2
FUNDAMENTALS OF
INFORMATION
SYSTEMS
INTRODUCTION
It is vital to understand the basic fundamentals of information systems.
These could be seen as the fabrics that comprise a complete Management
Information System. Information systems have a wide application in
many fields, especially in the business world. Data and information
form the core ingredients of all systems. These systems are designed to
collect raw data and information facts which are already structured in
a particular format and processed to make sense for the end user. Such
information undergoes various transformations before it finally reaches
the end where it can be used. There are many simplified versions of the
entire information system that often takes three steps of information
input, processing and feedback/output. This is the most basic view of an
information system, but when examined in detail, it comprises of many
sub-systems that help in its overall performance. The fundamentals of
information systems touch on the basic elements, resources, processes
and activities that constitute a system. In this chapter we shall examine
the core functions of a system by exploring its basic framework, types
20
Management Information Systems
of information systems widely used, information system resources and
activities.
BASIC FEATURES AND COMPONENTS OF A
SYSTEM
According to Firewall Media (2005) a system comprises of three major
activities that include the input of data, processing of that data and finally
provide feedback and output. The input process involves the assemblage
and feeding of primary data into the system. The processing aspect entails
the transformation of the raw data into useful versions or outputs. The
output process is the production of meaningful information that users
can find reliable. The feedback is general information captured from the
model that will be used to make modifications and improvements in the
processing and input activities. The only way managers can improve
their existing systems is by incorporating feedback information in future
design changes of the MIS.
Systems do not exist on their own they interact with humans in
an environment where other systems or sub-systems exist as well.
All systems exist and operate in environments with other systems. In
some instances, a system component of a bigger system may operate
within the environment of the main system and is often referred to as
a subsystem, Firewall Media (2005). However, there must be a way to
distinguish the extremes to which one system’s environment stretches
and the term system boundary is used to separate one system from others
within the environment. Users interact with systems at different levels.
The technical team may be interacting with the system at advanced
levels while the common user will interact with the interface. The system
interface is defined as a means by which several of the connected systems
within an environment by a common interface. Open systems exist
within the environment in a manner that they are connected with the
environment through inputs and outputs and interacts freely with other
systems. There is a rather peculiar characteristic of systems referred to
as adaptive systems, Shelly and Rosenblatt (2009). These systems have
the capability to transform, adjust and fit well into new environments and
can survive the harsh modifications.
Fundamentals of Information Systems
21
The most commonly used systems are computer based. These
systems use a range of tools to fully function and perform well. For
instance, these information systems use hardware, the internet, software,
telecommunication networks, computer databases etc. to process data
and deliver it in multiple formats and products that consumers and
business experts can easily use, Shelly and Rosenblatt (2009). On its
own, a system cannot function. It uses various resources to be able to
produce vast ranges of information products. Information systems use
the hardware and software components, data, networks and the human
resource to perform activities of data input, processing, information
output, storage and feedback processes that transform raw data into
useful information products, Firewall Media (2005). The raw material
collected must be in such a form that is suitable for processing where
they are transformed into various formats before they can be dispatched
to various destinations and storage centers.
Most of these processes require special human skills that need
quality training to guarantee efficiency in the data input, processing
and control activities, Shelly and Rosenblatt (2009). A MIS exhibits
the basic theoretical framework for the core elements and processes of
information systems. A complete information system must combine the
human resource together with the hardware, software, networks and data
to perform the functions of data input, processing, output, feedback and
storage activities that transform raw data into meaningful information
products, Shelly and Rosenblatt (2009). There are four major concepts
widely used in all kinds of information systems. The human resource is
among the most crucial element of an information system. These human
resources could include the final consumers of the information product or
the specialists who will use the information to make decisions.
The hardware resource includes the media and machines that together
comprise the information system. Most hardware resources interact with
both the end user in different forms including the computers they use to
access the systems. Software resources may sometimes be intangible but
have a certain effect on the user’s experience. For instance, software can
be installed in the system that humans use to do complex calculations.
Data resources comprise the knowledge centers and databases which
have rich data that can be manipulated to provide useful information.
22
Management Information Systems
Network resources are all the communication and media channels within
the system that enable data movement and communication within the
system. Data resources are altered by information processing functions
into a wide range of information products end users can rely on. (Firewall
Media, 2005)
INFORMATION SYSTEMS DIMENSIONS
To completely comprehend data frameworks, you should comprehend
the more extensive association, administration, and data technology
dimensions of frameworks (see Figure 1) and their ability to give answers
for difficulties and issues in the business environment. We talk about this
more extensive comprehension of data frameworks, which incorporates
a comprehension of the administration and organizational dimensions of
frameworks and in addition, the technical dimensions of frameworks,
as data frameworks literacy. PC literacy, interestingly, concentrates
principally on learning of data technology.
Figure 1: Understanding Information Systems
Fundamentals of Information Systems
23
The field of management information systems (MIS) tries to
accomplish this more extensive data frameworks literacy. MIS manages
behavioral problems and in addition technical problems encompassing
the advancement, utilization, and effect of data frameworks utilized by
directors and workers in the firm. Underneath will be inspected each
of Information Systems dimensions: Organizations, Management, and
Information Technology.
Organizations
Data frameworks are a necessary fragment of companies. Undoubtedly,
for a few organizations, for example, credit revealing firms, there
would be no business without a data framework. The key components
of an association are its staff, structure, business frameworks, politics,
and culture. Associations have a structure that is made out of various
levels and specialties. Their structures speak for an obvious division of
work. Authority and responsibility in a business firm are sorted out as
a line of progression, or a pyramid structure. The upper levels of the
chain of importance comprise of administrative, experts and specialized
representatives, while the lower levels comprise of operational work
force. Senior administration settles on long-extend vital choices about
items and administrations and guarantees budgetary execution of the
firm. Center administration, which deals with the projects and plans
of senior administration and operational administration, is in charge of
checking the day by day activities of the company. Learning specialists,
for example, engineers, scientists, or architects, outline items or benefits
and bring new information for the firm, while information workers,
for example, secretaries or representatives, help with planning and
correspondences at all levels of the firm. Generation or administration
workers are the ones who create the item and deal with delivering the
service (see Figure 2).
24
Management Information Systems
Figure 2: Levels in an Organization
Specialists are employed and prepared for various business functions.
The significant business functions, or specialized assignments performed
by business associations, include sales and advertising, assembling and
producing, finance and accounting, and HR. An association organizes
work through its order and through its business forms, which are related
errands and practices in order to finish the work. Building up another
item, satisfying a request, and contracting another representative are
cases of business forms. Most associations’ business forms incorporate
formal rules that have been produced over quite a while in order to fulfill
assignments. These guidelines direct representatives in an assortment of
methods, from handling an invoice to reacting to client protests. Some
of these business forms have been composed down, yet others are casual
work rehearses, for example, a need to return phone calls from colleagues
or clients, that are not formally archived. Data frameworks computerize
numerous business forms. For example, how a client gets credit or how
a client is charged is frequently controlled by a data framework that
incorporates an arrangement of formal business forms.
Fundamentals of Information Systems
25
Every association has a one of a kind culture, or basic arrangement
of hypotheses, qualities, and methods for getting things done, that has
been acknowledged by the vast majority of its individuals. You can see
organizational culture at work by checking out your college or school.
Some bedrock suppositions of college life are that educators know more
than the pupils, the reasons pupils go to school is to learn, and that
classes follow through a fixed schedule. Parts of an association’s way
of life can simply be discovered installed in its data frameworks. For
example, UPS’s doubt with setting administration to the client initially is
a part of its organizational culture that can be found in the organization’s
bundle following frameworks, which we portray later in this segment.
Distinctive levels and specialties in an association are the creators of
diverse interests and perspectives. These perspectives frequently strife
over how the organization ought to be run, and how assets and prizes
ought to be circulated. Conflict is the reason for organizational legislative
issues. Data frameworks are a part of this cauldron of contrasting points
of views, clashes, bargains, and understandings that are a characteristic
piece of all associations.
Management
Administration’s responsibility is to sort out the numerous problems
associations might have to endure, to take charge, and detail plans to
tackle organizational issues. Administrators see business challenges
in their workplace; they set the organizational system in order to react
to those difficulties; and they allocate the human and money related
assets to arrange the work and achievement progress. All through, they
should practice responsible leading skills. The business data frameworks
transmitted in this book the expectations, dreams, and substances of
certifiable administrators. In any case, chiefs must accomplish more than
to oversee what as of now exists. They should likewise make new items
and benefits and even make adjustments to the association every once in
a while. A key part of administration duty is innovative work driven by
new knowledge and data. Data technology can assume an intense part in
helping chiefs plan and convey new items and benefits and to change the
course of direction and redesigning their associations.
26
Management Information Systems
Information Technology
Data technology is one of many devices administrators use to adapt to
change. PC hardware is the physical gear utilized for input, processing,
and extraction exercises in a data framework. It is made of the
accompanying: PCs of different sizes and shapes (counting versatile
handheld devices); different information, extraction, and storage
gadgets; and media communications gadgets that connect PCs together.
PC programming includes the thought-out, preprogramed directions that
control and facilitate the PC equipment segments in a data framework.
Information administration technology includes the software representing
the management of information on physical capacity media. Networking
and telecommunications technology, including both physical gadgets and
programming, connects the different bits of equipment and exchanges
information starting with one physical area then onto the next. PCs and
correspondences hardware can be associated in systems for sharing voice,
information, pictures, sound, and videos. A system joins at least two PCs
to share information or assets, for example, a printer.
The world’s biggest and most generally utilized system is the Internet.
The Internet is a worldwide “system of systems” that utilizes widespread
benchmarks to connect a large number of various systems with more
than 1.4 billion clients in more than 230 nations around the globe. The
Internet has made another “all inclusive” innovation stage on which you
can create new items, administrations, systems, and business plans. This
same innovation stage has interior uses, giving the availability to connect
diverse frameworks and systems inside the firm. Inward corporate systems
based of Internet technology are called intranets. Private intranets reached
out to approved clients outside of the association are called extranets, and
firms utilize such systems to organize their activities with different firms
in order to buy, team up, and other inter-organizational work. For most
business firms today, utilizing Internet innovation is both a business need
and an upper hand.
The World Wide Web is an administration made possible by the Internet
that utilizes all around acknowledged standards for storage, extracting,
organizing, and showing data in a page format on the Internet. Website
pages contain content, illustrations, movements, sound, and videos and
are connected to other Web pages. By clicking on specific words or
buttons on a Web page, you can connect to related pages to discover
Fundamentals of Information Systems
27
more data and links to different areas on the Web. The Web can fill in as
the establishment for new sorts of data frameworks, for example, UPS’s
Web-based bundle tracking framework portrayed in the accompanying
Interactive Session. These advances, alongside the general population
made requests to run and oversee them, speak to assets that can be shared
all through the association and constitute the association’s information
technology (IT) foundation. The IT framework gives the establishment,
or stage, on which the firm can fabricate its particular data frameworks.
Every association should plan and deal with its IT framework so it has
the arrangement of technology administrations it requirements for the
work it needs to finish with data frameworks.
The Interactive Session on Technology portrays a portion of the
ordinary technologies utilized as a part of PC based data frameworks
today. UPS invests intensely in data frameworks technology to make its
business more productive and client-based. It utilizes a variety of data
technologies including bar code examining frameworks, wireless systems,
extensive centralized server PCs, handheld PCs, the Internet, and a wide
range of bits of programming for tracking bundles, computing expenses,
keeping up client accounts, and overseeing coordinations. How about we
distinguish the association, administration, and technology components in
the UPS bundle following framework we have depicted. The association
component anchors the bundle tracking framework in UPS’s deals and
creation works (the primary result of UPS is an administration—bundle
conveyance). It determines the required methodology for recognizing
bundles with both sender and recipient data, taking stock, following the
bundles in transit, and giving reports to UPS clients and client service
agents.
The framework should likewise give data to fulfill the necessities
of chiefs and laborers. UPS drivers should be prepared in both bundle
pickup and conveyance techniques and in how to utilize the bundle
following framework so they can work proficiently and successfully.
UPS clients may require some preparation to utilize UPS in-house
bundle following programming or the UPS Web webpage. UPS’s
administration is in charge of checking administration levels and costs
and for advancing the organization’s procedure of consolidating minimal
effort and prevalent administration. Administration chose to utilize PC
frameworks for the simplicity of sending a bundle utilizing UPS and of
28
Management Information Systems
checking its conveyance status, in this manner lessening conveyance
costs and expanding incomes. The technology supporting this framework
comprises of handheld PCs, standardized tag scanners, wired and wireless
interchanges systems, desktop PCs, UPS’s server farm, stockpiling
technology for the bundle conveyance information, UPS inhouse bundle
tracking programming, and programming to get to the World Wide Web.
The outcome is a data framework solution for the business test of giving
an abnormal state of service with low costs despite mounting rivalry.
INFORMATION SYSTEM RESOURCES
Information system resources are those core components that must be
present to facilitate the functioning of the system, Firewall Media (2005).
These resources are grouped into five categories to feature the human
resource, hardware resource, software resource, network resources and
data resources. Each resource delivers a special function to the system
but the human resource largely remains in control all the time. Some
special software or hardware resource may be needed for specific
purposes, since not all systems may utilize the exact kind of hardware
or software resources. The way a system is designed allows for all these
resources to interact seamlessly for the system to be efficient. A fault in
software resource will have significant implications to the whole system
just like a flaw in the network or data resource. All the resources are
equally important in the functioning of an information system and no
resource should be ignored or considered less important, Teresa (2008).
We shall examine each resource independently and expound a little bit
more on the human resource.
Hardware resources – This includes all the physical elements and
equipment used in the activities of information processing, Teresa
(2008). Most of the hardware resource is tangible and can be seen,
touched and even moved. More often, they are viewed in two different
forms as machines and the media. The machine aspect of the hardware
resource comprises of all the tangible devices that include the computers,
telecommunication devices, peripherals, etc. that form part of the
processing activity machines. The media on the other hand includes all
the physical devices where that data is recorded or stored and may include
flash disks, external hard disks etc., Teresa (2008). Since most information
systems in use are computer based, most examples of hardware resource
Fundamentals of Information Systems
29
are drawn from them. For the case of computer systems, we find that they
contain sophisticated central processing chips and microprocessors and
many interconnected nodes and devices. Different processor chips are
used for different computers. For example the processors of mainframe
computers could be different from those used in midrange computers
and micro-computer systems. Computer peripherals refer to those
external devices attached to the computer that aid in the input of data.
For example, the keyboard and mouse are commonly used for data input
and navigation respectively. The screen and printers are used to output or
display the information while U.S.B storage devices are used to securely
store generated information. Without computer peripherals, data input
cannot be done, Teresa (2008). This means that if there is a major fault in
the hardware resource, users are likely to be affected and thus the entire
system will function less effectively.
Software resources – comprise all the information processing
guidelines. These resources form the instructions used to process the
information to different forms. Software resources are commonly known
as programs in the enterprise organization and have the capabilities to
command and control the hardware resource, Teresa (2008). Moreover,
they also contain the important sets of procedures to use to manipulate
input data to the final information product. Some people may argue that
systems that don’t use computers must not necessarily have software, but
that is wrong. Almost all information systems have a software resource
element in the form of data processing whether manual or mechanical.
The software component facilitates the most important activity of data
processing which is the core reason of having an information system.
Even systems that were in use during the ancient times, they had some
unique software resource element that performed the core function of
data processing for that system. Without the software element, then the
system will act just like a channel for data to pass through. Software
resources are mandatory especially since they not only process input
data, but because they also command hardware, and control information
movement to intended parties, Teresa (2008). Some common features
of software resources include programs that command the computer to
perform a certain action, procedures that are a set of guidelines used by
users of the system to perform various activities, system software which
is an operating program that sends commands and controls the entire
30
Management Information Systems
functions of a computer, application software refers to programs used
to directly process some specific types of data to different formats and
procedures include the operating guidelines for the end users who will
interact with the system. (Teresa, 2008)
Data resources – is a very crucial resource that most people often
think regarding the raw material of various information systems. The data
resource concept has been developed and grown by management managers
and information system experts. To these individuals, data resource is
more than just the raw data or material but a very valuable resource that
requires careful management as the data fed into the system will deliver
results that the organization will use to make decisions. Therefore, any
staff or information expert that comes across the data resource must
handle it properly to ensure it benefits all users of the system within the
organization, Teresa (2008). Data can take various forms depending on
what they represent about the business. For instance conventional data
resources used to feature alphanumeric data that comprised both numbers
and the alphabets and other figures and symbols to present commercial
transactions and other business entities and activities. Also, text data that
features sentences and paragraphs that convey messages in written form,
image data that features graphic figures and shapes, and audio data that
comprises the human voice are also considered as important data forms,
Teresa (2008). Thus, the data resource can take many forms and must not
be predominantly numeric figures as thought by many. The data resource
in all systems is often categorized into two: databases and knowledge
bases. Databases hold a series of logically related files and documents.
The database work is to consolidate past records stored in a common
assemblage to guarantee a common access to all users. Knowledge bases
contain knowledge in diverse forms such a rules of reference, facts etc.
about various topics. Knowledge bases are used by management to
provide professional advice on specified topics. (Teresa, 2008)
Network resources – include the telecommunication networks such
as the internet that are essential in conveying various messages and
information throughout computer-based information systems, Teresa
(2008). These networks also include the intranets that work within
organizations and extranets that permit outside users to access information
within the organization. The network resource is a core ingredient
needed for the success of electronic and commercial operations in all
Fundamentals of Information Systems
31
kinds of organizations and their information systems. Without a network,
there is no way users at various end points of the organization can get
connected to the system and access vital information. These networks
comprise of various computers, communication equipment and devices
interconnected by a communication channel and controlled and managed
by communication software. This concept of network resource underlines
the importance of communication networks and views it as a fundamental
resource that an information system can do without, Teresa (2008). The
network resources include the communication media which includes
wireless satellite systems, cellular systems, fiber optic cables, coaxial
cable, twisted wires, etc. to influence the purpose of communication in the
system. Network support features the skills required to run and manage
these resources, the software used to control and operate the network and
data resources that play a direct support role in the use and operating of
a communication network in an information system.
Human resource – consists of all the parties involved in the operation
of the system, Teresa (2008). It specialists and end users are the commonly
spoken about human resources crucial for the success of MIS. The end
users or clients are those individuals who interact with the information
system in one way or another or use the information the system
generates. These end users could be accounting professionals, finance
experts, auditors, customers, clerks, or even managers who altogether
comprise the end users of an information system. Information system
experts are those individuals who develop and run the system. They are
generally referred to as information system specialists but in real sense
they include the programmers responsible for developing various codes
that the system is based, technical team who may be responsible for
the overall management of the system through monitoring to identify
problems, the managerial team responsible for management of the
system, the clerical and computer operators who directly interact with the
system for their day-to-day work, Teresa (2008). System experts design
an information system based on what information needs the end users’
demand. The end users, therefore, dictate the kind of information system
an organization develops that matches the services and products offered
by the organization. Programmers will then write programs and codes
based on the requirements the system experts specify. These specifications
are often what end users require the system to do for them presented
32
Management Information Systems
in a way that can be programmed and coded to fit into the information
system. Computer operators are responsible for operating large computer
systems and together with system experts they offer support functions to
the system to sustain its functionality, Teresa (2008).
Different Types of Human Resource Information Systems
The concept of human resources has evolved fast over the last two
decades with technology playing a key role in redefining and shaping
the human resource domain. Technology has been a key factor in major
restructuring of organization systems as the need for interoperability and
integration reigns on in various fields of application, Majumder (2016).
The human resource aspect has been changing fast as compared to other
resources of the information system. HRIS (human resource information
system) refers to clearly defined software programs that enable human
resource experts to organize and store information and data regarding the
employees. Employee information is critical to human resource managers
and thus the need for accurate measures to capture that information into
a system for immediate and future use, Majumder (2016). Different
organizations use unrelated HRIS to conduct daily employee management
tasks. Below is a deeper look into the four common HRIS employed by
most companies to help them manage their employees effectively. The
four systems include operational HRIS, Tactical HRIS, Strategic HRIS
and Comprehensive HRIS.
Operational HRIS
Operational HRIS is of great importance to human resource managers.
This system supplies these managers with all the necessary information
that is required to support the decision-making process regarding the dayto-day human resource functions and employee decisions, Majumder
(2016). These systems are specifically designed to collect different types
of human resource information and data. Employees being a core concern
of the human resource department, this kind of HRIS focus on specific
employee information such as current position and any government
regulations that may compromise the operations of the human resources,
Majumder (2016). There are three major sub-segments of the operational
HRIS and include employee information systems, position control
systems and performance managing information systems.
Fundamentals of Information Systems
33
Employee Information Systems– these form the main component of
the operational HRIS whereby the system must capture correctly and
store vital employee information. Managers are therefore required to keep
a clear track of their staff’s records and other important details regarding
both personal and professional aspects such as the name of the employee,
contact address, marital status, sex, education level, past experiences,
country of birth etc. These records are important as they help the human
resource department get a clear understanding of the kind of employees
they have in their organization. (Majumder, 2016)
Position Control Systems – these help organizations to define and
identify the various positions that exist within the organization. This
may include identifying the job title within the classification of position,
the number of employees signed to that specific position, etc. This way,
human resource managers can identify the current positions that have
been filled and those that exist within the organization. (Majumder, 2016)
Performance Managing Information Systems – these mainly comprise
of employee productivity information as well as appraisal data based
on individual performance. This system allows managers to evaluate
the performance of individual employees to help make decisions about
promotions or termination, Majumder (2016). Moreover, this system
provides a platform that employees can use to air their grievances to the
management. During grievances hearings, the appraisal and productivity
data captured must be accurate in the way it was determined, how the
performance was measured and collected so that it can form a fair
basis for grievance solving. These systems not only provide decisions
for promoting, retaining or terminating employees, but also identify
the common areas of weaknesses that most employees show within the
organization.
Tactical HRIS
Tactical HRIS deliver the necessary decision support functions that
managers utilize to make key decisions, Majumder (2016). The support
focuses on ensuring resources are efficiently allocated. In the human
resource discipline, Tactical HRIS plays a crucial role during recruitment
decisions, product design decisions, job analysis, training, compensation
schemes and employee development. Some key decisions regarding
recruitment of top executives also depend on Tactical HRIS. This human
34
Management Information Systems
resource system is further sub-divided into specialized systems for
carrying out certain tasks.
Information Design and Job Analysis System – These are fed with
data from supervisors and employees and sometimes from affirmative
employment principles. External information from relevant authorities and
bodies such as labor unions are also permitted as well as those originating
from market competition and federal requirements. (Majumder, 2016)
Employment recruiting Systems – Organizations have to design
recruitment plans to enable them to handle the recruitment process
well, Majumder (2016). These systems are specially designed to direct
the activities of recruitment and the development of a solid plan. The
plan must update the organization about vacant positions, address the
necessary skills that every job demands, the necessary experience and the
requirements the position requires, etc. For such a plan to run smoothly
within an organization, an efficient information system must be created
to aid in the functioning and management of that plan. An information
system plays the role of streamlining the process ensuring that the
recruiting activities are executed appropriately. (Majumder, 2016)
Compensation Systems – records must be kept well and for a long
time to guarantee proper calculation and determination of how much
compensation each employee is likely to benefit. Such key decisions
require particular information systems designed to fulfill the compensation
and benefits plans. Compensation also plays a vital role in enhancing the
general productivity of the business. (Majumder, 2016)
Staff Training systems – Tactical HRIS is needed in the development
and training of employees. These information systems direct the activities
of employee training and development packages to the staff that will
most benefit from the development programs. (Majumder, 2016)
Strategic HRIS
This type of human resource information system emphasizes on the
support of employee labor unions, staff planning and union negotiations.
Strategic HRIS tends to focus on employee welfare and planning and
utilizes specialized human resource programs. The core concept of
strategic HRIS is to ensure there is a wholesome understanding of the
overall well-being of the human resource and how effective the workforce
Fundamentals of Information Systems
35
is organized. Most organizations use this kind of information systems
to remain relevant with union demands and regulations. Examples of
strategic HRIS include those supporting staff planning and specialized
HRIS software. (Majumder, 2016)
Information systems for staff planning – workforce planning is a
critical business concept especially when venturing into new markets. A
comprehensive study needs to be conducted and analyzed to determine
the quality and quantity of the workforce and resources needed to achieve
such long-term plans. Crucial information regarding the products and
the new markets will guide the management in determining how well to
allocate the human resources to achieve future objectives. These systems
are developed to aid management to satisfy that need. (Majumder, 2016)
Specialized HRIS software – Today’s market is identified with
hundreds if not thousands of specialized human resources software
brands. The market has a lot of software specifically developed to support
proper performance of the human resources. This software developed
solely for the function of supporting the human resource are either
comprehensive HRIS software or limited-edition packages which offer
limited functionality capable of supporting a given portion of the human
resources. (Majumder, 2016)
Comprehensive HRIS
The digitization of HRIS has led to the development of a unified
database of the human resources where multiple files are kept, Majumder
(2016). Sensitive employee information files about skills, position,
qualifications, etc. can be found in these systems. Other files likely to be
kept in comprehensive HRIS database would be skills files, affirmative
principles, job analysis reports, appraisal files, occupational health
files, and many more human resource related files. These databases are
designed in well-coordinated management systems and information
systems software that ensures any user can retrieve reports from any
specific time in the past. Such systems require some level of programming
to allow quick retrieval and analysis of data contained in individual files,
Majumder (2016). HRIS is a concept that was developed to support the
human resource function to operate in simpler ways. The implementation
of HRIS has risen in the recent times owing to the plethora of benefits
36
Management Information Systems
it provides for the organization. Additionally, its diverse use has helped
organizations make quality decisions based on analysis reports from the
information system.
INFORMATION SYSTEM ACTIVITIES
There are five major system activities known for processing raw data into
various information products. These activities occur at different levels
of the information system and are sequential in nature. The first activity
includes data input which occurs in different forms, then the activity of
data processing into useful outputs follows, the third activity includes
the various information products produced as output, data storage and
finally the control and improvement of information system performance,
Escalona, et al., (2014). Successful systems are capable of providing
feedback at every activity stage to enable the management to carry
out effective performance control. Feedback aids the analysis team to
evaluate the performance of the system to establish whether the system
is performing as per the standards. This step is necessary as it helps top
managers examine the effectiveness of the information system and give
them an opportunity to adjust the system’s performance accordingly
to match the standards of the end users. Moreover, system evaluation
enables the management to ascertain whether the information fed into
the system is valuable and whether the information product outputs have
the features anticipated by the users, Escalona, et al., (2014). Changes are
very important in information system especially when dealing with data
input. The input process must be optimized to function correctly to avoid
feeding the system with irrelevant data.
Input of Data activity – The input function captures various
organization data that must be evaluated to help in running the enterprise,
Escalona, et al., (2014). The input function often involves data entry
processes such as editing of information or recording. The user inputs
data in different forms manually by pen and paper or through digital
platforms such as the computer. There are different kinds of transactional
and operational information input into the system. A lot of editing tasks
are common during this phase to allow correction of any information
that might not have been entered correctly. The next thing users have
to input data, which could be processed immediately during the next
activity or stored until needed for processing or further analysis. For
Fundamentals of Information Systems
37
instance, a retailer can quickly input sales transaction information on
source files such as sales order documents which capture the original
form of the record of a business deal. Also, retailers can use computers to
capture information about business transactions. Other technologies such
as optical scanning can also be used to input the data directly through
video displays, Escalona, et al., (2014). Retailers or end users must,
therefore, be provided with a detailed user interface that permits more
than just input and output activities, but offers a few convenient features
to capture data effectively. Advanced solutions such as optical scanning,
video displays and prompts allow users to be efficient in entering the
correct data into the system. These devices need to be more flexible and
have convenient interfaces that allow users to capture data in its original
and correct format. Input activities may vary depending on the type and
size of an organization and the nature of information the system handles.
Common input activities in most organizations include the data fed from
web inputs, e-commerce data queries, consumer responses, supplier
data, employee information, etc. Once this kind of data finds its way into
the system, it can be processed further immediately or stored in storage
devices to be processed later. (Escalona, et al., 2014)
Processing activities – Processing activities occur when computers
execute one or more programs that are part of the business electronic
software platforms, Escalona, et al., (2014). Data will be manipulated in
some ways including computing, comparing, analyzing, organizing etc.
The data fed is transformed into various output forms that will suit the
needs of the end consumer. While systems continually receive updates
on a regular basis, the emphasis on quality is essential; to guarantee a
solid input of quality data that will provide reliable information products
for business decision-making purposes. Maintaining the quality of data
fed into the information system is an important practice that enables
organizations to develop high-quality information products. Therefore
updating activities must be encouraged and must be designed to improve
the efficiency of the system, Escalona, et al., (2014). For instance data
on sales can undergo diverse manipulation once in the system. It may be
used to calculate the annual sales reports, measured against a standard to
calculate the most appropriate discounts, analyzed and sorted in logical
ways, classified into various categories and finally evaluated to deliver
meaningful insights to the management regarding various aspects of the
38
Management Information Systems
business performance. Such information can be kept to be used to update
sales files even in the future or as a point of reference.
Output activities – Mainly involve the display of the information in
both digital and print media. This is how the information is displayed to
the end user in formats that can be used for various business activities.
This information I made available to the end users in diverse output
formats. The main aim of the information system is to manipulate raw
data into valuable products of information. End users benefit from output
activities as they interact with many types of data reports that they can
further process to get clearer results on any business activity, Escalona,
et al., (2014). Efficient systems must optimize their output activities to
offer a range of information products in diverse formats. For instance
comparison; data may be presented in the form of charts and graphs or
side-by-side list comparison. The aim is to provide users with different
versions of the information so that they can select the most suitable as per
their needs. Modern systems are fitted with various processing formats
that output files as graphic images, paper print, multimedia options,
audio formats, video displays, messages, reports, and forms. Managers
can quickly check through a video display to assess the performance of
the employees, receive a visual message or a routine print out containing
business activity reports. (Escalona, et al., 2014)
Storage activities – These activities occur whenever data input into
the system is kept and handled in storage mediums such as files and
databases where it can be retrieved for later use, MBA Knowledge Base
(2017). Storage is a fundamental aspect of all systems since information
needs to be stored even after being processed. Storage activities have
evolved since the early forms that did not offer much flexibility. Today’s
systems allow users to store information in organized formats that
facilitate easy retrieval for later use. Moreover, the files can be stored
in different formats depending on the future needs of that information.
Systems cannot function efficiently without a storage function. Instead,
they will have to process data and use the results immediately since the
systems will not be keeping any of that information. The concept of
storage serves one major purpose of organizing and keeping information
for later use. Information about monthly sales could be kept even for years
and still be used to determine the growth in sales over the years. Such
calculations are only possible when there is some storage activity in an
Fundamentals of Information Systems
39
information system. Storage allows users to plan their work accordingly
as they can refer to stored reports anytime to make business decisions.
(MBA Knowledge Base, 2017)
Control activities – Include the security measures put in place to protect
business information and stored records in databases. Users, therefore,
use passwords and other authentication tools to access information in
the business information systems, MBA Knowledge Base (2017). The
businesses must provide clear parties such as consumers, suppliers, and
employees to have access to such company information. Performance
control is an important activity in information systems. Businesses
must always be prepared to control their functions and maintain them
at optimum levels. Each system must provide feedback to the managers
to enable them to make necessary improvements that aids in the overall
performance of the system. Feedback provided should be measured
against set standards to ascertain whether the system is performing well.
Without a proper evaluation model, managers could not know how their
systems are performing which is important especially in determining
areas of modifications. Any differences detected must be corrected to
improve the efficiency of the system. The work of feedback is generally
to help managers improve the entire performance of the system starting
from input to storage activities. Feedback is very crucial at rectifying
system anomalies. For instance, if reports on total sales do not add up,
the input or processing activities may be revisited to determine where the
problem exists. (MBA Knowledge Base, 2017)
TYPES OF INFORMATION SYSTEMS
We have various types of information systems used by different
organizations. However, all these systems fall into two broad categories,
Firewall Media (2005). They can either be management support
information systems of operations support information systems. These
two broad categories feature minor systems that are tasked with specific
organizational functions. For instance, under the operations support
information systems we have process control systems, enterprise
collaborations information systems and transaction processing systems
(TPS), Firewall Media (2005).
40
Management Information Systems
Source: Firewall Media, 2005
Figure 3: Types of management information systems
The broad management information systems include executive
information systems (EIS), decision support systems (DSS) and
management information systems. Different organizations use different
systems and sub-systems that together combine efforts to create a
wholesome organization information system. The figure above illustrates
the types of information systems.
Operations Support Systems
These systems handle data that is generated and consumed by the
business itself. Operations support systems (OSS) produce vast amounts
of unrelated date for use both within and outside the organization,
Davoren (2017). These systems do not provide specific or particular
information managers may want for key decisions since the information
these systems provide could demand additional analysis and evaluation
to be fit for use by management. OSS are developed to manage business
transactions, manage business processes, support company collaboration
and communication efforts and update business databases.
Fundamentals of Information Systems
41
TPS – Transaction Processing Systems serve the fundamental
operational functions of a business entity, Davoren (2017). These systems
record and perform daily business transactions for running the business.
At this operational level, processes and tasks are highly structured
and predefined. Each action has a predetermined criterion to follow.
For instance, low-level managers may be called upon to handle client
complaints regarding specific issues but will do so in predetermined
ways. The measures put in place will first evaluate whether the customer
concern meets a certain preset criterion. These systems are mainly fed
with data originating from transaction activities such as sales, inventory,
etc. TPS offer two basic kinds of processes: Batch processing where
transaction data is stored for a certain amount of time and then processed
following regular intervals and Online or Real-time processing where the
data input into the system is processed instantly and not accumulated,
Davoren (2017).
PCS - Process control systems use computers with software
programs that monitor and control all current activities going on within
an organization. The software programs have built-in capabilities that
allow them to make decisions that automatically alter or modify the entire
information production process. Petroleum refineries use such systems to
control and coordinate all the activities involved in crude oil processing.
Additionally, most assembly lines use automated process control systems
to manage all the numerous activities involved.
ECS – Enterprise Collaboration Systems feature various innovative
solutions that enhance employee collaboration within the workplace.
These systems allow employees to collaborate and share ideas, share
the available resources efficiently, and coordinate work efforts among
members of special teams and groups, Bates (2012). These systems
are specifically designed to harmonize employee efforts within an
organization and enhance collaboration with the aim of improving
productivity and efficiency. This means collectively pooling together
teamwork and employee efforts to achieve the common objective of the
business. ECS are vital in elevating business performance, optimizing
resource allocation and collaboration efficiency.
42
Management Information Systems
Management Support Systems
These systems focus on providing support and information functions
to enable managers make informed decisions, Bates (2012). MSS
supports the decision making process by providing useful tools that
top management needs to make decisions. These systems are useful to
executive management, middle management and junior-level managers
alike. These systems are unique in the sense that they are destined to
serve key management functions of the organization by delivering
performance reports regarding the business. MIS are predominantly
focused on the internal environment of the business and offer less support
to the external environments, Bates (2012). These systems are used for
planning, decision-making processes and controlling at the management
ranks. Most of the data used by MSS originates from the operational and
transactional information systems in the organization. There are various
systems developed to aid management and they include, decision support
systems (DCC), management information systems (MIS) and executive
management systems (EIS).
MIS – management information systems supports the day-to-day
decision making processes across the organization by providing managers
with the necessary instruments for making decisions. Managers are often
provided with complete reports that can be published on demand, after
specific time intervals or whenever it is appropriate to establish such
reports. (Bates, 2012)
DSS - decision support systems serve the managerial ranks of the
organization. Their core function is to enable managers make critical
decisions that are urgent, unique and quickly changing, Bates (2012).
These help find solutions to problems whose solution criteria have not
been developed in advance. DSS depends on information from TPS,
MIS and external sources such as prices of products, stock prices, etc.
DSS serves the managerial levels with information needed for specific
purposes only. Managers can generate the kind of data and information
they need from the system to use for specific unstructured decisions that
are crucial for the business. These decisions rely on specialized models
and databases to support the process of end user decision making. (Bates,
2012)
Fundamentals of Information Systems
43
EIS – executive information or support systems are used by top
managers to make decisions for the business, Bates (2012). These
systems are developed to address unprecedented problems that have
no structured way of handling. They are effective in making irregular
decisions that demand careful judgment, analysis and insights. The lack
of proper mechanisms to handle such decisions pushes top management
to gather specific information from the system that they use to determine
a solution. Executive support systems develop appropriate conditions for
computing and collaboration to arrive at solutions for difficult problems
rather than providing a criterion to use for identifying the solutions.
These systems are developed to capture external data that is subject to
change any time, for instance new tax laws, competitor analysis reports,
market changes, etc. ESS enables both top and lower level managers with
powerful tools they can use to come up with decisions regarding urgent
and non-routine problems (Bates, 2012).
CONTEMPORARY APPROACHES TO
INFORMATION SYSTEMS
The study of management information systems (MIS) emerged to
concentrate on the utilization of PC based data frameworks in business
firms and government offices. MIS joins software engineering,
administration science, and operations study with a useful orientation
toward creating framework answers for certifiable issues and overseeing
data technology assets. It is likewise in charge of behavioral issues
encompassing the improvement, utilization, and effect of data
frameworks, which are regularly talked about in the fields of humanism,
financial matters, and psychology. One of the perspectives received is the
sociotechnical perspective of frameworks.
In this view, ideal authoritative execution is accomplished by
mutually streamlining both the social and technical frameworks utilized
as a part of production. Embracing a sociotechnical frameworks point
of view aids to steer from an absolutely technological way to deal
with data frameworks. For example, the way that data technology is
quickly declining in cost and developing in control does not really or
effectively convert into profitability improvement or primary concern
benefits. The way that a firm has as of late introduced an undertaking
44
Management Information Systems
of monetary reporting framework does not really imply that it will be
utilized, or utilized adequately. Similarly, the way that a firm has as of
late presented new business techniques and procedures does not really
mean representatives will be more gainful without investment in new
data frameworks to empower those procedures.
Now and then, the innovation must be “de-streamlined” to achieve
this fit. For example, cell phone clients adjust this technology to their
own needs, and accordingly producers rapidly try to alter the technology
to comply with client desires. Associations and people should likewise be
changed through training, learning, and arranged authoritative changes
to enable the technology to work and thrive. Figure 4 delineates this
procedure of common change in a sociotechnical framework.
Figure 4: Socio-Technical Perspective
The study of data frameworks is a multidisciplinary field. No single
hypothesis or viewpoint overpowers. Figure 5 outlines the significant
orders that contribute issues, problems, and arrangements in the study
of data frameworks. As a rule, the field can be parted into technical
and behavioral methodologies. Data frameworks are sociotechnical
frameworks. Despite the fact that they are made out of machines,
gadgets, and “hard” physical technology, they require considerable
social, organizational, and scholarly investments to influence them to
work legitimately.
Fundamentals of Information Systems
45
Figure 5: Approaches to Information Systems
Technical Approach
The technical way to deal with data frameworks underscores
mathematically based models to contemplate data frameworks, and
additionally the physical innovation and formal capacities of these
frameworks. The orders that add to the technical approach are software
engineering, administration science, and operations research. Software
engineering is on edge about setting up speculations of processability,
techniques for calculation, and strategies for proficient information
stockpiling and access. Administration science stresses the improvement
of models for basic leadership and administration rehearses. Operations
inquiry centers on scientific procedures for upgrading chosen parameters
of associations, for example, transportation, stock control, and exchange
costs.
Behavioral Approach
A focal part of the data frameworks field is worried about behavioral issues
that emerge in the improvement and long haul upkeep of data frameworks.
Issues, for example like, key business combination, outlining, usage,
implementation, and administration can’t be investigated usefully with
the models utilized as a part of the technical approach. Other behavioral
46
Management Information Systems
orders contribute vital ideas and strategies. For example, sociologists
think about data frameworks with an eye toward how gatherings and
associations shape the technology of frameworks and furthermore how
frameworks influence people, gatherings, and associations. Clinicians
think about data frameworks with an enthusiasm for how human chiefs
see and utilize formal data. Business analysts consider data frameworks
with an enthusiasm for understanding the creation of digital products, the
flow of computerized markets, and how new data frameworks change
the control and cost structures inside the firm. The behavioral approach
does not overlook technology. Without a doubt, data frameworks
innovation is regularly the jolt for a behavioral issue or issue. Be that
as it may, the concentration of this approach is by and large not on
technical arrangements. Rather, it focuses on changes in states of mind,
administration and authoritative approaches, and conduct.
SECURING INFORMATION SYSTEMS
At the point when a lot of information are put away in electronic shape,
they are defenseless against numerous sorts of dangers than when they
existed in manual frame. Through interchanges systems, data frameworks
in various areas are interconnected. The potential for unapproved access,
mishandle, or extortion is not restricted to a solitary area but rather it can
happen at any entrance point in the system. Figure 6 represents the most
widely recognized dangers against contemporary data frameworks. They
can come from technical, authoritative, and natural variables aggravated
by poor administration choices. In the multi-level customer/server
figuring condition represented here, vulnerabilities exist at each layer
and in the interchanges between the layers. Clients at the customer layer
can cause damage by presenting blunders or by getting to frameworks
without approval. It is conceivable to get to information streaming
over systems, take important information amid transmission, or adjust
messages without approval. Radiation may cause problems to a system
at different focuses also. Interlopers can dispatch denial of administration
assaults or noxious programming to disrupt the operation of Web sites.
Those fit for entering corporate frameworks can pulverize or adjust
corporate information put away in databases or records.
Fundamentals of Information Systems
47
Figure 6: Security Challenges and Vulnerabilities
Frameworks breakdown if PC hardware breaks, is not designed
appropriately, or is harmed by dishonorable utilization or criminal acts.
Mistakes in programming, dishonorable establishment, or unapproved
changes make PC programming fall flat. Power failures, surges, fires, or
other catastrophic events can likewise disturb PC frameworks. Household
or seaward collaborating with another organization adds to framework
helplessness if profitable data lives on systems and PCs outside the
association’s control. Without solid protections, profitable information
could be lost, obliterated, or could fall into the wrong hands, uncovering
vital prized formulas or data that damages individual security.
The fame of handheld cell phones for business figuring adds to
these hardships. Portability makes mobile phones, smartphones, and
tablet PCs simple to lose or take. Cell phones share an indistinguishable
security shortcoming from other Internet gadgets, and are defenseless
against vindictive programming and infiltration from outcasts. In 2009,
security specialists recognized 30 security blemishes in programming
and working frameworks of cell phones made by Apple, Nokia, and
BlackBerry producer Research in Motion. Indeed, even the applications
that have been exclusively produced for cell phones are equipped for
transforming into rebel programming. For instance, in December
2009, Google pulled many versatile money tracking applications from
its Android Market since they could have been wired to catch clients’
banking credentials. Cell phones utilized by corporate officials may
contain touchy information, for example, deals figures, client names,
48
Management Information Systems
telephone numbers, and email addresses. Gatecrashers might have the
capacity to get to inward corporate systems through these gadgets.
Internet Vulnerabilities
Extensive open systems, for example, the Internet, are more powerless
than interior systems since they are for all intents and purposes open to
anybody. The Internet is huge to the point that when mishandle does
happen, they can have an immensely massive impact. At the point
when the Internet turns out to be a part of the corporate system, the
association’s data frameworks are considerably more defenseless against
activities from outcasts. PCs that are continually associated with the
Internet by link modems or digital subscriber line (DSL) lines are more
open to infiltration by outcasts since they utilize fixed Internet address
to where they can be effectively recognized. (With dial-up benefit, an
impermanent Internet address is doled out for every session.) A fixed
Internet address makes a target for hackers.
Telephone utility in light of Internet technology is more defenseless
than the exchanged voice network in the event that it doesn’t keep
running over a protected private system. Most Voice over IP (VoIP)
movement over the general population Internet is not scrambled, so
anybody with a system can tune in on discussions. Programmers can catch
discussions or close down voice benefit by flooding servers supporting
VoIP with sham activity. Powerlessness has likewise expanded from far
reaching utilization of email, instant messaging (IM), and distributed
record sharing projects. Email may contain connections that fill in as
springboards for malevolent programming or unapproved access to inner
corporate frameworks. Workers may utilize email messages to transmit
significant prized formulas, monetary information, or classified client
data to unapproved beneficiaries. Mainstream IM applications for buyers
don’t utilize a protective layer for instant messages, so they can be caught
and perused by pariahs amid transmission over the general population
Internet. Texting movement over the Internet can now and again be
utilized as an indirect access to a generally secure system. Sharing
records over peer-to-peer (P2P) systems, for example, those for illicit
music sharing, may likewise transmit noxious software or uncover data
on either individual or corporate PCs to outcasts.
Fundamentals of Information Systems
49
Wireless Security Challenges
Is it safe to sign onto a wireless system at an airplane terminal, library,
or other open area? It relies upon how watchful you are. Indeed, even
the wireless system in your house is powerless on the grounds that radio
recurrence groups are anything but difficult to check. Both Bluetooth and
Wi-Fi systems are helpless to hacking by busybodies. Despite the fact that
the scope of Wi-Fi systems is just a few hundred feet, it can be reached
out up to one-fourth of a mile utilizing outer recieving wires. Local area
networks (LANs) utilizing the 802.11 standard can be effectively entered
by outcasts outfitted with portable PCs, remote cards, outer recieving
wires, and hacking programming. Programmers utilize these devices to
identify unprotected systems, screen arrangement movement, and, at
times, access the Internet or to corporate systems.
Wi-Fi transmission innovation was intended to make it simple for
stations to discover and hear each other. The service set identifiers
(SSIDs) distinguishing the entrance focuses in a Wi-Fi network are
communicated various times and can be grabbed reasonably effectively
by interlopers’ sniffer programs (see Figure 7). Remote systems in
numerous areas don’t have essential securities against war driving, in
which busybodies drive by structures or stop outside and attempt to catch
remote system movement.
Figure 7: WI-FI Security Challenges
50
Management Information Systems
A programmer can utilize a 802.11 investigation apparatus to distinguish
the SSID. (Windows XP, Vista, and 7 have abilities for distinguishing the
SSID utilized as a part of a system and naturally arranging the radio NIC
inside the client’s gadget.) A gatecrasher that has related with an entrance
point by utilizing the right SSID is fit for getting to different resources
on the system, utilizing the Windows working framework to figure out
which different clients are associated with the system, get to their PC
hard drives, and open or duplicate their documents. Gatecrashers additionally utilize the data they have gathered to set up rogue access focuses
on an alternate radio direct in physical areas near clients to compel a client’s radio NIC to connect with the rebel get to point. When this affiliation happens, programmers utilizing the rogue access point can catch the
names and passwords of clueless clients.
The underlying security standard produced for Wi-Fi, called Wired
Equivalent Privacy (WEP), is not exceptionally powerful. WEP is
incorporated with all standard 802.11 items, however its utilization
is discretionary. Numerous clients disregard to utilize WEP security
highlights, abandoning them unprotected. The essential WEP specification
requires an entrance point and the majority of its clients to have a
similar 40-bit encoded secret word, which can be effectively decoded by
programmers from a little measure of activity. More grounded encryption
and verification frameworks are presently accessible, for example, Wi-Fi
Protected Access 2 (WPA2), however clients must install them.
Malicious Software
Malevolent programming programs are alluded to as malware and
incorporate an assortment of dangers, for example, PC infections,
worms, and Trojan horses. A PC infection is a rogue software program
that joins itself to other software projects or information records keeping
in mind the end goal to be executed, generally without client knowledge
or consent. Most PC infections convey a “payload.” The payload
might be occasionally generous; for example, the directions to show a
message or picture, or it might be very destructive-destroying projects
or information, obstructing PC memory, reformatting a PC’s hard drive,
or making programs run despicably. Infections commonly spread from
PC to PC when people make a move, for example, sending an email
connection or duplicating a contaminated document. Latest assaults
Fundamentals of Information Systems
51
have originated from worms, which are autonomous PC programs
that duplicate themselves from one PC to different PCs over a system.
(Dissimilar to infections, they can work alone without joining to other
PC program documents and depend less on human conduct keeping in
mind the end goal to spread from PC to PC. This clarifies why PC worms
spread considerably more quickly than PC infections.)
Worms obliterate information and projects and additionally disturb or
even stop the operation of PC systems. Worms and infections are regularly
spread over the Internet from records of downloaded programming,
from documents joined to email transmissions, or from traded email
messages or texting. Infections have likewise attacked mechanized data
frameworks from “tainted” circles or contaminated machines. Email
worms are at present the most tricky. Malware focusing on cell phones is
not as broad as that focusing on PCs, but rather is spreading in any case
utilizing email, instant messages, Bluetooth, and record downloads from
the Web by means of Wi-Fi or cell networks. There are currently more
than 200 infections and worms focusing on cell phones, for example,
Cabir, Commwarrior, Frontal.A, and Ikee.B. Frontal.A introduces a
tainted document that causes telephone malfunction and keeps the client
from rebooting, while Ikee.B transforms jailbroken iPhones into botnetcontrolled gadgets. Cell phone infections posture genuine dangers to big
business registering on the grounds that such a significant number of
remote gadgets are currently connected to corporate data frameworks.
Web 2.0 applications, for example, web journals, wikis, and face to face
communication locales, for example, Facebook and MySpace, have
risen as new channels for malware or spyware. These applications enable
clients to post programming codes as a major aspect of the passable
substance, and such codes can be propelled naturally when a Web page is
seen. In September 2010, programmers abused a Twitter security defect
to send clients to Japanese explicit destinations and consequently created
messages from different records (Coopes, 2010).
Over the previous decade, worms and infections have made billions of
dollars of harming corporate systems, email frameworks, and information.
As indicated by Consumer Reports’ State of the Net 2010 review, U.S.
purchasers lost $3.5 billion due to malware and online tricks, and the
dominant part of these misfortunes originated from malware (Consumer
Reports, 2010). A Trojan horse is a product program that seems, by all
52
Management Information Systems
accounts, to be kindhearted yet then accomplishes an option that is other
than anticipated, for example, the Zeus Trojan portrayed in the part
opening case. The Trojan horse is not itself an infection since it doesn’t
repeat, yet it is frequently a route for infections or different malignant
codes to be brought into a PC framework. The term Trojan horse derives
from the wooden horse utilized by the Greeks to trap the Trojans into
paving the way to their invigorated city amid the Trojan War. Once
inside the city walls, Greek troopers covered up in the stallion uncovered
themselves and took the city. Right now, SQL infusion assaults are
the biggest malware risk. SQL infusion assaults exploit vulnerabilities
in ineffectively coded Web application programming to bring noxious
program code into an organization’s frameworks and systems.
These vulnerabilities happen when a Web application neglects to
legitimately approve or channel information entered by a client on a Web
page, which may happen when requesting something on the web. An
aggressor utilizes this information approval mistake to send a rogue SQL
inquiry to the hidden database to get to the database, plant a malevolent
code, or access different frameworks on the system. Substantial Web
applications have many spots for contributing client information, each
of which makes an open door for a SQL infusion assault. Countless
confronting applications are accepted to have SQL infusion vulnerabilities,
and devices are accessible for programmers to check Web applications for
these vulnerabilities. Such devices can find an information passage field
on a Web page frame, enter information into it, and check the reaction
to see whether it demonstrates defenselessness to a SQL infusion. A few
sorts of spyware additionally go about as noxious software. These little
projects introduce themselves surreptitiously on PCs to screen client
Web surfing action and serve up publicizing. A large number of types of
spyware have been archived.
Numerous clients find such spyware irritating and a few pundits stress
over its encroachment on PC clients’ security. A few types of spyware are
particularly odious. Key loggers record each keystroke made on a PC
to take serial numbers for programming, to dispatch Internet assaults,
to access email accounts, to acquire passwords to PC frameworks, or to
get individual data, for example, Visa numbers. Other spyware programs
reset Web program home pages, divert search requests, or moderate
execution by taking up a lot of memory.
Fundamentals of Information Systems
53
Hackers
A hacker is a person who expects to increase unapproved access to a PC
framework. Inside the hacking group, the term wafer is normally used to
indicate a programmer with criminal purpose, in spite of the fact that in
general society press, the terms hacker and cracker are utilized conversely.
Hackers and crackers increase unapproved access by discovering
shortcomings in the security assurances utilized by Web locales and
PC frameworks, regularly exploiting different highlights of the Internet
that make it an open framework that is anything but difficult to utilize.
Hacker activities have expanded past simple framework interruption to
incorporate robbery of merchandise and data, and additionally framework
harm and digital vandalism, the purposeful disturbance, ruination, or
even annihilation of a Web webpage or corporate data framework. For
instance, digital vandals have turned huge numbers of the MySpace
“gathering” sites, which are devoted to interests, for example, home beer
preparing or creature welfare, into digital spray painting dividers, loaded
with hostile remarks and photos.
Sniffing & Spoofing
Hackers endeavoring to keep their actual personalities hidden regularly
spoof, or distort, themselves by utilizing counterfeit email addresses
or taking on the appearance of another person. Spoofing additionally
may include diverting a Web link to an address not quite the same as
the proposed one, with the website taking on the appearance of the
expected destination. For instance, if hackers divert clients to a phony
Web webpage that looks precisely like the genuine website, they would
then be able to gather and process orders, adequately taking business
and also personal client data from the genuine webpage. We give more
detail on different types of satirizing in our dialog of PC wrongdoing.
A sniffer is a kind of spying program that monitors data going over a
system. At the point when utilized authentically, sniffers help distinguish
potential system inconvenience spots or criminal action on systems, yet
when utilized for criminal purposes, they can be harming and extremely
hard to identify. Sniffers empower hackers to take restrictive data from
any place on a system, including email messages, organization records,
and classified reports.
54
Management Information Systems
Denial-of-Service (DoS) Attacks
In a denial-of-service (DoS) assault, hackers surge a system server or
Web server with a huge number of false correspondences or solicitations
for administrations to crash the system. The system gets such a
significant number of questions that it can’t stay aware of them and is in
this manner inaccessible to benefit legitimate demands. An appropriated
denial-or-service (DDoS) assault utilizes various PCs to immerse and
overpower the system from various dispatch focuses. For instance, amid
the 2009 Iranian election dissents, outside activists attempting to help
the restriction occupied with DDoS assaults against Iran’s legislature.
The official Web webpage of the Iranian government (ahmadinejad.ir)
was rendered blocked off on a few events. In spite of the fact that DoS
assaults don’t crush data or access limited territories of an organization’s
data frameworks, they regularly cause a webpage to close down, making
it unthinkable for clients to get to the website. For occupied internet
business locales, these assaults are expensive; while the webpage is
closed down, clients can’t make purchases. Particularly defenseless are
small and medium size organizations whose systems have a tendency to
be less secured than those of huge companies.
Culprits of DoS assaults regularly utilize many “zombie” PCs tainted
with malevolent programming without their proprietors’ knowledge and
sorted out into a botnet. Programmers make these botnets by tainting
other individuals’ PCs with bot malware that opens a secondary passage
through which an assailant can give directions. The contaminated PC at
that point turns into a slave, or zombie, serving an ace PC having a place
with another person. Once a hacker contaminates enough PCs, he or she
can utilize the amassed assets of the botnet to dispatch DDos assaults,
phishing efforts, or spontaneous “spam” email. The quantity of PCs that
are a piece of botnets is assessed to be from 6 to 24 million, with a large
number of botnets working around the world. The biggest botnet assault
in 2010 was the Mariposa botnet, which began in Spain and spread
over the world. Mariposa had contaminated and controlled around 12.7
million PCs in its endeavors to take credit card numbers and internet
banking passwords. The greater part of the Fortune 1000 organizations,
40 noteworthy banks, and various government offices were tainted—and
did not know it.
Fundamentals of Information Systems
55
Identity Theft
With the development of the Internet and electronic trade, identity theft
has turned out to be particularly alarming. Identity theft is a wrongdoing
in which a faker gets scratch bits of individual data, for example, social
security numbers, driver’s permit numbers, or credit card numbers, to
imitate another person. The data might be utilized to acquire credit, stock,
or administrations for the sake of the casualty or to furnish the cheat
with false qualifications. As indicated by Javelin Strategy and Research,
misfortunes from identity theft rose to $54 billion on 2009, and more
than 11 million U.S. grown-ups were casualties of identity theft (Javelin
Strategy & Research, 2010).
Identity theft has prospered on the Internet, with Visa records a
noteworthy focus of website hackers. Additionally, internet business
destinations are brilliant wellsprings of client individual data—name,
address, and telephone number. Furnished with this data, crooks can
expect new characters and build up new credit for their own means. One
progressively prevalent strategy is a type of satirizing called phishing.
Phishing includes setting up counterfeit sites or sending email or instant
messages that resemble those of real organizations to approach clients
for classified individual information. The message educates beneficiaries
to refresh or affirm records by social security numbers, bank and credit
card data, and other secret information either by reacting to the email
message, by entering the data at a fake Web website, or by calling a
phone number. EBay, PayPal, Amazon.com, Walmart, and an assortment
of banks, are among the majorly spoofed organizations.
New phishing systems called “evil twins” and “pharming” are harder
to recognize. Evil twins are remote systems that claim to offer reliable WiFi associations with the Internet, for example, those in air terminal parlors,
inns, or coffeehouses. The fake system seems to be indistinguishable to
a true public system. Fraudsters attempt to catch passwords or credit
card numbers of unwitting clients who sign on to the system. Pharming
diverts clients to a false Web page, notwithstanding when the individual
sorts the right Web page address into his or her browsers. This happens
if pharming culprits access the Internet address data put away by Internet
specialist co-ops to accelerate Web perusing and the ISP organizations
have defective programming on their servers that enables the fraudsters
to hack in and change those addresses.
56
Management Information Systems
In the biggest example of identity theft to date, Alberto Gonzalez of
Miami and two Russian co-plotters infiltrated the corporate frameworks
of TJX Corporation, Hannaford Brothers, 7-Eleven, and other significant
retailers, taking more than 160 million credit and debit card numbers in
2005 and 2008. The gathering at first planted “sniffer” programs in these
organizations’ PC arranges that caught card information as they were
being transmitted between PC frameworks. They later changed to SQL
infusion assaults, which we presented prior in this part, to enter corporate
databases. In March 2010, Gonzalez was condemned to 20 years in jail.
TJX alone spent over $200 million to manage its information burglary,
including legitimate settlements.
The U.S. Congress tended to the danger of PC wrongdoing in 1986
with the Computer Fraud and Abuse Act. This demonstration makes
it illicit to get to a PC framework without approval. Most states have
comparable laws, and countries in Europe have practically identical
enactment. Congress additionally passed the National Information
Infrastructure Protection Act in 1996 to make infection appropriation
and hacker assaults that disable Web destinations federal crimes. U.S.
enactment, for example, the Wiretap Act, Wire Fraud Act, Economic
Espionage Act, Electronic Communications Privacy Act, E-mail Threats
and Harassment Act, and Child Pornography Act, covers PC violations
including catching electronic correspondence, utilizing electronic
correspondence to swindle, taking prized formulas, and unlawfully
getting to put away electronic interchanges, utilizing email for dangers
or provocation, and transmitting or having child pornography.
Cyberterrorism & Cyberwarfare
The cybercriminal exercises we have portrayed—propelling malware,
disavowal ofservice assaults, and phishing tests—are borderless. PC
security firm Sophos detailed that 42 percent of the malware it recognized
in mid 2010 began in the United States, while 11 percent originated
from China, and 6 percent from Russia (Sophos, 2010). The worldwide
idea of the Internet makes it workable for cybercriminals to work—
and to inflict harm—anywhere on the planet. Concern is mounting that
the vulnerabilities of the Internet or different systems make advanced
systems simple focuses for computerized assaults by terrorists, outside
knowledge administrations, or different gatherings looking to cause far
Fundamentals of Information Systems
57
reaching disturbance and mischief. Such cyberattacks may focus on
the product that runs electrical power frameworks, aviation authority
frameworks, or systems of banks and financial organizations. No less
than 20 nations, including China, are thought to be creating hostile and
guarded cyber-warfare abilities.
Employees as Internal Threat
We tend to figure the security dangers to a business begin outside of
the association. Truth be told, organization insiders are genuine security
problems. Employees can access secret data, and within the sight of
messy inward security techniques, they are regularly able to meander all
through an association’s frameworks without leaving a track. Studies have
discovered that client lack of information is the single most prominent
reason for arranging security breaks. Numerous representatives overlook
their passwords to get to PC frameworks or enable colleagues to utilize
them, which compromises the framework. Pernicious gatecrashers
looking for framework access once in a while trick representatives
into uncovering their passwords by putting on a show to be legitimate
individuals from the organization needing data. This method is called
social engineering. Both, end clients and data frameworks authorities,
are likewise a noteworthy wellspring of mistakes brought into data
frameworks. Clients present mistakes by entering flawed information or
by not following the best possible directions for preparing information
and utilizing PC hardware. Data frameworks experts may make
programming blunders as they outline and grow new software or keep
up existing programs.
Computer Forensics and Electronic Evidence
Security, control, and electronic records administration have turned
out to be necessary for reacting to legal activities. A great part of the
evidence today for stock fraud, embezzlement, burglary of organization
exchange mysteries, PC wrongdoing, and numerous common cases is in
digital frame. Notwithstanding data from printed or typewritten pages,
legal cases today progressively depend on proof shown as advanced
information put away on compact floppy disks, CDs, and PC hard circle
drives, and in addition in email, texts, and web based business exchanges