases.
3. Relational databases.
4. Object-oriented databases.

1. Hierarchical databases

In a hierarchical database model, the data is organized into a tree-like structure. In simple
language we can say that it is a set of organized data in tree structure.Its structure is like a
tree with nodes representing records and branches representing fields. The windows registry
used in Windows XP is an example of a hierarchical database. Configuration settings are
stored as tree structures with nodes.

45
2. Network databases
Network database model organizes data more like a graph and can have more than one
parent node. The network model is a database model conceived as a flexible way of
representing objects and their relationships.

3. Relational Database
The various software systems used to maintain relational databases are known as a relational
database management system (RDBMS). In this model, data is organised in rows and column
structure i.e., two-dimensional tables and the relationship is maintained by storing a common
field. It consists of three major components.
In relational models, three key terms are heavily used such as relations, attributes, and
domains. A relation is nothing but a table with rows and columns. The named columns of the
relation are called attributes, and finally the domain is nothing but the set of values the
attributes can take. The following figure gives us the overview of relational database model.

46
4. Object-oriented databases

An object database is a system in which information is represented in the form of objects as

used in object-oriented programming. Object oriented databases are different from relational
databases which are table-oriented. The object-oriented data model is based on the
object-oriented- programming language concept, which is now in wide use. Inheritance,
polymorphism, overloading. object-identity, encapsulation and information hiding with
methods to provide an interface to objects, are among the key concepts of object-oriented
programming that have found applications in data modelling. The object-oriented data model
also supports a rich type system, including structured and collection types

Capabilities of DBMS
A DBMS includes capabilities and tools for organizing, managing, and accessing the data in
the database. The most important are its data definition language, data dictionary, and data
manipulation language

47
Data definition capability to specify the structure of the content of the database. It would be
used to create database tables and to define characteristics of the fields in each table.

Data dictionary is an automate or manual file that stores definitions of data elements and
their characteristics.

Eg: Microsoft access has a rudimentary data dictionary capability that displays information
about the name , description, size , type , format and other properties of each field in table

Data dictionaries for large corporate databases may capture additional information such as
usage ownership ( who in the organization is responsible for maintaining the data) .

Data manipulation language that is used to add,change,delete and retrieve the data in the
database. This language contains commands that permit end users and programming
specialists to extract data from the database to satisfy information requests and develop
applications The most prominent data manipulation language today is structured Query
Language.

RDBMS
Relational databases represent data as two-dimensional tables .Tables may be referred to as
files. Each table contains data on an entity and its attributes . Microsoft Access is a relational
database is desktop systems .

Using databases to improve business performance and decision making

Business use their databases to :
● Keep track of basic transactions
● Provide information that will help the company run the business more efficiently

48
 ● Help managers and employees make better decisions

Data warehouse : a database that stores current and historical data from core operational
transactional systems for use in management analysis , but this data cannot be altered.

Data mart: A subset of a data warehouse in which a summarized or highly focused portion
of the organization’s data is placed in a separate database for a specified population of users.

Business Intelligence(BI) : Data analysis tools used for consolidating, analyzing, and
accessing vast stores of data to help in decision making, such as software for database query
and reporting tools for multidimensional data analysis ( online analytical processing ) data
mining

Client-server architecture

Is a network architecture in which each computer or

process on the network is either a client or a server .
Servers are powerful computers or processes
dedicated to managing disk drives (file servers) or
network traffic ( network servers) . clients are PCs
or workstations on which users run application.

Peer to Peer network

In a peer to peer network, there is no specific client or a

server. A device can send and receive data directly with
each other. Each node can either be a client or a server.
It can request or provide services accordingly. A node
is also called a peer.

49
Computer Based Management Information System

Computer Based Information System (CBIS) is an information system in which the computer
plays a major role. Such a system consists of the following elements:

● Hardware: The term hardware refers to machinery. This category includes the
computer itself, which is often referred to as the central processing unit (CPU), and all
of its support equipment. Among the support equipment are input and output devices,
storage devices and communications devices.
● Software: The term software refers to computer programs and the manuals (if any)
that support them. Computer programs are machine-readable instructions that direct
the circuitry within the hardware parts of the Computer Based Information System
(CBIS) to function in ways that produce useful information from data. Programs are
generally stored on some input / output medium-often a disk or tape.
● Data: Data are facts that are used by programs to produce useful information. Like
programs, data is generally stored in machine-readable form on disk or tape until the
computer needs them.
● Procedures: Procedures are the policies that govern the operation of a computer
system. “Procedures are to people what software is to hardware” is a common
analogy that is used to illustrate the role of procedures in a CBIS.
● People: Every Computer Based Information System (CBIS) needs people if it is to be
useful. Often the most overlooked element of the CBIS is the people: probably the
components that most influence the success or failure of the information system

Computer Networking and Communication Technology

A computer network is the collection of autonomous computers that are interconnected and
shared for the purpose of resource sharing. transmission of information is the main purpose
of computer networks, which connect a number of computer systems by using a
communication line. A computer network consists of a transmission medium and a
communication device.

Computer communication network is a combination of computer technology and

communication technology to form a new communication, mainly to meet the needs of data
communications. It connected multiple computers, terminals and ancillary equipment and
equipped them with the corresponding network software in different geographical locations

50
to achieve the communication process of resources sharing and the formation of the
communication system.

A computer network can be categorized by their size. A computer network is mainly of

four types:

LAN(Local Area Network)

● Local Area Network is a group of computers connected to each other in a small area
such as a building, office.
● LAN is used for connecting two or more personal computers through
a communication medium such as twisted pair, coaxial cable, etc.
● It is less costly as it is built with inexpensive hardware such as hubs,
network adapters, and ethernet cables.
● The data is transferred at an extremely faster rate in the Local Area
Network.
● Local Area Network provides higher security

51
PAN(Personal Area Network)
● Personal Area Network is a network arranged within an
individual person, typically within a range of 10 meters.
● Personal Area Network is used for connecting the
computer devices of personal use is known as Personal
Area Network.
● Thomas Zimmerman was the first research scientist to
bring the idea of the Personal Area Network.
● Personal Area Network covers an area of 30 feet.
● Personal computer devices that are used to develop the personal area network are the
laptop, mobile phones, media player and play stations.

MAN(Metropolitan Area Network)

● A metropolitan area network is a network that covers a larger geographic area by

interconnecting a different LAN to form a larger network.
● Government agencies use MAN to connect to the citizens and private industries.
● In MAN, various LANs are connected to each other through a telephone exchange
line.
● The most widely used protocols in MAN are RS-232, Frame Relay, ATM, ISDN,
OC-3, ADSL, etc.
● It has a higher range than Local Area Network(LAN).

WAN(Wide Area Network)

● A Wide Area Network is a network that extends over a large geographical area such
as states or countries.

52
 ● A Wide Area Network is quite a bigger network than the LAN.
● A Wide Area Network is not limited to a single location, but it spans over a large
geographical area through a telephone line, fiber optic cable or satellite links.
● The internet is one of the biggest WANs in the world.
● A Wide Area Network is widely used in the field of Business, government, and
education.

Big Data Analytics and Cloud Computing

The process of analysis of large volumes of diverse data sets, using advanced analytic
techniques is referred to as Big Data Analytics.
These diverse data sets include structured, semi-structured, and unstructured data, from
different sources, and in different sizes from terabytes to zettabytes. We also reckon them as
big data.

Types of Big Data Analytics

Big data analytics is categorized into four subcategories that are:
1. Descriptive Analytics
2. Diagnostic Analytics
3. Predictive Analytics
4. Prescriptive Analytics

1. Descriptive Analytics
Descriptive Analytics is considered a useful technique for uncovering patterns within a
certain segment of customers. It simplifies the data and summarizes past data into a readable
form.

53
Descriptive analytics provide insights into what has occurred in the past and with the trends
to dig into for more detail. This helps in creating reports like a company’s revenue, profits,
sales, and so on.
Examples of descriptive analytics include summary statistics, clustering, and association
rules used in market basket analysis.

2. Diagnostic Analytics
Diagnostic Analytics, as the name suggests, gives a diagnosis to a problem. It gives a
detailed and in-depth insight into the root cause of a problem.

3. Predictive Analytics
Predictive Analytics, as can be discerned from the name itself, is concerned with predicting
future incidents. These future incidents can be market trends, consumer trends, and many
such market-related events.
This type of analytics makes use of historical and present data to predict future events. This
is the most commonly used form of analytics among businesses

4. Prescriptive Analytics
Prescriptive analytics is a combination of data and various business rules. The data of
prescriptive analytics can be both internal (organizational inputs) and external (social media
insights).
Prescriptive analytics allows businesses to determine the best possible solution to a problem.
When combined with predictive analytics, it adds the benefit of manipulating a future
occurrence to mitigate future risk.

Cloud computing
Cloud computing is the delivery of different services through the Internet. These resources
include tools and applications like data storage, servers, databases, networking, and software.
Rather than keeping files on a proprietary hard drive or local storage device, cloud-based
storage makes it possible to save them to a remote database. As long as an electronic device
has access to the web, it has access to the data and the software programs to run it.

Types:
1. Software-as-a-service (SaaS) involves the licensing of a software application to
customers. Licenses are typically provided through a pay-as-you-go model or
on-demand. This type of system can be found in Microsoft Office's 365.1
2. Infrastructure-as-a-service (IaaS) involves a method for delivering everything from
operating systems to servers and storage through IP-based connectivity as part of an
on-demand service. Clients can avoid the need to purchase software or servers, and

54
 instead procure these resources in an outsourced, on-demand service. Popular
examples of the IaaS system include IBM Cloud and Microsoft Azure.
3. Platform-as-a-service (PaaS) is considered the most complex of the three layers of
cloud-based computing. PaaS shares some similarities with SaaS, the primary
difference being that instead of delivering software online, it is actually a platform for
creating software that is delivered via the Internet.

Information Systems for Managerial Decisions

Decision making in businesses used to be limited to management. Today, lower level
employees are responsible for some of these decisions , as information systems make
information available to lower levels of the business.

Types of decisions

Unstructured decisions:
Are those in which the decision maker must provide judgment, evaluation,and insight to
solve the problem.
Structured decisions:
Are repetitive and routine and they involve definite procedure for handling them so that they
do not have to be treated each time as if they were new
Semi-structured:
Many decisions have elements of both types of decisions and are semi-structured where only
part of the problem has a clear cut answer provided by an accepted procedure.

55
The Future Cyber Security and its problems

Cybersecurity has existed since the creation of the first computer virus in 1971. That was the
“creeper” virus, a harmless application designed to replicate and move from computer to
computer. New malware is created every day, however, by “threat actors” who attempt to
develop new tools for often-nefarious purposes. Cybersecurity professionals attempt to stop
them, each investing to out-perform the other, in what has become a cat-and-mouse game. In
the decades since, the sophistication on all sides in the game have increased.
Machine learning and AI are being used by both sides to continue this game of
cat-and-mouse. Quantum computing will be next, exponentially elevating the capabilities of
an attacker and a defender. So the cat and the mouse will keep getting better and faster, but
the overall game isn’t going to change too much.

Here's what the future of cybersecurity will look like.

More ransomware threats
Ransomware has been slowly growing into a dominant (if not the dominant) cyberthreat for
several years. Ransomware has become more prolific and potent for years. As a result, it’s
also become extremely effective. There’s a direct financial benefit to the groups behind
ransomware campaigns. Ransomware is now being incorporated into larger attack
campaigns, where adversaries steal sensitive information before encrypting a target’s data,
and they also attempt to prevent data recovery practices by preemptively targeting backup
and recovery tools.

USBs will be a more potent threat

USB devices are everywhere. People are used to seeing them, using them and owning them.
Threat actors highly target USBs to penetrate industrial targets. In our recent USB threat
report, we found that 19% of the threats detected were designed to leverage USB removable
media in some way. USB threats to industrials more than doubled to 59 percent. There’s a
tendency for many people to underestimate ‘malware’. The malware can also cause loss of
process, either directly damaging or stopping a process. In our latest USB threat report, we
saw the amount of high-impact malware doubled.

Secure remote access

The recent shift to remote working is causing the need to guarantee security of remote
access. Companies must rethink their security plans around a highly distributed
infrastructure. Meanwhile, attackers are evolving their approach, finding ways to target
employees who are working in isolation but still connected into the corporate network. In
operational technology, the best-practices that have existed for decades have prepared the
cybersecurity industry for keeping critical tasks completely and physically separated

56
Increased automation
Technology to be able to perform efficient cybersecurity tasks. It’s simply the result of scale.
Successful cyber will always boil down to people – skilled human minds playing the role of
either the cat or the mouse. But there are too many things to watch, too many threat variants
(there are easily more than a billion viruses today), too many vectors, too many targets. That
must be simplified. Today, we’re already using machine learning and artificial intelligence to
help make sense of all that noise before it gets presented to human security professionals.

Ultimately, cybersecurity defense in depth strategy will not go away. Organizations will
never have one silver bullet to completely reduce the risk of a cyber-attack but rather
multiple technologies and processes in place to help ensure those threats are minimized.

The future of cyber security and threat detection

Looking ahead, a few themes around the future of cyber security appear.
For one, a greater focus on prevention and preparedness will be vital. Response planning for
a security incident or data breach is necessary. Incident preparedness and response playbooks
will likely become more commonplace. Employee training at every level will mitigate the
role of human error.
And as regulatory concerns become more urgent, ensuring cyber security programs are
robust enough to pass muster during audits or compliance assessments will likely be top of
mind.
Businesses may want to focus first and foremost on how they can secure their business today.
Building a strong foundation of good cyber security habits and best practices is necessary as
attacks continue to evolve.
It’s hard to look at the calendar and make predictions about what the future will hold,
especially in an industry as complex and fast-paced as cyber security. But by taking the time
now to build that baseline, you can set your business up for lasting success as changes arise
and new threats appear — whatever they may be.

Introduction to the Legal Perspectives of Cybercrimes

Cyber crime is a crime done with the misuse of information technology for unauthorized or
illegal access, electronic fraud; like deletion, alteration, interception, concealment of data,
forgery etc.

Cyber security

Cyber security is the application of technologies, processes and controls to protect systems,
networks, programs, devices and data from cyber attacks.It aims to reduce the risk of cyber

57
attacks and protect against the unauthorized exploitation of systems, networks and
technologies. Cyber security is the practice of defending computers, servers, mobile devices,
electronic systems, networks, and data from malicious attacks. It's also known as information
technology security or electronic information security. The term applies in a variety of
contexts, from business to mobile computing, and can be divided into a few common
categories.

● Network security is the practice of securing a computer network from intruders,

whether targeted attackers or opportunistic malware.
● Application security focuses on keeping software and devices free of threats. A
compromised application could provide access to the data it's designed to protect.
Successful security begins in the design stage, well before a program or device is
deployed.
● Information security protects the integrity and privacy of data, both in storage and in
transit.
● Operational security includes the processes and decisions for handling and
protecting data assets. The permissions users have when accessing a network and the
procedures that determine how and where data may be stored or shared all fall under
this umbrella.
● Disaster recovery and business continuity define how an organization responds to a
cyber-security incident or any other event that causes the loss of operations or data.
Disaster recovery policies dictate how the organization restores its operations and
information to return to the same operating capacity as before the event. Business
continuity is the plan the organization falls back on while trying to operate without
certain resources.
● End-user education addresses the most unpredictable cyber-security factor: people.
Anyone can accidentally introduce a virus to an otherwise secure system by failing to
follow good security practices. Teaching users to delete suspicious email attachments,
not plug in unidentified USB drives, and various other important lessons is vital for
the security of any organization.

Cybercrime and the Legal Landscape

Cybercrime, also called computer crime, the use of a computer as an instrument to further
illegal ends, such as committing fraud, trafficking in child pornography and intellectual
property, stealing identities, or violating privacy. Cybercrime, especially through the Internet,
has grown in importance as the computer has become central to commerce, entertainment,
and government.
New technologies create new criminal opportunities but few new types of crime. What
distinguishes cybercrime from traditional criminal activity? Obviously, one difference is the

58
use of the digital computer, but technology alone is insufficient for any distinction that might
exist between different realms of criminal activity. Criminals do not need a computer to
commit fraud, traffic in child pornography and intellectual property, steal an identity, or
violate someone’s privacy. All those activities existed before the “cyber” prefix became
ubiquitous. Cybercrime, especially involving the Internet, represents an extension of existing
criminal behavior alongside some novel illegal activities.
An important aspect of cybercrime is its nonlocal character: actions can occur in jurisdictions
separated by vast distances. This poses severe problems for law enforcement since previously
local or even national crimes now require international cooperation. For example, if a person
accesses child pornography located on a computer in a country that does not ban child
pornography, is that individual committing a crime in a nation where such materials are
illegal? Where exactly does cybercrime take place? Cyberspace is simply a richer version of
the space where a telephone conversation takes place, somewhere between the two people
having the conversation. As a planet-spanning network, the Internet offers criminals multiple
hiding places in the real world as well as in the network itself. However, just as individuals
walking on the ground leave marks that a skilled tracker can follow, cybercriminals leave
clues as to their identity and location, despite their best efforts to cover their tracks. In order
to follow such clues across national boundaries, though, international cybercrime treaties
must be ratified.

The Indian IT Act

The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act of
the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in
India dealing with cybercrime and electronic commerce.

Secondary or subordinate legislation to the IT Act includes the Intermediary Guidelines

Rules 2011 and the Information Technology (Intermediary Guidelines and Digital Media
Ethics Code) Rules, 2021.

The main objective of this act is to carry lawful and trustworthy electronic, digital and online
transactions and alleviate or reduce cybercrimes. The IT Act has 13 chapters and 90 sections.
The last four sections that starts from ‘section 91 – section 94’, deals with the revisions to the
Indian Penal Code 1860.

The IT Act, 2000 has two schedules:

● First Schedule –Deals with documents to which the Act shall not apply.

59
 ● Second Schedule –Deals with electronic signature or electronic authentication
method.

The offenses and the punishments in IT Act 2000 :

The offenses and the punishments that falls under the IT Act, 2000 are as follows :-

1. Tampering with the computer source documents.

2. Directions of Controller to a subscriber to extend facilities to decrypt information.
3. Publishing of information which is obscene in electronic form.
4. Penalty for breach of confidentiality and privacy.
5. Hacking for malicious purposes.
6. Penalty for publishing Digital Signature Certificate false in certain particulars.
7. Penalty for misrepresentation.
8. Confiscation.
9. Power to investigate offenses.
10. Protected System.
11. Penalties for confiscation not to interfere with other punishments.
12. Act to apply for offense or contravention committed outside India.
13. Publication for fraud purposes.
14. Power of Controller to give directions.

The primary objectives of the IT Act, 2000 are:

● Granting legal recognition to all transactions done through electronic data exchange,
other means of electronic communication or e-commerce in place of the earlier
paper-based communication.
● Providing legal recognition to digital signatures for the authentication of any
information or matters requiring authentication.
● Facilitating the electronic filing of documents with different Government departments
and also agencies.
● Facilitating the electronic storage of data
● Providing legal sanction and also facilitating the electronic transfer of funds between
banks and financial institutions.
● Granting legal recognition to bankers for keeping the books of accounts in an
electronic form. Further, this is granted under the Evidence Act, 1891 and the Reserve
Bank of India Act, 1934.

Cybercrime and Punishment

The advent of the computer is one of such remarkable innovations because it has determined
the living culture of today’s humans. The individuals from every age group and the

60
organization’s functioning in any kind of industry have become users of computers. Rather
than giving a narrow definition to the term ‘computer’, Section 2(I)(i) the IT Act, 2000 was
drafted in such a manner to include all the kinds of processing devices, computer networks,
storage, and software. It includes mobiles, smart devices, cameras, e-readers, etc. This
technology has become the soul and essence of many activities happening in the world.
Though the invention of the computer has numerous benefits like data storage, transfer of
information, and effectively contributed to making human life easier, there are negative
facets involved with the same device which affect life miserably. Herein, the attention must
be drawn to the fact that negative facets are the results of the misuse by very limited people
and have nothing to do with the invention itself. The possibility of misuse imbibed with the
computer has taken various shapes and some of such activities that are criminal in nature are
recognized as ‘cybercrimes’. This kind of crime has become a major area of concern across
all the countries in the world, especially India. This is because of the government’s active
drive to achieve digital emancipation in a country where digital unawareness and low literacy
are known to exist

Cyber crimes with IPC implications

Apart from punishments in IT Act, 2000, there are certain crimes that are attracted by IPC
provisions as well. The following is the enumeration of the IPC provisions along with
various cyber crimes that are attracted by respective Sections and the punishment for the
same.
Section 292 of IPC: Although this Section was drafted to deal with the sale of obscene
material, it has evolved in the current digital era to be concerned with various cybercrimes.
The publication and transmission of obscene material or sexually explicit act or exploit acts
containing children, etc which are in electronic form are also governed by this section.
The punishment imposed upon the commission of such acts is imprisonment and fine up to 2
years and Rs. 2000. If any of the aforementioned crimes are committed for the second time,
the imprisonment could be up to 5 years and the fine could be imposed up to Rs. 5000

Section 354C of IPC: The cybercrime dealt with under this provision is capturing or
publication of a picture of private parts or acts of a woman without such person’s consent.
This section exclusively deals with the crime of ‘voyeurism’ which also recognizes watching
such acts of a woman as a crime
The punishment includes 1 to 3 years of imprisonment for first-time offenders and 3 to 7
years for second-time offenders.

Section 354D of IPC: This section describes and punishes ‘stalking’ including both physical
and cyberstalking. If the woman is being monitored through electronic communication,
internet, or email or is being bothered by a person to interact or contact despite her

61
disinterest, it amounts to cyber-stalking. The latter part of the Section states the punishment
for this offense as imprisonment extending up to 3 years for the first time and 5 years for the
second time along with a fine imposed in both the instances

Section 419 and Section 420 of IPC: These are related provisions as they deal with frauds.
The crimes of password theft for the purpose of meeting fraudulent objectives or the creation
of bogus websites and commission of cyber frauds are certain crimes that are extensively
dealt with by these two sections of IPC.
Section 419 carries a punishment up to 3 years of imprisonment or fine and Section 420
carries up to 7 years of imprisonment or fine.

Section 468 of IPC: If the offenses of email spoofing or the online forgery are committed for
the purpose of committing other serious offenses i.e cheating, Section 468 comes into the
picture which contains the punishment of seven years of imprisonment or fine or both.

Section 500 of IPC: This provision penalizes the defamation of any person. With respect to
cybercrimes, sending any kind of defamatory content or abusive messages through email will
be attracted by Section 500 of IPC. The imprisonment carried with this Section extends up to
2 years along with fine.

62
Cyber law.
Cyber law, also known as Internet Law or Cyber Law, is the part of the overall legal system
that is related to legal informatics and supervises the digital circulation of information,
e-commerce, software and information security. It is associated with legal informatics and
electronic elements, including information systems, computers, software, and hardware. It
covers many areas, such as access to and usage of the Internet, encompassing various
subtopics as well as freedom of expression, and online privacy.

Role of Cyber Laws

● Cyber Laws have an important role in representing and defining the norms of the
cyber society.
● Cyber Laws help in giving the right to enter into legally enforceable digital contracts.
● Cyber Laws help in maintaining the Cyber properties.
● Cyber Laws help in carrying on online business.
● Cyber Laws help in providing legal reorganization for Electronic documents and
Digital signature

63
Need of Cyber Laws
● In today's world of the internet and growing electronic means , many crimes and
problems are happening.
● To reduce / stop these , it is necessary to have some strict laws in order to protect
users' rights , property rights , copyright , data protection etc.
● The law in each nation depends upon their cultural , political , social and economical
factors.
● Complex legal issues arising leads to the need of cyber law .
● Different methods for regulating and controlling the electronic means.
● On internet, it is very easy to make the duplicacy of copies and transmit them
anywhere in the world by various means in few minutes. Internet has been described
as "the world's biggest copy machine" (PC week - January 27 , 1997).
● Cyberspace is absolutely open for participation by all. E.g. a 40 year old woman can
have a voice chat, video chat or a normal chat with a 20 year old guy even staying in
another country.
● Pirated movies, software source code worth billions, game crack and patch, can be
transferred across the globe in hardly a few hours.
● Cyberspace offers a never-seen-before economy, which means great economic
efficiency.
● Cyberspace handles huge traffic volumes every second.
● Spreading of pornographic material,threat via emails, Hacking of websites and
computers, different means through whichspoils an individual's fame and create
hatred amongst each other.
● Today everyone is using credit cards for shopping and transactions.
● Government forms, Company forms, Passport forms, Law forms , income tax returns
etc all are now filled in electronic form.
● All the internet users should protect their data online and ensure safety of their
personal information.
● Crime and technology walk in parallel to each other. The more the technology
advances the more crime can happen.
● Government can impose the created cyber laws whoever tries to do all such activities.
● The use of the internet has led to some criminal activities in cyberspace.
● Since it touches almost all aspects of transactions and activities concerning the
internet, the World Wide Web and cyberspace.

64
 UNIT 4: SYSTEM DEVELOPMENT MODEL

Systems development models

The activities that go into producing an information system solution to an organizational

problem or opportunity are called systems development. Systems development is a structured
kind of problem solved with distinct activities . These activities consist of systems analysis,
systems design, programming, testing, conversion, and maintenance.

➔ System analysis
Is the analysis of a problem that a firm tries to solve with an information system . It
consists of defining the problem , identifying its causes, specifying the solution,and
identifying the information requirements that must be met by a system solution.
➔ System design shows how the system is the overall plan or model for that system. It
consists of all the specifications that give the system to form and structure.
➔ Programming
➔ Testing
➔ Conversion
➔ maintenance
Process of prototyping
The process of developing a prototype consists of four steps. Because a prototype can be
developed quickly and inexpensively, systems builders can go through several iterations,
repeating steps 3 and 4, to refine and enhance the prototype before arriving at the final
operational one. Prototyping is especially useful in designing an information system’s user
interface. Because prototyping encourages intense end-user involvement throughout the
systems development process, it is more likely to produce systems that fulfill user
requirements

65
Step 1: Identify the user’s basic requirements. The system designer (usually an information
systems specialist) works with the user only long enough to capture the user’s basic
information needs.
Step 2: Develop an initial prototype. The system designer creates a working prototype
quickly, using tools for rapidly generating software.
Step 3: Use the prototype. The user is encouraged to work with the system to determine
whether the prototype meets his or her needs and to suggest improvements for the prototype.
Step 4: Revise and enhance the prototype. The system builder notes all changes the user
requests and refines the prototype accordingly. After the prototype has been revised, the
cycle returns to step 3. Steps 3 and 4 are repeated until the user is satisfied.

Prototype approach
Prototyping consists of building an experimental system rapidly and inexpensively for end
users to evaluate, and then revising the prototype based on user feedback. The prototype is a
working version of an information system or part of the system, but it is intended as only a
preliminary model. Users interact with the prototype to get a better idea of their information
requirements, refining the prototype multiple times. When the design is finalized, the
prototype will be converted to a polished production system.
● It is a working model
● When requirement are unknown or vague

Classical SDLC approach

It is very simple to understand and use. In a waterfall model, each phase must be completed
fully before the next phase can begin. This type of software development model is basically
used for the project which is small and there are no uncertain requirements. At the end of
each phase, a review takes place to determine if the project is on the right path and whether
or not to continue or discard the project. In this model software testing starts only after the
development is complete. In waterfall model phases do not overlap.

When to use the SDLC(Waterfall Model):

● This model is used only when the requirements are very well known, clear and fixed.
● Product definition is stable.
● Technology is understood.
● There are no ambiguous requirements.
● Ample resources with required expertise are available freely.
● The project is short.

66
 1. Investigation or Feasibility study/ Planning stage:
The planning stage (also called the feasibility stage) is exactly what it sounds like: the phase
in which developers will plan for the upcoming project. It helps to define the problem and
scope of any existing systems, as well as determine the objectives for their new systems.
By developing an effective outline for the upcoming development cycle, they'll theoretically
catch problems before they affect development. And help to secure the funding and resources
they need to make their plan happen.

2. Analysis Stage
The analysis stage includes gathering all the specific details required for a new system as
well as determining the first ideas for prototypes.
Developers may:
● Define any prototype system requirements
● Evaluate alternatives to existing prototypes
● Perform research and analysis to determine the needs of end-users
Furthermore, developers will often create a software requirement specification or SRS
document.

3. Design Stage
The design stage is a necessary precursor to the main developer stage.

67
Developers will first outline the details for the overall application, alongside specific aspects,
such as its:
● User interfaces
● System interfaces
● Network and network requirements
● Databases

4. Development Stage
The development stage is the part where developers actually write code and build the
application according to the earlier design documents and outlined specifications.
This is where Static Application Security Testing or SAST tools come into play.
Product program code is built per the design document specifications. In theory, all of the
prior planning and outlined should make the actual development phase relatively
straightforward.

5. Testing Stage

Now it must be tested to make sure that there aren’t any bugs and that the end-user
experience will not negatively be affected at any point. During the testing stage, developers
will go over their software with a fine-tooth comb, noting any bugs or defects that need to be
tracked, fixed, and later retested. It's important that the software overall ends up meeting the
quality standards that were previously defined in the SRS document.

6. Implementation and Integration Stage

After testing, the overall design for the software will come together. Different modules or
designs will be integrated into the primary source code through developer efforts, usually by
leveraging training environments to detect further errors or defects.
The information system will be integrated into its environment and eventually installed. After
passing this stage, the software is theoretically ready for market and may be provided to any
end-users.

7. Maintenance Stage
The SDLC doesn’t end when software reaches the market. Developers must now move into a
maintenance mode and begin practicing any activities required to handle issues reported by
end-users.
Furthermore, developers are responsible for implementing any changes that the software
might need after deployment. This can include handling residual bugs that were not able to
be patched before launch or resolving new issues that crop up due to user reports. Larger
systems may require longer maintenance stages compared to smaller systems.

68
Advantages of SDLC (Waterfall Model):

● This model is simple and easy to understand and use.

● It is easy to manage due to the rigidity of the model – each phase has specific
deliverables and a review process.
● In this model phases are processed and completed one at a time. Phases do not
overlap.
● Waterfall model works well for smaller projects where
● requirements are very well understood.

Disadvantages of SDLC(Waterfall Model):

● Once an application is in the testing stage, it is very difficult to go back and change
something that was not well-thought out in the concept stage.
● No working software is produced until late during the life cycle.
● High amounts of risk and uncertainty.
● Not a good model for complex and object-oriented projects.
● Poor model for long and ongoing projects.
● Not suitable for the projects where requirements are at a moderate to high risk of
changing.

Structured system analysis and design

Structured Systems Analysis and Design Method (SSADM), originally released as
methodology, is a systems approach to the analysis and design of information systems.
SSADM (Structured Systems Analysis & Design Method) is a widely-used computer
application development method in the UK, where its use is often specified as a requirement
for government computing projects.
SSADM divides an application development project into modules, stages, steps, and tasks,
and provides a framework for describing projects in a fashion suited to managing the project.
SSADM's objectives are to:

● Improve project management & control

● Make more effective use of experienced and inexperienced development staff
● Develop better quality systems
● Make projects resilient to the loss of staff
● Enable projects to be supported by computer-based tools such as computer-aided
software engineering systems
● Establish a framework for good communications between participants in a project

69
The three most important techniques that are used in SSADM are as follows:

Logical Data Modeling

The process of identifying, modeling and documenting the data requirements of the system
being designed. The result is a data model containing entities (things about which a business
needs to record information), attributes (facts about the entities) and relationships
(associations between the entities).
Data Flow Modeling
The process of identifying, modeling and documenting how data moves around an
information system. Data Flow Modeling examines processes (activities that transform data
from one form to another), data stores (the holding areas for data), external entities (what
sends data into a system or receives data from a system), and data flows (routes by which
data can flow).
Entity Event Modeling
A two-stranded process: Entity Behavior Modeling, identifying, modeling and documenting
the events that affect each entity and the sequence (or life history) in which these events
occur, and Event Modeling, designing for each event the process to coordinate entity life
histories.

System development process

The system development process, also known as the system development life cycle, is a term
used in the development of software where a set of methodical processes, activities, or
phases are used to develop and implement a system. With the rapid development and
constant evolution of systems technologies to date, different development processes have
been established and tried. Though each of these processes has been developed with a
specific design in mind, we will find that many of them share common tasks and are geared
towards the same goal.

Common System Development Steps

A software system seeks to solve a problem. The following steps are common to most
development processes and describe the general details of the steps taken to achieve this. The
steps are designed to develop a system characterized by quality and accuracy and one that
reflects the client's requirements.

1. Information Gathering
In this important step, the problems, objectives, and resources needed are outlined.
Participating stakeholders such as clients, developers, consultants, and end users come
together and engage in brainstorming. If the software is not brand new there will be less
information and data gathering and more focus on improvements.

70
2. Analysis
At this point, the end-user requirements have been clearly formulated. Feasibility studies
may be carried out to analyze the economic and technical impacts of the project. Information
on competitive products is also collected. Viability of the project is established and the
project is broken down into workable segments.

3. Design
With clearly defined workable segments, the system design is developed. Customer
requirements define the different elements of the system. Details on the functionality,
techniques, and logic of the process are formulated.

4. Implementation
This is the actual construction phase of the system. The logical part of the system is
formulated and the building of any hardware is accomplished. The programming language is
already decided and the codes are written.

5. Deployment
The logic of the system is completed and ready to be deployed with any accompanying
hardware. The customer's needs are vested and various installation procedures are carried
out. The time it takes for the system to actually go live will depend on its complexity.
End-user training is organized to ensure proper use of the system.

6. System Testing
The different workable parts of the system are brought together, making a whole integrated
system. Various inputs are collected, analyzed, and fed into the system. Real users may be
employed to carry out testing. The main aim of the testing phase is to ensure that the
customer's requirements are met and overall customer satisfaction achieved. No technical
expertise, knowledge of hardware or software are needed. Specialized personnel may be
brought in to conduct more in-depth and robust testing.

Tools and techniques of system design

1. STRUCTURE CHART
Structure chart – to show graphically
How the various program parts/modules of an information system are physically organized
hierarchically. How the modules communicate with each other through data couple (data
exchange) and flag (control/message). How the modules are related to each other in terms of
sequence, selection, and repetition

71
 2. DATA FLOW DIAGRAM (DFD)
A data flow diagram (DFD) maps out the flow of information for any process or system. It
uses defined symbols like rectangles, circles and arrows, plus short text labels, to show data
inputs, outputs, storage points and the routes between each destination. Data flowcharts can
range from simple, even hand- drawn process overviews, to in-depth, multi-level DFDs that
dig progressively deeper into how the data is handled.
A data flow diagram (DFD) maps out the flow of information for any process or system. It
uses defined symbols like rectangles, circles and arrows, plus short text labels, to show data
inputs, outputs, storage points and the routes between each destination. Data flowcharts can
range from simple, even hand- drawn process overviews, to in-depth, multi-level DFDs that
dig progressively deeper into how the data is handled.

72
Data structure
In computer science, a data structure is a particular way of organizing and storing data in a
computer so that it can be accessed and modified efficiently. More precisely, a data structure
is a collection of data values, the relationships among them, and the functions or operations
that can be applied to the data.
Data Structures are a specialized means of organizing and storing data in computers in such a
way that we can perform operations on the stored data more efficiently. Data structures have
a wide and diverse scope of usage across the fields of Computer Science and Software
Engineering.

Types of Data Structure

Basically, data structures are divided into two categories:

1. Linear data structure

2. Non-linear data structure

Linear data structures

In linear data structures, the elements are arranged in sequence one after the other. Since
elements are arranged in particular order, they are easy to implement.
However, when the complexity of the program increases, the linear data structures might not
be the best choice because of operational complexities.

a. Array Data Structure

In an array, elements in memory are arranged in continuous memory. All the elements of an
array are of the same type. And, the type of elements that can be stored in the form of arrays
is determined by the programming language

73
 b. Stack Data Structure
In stack data structure, elements are stored in the LIFO principle. That is, the last element
stored in a stack will be removed first.
It works just like a pile of plates where the last plate kept on the pile will be removed first.

c. Queue Data Structure

Unlike stack, the queue data structure works in the FIFO principle where the first element
stored in the queue will be removed first.
It works just like a queue of people in the ticket counter where first person on the queue will
get the ticket first

d. Linked List Data Structure

In linked list data structure, data elements are connected through a series of nodes. And, each
node contains the data items and address to the next node

Non linear data structures

Unlike linear data structures, elements in non-linear data structures are not in any sequence.
Instead they are arranged in a hierarchical manner where one element will be connected to
one or more elements.
Non-linear data structures are further divided into graph and tree based data
structures.

a. Graph Data Structure

In graph data structure, each node is called vertex and each vertex is
connected to other vertices through edges.

b. Trees Data Structure

Similar to a graph, a tree is also a collection of vertices and edges.
However, in tree data structure, there can only be one edge between two
vertices
.

System implementation success and failure

Many organizations use MIS successfully, others do not. Though the hardware and the
software is the latest and has appropriate technology, its use is more for the collection and

74
storage of data and its elementary processing. There are some factors which make the MIS a
success and some others, which make it a failure. These factors can be summarized as
follows:

Factors Contributing to Success

If a MIS is to be success then it should have all the features listed as follows:

1. The MIS is integrated into the managerial functions. It sets clear objectives to ensure
that the MIS focuses on the major issues of the business.
2. An appropriate information processing technology required to meet the data
processing and analysis needs of the users of the MIS is selected.
3. The MIS is oriented, defined and designed in terms of the user's requirements and its
operational viability is ensured.
4. The MIS is kept under continuous surveillance, so that its open system design is
modified according to the changing information needs.
5. MIS focuses on the results and goals, and highlights the factors and reasons for non
achievement.
6. MIS is not allowed to end up into an information generation mill avoiding the noise in
the information and the communication system.
7. The MIS recognizes that a manager is a human being and therefore, the systems must
consider all the human behavioral factors in the process of the management.
8. The MIS recognizes that the different information needs for different objectives must
be met with. The globalization of information in isolation from the different
objectives leads to too much information and information and its non-use.
9. The MIS is easy to operate and, therefore, the design of the MIS has such features
which make up a user-friendly design.
10. MIS recognizes that the information needs become obsolete and new needs emerge.
The MIS design, therefore, has a basic potential capability to quickly meet new needs
of information.
11. The MIS concentrates on developing the information support to manage critical
success factors. It concentrates on the mission critical applications serving the needs
of the top management.

Factors Contributing to Failures

Many times MIS is a failure. The common factors which are responsible for this are listed as
follows:

1. The MIS is conceived as a data processing and not as an information processing

system.

75
 2. The MIS does not provide that information which is needed by the managers but it
tends to provide the information generally the function calls for. The MIS then
becomes an impersonal system.
3. Underestimating the complexity in the business systems and not recognizing it in the
MIS design leads to problems in the successful implementation.
4. Adequate attention is not given to the quality control aspects of the inputs, the process
and the outputs leading to insufficient checks and controls in the MIS.
5. The MIS is developed without streamlining the transaction processing systems in the
organization.
6. Lack of training and appreciation that the users of the information and the generators
of the data are different, and they have to play an important responsible role in the
MIS.
7. The MIS does not meet certain critical and key factors of its users such as a response
to the query on the database, an inability to get the processing done in a particular
manner, lack of user-friendly system and the dependence on the system personnel.
8. A belief that the computerized MIS can solve all the management problems of
planning and control of the business.
9. Lack of administrative discipline in following the standardized systems and
procedures, wrong coding and deviating from the system specifications result in
incomplete and incorrect information.
10. The MIS does not give perfect information to all the users in the organization

Quality control of information system

Without accurate and timely information, quality control is impossible. Remedial action
requires an understanding of problems and their causes, just as improvement programs
require a baseline for measuring progress. Timeliness is important as well, for if information
is provided quickly enough, problems can be recognized and corrected before they recur a
second or third time. Data must also be in the right hands; otherwise, an acknowledged
problem may not be solved because authority is lacking or communication is inadequate.

Nowadays the quality control (quality assurance) department can spend incredibly large
amounts of time just collecting the test data they need in order to do their job. Collating and
analyzing the data is similarly very demanding in terms of how much human time can be
expended. Simplification and automation of the tasks of data collection, collation and
analysis is possible with a quality control information system introduction to emerging
technologies
A quality control information system should be capable of
(a) identifying the product quality problems
(b) determining the causes of these product quality problems

76
(c) helping to eliminate the causes
(d) monitoring the altered process.

Quality control information systems can be linked to higher level production control
computers to form a computer integrated manufacturing (CIM) network. Free movement of
data around a CIM network offers enormous flexibility and efficiency in the overall
manufacturing process, together with considerable savings in manpower.

Introduction to emerging technologies

An Introduction to Emerging Technology offers business and aspiring technical professionals
a streamlined course to learn the basic concepts of the most common emerging technologies
and their applied business applications.
Emerging technology is a term generally used to describe a new technology, but it may also
refer to the continuing development of an existing technology; it can have slightly different
meaning when used in different areas, such as media, business, science, or education. The
term commonly refers to technologies that are currently developing, or that are expected to
be available within the next five to ten years, and is usually reserved for technologies that are
creating, or are expected to create, significant social or economic effects.
Check out some of the biggest tech trends that have already started changing the world, and
won't be stopping for the foreseeable future.

Virtual Reality/Augmented Reality

Like the other items on this list, VR is becoming more popular as the costs associated with
the hardware and software continue to drop. Many of the current applications involve games
(see Pokémon Go) or adult entertainment, though as VR becomes more lifelike it will
become more valuable for other industries too.

Drones
Drones, or Unmanned Aerial Vehicles (UAVs), are finding employment in all sorts of
interesting careers. The process has accelerated since the FAA released regulations for drone
flight a few months ago.
The ability of drones to get things done cheaper, faster, and more efficiently has been
recognized. They can make deliveries, take account of agriculture and spray pesticide, cover
news events, and even provide wireless internet access.

Solar Panels
There's a lot going in the solar energy industry. Especially since the big news just last
December, when the World Economic Forum announced that solar and wind energy are now
competitive with fossil fuels.

77
It's now just as expensive to generate electricity with those renewable sources as it is with
coal.

The Internet-of-Things
The Internet-of-Things (IoT) refers to our increasingly-connected world of little devices and
gadgets – not just smartphones, but ovens, electrical outlets, door locks, even entire homes
(in some sense).

AI/Automation
As artificial intelligence gets better, we'll find digital assistants taking over more and more of
our daily tasks – and jobs as well.

While a full-fledged, human-level AI is still a long way away, we've been feeling the effects
of narrow AI for years. From driving us around at 65 mph to predicting the election of
Donald Trump, AI is gaining more and more traction.

3D Printing
3D printing, or additive manufacturing, will change the world. It's a cheap and
highly-customizable way to build all sorts of things, cheaper and with less waste.
We're learning to print with new materials for new purposes, and the applications are
sometimes surprising. Food is definitely the tastiest, like chocolate or even pizza. Then
there's clothing, which can be printed to your body's exact specifications.
It's getting to be that we can 3D print almost anything – cars, drones, guns (very
controversially), and even 3D printers themselves!

Wearable Tech
Tech is fashionable. Just take a look through the new Snapchat Spectacles, which record
10-second video clips to upload to Snapchat.
The ability to record everything we do, from our own perspective is just one aspect of
wearable tech.
It also includes the ability to augment ourselves, or provide specific services like Carnival's
Ocean Medallion program. The Ocean Medallions, small discs that can be worn as necklaces,
will give passengers the ability to unlock doors, buy food and drink, and find friends.

78
 UNIT 5: SECURING INFORMATION SYSTEM

Securing Information Systems

Businesses have an array of technologies for protecting their information resources. They
include tools for managing user identities , preventing unauthorized access to systems and
data , ensuring system availability, and ensuring software quality.

➔ Identity management and authentication :

Software automates the process of keeping track of all these users and their system
privileges, assigning each user a unique digital identity for accessing each system . It also
includes tools for authenticating users, protecting user identities and controlling access to
system resources.
Authentication refers to the ability to know that a person is who he or she claims to be.
Authentication is often established by using passwords known only to authorized users. An
end user uses a password to log on to a computer system and may also use passwords for
accessing specific systems and files.
New authentication technologies, such as tokens, smart cards, and biometric authentication,
overcome some of these problems.

➔ Firewalls, Intrusion Detection systems and Anti-malware software

Firewalls prevent unauthorized users from accessing private networks. A firewall is a
combination of hardware and software that controls the flow of incoming and outgoing
network traffic. It is generally placed between the organization’s private internal networks
and distrusted external networks, such as the Internet, although firewalls can also be used to
protect one part of a company’s network from the rest of the network
The firewall acts like a gatekeeper that examines each user’s credentials before it grants
access to a network. The firewall identifies names, IP addresses, applications, and other
characteristics of incoming traffic. It checks this information against the access rules that the
network administrator has programmed into the system.

79
Intrusion Detection Systems feature full-time monitoring tools placed at the most
vulnerable points or hot spots of corporate networks to detect and deter intruders continually.
The system generates an alarm if it finds a suspicious or anomalous event. Scanning software
looks for patterns indicative of known methods of computer attacks such as bad passwords,
checks to see whether important files have been removed or modified, and sends warnings of
vandalism or system administration errors. The intrusion detection tool can also be
customized to shut down a particularly sensitive part of a network if it receives unauthorized
traffic.

Anti-malware software prevents, detects, and removes malware, including computer

viruses, computer worms, Trojan horses, spyware, and adware. However, most anti-malware
software is effective only against malware already known when the software was written. To
remain effective, the software must be continually updated. Even then it is not always
effective because some malware can evade detection. Organizations need to use additional
malware detection tools for better protection.

Unified Threat Management Systems To help businesses reduce costs and improve
manageability, security vendors have combined into a single appliance or cloud service
various security tools, including firewalls, virtual private networks, intrusion detection
systems, and web content filtering and anti-spam software. These comprehensive security
management products are called unified threat management (UTM) systems. Leading UTM
vendors include Fortinent, Sophos, and Check Point, and networking vendors such as Cisco
Systems and Juniper Networks provide UTM capabilities in their products.

System Vulnerability and Abuse

Why system are vulnerable
When large amounts of data are stored in electronic form, they are vulnerable to many kinds
of threats. Through communications networks, information systems in different locations are

80
interconnected. The potential for unauthorized access or damage is not limited to a single
location but can occur at many access points in the network.

vulnerabilities exist at each layer and in the communications between the layers. Users at the
client layer can cause harm by introducing errors or by accessing systems without
authorization. It is possible to access data flowing over the Internet and other networks, steal
valuable data during transmission, or alter data without authorization. Radiation may disrupt
a network at various points as well. Intruders can launch denial-of-service attacks or
malicious software to disrupt the operation of websites. Those capable of penetrating
corporate systems can steal, destroy, or alter corporate data stored in databases or files

Wireless security challenges

Both Bluetooth and Wi-Fi networks are susceptible to hacking by eavesdroppers. Local area
networks (LANs)using the 802.11 standard can be easily penetrated by outsiders armed with
laptops, wireless cards, external antennae, and hacking software. Hackers use these tools to
detect unprotected networks, monitor network traffic, and, in some cases, gain access to the
Internet or to corporate networksWireless networks in many locations do not have basic
protections against war driving , in which eavesdroppers drive by buildings or park outside
and try to intercept wireless network traffic.

Intruders can use the information they have gleaned from a Wi-Fi network to set up rogue
access points on a different radio channel in a nearby physical location to force a Wi-Fi user
to associate with the rogue access point. Once this association occurs, hackers using the
rogue access point can capture the names and passwords of unsuspecting users.

Malicious software

81
Malicious software programs are referred to as malware and include a variety of threats such
as computer viruses, worms, and Trojan horses. It is estimated that 350,000 new malware
variants are discovered every day
A computer virus is a rogue software program that attaches itself to other software
programs or data files to be executed, usually without user knowledge or permission. Most
computer viruses deliver a payload. The payload may be relatively benign, such as
instructions to display a message or image, or it may be highly destructive— destroying
programs or data, clogging computer memory, reformatting a computer’s hard drive, or
causing programs to run improperly. Viruses typically spread from computer to computer
when humans take an action, such as sending an email attachment or copying an infected file.
Worms are independent computer programs that copy themselves from one computer to
other computers over a network. Unlike viruses, worms can operate on their own without
attaching to other computer program files and rely less on human behavior to spread rapidly
from computer to computer. Worms destroy data and programs as well as disrupt or even
halt the operation of computer networks. Worms and viruses are often spread over the
Internet from files of downloaded software; from files attached to email transmissions; from
compromised email messages, online ads, or instant messaging; and from public cloud data
storage services. Especially prevalent today are drive-by downloads , consisting of malware
that comes with a downloaded file that a user intentionally or unintentionally requests.
Many malware infections are Trojan horses. A Trojan horse is a software program that
appears to be benign but then does something other than expected. The Trojan horse is not
itself a virus because it does not replicate, but it is often a way for viruses or other malicious
code to be introduced into a computer system. The term Trojan horse is based on the huge
wooden horse the Greeks used to trick the Trojans into opening the gates to their fortified
city during the Trojan War
Some types of spyware also act as malicious software. These small programs install
themselves surreptitiously on computers to monitor user web-surfing activity and serve up
advertising. Thousands of forms of spyware have been documented. Many users find such
spyware annoying and an infringement on their privacy. Some forms of spyware are
especially nefarious. Keyloggers record every keystroke made on a computer to steal serial
numbers for software, to launch Internet attacks, to gain access to email accounts, to obtain
passwords to protected computer systems, or to pick up personal information such as credit
card or bank account numbers

Hackers and Cyber Vandalism

Hacking is the activity of identifying weaknesses in a computer system or a network to
exploit the security to gain access to personal data or business data. An example of computer
hacking can be: using a password cracking algorithm to gain access to a computer system.

82
A hacker is an individual who intends to gain unauthorized access to a computer system.
Hackers gain unauthorized access by finding weaknesses in the security protections websites
and computer systems employ. Hacker activities have broadened beyond mere system
intrusion to include theft of goods and information as well as system damage and
cybervandalism , the intentional disruption, defacement, or even destruction of a website or
corporate information system. Types of hacking
1. Phishing –
In this type of hacking, hackers intend to steal critical information of users like account
passwords, MasterCard details, etc. For example, hackers can make a replicating first website
for user interaction and can steal critical information.
2. Virus –
These are discharged by the hacker into the filters of the net website once they enter into it .
The purpose is to corrupt the information or resources on the net website.
3. UI redress –
In this technique, the hacker creates a pretend interface and once the user clicks with the
intent of progressing to a particular website, they are directed to a special website alone.
4. Cookie theft –
Hackers access the net website exploitation malicious codes and steal cookies that contain
tips, login passwords, etc. Getting access to your account then will do any factor besides your
account.
5. Malware-Injection Devices –
Cyber-criminals will use hardware to sneak malware onto your pc. you will have detected
infected USB sticks which can offer hackers remote access to your device as presently as
they are blocked into your pc.
6. Cracking Password –
Hackers will get your credentials through the style of mean, however, ordinarily, they’re
doing this through a follower known as key-logging.

Cyber vandalism
Cybervandalism is damage or destruction that takes place in digital form. Instead of keying
someone's car, cyber vandals may deface a website (such as Wikipedia), create malware that
damages electronic files or elements that interrupt its normal utilization, or remove a disk
drive to disable a computer system.
Unlike digital espionage, where the purpose is to steal and misuse data, digital vandalism
only seeks to damage, destroy, or disable data, computers, or networks. Cybervandalism can
impact businesses drastically, including the ability of your customers to access services as
well as financial loss or impact to your brand or reputation. In the next section, we'll
highlight some common forms of vandalism that cyber criminals may undertake.

83
Computer crime and Cyber Terrorism

Cybercrime, also called computer crime, the use of a computer as an instrument to further
illegal ends, such as committing fraud, trafficking in child pornography and intellec+tual
property, stealing identities, or violating privacy. Cybercrime, especially through the Internet,
has grown in importance as the computer has become central to commerce, entertainment,
and government.

Some list of Cyber Crimes are following;

1. Child Pornography OR Child sexually abusive material (CSAM): Child sexually

abusive material (CSAM) refers to a material containing sexual images in any form, of a
child who is abused or sexually exploited. Section 67 (B) of the IT Act states that “it is
punishable for publishing or transmitting of material depicting children in the sexually
explicit act, etc. in electronic form.

2. Cyber Bullying: A form of harassment or bullying inflicted through the use of electronic
or communication devices such as computers, mobile phones, laptops, etc

3. Cyber Stalking: Cyberstalking is the use of electronic communication by a person to

follow a person, or attempts to contact a person to foster personal interaction repeatedly
despite a clear indication of disinterest by such person; or monitoring the internet, email or
any other form of electronic communication commits the offense of stalking.

4. Cyber Grooming: Cyber Grooming is when a person builds an online relationship with a
young person and tricks or pressures him/ her into doing a sexual act.

5. Online Job Fraud: Online Job Fraud is an attempt to defraud people who are in need of
employment by giving them false hope/ promise of better employment with higher wages.

6. Phishing: Phishing is a type of fraud that involves stealing personal information such as
Customer ID, IPIN, Credit/Debit Card number, Card expiry date, CVV number, etc. through
emails that appear to be from a legitimate source.

7. Vishing: Vishing is an attempt where fraudsters try to seek personal information like
Customer ID, Net Banking password, ATM PIN, OTP, Card expiry date, CVV etc. through a
phone call.

8. Smishing: Smishing is a type of fraud that uses mobile phone text messages to lure
victims into calling back on a fraudulent phone number, visiting fraudulent websites or
downloading malicious content via phone or web.

84
9. Credit Card Fraud or Debit Card Fraud: Credit card (or debit card) fraud involves the
unauthorized use of another’s credit or debit card information for the purpose of purchases or
withdrawing funds from it.

10. Impersonation and identity theft: Impersonation and identity theft is an act of
fraudulently or dishonestly making use of the electronic signature, password or any other
unique identification feature of any other person

Cyber terrorism

Cyberterrorism is the convergence of cyberspace and terrorism. It refers to unlawful attacks

and threats of attacks against computers, networks and the information stored therein when
done to intimidate or coerce a government or its people in furtherance of political or social
objectives. Further, to qualify as cyberterrorism, an attack should result in violence against
persons or property, or at least cause enough harm to generate fear. Attacks that lead to death
or bodily injury, explosions, or severe economic loss would be examples. Serious attacks
against critical infrastructures could be acts of cyberterrorism, depending on their impact.
Attacks that disrupt nonessential services or that are mainly a costly nuisance would not.

Cyberterrorism can be also defined as the intentional use of computers, networks, and public
internet to cause destruction and harm for personal objectives. Experienced cyberterrorists,
who are very skilled in terms of hacking, can cause massive damage to government systems
and might leave a country in fear of further attacks. The objectives of such terrorists may be
political or ideological since this can be considered a form of terror

Cyberattacks can come in the form of viruses, malware, email phishing, social media fraud -
the spectrum of cyber threats is limitless. We are more interconnected than ever before, but
for all of the advantages, that connectivity leaves us vulnerable to the risks of fraud, theft,
abuse, and attack. Cybercrime can have wide-ranging impacts, at the individual, local, state,
and national levels.

Business values of security and control

Security and control have become a critical, although perhaps unappreciated, area of
information systems investment. The longer computer systems are down, the more serious
the consequences for the firm. With increasing reliance on the Internet and networked
systems, firms are more vulnerable than ever to disruption and harm.
Businesses must protect not only their own information assets but also those of customers,
employees, and business partners.
Firms face new legal obligations for electronic records management and document retention
as well as for privacy protection. Electronic records management (ERM) consists of policies,

85
procedures, and tools for managing the retention, destruction, and storage of electronic
records.
Security, control, and electronic records management have become essential for responding
to legal actions. Much of the evidence today for stock fraud, embezzlement, theft of company
trade secrets, computer crime, and many civil cases is in digital form. Legal cases today
increasingly rely on evidence represented as computer data stored on portable floppy disks,
CDs, and computer hard disk drives, as well as in email, instant messages, and e-commerce
transactions over the Internet. E-mail is currently the most common type of electronic
evidence.
An effective electronic document retention policy ensures that electronic documents, e-mail,
and other records are well organized, accessible, and neither retained too long nor discarded
too soon.

Firewalls
A Firewall is a network security device that monitors and filters incoming and outgoing
network traffic based on an organization’s previously established security policies. At its
most basic, a firewall is essentially the barrier that sits between a private internal network
and the public Internet. A firewall’s main purpose is to allow non-threatening traffic in and to
keep dangerous traffic out.
A Firewall is a necessary part of any security architecture and takes the guesswork out of
host level protections and entrusts them to your network security device. Firewalls, and
especially Next Generation Firewalls, focus on blocking malware and application-layer
attacks, along with an integrated intrusion prevention system (IPS), these Next Generation
Firewalls can react quickly and seamlessly to detect and react to outside attacks across the
whole network. They can set policies to better defend your network and carry out quick
assessments to detect invasive or suspicious activity, like malware, and shut it down.

Firewall Characteristics:
Major characteristics related to firewall protection are described below.

● Various protection levels

● Wireless network (Wi-fi) Protection
● Internet and network access
● Blockage against unauthorized access
● Protection against malware
● Provide access only to valid data packets
● Provision of different configurations
● Provision of numerous security policies
● Allowing to pass authorized traffic that fulfills a set of rules

86
 ● Firewall functions like an immune system for malware and unauthorized access;
therefore, it ensures a secure system and an OS.

Types of Firewalls
1. Packet filtering: A small amount of data is analyzed and distributed according to the
filter’s standards.
2. Proxy service: Network security system that protects while filtering messages at the
application layer.
3. Stateful inspection: Dynamic packet filtering that monitors active connections to
determine which network packets to allow through the Firewall.
4. Next Generation Firewall (NGFW): Deep packet inspection Firewall with
application-level inspection.

Intrusion
The definition of an intrusion is an unwelcome interruption or a situation where somewhere
private has an unwelcome visit or addition. When you are having a quiet nap in your
backyard and your neighbor's dog comes in uninvited and jumps all over you to wake you
up, this is an example of an intrusion.

Intrusion Detection System (IDS)

An Intrusion Detection System (IDS) is a monitoring system that detects suspicious activities
and generates alerts when they are detected. Based upon these alerts, a security operations
center (SOC) analyst or incident responder can investigate the issue and take the appropriate
actions to remediate the threat.

Detection Method of IDS Deployment

Beyond their deployment location, IDS solutions also differ in how they identify potential
intrusions:
Signature Detection: Signature-based IDS solutions use fingerprints of known threats to
identify them. Once malware or other malicious content has been identified, a signature is
generated and added to the list used by the IDS solution to test incoming content. This
enables an IDS to achieve a high threat detection rate with no false positives because all
alerts are generated based upon detection of known-malicious content. However, a
signature-based IDS is limited to detecting known threats and is blind to zero-day
vulnerabilities.
Anomaly Detection: Anomaly-based IDS solutions build a model of the “normal” behavior
of the protected system. All future behavior is compared to this model, and any anomalies are
labeled as potential threats and generate alerts. While this approach can detect novel or
zero-day threats, the difficulty of building an accurate model of “normal” behavior means

87
that these systems must balance false positives (incorrect alerts) with false negatives (missed
detections).
Hybrid Detection: A hybrid IDS uses both signature-based and anomaly-based detection.
This enables it to detect more potential attacks with a lower error rate than using either
system in isolation.

Antivirus software
An antivirus is a software program used to prevent, detect, and eliminate malware and
viruses. It works for all types of devices, such as desktop computers, laptops, smartphones,
and tablets. An antivirus usually runs in the background to provide real-time protection
without interfering with your browsing experience.
Many antivirus programs include additional features to keep your computer optimized and
resource consumption at a minimum.
The type of antivirus software you choose can have significant effects on your ability to
successfully stave off malware and protect yourself from threats. There are several crucial
features that you should look for in any antivirus solution before implementing it across your
system.
➢ Real-time Scanning
While all antivirus software is specifically designed to detect the presence of malware, not all
of them detect in the same way. Ineffective products force you to run a manual scan to
determine if any systems have been affected, while the best forms of software have dynamic
scanning features that are repeatedly checking your computer for the presence of malicious
entities. Without this feature, it’s much easier for something to infiltrate your computer and
begin causing damage before you even realize it.

➢ Automatic Updates
Updates are vital for all forms of software, but this is especially true when it comes to
antivirus. Because new types of malware are constantly being developed, antivirus software
needs frequent updates in order to track and contain new threats that didn’t even exist when it
was first installed. If you have to install updates manually, you might miss important new
protections and expose your system to infection, so always make sure your antivirus software
is capable of installing updates automatically and frequently.

➢ Protection for Multiple Apps

Threats exist across the entire spectrum of apps and services that you rely on for your
everyday tasks. From email clients to instant messenger platforms and certainly internet
browsers, harmful software can sneak into your system from a variety of different sources.
Antivirus programs need to protect multiple vulnerable apps from potential dangers,
otherwise you’re leaving your hardware dangerously exposed

88
 ➢ Auto-Clean
If the antivirus software immediately detects malicious software, why wouldn’t it delete the
code on the spot? Unfortunately, some solutions simply place the malware in a quarantine
zone upon detection, waiting for the user to log on and manually delete it. Since there’s no
reason to leave potentially harmful software on your system, you should choose a program
that utilizes an auto-clean feature to rid itself of viruses.

➢ Fights Against All Types of Malware

Between trojans, bots, spyware, viruses, etc., there are many different types of malware that
can harm your computer, and antivirus programs are sometimes designed only to target a
specific type of software. It’s better to go with a program that can comprehensively detect all
or almost all of the various forms that malware takes.

Securing Wireless Networks

What can you do to minimize the risks to your wireless network?
● Change default passwords. Most network devices, including wireless access points,
are pre-configured with default administrator passwords to simplify setup. These
default passwords are easily available to obtain online, and so provide only marginal
protection. Changing default passwords makes it harder for attackers to access a
device. Use and periodic changing of complex passwords is your first line of defense
in protecting your device.
● Restrict access. Only allow authorized users to access your network. Each piece of
hardware connected to a network has a media access control (MAC) address. You can
restrict access to your network by filtering these MAC addresses. Consult your user
documentation for specific information about enabling these features. You can also
utilize the “guest” account, which is a widely used feature on many wireless routers.
This feature allows you to grant wireless access to guests on a separate wireless
channel with a separate password, while maintaining the privacy of your primary
credentials.
● Encrypt the data on your network. Encrypting your wireless data prevents anyone
who might be able to access your network from viewing it. There are several
encryption protocols available to provide this protection. Wi-Fi Protected Access
(WPA), WPA2, and WPA3 encrypt information being transmitted between wireless
routers and wireless devices. WPA3 is currently the strongest encryption. WPA and
WPA2 are still available; however, it is advisable to use equipment that specifically
supports WPA3, as using the other protocols could leave your network open to
exploitation.

89
 ● Protect your Service Set Identifier (SSID). To prevent outsiders from easily
accessing your network, avoid publicizing your SSID. All Wi-Fi routers allow users
to protect their device’s SSID, which makes it more difficult for attackers to find a
network. At the very least, change your SSID to something unique. Leaving it as the
manufacturer’s default could allow a potential attacker to identify the type of router
and possibly exploit any known vulnerabilities.
● Install a firewall. Consider installing a firewall directly on your wireless devices (a
host-based firewall), as well as on your home network (a router- or modem-based
firewall). Attackers who can directly tap into your wireless network may be able to
circumvent your network firewall—a host-based firewall will add a layer of
protection to the data on your computer.
● Maintain antivirus software. Install antivirus software and keep your virus
definitions up to date. Many antivirus programs also have additional features that
detect or protect against spyware and adware .
● Use file sharing with caution. File sharing between devices should be disabled when
not needed. You should always choose to only allow file sharing over home or work
networks, never on public networks. You may want to consider creating a dedicated
directory for file sharing and restrict access to all other directories. In addition, you
should password protect anything you share. Never open an entire hard drive for file
sharing .
● Keep your access point software patched and up to date. The manufacturer of your
wireless access point will periodically release updates to and patches for a device’s
software and firmware. Be sure to check the manufacturer’s website regularly for any
updates or patches for your device.
● Check your internet provider’s or router manufacturer’s wireless security
options. Your internet service provider and router manufacturer may provide
information or resources to assist in securing your wireless network. Check the
customer support area of their websites for specific suggestions or instructions.
● Connect using a Virtual Private Network (VPN). Many companies and
organizations have a VPN. VPNs allow employees to connect securely to their
network when away from the office. VPNs encrypt connections at the sending and
receiving ends and keep out traffic that is not properly encrypted. If a VPN is
available to you, make sure you log onto it anytime you need to use a public wireless
access point.

Encryption and Public Key Infrastructure

90
Encryption is the process of transforming plain text or data into cipher text that cannot be
read by anyone other than the sender and the intended receiver. Data are encrypted by using a
secret numerical code, called an encryption key, that transforms plain data into cipher text.
The message must be decrypted by the receiver. Two methods for encrypting network traffic
on the web are SSL and S-HTTP.
Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), enable
client and server computers to manage encryption and decryption activities as they
communicate with each other during a secure web session.
Secure Hypertext Transfer Protocol (S-HTTP) is another protocol used for encrypting data
flowing over the Internet, but it is limited to individual messages, whereas SSL and TLS are
designed to establish a secure connection between two computers.

A more secure form of encryption called public key encryption uses two keys: one shared
(or public) and one totally private, To send and receive messages, communicators first create
separate pairs of private and public keys. The public key is kept in a directory, and the private
key must be kept secret. The sender encrypts a message with the recipient’s public key. On
receiving the message, the recipient uses his or her private key to decrypt it.

Digital certificates are data files used to establish the identity of users and electronic assets
for protection of online transactions. A digital certificate system uses a trusted third party,
known as a certificate authority (CA), to validate a user’s identity. The CA verifies a digital
certificate user’s identity offline. This information is put into a CA server, which generates
an encrypted digital certificate containing owner identification information and a copy of the
owner’s public key. The certificate authenticates that the public key belongs to the designated
owner .
for Eg:, a credit card user and a merchant to validate that their digital certificates were issued
by an authorized and trusted third party before they exchange data.

91
Ensuring System Availability
As companies increasingly rely on digital networks for revenue and operations, they need to
take additional steps to ensure that their systems and applications are always available. Firms
such as those in the airline and financial services industries with critical applications
requiring online transaction processing have traditionally used fault-tolerant computer
systems for many years to ensure 100 percent availability. In online transaction processing ,
transactions entered online are immediately processed by the computer. Multitudinous
changes to databases, reporting, and requests for information occur each instant.
Fault-tolerant computer systems contain redundant hardware, software, and power supply
components to deliver uninterrupted service, despite one or more components failing.
Fault-tolerant computers are able to detect hardware or software failures and automatically
switch to a backup capability. Components can be repaired without disruption to the
computer or downtime. Downtime refers to periods of time in which a system is not
operational.

Security Outsourcing
Many companies, especially small businesses, lack the resources or expertise to provide a
secure high-availability computing environment on their own. They can outsource many
security functions to managed security service providers (MSSPs) that monitor network
activity, manage firewalls, and perform vulnerability testing and antiviral and intrusion
detection. SecureWorks, AT&T, Verizon, IBM, and Symantec are leading providers of MSSP
services.

92
Security issues for cloud computing and the mobile digital platform
Although cloud computing and the emerging mobile digital platform have the potential to
deliver powerful benefits, they pose new challenges to system security and reliability. We
now describe some of these challenges and how they should be addressed.

Security in the Cloud

When processing takes place in the cloud, accountability and responsibility for protection of
sensitive data still reside with the company owning that data. Understanding how the cloud
computing provider organizes its services and manages the data is critical.
Cloud computing is highly distributed. Cloud applications reside in large remote data centers
and server farms that supply business services and data management for multiple corporate
clients. To save money and keep costs low, cloud computing providers often distribute work
to data centers around the globe where work can be accomplished most efficiently. When you
use the cloud, you may not know precisely where your data are being hosted

Securing Mobile Platforms

If mobile devices are performing many of the functions of computers, they need to be
secured like desktops and laptops against malware, theft, accidental loss, unauthorized
access, and hacking attempts. Mobile devices accessing corporate systems and data require
special protection. Companies should make sure that their corporate security policy includes
mobile devices, with additional details on how mobile devices should be supported,
protected, and used.
The organization’s mobile security policy should forbid employees from using unsecured,
consumer-based applications for transferring and storing corporate documents and files or
sending such documents and files to oneself by email without encryption. Companies should
encrypt communication whenever possible. All mobile device users should be required to use
the password feature found in every smartphone.

Prepared by Anna & Susu

93