4 5852846895986117388

UNIT 1 INFORMATION, MANAGMENT AND SYSTEMS DATA AND INFORMATION Data Data is the collection of raw facts about an object, people, places and events which when processed or manipulated makes meaningful output. Data consists of raw and unanalyzed facts and figures that are relatively meaningless to the user. Data also represents convenient way of storing and communicating the essential attributes of an entity. Data are fairly useless unless some information can be extracted from it. Information When data are processed, organized, structured or presented in a given context so as to make them useful, they are called information. Information is also described as data that has been processed in some manner into a form that is both usable and meaningful to the end user. Information therefore, is data that has been organized and communicated in a form convenient for human decision-making. One of the distinguishing features between data and information is its usefulness. The value of information lies solely in its ability to affect a behavior, decision or outcome. A piece of information is considered valueless if, after receiving it, decisions the information is supposed to influence remain unchanged. The truth is that both data and information are highly subjective. Information in one instance may be data and vice versa, that is why it is sometimes difficult to differentiate between them. Data and information can best be explained within the context in which they are used. Difference between Data and Information The difference between Data and Information are not only limited to the table below: DATA INFORMATION Letters, numerals, and characters are used The format of information is either to represent data. thoughts or references Graphs, data trees, flowcharts, and tables are all used to organize data After compiling the data, the information is represented as ideas, concepts, and languages. Data is useless until it is further expanded When data is interpreted and a meaning is derived from it, it becomes information. Variables, both qualitative and quantitative, that have the potential to be developed into ideas or analytical conclusions Data that has been formatted and compiled in order to improve its meaning and contextual utility. Data is information that has been gathered When data is interpreted and a meaning is derived from it, it becomes information Data isn't enough to make decisions; it must be combined with other factors. Analytical coherence is present in the information which aids in the decisionmaking process. Table1.1: Differences between data and information. Process Before data is transformed into information, it undergoes series of manipulation based on the requirements of the user. This manipulation is also known as process or transformation. The processing phase is usually automated and facilitated by the use of computer hardware and their associated software. Data (Input) Process Information (Output) Figure 1.1: Data transformation process Characteristics of Information Not all information can be considered as good information. Good information is one that is used to affect decision and which creates value. Experience and research show that information has high value if it has the following qualities. Timely: Information must be available when it is required. Information received too late is irrelevant. For example, if you receive a report that there was demand for your product yesterday, the information may be too late to be of use today. Accuracy: Accuracy means information is devoid of errors. Information should provide reliable and correct representation of what is needed. The effect of inaccurate information is very disastrous for organizations’ decision-making purposes. Clarity and Concise: Good information is one that is clear, simple, precise and unambiguous. Clarity and conciseness also means the information should be devoid of ‘noise’ or extraneous details. Relevance: The information at hand should be important and significant for the purpose for which it is meant. Relevant information is one that is significant and can be applied to solve a specific problem. Irrelevant information has bad consequences for a decision maker. Trustworthy (Reliable) Source: For information to be useful for decision-making, it must come from dependable source so that users can have confidence in it. Completeness: Information should contain all the details required by the user to take decisions. Information should be comprehensive enough to give a complete picture of what it represents. For example, in fashion business, information about your customers will be incomplete without their gender since it will enable decision makers know which of the genders’ goods are in demand. Availability/Accessibility: Information should be available and accessible to its authorized users irrespective of the location of the information or the users. In this age, the Internet greatly facilitates the availability and accessibility of information. Cost/Economical: Cost incurred in producing information should be economical such that an organization is not unduly over burdened with expenses. The intrinsic value of information should be more than the cost associated with producing a given information. Information is uneconomical if it takes more revenue from the organization than it brings into the organization. Information therefore should be produced within the cost constraint of an organization. OUTPUT OF INFORMATION Information systems process data (input) from transaction systems into information (output) for management decision purposes. Output of information can be reports, graphs, sound, video etc. In most information systems, reports are the primary means by which information are presented to users. Reports which may take one of the following forms are classified according to how often, how detailed, or the purpose for which they are used, among others: • Periodic Reports/Scheduled Report. • Key Indicator Report. • Demand Report. • Exception Report. • Special Report. • Predictive Report. • Drill Down Report. • Trend Report. Periodic Reports: Periodic reports are reports that are produced at a regular time interval such a daily, weekly, monthly, annually, etc. For instance, in most organizations, payroll reports are produced quarterly or monthly. Periodic or scheduled reports for example enable managers to monitor the sales performance regularly. Demand Reports: Demand reports are reports that are produced or given when they are requested for by management. In other words, unlike periodic reports, these reports are produced on demand. The content of the report depends on the circumstances and the person requesting for the report. For example, a sales manager can at anytime demand sales information about some product to aid him or her take decisions. Exception Reports: These are reports that are automatically produced or triggered off when something extraordinary that needs immediate attention happens. For instance, an accountant may want the payroll information system to produce an exception report if an employee’s net salary is a negative amount. In such a situation, the programmer will set a trigger in the information system so that a report is automatically produced when such a situation occurs. Timely reporting of exception situations make it easier for a manager to separate a problem and attend to it. Predictive Reports: These are forecasting reports that are produced by an information system based on analysis of historic and present data. Predictive reports enable organizations to plan for the future. Some typical predictive reports of interest to an organization are predictive sales, organization’s budget, etc. Key-indicator Reports: Key-indicator report provides a summary of critical information on an event or transaction. This report summarizes inventory levels, sales volumes, and production activity. It is used for managers and executives to take quick remedial actions on significant aspects of the organizations. Drill Down Reports: Drill down reports produce more detailed data about a situation of interest. Trend Reports: Trend reports enable a manager to compare the performance of some aspects of the organization or product. For example, a manager may request for sales information of a product on monthly basis in the current year and compare it to sales of the previous year. CLASSIFICATION OF INFORMATION Depending on the way users see information, it can be classified into many forms. Some of them are discussed below: Framework within which Data is generated From the framework within which data is used or generated, data can be classified as follows: International: This is information that originates outside the boundaries of a country but that have implications on an organization. In business for instances, prices of world crude oil, stock exchange prices, wars, natural disasters, change of government in a country may all have implications on an organization that does business with the country where these information originated. National: It is information that originates within one’s country and that has consequences for organization/business. These can be foreign exchange rates, inflation, interest rate, minimum wage rates and age distribution. Corporate: This is information that is generated within the business level, and that influences management decisions. These can be corporate rules and policies, gender of employees, health status of employees, age distribution of employees etc. Departmental: Departmental information is a subset of corporate information. It is information of specific interest to a department within an organization. This can be specific information that originates or is applicable to a department within an organization. Individual: Individual information are the bio-data and other information about the employees who constitute the working force of the organization. These can be the gender ratio, age distribution, health status etc. By Business Categorization Strategic: These are information that are required by top management to facilitate decisionmaking that affect the fortunes of the organizations. Those decisions are long term in nature, novel and mainly for planning purposes. Tactical: They are the information that are needed by middle management to aid them carry out the objectives or decisions that have been set out by strategic managers. Operational: Operational managers need routine information, for example, about sales, in order to know the quantity of goods they have to produce and where to market them. This can be referred to as operational information. By Time Past: Past information are the historic information about organizations’ operations. They are important to enable organizations to know how far they have come, and they assist them to predict where they are heading. Also, laws make it mandatory for organizations to keep for example, their accounting books for some number of years before they can dispose of them. Present: Information that relates to the current operation and transaction of an organization. Future: These are predictive information, and they are usually projected information that management use to take decisions. Future information are projected from the past and present information. By Quantifying Quantitative: These are measurable, quantifiable information about activities, events, and/or behavior that the organization tracks as measures of progress toward the achievement of their objectives. Qualitative: Descriptive information are about activities, events, and/or behavior that the organization tracks as a measure of progress toward objectives. Qualitative information focuses on observations, through such techniques as interviews, document analysis, focus groups or reviews by stakeholders. By Source Primary: Primary sources are the first hand evidence recorded by participants or observers at the time of events. It is the original work of research or raw data without interpretation that represents an official opinion or position. Proceedings of meeting, speeches and transactions are examples of primary source. Secondary: Secondary sources are materials that digest, analyze, evaluate and interpret information contained within primary sources. Secondary sources take primary sources and interpret them. Textbooks, history books, annual business reports, other reference materials and sales analysis reports are all examples of secondary sources. Secondary sources are compiled by using primary sources. They have credibility, but they are not as strong as primary sources. Tertiary: These are materials in which the information from secondary sources has been organized - reformatted and condensed, to put it into a convenient way to use. Dictionaries, encyclopedias and fact books are considered as tertiary sources. MANAGEMENT AND DECISION-MAKING Introduction Management is the different functions managers undertake to get tasks accomplished successfully, and it is required in every establishment. Decision-making is the process managers go through to make decisions, and it is a core role for every manager. Management, information systems and decision-making are interrelated because management uses information systems to facilitate their decision-making functions. In this section, we shall deliberate on management and decision-making. MANAGEMENT What is Management? The term ‘management’ encompasses an array of different functions undertaken to accomplish a task successfully. It is the way and the process of how one achieves one’s target or goals and it is in this respect that management is considered an art and a science as well. In the simplest of form, management is all about ‘getting things done through and with people” (Mary Parker Follet). Management therefore is the act of getting people together to accomplish desired goals and objectives using available resources efficiently and effectively. Management comprises planning, organizing, staffing, leading or directing, and controlling an organization or effort for the purpose of accomplishing a goal. Some Established Definitions of Management • “Art of knowing what you want to do and then seeing that it is done the best and cheapest way.” (F.W. Taylor). • “To manage is to forecast, to plan, to organise, to command, to co-ordinate and to control.” (Henry Fayol). • “Management is work and as such it has its own skills, its own tools and its own techniques.” (Peter F. Drucker). • “Management is the art of getting things done through and with people” (Mary Parker Follet). • "Management is the art of getting things done through and with the people in formally organised groups." (Horold Kanontz). • "Management is a distinct process consisting of planning, organising, activating and controlling to determine and accomplish the objectives by the use of people and resources." (G.R. Terry). Characteristics of Management a. It is a process. b. It involves group effort. c. It aims at achieving predetermined objectives. d. It is required at all levels of management. e. It is a profession. f. It is an art and science. g. It is comprised of some of the following functions: planning, organizing, staffing, directing, controlling, coordinating and budgeting. FUNCTIONS OF MANAGEMENT While other management experts may use different words and focus on different aspects, the following are the generic functions of management: Planning Planning involves looking ahead and charting out future course of operation. In the course of performing their planning function, managers analyze the current situation, anticipate for the future, determine, formulate objectives, policies, procedure, rules, programmes and budgets so that they can accomplish what they intend to do. Planning, thus is mapping out how to achieve a particular goal. Organising Organizing is bringing people and other resources together and tying them together in the pursuit of common objectives. It entails enumeration of activities, classification of activities, assigning job responsibilities, assignment of authority for action, resource allocation etc. Organizing is therefore the assembling and co-ordination of various types of resources to achieve organizational goals. Directing It is the act of guiding, overseeing, motivating, instructing and leading people in an organization. Directing ensures that organizational staffs work in unison so that organizational objectives can be achieved. Controlling Controlling is the management function of monitoring progress and making needed changes to ensure that the organizational goals are achieved. Its activities include setting standards, monitoring performance, comparing standards against actual and correcting deviations. Coordinating Managers coordinate by making different people and business activities work together to fulfill desired organizational goals. Coordinating involves synchronizing and unifying the actions of a group of people as well as procedures and activities performed by an organization. Staffing A manager’s staffing function entails recruiting, orienting and training of people for specific job functions and charging them for particular responsibilities. A manager may liaise with the organization’s human resource department in the execution of this function. Communicating A manager’s communicating function is the process of transmitting information, ideas, thoughts, opinions and plans between various parts of an organization. A manager superintends over all the units that fall under his or her authority, and it is the communication role that keeps those to whom a manager is responsible informed. Budgeting A budget is an overall financial plan that reflects an organization’s goals and objectives for a period. A manager budgets by making financial plans and forecasting, maintaining accounting and management control of revenue, and keeping costs in line with objectives. Leading Leading is the management function that involves the manager's efforts to inspire high performance of employees. It involves directing, motivating and communicating with employees, individually and in groups. LEVELS OF MANAGEMENT Generally, most organizations have three management levels: First line-level (operational management), Middle-level (tactical management) and Top-level (strategic management) managers. These management are classified in a hierarchy of authority, and they perform different tasks. Top Level Management Middle - Level Management First - Level Management Figure 1.2: Levels of management First-Level Management First-level managers are also called first-line managers, operational managers or supervisors. These managers have job titles such as: Office manager, Shift supervisor, Department manager, Foreman, Store manager. Operational managers are responsible for the daily management of the employees who actually produce the product or offer the service. There are first-line managers in every work unit in the organization and they may report major problems to tactical managers for decisions. Although operational managers typically do not set goals for the organization, they have a very strong influence on the company. Operational managers interact with most employees on a daily basis and if they perform poorly, employees may also perform poorly, may lack motivation or may even leave the organization. Middle-Level Management Middle-level management or tactical management are those in the levels below top managers. Middle level managers may have job titles such as: General manager, Plant manager, Regional manager and Divisional manager. Middle-level managers are responsible for carrying out the goals set by top management. They do so by setting goals for their departments and other business units in line with those set by top management. Middle managers motivate and assist first-line managers to achieve business objectives. Middle managers may also communicate upward by offering suggestions and feedback to top managers. Because middle managers are more involved in the day-to-day workings of a company, they provide valuable information to top managers to help them in their strategic decision-making. Top-Level Management Top-level management or strategic management, is also called senior management or executives. These individuals hold titles such as: Chief Executive Officer (CEO), Chief Financial Officer (CFO), Chief Operational Officer (COO), Chief Information Officer (CIO), and Chairperson of the Board, President, Vice president, and Corporate head. Top-level managers make long-term strategic decisions affecting the entirety of the firm. Top managers do not direct the day-to-day activities of the firm; rather, they set goals for the organization and direct the company to achieve them. They make decisions regarding the resources to use to attain the objectives. Top managers are ultimately responsible for the performance of the organization. Top managers in most organizations have a great deal of managerial experience. INTRODUCTION TO MANAGEMENT DECISION-MAKING What is Decision Making? Decision-making is the process of choosing the best alternative to reach a set objective. Every manager makes decisions that affect the running of the organization. These decisions are then communicated to members of the organization. The need to take a decision may arise due to a threat or an emerging opportunity an organization needs to take advantage of. Taking of decisions is an indispensable part of management and it takes place at all levels of management. Decision-making is dependent upon making the right information available to management at the right time. Though the nature of decision-making varies from manager to manager, decision makers go through almost the same process. TYPES OF DECISIONS-MAKING Programmed Decision-making It is also known as structured decision-making. Programmed decision-making can be taken objectively because a manager has taken that decision before or there are generally clearly defined methods, rules and guidelines to follow to solve a problem. Some characteristics of programmed decisions are that they are repetitive, routine, known decision rules or procedures, and can be automated. Non-Programmed Decision-making This is also known as unstructured decision-making. This sort of decision is highly subjective because the outcome cannot be predetermined. It is normally an unusual situation that has not been addressed before. There are no formal rules to use to solve non-programmed decisionmaking and managers use information, their intuition and judgment. Non-programmed decision-making exhibits the following characteristics: novel, non-routine, high degree of uncertainty, decision rules are not known. Semi-structured Decision They lie between structured decision and unstructured decision. With this, solutions are known for some part of the problem (structured), and for some part, solutions are not known (unstructured). Heuristic Decision There are no guidelines or set of rules that tell managers exactly how to make a decision. However, people use heuristics to aid in their decision-making. Heuristics is based on trial and error, previous experience, guessing, probability, etc. Heuristics do not always produce a correct answer, and sometimes they are the reasons why people make the wrong decisions. SYSTEMS A collection of components that work together to realize some objectives forms a system. Basically there are three major components in every system, namely input, processing and output. In a system the different components are connected with each other and they are interdependent. For example, human body represents a complete natural system. We are also bound by many national systems such as political system, economic system, educational system and so forth. The objective of the system demands that some output is produced as a result of processing the suitable inputs. A well-designed system also includes an additional element referred to as „control‟ that provides a feedback to achieve desired objectives of the system. Definition of System : A system is an orderly grouping of interdependent components linked together according to a plan to achieve a specific objective. According Lucey (2005), Open University defines a system as an assembly of parts where: • • • The parts or components are connected together in an organized way. The parts or components are affected by being in the system (and are changed by leaving it). The assembly does something. • The assembly has been identified by a person as being of special interest. The above definition suggests that a system is a group of interacting components with a purpose. Business and social systems handle, process, manipulate inputs/resources to produce outputs of goods and/or services in order to fulfill the objectives of the organization. Examples of systems are university, hospital, an accounting system, a manufacturing company, information system and transportation system. Characteristics of a System: i. Organization-It implies structure and order. ii. Interaction-It refers to manner in which each component functions with other components of the system. iii. Interdependence-Units/parts are dependent on each other. iv. Integration-The parts of a system work together within the system even though each part performs a unique function. v. Central Objective-Objective may be real or stated. All the components work together to achieve that particular objective. Features of the Systems Lucey (2005) identified the following as the features of the systems approach: a. All systems are composed of inter-related parts or sub-systems and the system can only be explained as a whole. This is known as holism or synergy. Holism states that any whole is more than the sum of its individual parts. This means the whole is not just the sum of the parts; but the system itself can be explained only as a totality. b. Systems are hierarchical in that the parts of systems are made-up of other smaller parts (sub systems). The system itself could be part of another bigger system known as supra system. A complex system is difficult to comprehend when considered as a whole, therefore, the system is decomposed or fractured into sub system. The sub systems resulting from process of decomposition generally form hierarchical structures. c. The parts of a system cannot be altered without affecting the other parts of the system. This means that in an organization setup for instance, decisions that a manager takes within his or her unit naturally will have effect on other departments within the organization and vice versa. d. The sub-systems should work towards the goal of their higher systems and not pursue their own objectives independently. Where sub-systems do pursue their own objectives to the detriment of the objectives of a higher subsystem, then a condition of suboptimality is said to exist. e. Organizational systems are composed of both hard and soft properties. Hard properties are those that can be assessed in some objective way, an example is the number of items a business produces per day. The soft aspects of a system are a matter of individual values or taste. They cannot be assessed by any objective standard or measuring process. With soft properties, organizations are unsure of what solution would look like. An example of soft aspects of an organization decision-making is the suitability of a person for a job. THE ELEMENTS OF A SYSTEM The basic elements of a system are: Input, Output, Transformation process, Feedback, System boundaries and Environment of a system. Input Input varies from system to system. In an application software input may be data, whereas in a manufacturing firm, inputs may be raw materials, labour, equipment and plants, power supply that are to be transformed by processes to achieve the finished product The Transformation Process The processes are the methods, developments, practices and procedures that are used to transform or convert the inputs into the desired outputs. In social systems, the transformation process is controlled or influenced by information. Output Outputs are the end products of the process. Systems return output to the environment. Similar to input, output differ from system to system. The output of application software is likely to be information in the form of a report to facilitate management decision-making and that of a manufacturing enterprise is the finished goods. In reality, organizations choose those outputs that we are concerned with. These are usually those outputs most relevant to the system objectives. Those outputs such as waste and noise are neglected. Feedback The concept of feedback is important in understanding how a system maintains a desired state. Information concerning the outputs or the process of the system is fed back as an input into the system, perhaps leading to changes in the transformation process and/or future outputs. Feedback is used to monitor system and guide it to a desired performance. Feedback can be both positive and negative. Negative feedback is information that indicates that the system is deviating from a prescribed course and should readjust to a new desired state. Feedback Input Process Output Figure1.3 : The concept of feedback System Boundaries Boundaries are features which define the extent of a system. In mechanical, physical and biological systems, it is relatively easy to establish boundaries. With respect to social organizations, boundaries are not clear, highly dynamic in nature, often change to meet differing demands and difficult to establish. Within organizations, boundaries are determined by management and vary from organization to organization. The boundaries of systems separate them from their environments. The concept of boundaries therefore gives rise to open and closed systems and also helps us to understand the distinction between them. The Environments of Systems All elements not in the system, that is, all elements outside of a system constitute the environment of a system. But specifically, environments are the external elements whose changes in attitudes, behavior or properties affect the state of the system and those external elements which are changed by the system’s behavior. The environment of a system is very diverse and not static. Examples of organization’s environments are customers, competitors, suppliers, technology, government policies and influences. It must be mentioned that not all environmental factors can be influenced or controlled. Changes in environment directly affect the structure and function of the organization. Although some factors in the environment cannot be controlled, for example, the weather, organizations do attempt to influence their environment. For example, businesses advertise their products to create and encourage demand. Organizations that regularly exchange feedback with their external environment are known as open system. Such organizations try to study and understand their environments through the use of environmental scanning, market research and evaluations. Organizations use public relations, advertising, promotion, lobbying etc. to influence the environment. CLASSIFICATIONS OF SYSTEMS There are several ways of classifying systems. Two such classifications of systems are based on: a. Their degree of interaction with the environments. The way an organization relates to changes in its environment is important to its success. This results in systems being classified as Open System or Close Systems. b. Their predictive behavior. With respect to this, a system is classified as Deterministic System, Probabilistic system or Self-organizing/Adaptive Systems. Closed Systems A closed system is one that is isolated from its environment. A closed system does not interact with the environment, it does not take input from the environment, and neither does it give output to the environment. A closed system does not recognize that it is embedded in a relevant environment. Changes in the environment and adaptability are not issues for closed system. Closed systems are entirely focused on internal functions and behaviors. Closed systems do not use feedback appropriately. Organizations that have closed boundaries are often unhealthy. The concept of closed system can only strictly be applied to mechanical and physical systems, as all social systems have some interactions with their environment. Manufacturing systems as an example are designed to be as closed as possible so that the manufacturing process can operate without disturbances from suppliers, customers, etc. A computer program is a relatively closed system because it accepts only previously defined inputs, processes them and provides previously defined outputs. Closed System No interaction with the environment Figure 1.4: Closed System Open Systems An open system has many interfaces with its environment and exchanges feedback with them. Open system interacts freely with its environment, taking input and influences from the environment and returning output and influences to the environment. Open system thus permits interaction across its boundary. Healthy open systems exchange feedback with their environments, analyze that feedback, adjust internal systems as needed to achieve systems’ equilibrium and then transmit necessary information back to the environment. Open systems have form and structure to allow them to adapt to changes in their environment in such a way as to ensure their continue existence. They are self-organizing and self-regulating in the sense that they change their organization systems in response to changing conditions or adapt and react to inputs or stimuli. Biological Living systems (cells, plants, humans) and social organizations are open systems. The way that organizations adapt to changes in the environment is a key element in an organization’s success and indeed its very survival. En v i r o n m e n t Exchanges and interactions with the environment E n v i r o n m e n t Figure 1.5: Open System Deterministic Systems These are predictable systems where output can be predicted from input. The interactions between the parts are known with certainty. Example is a machine producing a component where the units of output can be determined from the inputs. Probabilistic or Stochastic Systems This is where some conditions of the system can be predicted from the previous state but only in terms of probable behaviour. There is always a certain degree of error attached to the prediction of what the system will do. For example in a sales information system, the average sales can be predicted, but the exact value cannot be predicted. Self-organizing or Adaptive System These are systems that spontaneously react to input or stimuli. With these systems, the results of the change cannot be predetermined, as the same input will not necessarily translate into the same output. .Shared and Overlapping Sub-Systems Sub-systems can belong to more than one system and there is a need to recognize this overlap and design operations and processes accordingly. The recognition of overlap is particularly important when changes are made in one of the systems which share the same sub-system. Overlap is often an efficient and economical arrangement. For example, a central purchasing sub-system used by various departments within an organization may be able to obtain greater discounts and may also aid the standardization of parts and materials. A centralized computer facility may be shared by all departments within an organization with a reduction in overall costs. However shared and overlapping subsystems are likely to result in communication difficulties and may have longer response times. Because of the need to co-ordinate activities and to obtain numerous approvals for change, such structures may be less flexible in rapidly changing conditions (Lucey, 2005). Supra-System A supra-system is a macro level system composed of a number of subsystems. The individual units forming a system are typically called subsystems, elements or components, and the larger composite enclosing a system is called the supra-system. Information System as a System Information system is a system by definition, as it is made up interrelated components that come together to convert data into information. These interrelated parts or components or subsystems have structure, for example, hardware and noticeable behavior such as software. Others are personnel, networks/telecommunication equipment, database and procedure. INFORMATION SYSTEMS What is information system? Information System is a set of interrelated components that collect, manipulate, store and disseminate data and information and provide feedback mechanism to meet an objective. Laudon and Laudon (2000) put it “as set of interrelated components that collect (or retrieve), process, store, and distribute information to support decision-making and control in an organization. In addition to supporting decision-making, coordination and control, information systems may also help managers and workers analyze problems, visualize complex subjects and create new products.” In general, information systems are established to support policies and or procedures in organizations. Information systems accomplish these through a cycle of four basic activities: Input, Process, Output and Feedback. Input In information systems, input is the activity of gathering and capturing data. In a student’s information systems for instance, students’ assessments are captured by their lecturers before their grade points average (GPA) can be computed. Input takes various forms depending on the type of information systems. It may be numeric, alphabetic, images, signals from a device, sound. The underlying requirement of any input is its correctness. Processing Processing is the act of transforming or manipulating the input into the desired output. Processing may involve performing mathematical operations on the input, making comparisons and taking alternative actions based on the outcome of the comparison. Output Output is the end desired results of processing input. A typical output may be in the form of a report, for instance a pay slip for employees, report for management. An output of one information system may serve as input for another information system. Feedback Feedback is output that is used to make changes to the input or processing activities. For example, errors in the output will necessitate making changes in the input and/or the processing activities. Feedback Data (Input) Process Information (Output) Figure 2.1: Information systems processing cycle Components of Information Systems Being a system, an information system is comprised of some sub-systems, the main ones being hardware, software, database, telecommunication equipment, people and procedure. Hardware: Hardware consists of the physical computer equipment used to perform the input, process, storage and output operations. Software: Software are the programs that run the hardware. There are basically two main types of software. The system software controls the operation of the computer itself and the application software, which are the software that serves the specific need of the organization, for example, a store inventory program. Database: Database is an organized collection of facts and information. A business database may contain current information about their employees, customers, sales information and sources of raw materials. For databases to be organized, the organization will need corresponding database management software. Telecommunication Equipment: These are the networking equipment that facilitates the transmission and sharing of data and information from one location to another. Today’s Internet-based information system cannot be complete without telecommunication equipment of a sort. This is because computers need to be networked and businesses are carried out via Internet, extranet, intranet which are all connected by telecommunication equipment. People: An indispensable component of information system is people. People develop, manage, maintain, run and use the system. In a computer-based information system, there are categories of staff who interface with the system differently. Procedure: Procedures are the policies, rules, strategies and methods for using an information system. Information system for organizations have these procedures that describe who gets access to what, who run a type of programs, who and when to take a backup, what to do in case of a disaster, etc. Procedure Telecom Softwaree Hardware E Personnel Database Figure 2.2: Components of information systems TYPES OF INFORMATION SYSTEMS Different levels of management perform diverse roles, hence the need for different types of information systems to aid them in the performance of their roles. Generally, operational level management utilizes transaction processing systems. Middle level management is aided by management information systems and decision support systems and Strategic level is supported by executive support systems. Office automation system facilitates the work of all the levels of management. Strategic Management EIS/ESS/OAS Tactical Management Knowledge Workers Operational Management DSS/MIS/OAS KWS/OAS ESS/OAS Figure 2-3: Types of information systems and the level of management they serve TRANSACTION PROCESSING SYSTEM (TPS) A TPS is a basic business system, and it serves the operational management level. It collects, stores and processes information about transactions as they occur in an organization. They are used by clerks and other operational staff to capture and maintain data about the business of the organizations, and control some aspects of transactions. A transaction is an event of interest to the organisation, an example is sales made by a customer at the store. Some examples of TPS are manufacturing and production systems, sales and marketing systems, finance and accounting systems, human resource systems. Some characteristics of TPS include: a. b. c. d. e. f. It serves the most elementary day-to-day activities of an organisation. It supports the operational level of the business. It supplies data for higher-level management decisions. It is often critical to the survival of the organisation. It is mostly suitable for predefined, structured tasks. It can have strategic consequences for an organization (for example in airline reservation system). g. It usually has high volumes of input and output. h. It provides data which is summarised into information by systems used by higher levels of management. Transaction Processing Methods The basic transaction processing methods are: On-line Transaction Processing: It is a transaction mode in which data is entered interactively (online) into a system. Batch Processing: In batch processing, data for all transactions to be processed are brought together and processed in a group. This is normally done at regular intervals, such as hourly, daily, weekly, fortnightly, monthly, quarterly, yearly etc. An example is a payroll system which is run on monthly basis. Real-time Processing: In this transaction mode, processing is also interactive, and the change in the database occurs instantaneous as transaction occurs. An example is an airline reservation system. Hybrid Processing: It is a combination of some of the afore-mentioned methods. Sub-Systems of TPS Manufacturing and Production Systems: Systems that supply data to operate, monitor and control the production process. For example, purchasing, receiving, shipping, process control, robotics, inventory systems, scheduling, engineering, operations, quality control, resource management, etc. For example, a system in a factory that: a. Gets information from measuring samples of products. b. Does statistical analysis of samples. c. Shows when operators should take corrective action. Sales and Marketing systems: Systems that support the sales and marketing function by facilitating the movement of goods and services from producers to customers. Examples are: a. Sales Support - Keep customer records, comments. b. Telemarketing - Use phone for selling. c. Order Processing - Process orders, produce invoices, supply data for sales analysis and inventory control. d. Point-of-Sale - Capture sales data at cash register often by scanner. e. Customer Credit Authorisation - advise on credit to be allowed to customer. For example, a store's sales system would automatically record and total purchase transactions and prints out a packing list. Finance & Accounting Systems: Systems that maintain records concerning the flow of funds in the firm and produce financial statements such as balance sheets and income statements. For example, Budgeting General Ledger, Billing, Cost Accounting, Accounts Receivable/Payable, Funds Management Systems, Payroll, Cash Management, Loan Management, Check Processing, Securities Trading. Human Resources System: Systems that deal with recruitment, placement, performance evaluation, compensation and career development of the firm's employees. Examples are personnel record keeping, applicant tracking, positions, benefits, training and skills developments. OFFICE AUTOMATION SYSTEM (OAS) OAS provides facilities – software, hardware and communication equipment that capture, process and distribute data and information in an organization. Typical office automation system handles and processes documents with the aid of word processing, spreadsheet, presentation packages, desktop publishing, document imaging, file managers, scheduling and communication with email, video conferencing. OAS, thus is a software that increases efficiency and productivity of data workers by providing them access to basic systems such as communication system, word processing, spreadsheet, presentation software, desktop publishing, document imaging, scheduling, etc. Though, OAS serves mainly information needs of data workers, it is also used significantly across all the strata of management. A data worker is one whose job leads to the generation and processing of data and information in an organization. Examples of data workers are cashiers, accountants, secretaries whose duties involve the generation, processing and communication of data and information. OAS Sub-systems Communication System: It helps people work together by sharing information in many different forms. These can be Teleconferencing (including video conferencing, computer conferencing, and audio conferencing), electronic mail, voice mail, fax, Internet, LAN. Groupware System: It helps teams work together by providing access to team data, structuring communication and making it easier to schedule meetings. Groupware system also has tools for sharing information, controlling workflows, communication and integration of work. Desktop Publishing: It produces professional publishing-quality document by combining output of word processing software with design elements, graphics and special predetermined layout. Word Processing: This is hardware and software that are used to create, edit and print professional looking documents. Word processing probably is one of the most commonly used applications of information technology in office work. Document Imaging: Document imaging allows organizations to capture paper-based information and convert it to electronic images that are stored in a computer electronically. Some of the reasons why organizations do document imaging are: accessibility, security and saving of space. KNOWLEDGE WORK SYSTEMS (KWS) Knowledge Work Systems serve the information needs of the knowledge level of the organization. A knowledge worker is one who creates new knowledge or information by research, experimentation and investigating into existing and new products and/or services. They also ensure that new knowledge and technical expertise are integrated properly into an organization. Examples of knowledge workers are engineers, architects, scientists and software engineers to mention but a few. Knowledge work systems support knowledge workers in many forms to enable them to carry out their above-mentioned functions. KWS require computers with high-end specifications to run optimally. KWS includes applications such as computer simulations, computer Aided Design/Manufacture (CAD/CAM) and investment workstation. Features of KWS a. b. c. d. KWS serves the information needs at the knowledge level of an organization. KWS promotes the creation and integration of new knowledge into an organization. It has a user-friendly interface to facilitate usage. KWS require computers with high processing capabilities with regard to speed, memory size, hard disk, etc. MANAGEMENT INFORMATION SYSTEM (MIS) Management Information System is an integrated, computer-based, user-machine system that provides information for supporting operations and decision-making functions. (ACCA Business Information Management, 2001). MIS converts TPS data into summarized information (report) for monitoring performance and managing an organization. Transactions recorded in a TPS are analyzed and produce routine summary and exception report to middle level management to assist structured decisionmaking. MIS also aids management level decision makers with online and real-time access to organization’s information. MIS are sometimes used to mean all information systems that support the functional areas of the organization. They have large quantities of input data and they produce summary reports as output. MIS are used by middle managers. An example is an annual budgeting system. Features of Management Information System a. Summarises and reports on the basic operations of organisations. b. It assists structured (routine) decision-making at all levels of management, particularly middle level management. c. Provides on-line and real-time access to TPS of the organizations as well as summary of the performance of the business. d. It focuses mainly on internal issues than concentrating on external matters concerning environmental factors. e. MIS have limited analytical capabilities. Decision Support System (DSS) DSS assists tactical management to go through the process of making decisions by providing information, decision models, or analysis tools. DSS has support for semi structured and unstructured decision-making. DSS facilitates analytical work, rather than routine processing of transaction. DSS does mathematical and ‘what if analysis’, and creates models and different options from which the manager uses his judgment to select the optimal one. Features of DSS a. It provides broad-based approach to supporting unstructured decision-making. b. DSS relies on both internal information and external sources such as stock prices. c. DSS uses mathematical, statistical, analytical models and “what if analysis”. d. DSS has query capabilities and uses comprehensive database. e. It is GUI-based and ease of use. f. Outputs are less verbose, summarized and graphical. Executive Information System (EIS) EIS is also known as Executive Support System (ESS), and as the name suggests, it is designed and used by top-level management. The need for ESS arose due to the inadequacies of MIS to satisfy the need of executive managers. Most MIS produce output that did not give answers for executive managers. ESS provides executives information that enables them to monitor what is going on and also examine the business conditions in a readily accessible, interactive format. It is analytical and has query capabilities. An EIS/ESS usually can provide summary over the entire organization and also allows drilling down to specific levels of detail. ESS is normally designed to cater for the needs of individual managers. They are interactive in nature, programmed to minimize procedures for obtaining management information, and have tools to produce graphical reports. ESS has access to online and real time external databases of interest to the organization such as stock exchange, news, etc. Features of ESS a. b. c. d. e. f. g. It is a type of DSS used by executive managers. Monitor critical information and summarise them for management. It addresses non-routine decisions requiring judgment. It is highly interactive and easy to use. Users go through minimal procedures to obtain results. Online access to real time external databases. Less verbose, output in the form of digital dashboard which displays graphical output, charts etc. h. It has analytical and predictive capabilities. FUNDAMENTAL ROLES OF INFORMATION SYSTEMS IN BUSINESS In general, information systems are established to perform the following roles to help organizations to achieve their objectives: a. Assist organizations in their business processes and operations. b. Aid organizations in decision-making by their employees and managers. c. Support organizations in their strategies for competitive advantage. Assist Organizations in their Business Processes and Operations Organizational functions are achieved through business processes and operations. Information systems are equipped with the abilities that support or execute these processes and operations. This capability ranges from providing electronic administrative support for business processes to automating production lines and the provision of expert systems. Aid Organizations in Decision-making by their Employees and Managers An indispensable function of any manager is decision-making. An effective decision is one that is based on accurate and timely information. The amount of data that management is confronted with to aid them in their decision-making is so huge that they need information systems to process them into the desired form. Support Organizations in their Strategies for Competitive Advantage Managements are confronted with fierce rivalry with their business competitors. An essential tool that management can exploit to their advantage in their strategic decision-making functions is information systems. It can enable management to produce quality goods and services at reduced cost, among others. UNIT 3: INTRODUCTION TO DATABASE SYSTEMS Introduction In the 1980s, the method of processing business records to produce information was mainly the file oriented approach or file processing system. In this system, data is organized in the form of different files. Compared to the manual system of record keeping and processing, this method was reliable and faster. However as office operations grew, this file processing system was characterized by some challenges and this necessitated the database management approach which came in handy to solve the problems. Database is now such an integral part of our day-to-day life that often we are not aware we are using one. A database is a collection of related data and the Database Management System (DBMS) to be the software that manages and controls access to the database. A database application is simply a program that interacts with the database at some point in its execution. We also use the more inclusive term database system to be a collection of application programs that interact with the database along with the database base management system (DBMS) and database itself. THE HIERARCHY OF DATA Data hierarchy refers to the systematic organization of data. Data stored within a DMBS form a hierarchy, which are as follows: Bit: The smallest unit of computer storage, or the smallest unit of data in a computer. A bit has value of either 0 or 1. Character: It is synonymous to a byte and it is the most basic logical data element. It consists of a single alphabetic, numeric, or other symbol. Field: A field is a group of characters that represents a named unit of information. A field represents an attribute of an entity. For example, the field name ‘firstname’ contains the first name of customers in a database. Record: A collection of related fields that describe an entity within a file is called a record. For example, a student record will have collection of fields such as registration number, name, gender, programme and level. File: A file is a collection of related records. A student file, for example, may contain all the records of the individual students. 1 Database: It is an integrated collection of logically related records that are easily accessed, managed or updated. The data stored are independent of the type application using them, as well as the type of storage device on which they are stored. Bit Byte/Character 1 Field Record File Database Figure 3.1: Hierarchy of data Definition of Terms Entity: An entity is people, places, things or objects of importance about which data must be captured, stored and maintained in a database. For example, a student records system may contain an entity called ‘course’ whose fields are the attributes of interest to the system. Attribute: An attribute is a characteristic or property of an entity. In relational database terminology, an attribute usually means a column or field in a table. A typical attribute in a customer table can be ‘first_name’ representing the first name of customers. Primary Key: A Primary key is a field which uniquely identifies each record in a database. For example, registration_number can be typical key in a student database. 2 Relation: There will be many cases when the data in one table can be related to the data in another table. This connection between two tables is called a relation. Foreign Key: When there is a relation between 2 tables, these tables will be connected by inserting the primary key of one table into the corresponding row of the other table. The field used in such a way to connect the 2 tables is called the foreign key. Data: Data are a set of values of qualitative or quantitative variables about one or more persons or objects. In simple words it is a collection of facts, such as numbers, words, measurements, observations or just descriptions of things. Database: A database is a named collection of tables. A database can also contain views, indexes, sequences, data types, operators, and functions. Other relational database products use the term catalog. Query: A query is a type of command that retrieves data from the server. Table: A table is a collection of rows. A table usually has a name, although some tables are temporary and exist only to carry out a command. All the rows in a table have the same shape (in other words, every row in a table contains the same set of columns). Column (field, attribute): A column is the smallest unit of storage in a relational database. A column represents one piece of information about an object. Every column has a name and a data type. Columns are grouped into rows, and rows are grouped into tables. Row (Tuple). In relational databases, a row is a data record within a table. Each row, which represents a complete record of specific item data, holds different data within the same structure. A row is occasionally referred to as a tuple. 3 Figure 3.2: Database Tables Evolution of file-based systems In daily life, we come across various needs to store data. It can be maintaining daily household bills, bank account details, salary details, payment details, student information, student reports, books in the library, etc. How will it be recorded in one place so that we can get it back when required? It should be recorded in such a way that: i. Should be able to get the data any point in time latter ii. Should be able to add details to it whenever required iii. Should be able to modify stored information, as needed iv. Should also be able to delete them In the traditional approach, that is, the pre-computer era, all pieces of information were stored in papers. When we need information, we used to search through the papers. If we know a particular date or category of information we are searching for, we go to that particular session in the papers. When we want to update or delete some data, we search for it and modify them or strike off them. If the data is limited, then all these tasks are easy. Imagine library information or information about a student in school, or a banking system! How do we search for single required data in papers? It is a never-ending task! Yes, Computers solved our problems. 4 Traditional File-based System The traditional file system is one earliest file management system. With this, data are organized, stored and processed in independent file. Each application is designed to use its own files and sharing of files is not facilitated. This means separate files are created and stored for each application program. File-based systems were an early attempt to computerize the manual filing system that we are all familiar with. For example, in an organization a manual file is set up to hold all external and internal correspondence relating to a project, product, task, client, or employee. Typically, there are many such files, and for safety they are labeled and stored in one or more cabinets. For security, the cabinets may have locks or may be located in secure areas of the building. In our own home, we probably have some sort of filing system which contains receipts, guarantees, invoices, bank statements, and such like. When we need to look something up, we go to the filing system and search through the system starting from the first entry until we find what we want. Alternatively, we may have an indexing system that helps locate what we want more quickly. The manual filing system works well while the number of items to be stored is small. It even works quite adequately when there are large numbers of items and we have only to store and retrieve them. However, the manual filing system breaks down when we have to crossreference or process the information in the files. This file system results in duplication of data, it is inflexible, inefficient, and has limited capabilities. Academic Library Hospital Academic Records Programs Library Management Programs Hospital Information System Report Report Report Figure 3.3: Traditional File System 5 Limitations of the File-Based Approach i. Separation and isolation of data: Data is tied to a specific program. When data is isolated in separate files, it is more difficult to access data that should be available. For example, if we want to produce a list of all houses that match the requirements of clients, we first need to create a temporary file of those clients who have ‘house’ as the preferred type. We then search the file for those properties where the property type is ‘house’ and the rent is less than the client’s maximum rent. With file systems, such processing is difficult. The application developer must synchronize the processing of two files to ensure the correct data is extracted. This difficulty is compounded if we require data from more than two files. ii. Duplication of data: Owing to the decentralized approach taken by each department, the file-based approach encouraged, if not necessitated, the uncontrolled duplication of data iii. Incompatible file formats: Because the structure of files is embedded in the application programs, the structures are dependent on the application programming language. For example, the structure of a file generated by a one program may be different from the structure of a file generated by a another program. The direct incompatibility of such files makes them difficult to process jointly. iv. Data Redundancy or Duplication: Data redundancy simply means that some data fields appear more than once in the system. This is as a result of files being independent of each other. When files are stored more than once, the end result is waste of storage space and duplicates effort in maintaining the data. Redundancy results in inconsistent database. Database designers attempt to eliminate this problem by the use of a technique called normalization. v. Inconsistent Data: Once data redundancy exists, updating of files or files become burdensome as attempts have to be made to update all redundant fields or fields in various locations whenever one is updated. However, this is difficult to achieve and the end results is that not all the fields and files in the various locations are updated, thus leading to inconsistent and unambiguous data. vi. Porous Data Security: It is challenging to ensure secured system when the files or databases are not integrated and they exist in isolation. 6 vii. Poor Data Integrity: Data integrity is ensuring quality data in a system. The traditional file approach has poor data integrity, as it is difficult to ensure that data entered is valid, accurate and consistent. However, it is easy to enforce integrity rules with the database approach. Database Approach All the above limitations of the file-based approach can be attributed to two factors: i. The data is embedded in the application programs, rather than being stored separately and independently; ii. There is no control over the access and manipulation of data beyond that imposed by the application programs. Database Database is a shared collection of logically related data, and a description of this data, designed to meet the information needs of an organization. Database is a single, possibly large repository of data that can be used simultaneously by many departments and users. Instead of disconnected files with redundant data, all data items are integrated with a minimum amount of duplication. The database is no longer owned by one department but is a shared corporate resource. The database holds not only the organization’s operational data but also a description of this data. For this reason, a database is also defined as a self-describing collection of integrated records. The description of the data is known as the system catalog (or data dictionary or metadata– the ‘data about data’). It is the self-describing nature of a database that provides program–data independence. The approach taken with database systems, where the definition of data is separated from the application programs, is similar to the approach taken in modern software development, where an internal definition of an object and a separate external definition are provided. The users of an object see only the external definition and are unaware of how the object is defined and how it functions. One advantage of this approach, known as data abstraction, is that we can change the internal definition of an object without affecting the users of the object, provided the external definition remains the same. In the same way, the database approach separates the structure of the data from the application programs and stores it in the database. If new data 7 structures are added or existing structures are modified then the application programs are unaffected, provided they do not directly depend upon what has been modified. For example, if we add a new field to a record or create a new file, existing applications are unaffected. However, if we remove a field from a file that an application program uses, then that application program is affected by this change and must be modified accordingly. The final term in the definition of a database that we should explain is ‘logically related’. When we analyze the information needs of an organization, we attempt to identify entities, attributes, and relationships. An entity is a distinct object (a person, place, thing, concept, or event) in the organization that is to be represented in the database. An attribute is a property that describes some aspect of the object that we wish to record, and a relationship is an association between entities. 8 Users/Programmers Application Programs/Queries Database Management Software Software to Process Queries/Programs Software to Access Stored Data Stored Database Definition Figure 1.3: Database Approach. Stored Database (Meta Data) Figure 3.4: Database Management System The Database Management System (DBMS) DBMS is a software system that enables users to define, create, maintain, and control access to the database. Some DBMS examples include MySQL, PostgreSQL, Microsoft Access, SQL Server, FileMaker, Oracle, RDBMS, dBASE, Clipper, and FoxPro. DBMS has the following manipulative functions among others: a. To retrieve data. b. To add, update and delete records. c. To control access to the records. d. To recover data in case of system crash or system breakdown. The DBMS is the software that interacts with the users’ application programs and the database. 9 Elements of Database Management Systems A Database management system has three elements: a. Data definition language b. Data manipulation language c. Data Dictionary Data Definition Language (DDL) These are statements used to define the database structure. It allows a database designer to define the database using a Data Definition Language (DDL) provided for the particular DBMS. The DDL allows the designer to specify the data types and structures, and the constraints on the data to be stored in the database. Data Manipulation Language (DML) A data manipulation language is a specialized language used to manage (accessing and manipulating) a database; that is, select, insert, delete, update, retrieve data etc. As an element of fourth generation language, DMLs are easily used by non-technical people with little knowledge in databases. Data Dictionary It contains data about of data (metadata). Data dictionary contains the actual database descriptions managed by the DBMS. Key information such as the file name, description, number of records in the file, who uses the data, who owns it and access rights are stored in the data dictionary. Database Application Programs A typical database application program is a computer program that interacts with the database by issuing an appropriate request (typically an SQL statement) to the DBMS. 10 Users interact with the database through a number of application programs that are used to create and maintain the database and to generate information. These programs can be conventional batch applications or, more typically nowadays, they will be online applications. The application programs may be written in some programming language or in some higherlevel fourth-generation language. Structured Query Language (SQL) SQL is used to communicate with a database. SQL is a standard language for relational database management systems. SQL statements are used to perform tasks such as update data on a database, or retrieve data from a database. Some common relational database management systems that use SQL are: Oracle, Sybase, Microsoft SQL Server, Access, etc. Although most database systems use SQL, most of them also have their own additional proprietary extensions that are usually only used on their system. However, the standard SQL commands such as "Select", "Insert", "Update", "Delete", "Create", and "Drop" can be used to accomplish almost everything that one needs to do with a database Components of the DBMS Environment The five major components in the DBMS environment: hardware, software, data, procedures, and people. Hardware The DBMS and the applications require hardware to run. The hardware can range from a single personal computer, to a single mainframe, to a network of computers. The particular hardware depends on the organization’s requirements and the DBMS used. Some DBMSs run only on particular hardware or operating systems, while others run on a wide variety of hardware and operating systems. A DBMS requires a minimum amount of main memory and disk space to run, but this minimum configuration may not necessarily give acceptable performance. A backend of the DBMS is, the part of the DBMS that manages and controls access to the database. A frontend of the DBMS is, the part of the DBMS that interfaces with the user. This is called a client–server architecture: the backend is the server and the frontends are the clients. 11 Software The software component comprises the DBMS software itself and the application programs, together with the operating system, including network software if the DBMS is being used over a network. Typically, application programs are written in a third-generation programming language (3GL), such as ‘C’, C++, Java, Visual Basic, COBOL, Fortran, Ada, or Pascal, or using a fourth-generation language (4GL), such as SQL, embedded in a third generation language. The target DBMS may have its own fourth-generation tools that allow rapid development of applications through the provision of non-procedural query languages, reports generators, forms generators, graphics generators, and application generators. The use of fourth-generation tools can improve productivity significantly and produce programs that are easier to maintain. Data Perhaps the most important component of the DBMS environment, certainly from the endusers’ point of view, is the data. The database contains both the operational data and the metadata, the ‘data about data’. The structure of the database is called the schema. Procedures Procedures refer to the instructions and rules that govern the design and use of the database. The users of the system and the staff that manage the database require documented procedures on how to use or run the system. These may consist of instructions on how to: i. Log on to the DBMS; ii. Use a particular DBMS facility or application program; iii. Start and stop the DBMS; iv. Make backup copies of the database; v. Handle hardware or software failures. This may include procedures on how to identify the failed component, how to fix the failed component (for example, telephone the appropriate hardware engineer) and, following the repair of the fault, how to recover the database; vi. Change the structure of a table, reorganize the database across multiple disks, improve performance, or archive data to secondary storage. People The final component is the people involved with the system. 12 Roles in the Database Environment The following are the roles (positions or responsibilities) are usually found in in a database environment: 1. Data and Database Administrators The database and the DBMS are corporate resources that must be managed like any other resource. Data and database administration are the roles generally associated with the management and control of a DBMS and its data. The Data Administrator (DA) is responsible for the management of the data resource including database planning, development and maintenance of standards, policies and procedures, and conceptual/logical database design. The DA consults with and advises senior managers, ensuring that the direction of database development will ultimately support corporate objectives. The Database Administrator (DBA) is responsible for the physical realization of the database, including physical database design and implementation, security and integrity control, maintenance of the operational system, and ensuring satisfactory performance of the applications for users. The role of the DBA is more technically oriented than the role of the DA, requiring detailed knowledge of the target DBMS and the system environment. In some organizations there is no distinction between these two roles; in others, the importance of the corporate resources is reflected in the allocation of teams of staff dedicated to each of these roles. Administering the DBMS An organization’s DBMS needs to be managed if its full benefits are to be achieved. Organizations therefore have the position of a Database Administrator (DBA) whose duty is the routine administration of the database. This job is very important since most organizations keep their information in databases. Functions of the Database Administrator The following are the generic function of DBA: a. Selection of hardware and software. 13 b. Decides the content and structure of the database. c. Determines the storage structure and where data should be stored. d. Managing data security, access and privacy controls. e. Managing data Integrity. f. Taking of database backup. g. Deciding on database recovery procedures. h. Fine-tuning database performance. i. Improving query processing performance 2. Database Designers In large database design projects, we can distinguish between two types of designer: logical database designers and physical database designers. The logical database designer is concerned with identifying the data (that is, the entities and attributes), the relationships between the data, and the constraints on the data that is to be stored in the database. The logical database designer must have a thorough and complete understanding of the organization’s data and any constraints on this data (the constraints are sometimes called business rules). To be effective, the logical database designer must involve all prospective database users in the development of the data model, and this involvement should begin as early in the process as possible. In this book, we split the work of the logical database designer into two stages: Conceptual database design, which is independent of implementation details such as the target DBMS, application programs, programming languages, or any other physical considerations; Logical database design, which targets a specific data model, such as relational, network, hierarchical, or object-oriented. 3. Application Developers Once the database has been implemented, the application programs that provide the required functionality for the end-users must be implemented. This is the responsibility of the application developers. Typically, the application developers work from a specification produced by systems analysts. Each program contains statements that request the 14 DBMS to perform some operation on the database. This includes retrieving data, inserting, updating, and deleting data. The programs may be written in a third-generation programming language or a fourth-generation language, as discussed in the previous section. End-Users The end-users are the ‘clients’ for the database, which has been designed and implemented, and is being maintained to serve their information needs. End-users can be classified according to the way they use the system: 1. Naïve users: are typically unaware of the DBMS. They access the database through specially written application programs that attempt to make the operations as simple as possible. They invoke database operations by entering simple commands or choosing options from a menu. This means that they do not need to know anything about the database or the DBMS. For example, the checkout assistant at the local supermarket uses a bar code reader to find out the price of the item. However, there is an application program present that reads the bar code, looks up the price of the item in the database, reduces the database field containing the number of such items in stock, and displays the price on the till. 2. Sophisticated users: At the other end of the spectrum, the sophisticated end-user is familiar with the structure of the database and the facilities offered by the DBMS. Sophisticated end-users may use a high-level query language such as SQL to perform the required operations. Some sophisticated end-users may even write application programs for their own use. Characteristics of Database The database approach has some very characteristic features which are discussed in detail below: 15 Concurrent Use A database system allows several users to access the database concurrently. Answering different questions from different users with the same (base) data is a central aspect of an information system. Such concurrent use of data increases the economy of a system. An example for concurrent use is the travel database of a bigger travel agency. The employees of different branches can access the database concurrently and book journeys for their clients. Each travel agent sees on his interface if there are still seats available for a specific journey or if it is already fully booked. Structured and Described Data A fundamental feature of the database approach is that the database systems does not only contain the data but also the complete definition and description of these data. These descriptions are basically details about the extent, the structure, the type and the format of all data and, additionally, the relationship between the data. This kind of stored data is called metadata ("data about data"). Separation of Data and Applications As described in the feature structured data the structure of a database is described through metadata which is also stored in the database. An application software does not need any knowledge about the physical data storage like encoding, format, storage place, etc. It only communicates with the management system f a database (DBMS) via a standardised interface with the help of a standardised language like SQL. The access to the data and the metadata is entirely done by the DBMS. In this way all the applications can be totally seperated from the data. Therefore database internal reorganisations or improvement of efficiency do not have any influence on the application software. Data Integrity Data integrity is a byword for the quality and the reliability of the data of a database system. In a broader sense data integrity includes also the protection of the database from unauthorised access (confidentiality) and unauthorised changes. Data reflect facts of the real world. database. Transactions A transaction is a bundle of actions which are done within a database to bring it from one 16 consistent state to a new consistent state. In between the data are inevitable inconsistent. A transaction is atomic what means that it cannot be divided up any further. Within a transaction all or none of the actions need to be carried out. Doing only a part of the actions would lead to an inconsistent database state. One example of a transaction is the transfer of an amount of money from one bank account to another. The debit of the money from one account and the credit of it to another account makes together a consistent transaction. This transaction is also atomic. The debit or credit alone would both lead to an inconsistent state. After finishing the transaction (debit and credit) the changes to both accounts become persistent and the one who gave the money has now less money on his account while the receiver has now a higher balance. Data Persistence Data persistence means that in a DBMS all data is maintained as long as it is not deleted explicitly. The life span of data needs to be determined directly or indirectly be the user and must not be dependent on system features. Additionally data once stored in a database must not be lost. Changes of a database which are done by a transaction are persistent. When a transaction is finished even a system crash cannot put the data in danger. Advantages of DBMS The following are some of the advantages of the DBMS; 1. Control of data redundancy As discussed earlier, traditional file-based systems waste space by storing the same information in more than one file. In contrast, the database approach attempts to eliminate the redundancy by integrating the files so that multiple copies of the same data are not stored. However, the database approach does not eliminate redundancy entirely, but controls the amount of redundancy inherent in the database. Sometimes, it is necessary to duplicate key data items to model relationships. 2. Data consistency By eliminating or controlling redundancy, we reduce the risk of inconsistencies occurring. If a data item is stored only once in the database, any update to its value has to be performed only once and the new value is available immediately to all users. If a data item is stored more 17 than once and the system is aware of this, the system can ensure that all copies of the item are kept consistent. Unfortunately, many of today’s DBMSs do not automatically ensure this type of consistency. More information from the same amount of data with the integration of the operational data, it may be possible for the organization to derive additional information from the same data. 3. Sharing of data Typically, files are owned by the people or departments that use them. On the other hand, the database belongs to the entire organization and can be shared by all authorized users. In this way, more users share more of the data. Furthermore, new applications can build on the existing data in the database and add only data that is not currently stored, rather than having to define all data requirements again. The new applications can also rely on the functions provided by the DBMS, such as data definition and manipulation, and concurrency and recovery control, rather than having to provide these functions themselves. 4. Improved data integrity Database integrity refers to the validity and consistency of stored data. Integrity is usually expressed in terms of constraints, which are consistency rules that the database is not permitted to violate. Constraints may apply to data items within a single record or they may apply to relationships between records. For example, an integrity constraint could state that a member of staff’s salary cannot be greater than ghc40,000 or that the branch number contained in a staff record, representing the branch where the member of staff works, must correspond to an existing branch office. Again, integration allows the DBA to define, and the DBMS to enforce, integrity constraints. 5. Improved security Database security is the protection of the database from unauthorized users. Without suitable security measures, integration makes the data more vulnerable than file-based systems. However, integration allows the DBA to define, and the DBMS to enforce, database security. This may take the form of user names and passwords to identify people authorized to use the database. The access that an authorized user is allowed on the data may be restricted by the operation type (retrieval, insert, update, delete). For example, the DBA has access to all the data in the database; a branch manager may have access to all data that relates to his or her 18 branch office; and a sales assistant may have access to all data relating to properties but no access to sensitive data such as staff salary details. 6. Enforcement of standards Again, integration allows the DBA to define and enforce the necessary standards. These may include departmental, organizational, national, or international standards for such things as data formats to facilitate exchange of data between systems, naming conventions, documentation standards, update procedures, and access rules. 7. Economy of scale Combining all the organization’s operational data into one database, and creating a set of applications that work on this one source of data, can result in cost savings. In this case, the budget that would normally be allocated to each department for the development and maintenance of its file-based system can be combined, possibly resulting in a lower total cost, leading to an economy of scale. The combined budget can be used to buy a system configuration that is more suited to the organization’s needs. This may consist of one large, powerful computer or a network of smaller computers. 8. Balance of conflicting requirements Each user or department has needs that may be in conflict with the needs of other users. Since the database is under the control of the DBA, the DBA can make decisions about the design and operational use of the database that provide the best use of resources for the organization as a whole. These decisions will provide optimal performance for important applications, possibly at the expense of less critical ones. 9. Improved data accessibility and responsiveness Again, as a result of integration, data that crosses departmental boundaries is directly accessible to the end-users. This provides a system with potentially much more functionality that can, for example, be used to provide better services to the end-user or the organization’s clients. Many DBMSs provide query languages or report writers that allow users to ask ad hoc questions and to obtain the required information almost immediately at their terminal, without requiring a programmer to write some software to extract this information from the database. For example, a branch manager could list all flats with a monthly rent greater than ghc 400 by entering the following SQL command at a terminal: 19 SELECT* FROM PropertyForRent WHERE type =‘Flat’ AND rent >400; 10. Increased productivity As mentioned previously, the DBMS provides many of the standard functions that the programmer would normally have to write in a file-based application. At a basic level, the DBMS provides all the low-level file-handling routines that are typical in application programs. The provision of these functions allows the programmer to concentrate on the specific functionality required by the users without having to worry about low-level implementation details. Many DBMSs also provide a fourth-generation environment consisting of tools to simplify the development of database applications. This results in increased programmer productivity and reduced development time (with associated cost savings). 11. Improved maintenance through data independence In file-based systems, the descriptions of the data and the logic for accessing the data are built into each application program, making the programs dependent on the data. A change to the structure of the data, for example making an address 41 characters instead of 40 characters, or a change to the way the data is stored on disk, can require substantial alterations to the programs that are affected by the change. In contrast, a DBMS separates the data descriptions from the applications, thereby making applications immune to changes in the data descriptions. This is known as data independence. The provision of data independence simplifies database application maintenance. 12. Increased concurrency In some file-based systems, if two or more users are allowed to access the same file simultaneously, it is possible that the accesses will interfere with each other, resulting in loss of information or even loss of integrity. Many DBMSs manage concurrent database access and ensure such problems cannot occur. 13. Improved backup and recovery services Many file-based systems place the responsibility on the user to provide measures to protect the data from failures to the computer system or application program. This may involve taking a 20 nightly backup of the data. In the event of a failure during the next day, the backup is restored and the work that has taken place since this backup is lost and has to be re-entered. In contrast, modern DBMSs provide facilities to minimize the amount of processing that is lost following a failure. Disadvantages of DBMS Despite the advantages, DBMS has the following disadvantages; 1. Complexity The provision of the functionality we expect of a good DBMS makes the DBMS an extremely complex piece of software. Database designers and developers, the data and database administrators, and end-users must understand this functionality to take full advantage of it. Failure to understand the system can lead to bad design decisions, which can have serious consequences for an organization. 2. Size The complexity and breadth of functionality makes the DBMS an extremely large piece of software, occupying many megabytes of disk space and requiring substantial amounts of memory to run efficiently. 3. Cost of DBMSs The cost of DBMSs varies significantly, depending on the environment and functionality provided. For example, a single-user DBMS for a personal computer may only cost US$100. However, a large mainframe multi-user DBMS servicing hundreds of users can be extremely expensive. There is also the recurrent annual maintenance cost, which is typically a percentage of the list price. 4. Additional hardware costs The disk storage requirements for the DBMS and the database may necessitate the purchase of additional storage space. Furthermore, to achieve the required performance, it may be necessary to purchase a larger machine, perhaps even a machine dedicated to running the DBMS. The procurement of additional hardware results in further expenditure. 5. Cost of conversion 21 In some situations, the cost of the DBMS and extra hardware may be insignificant compared with the cost of converting existing applications to run on the new DBMS and hardware. This cost also includes the cost of training staff to use these new systems, and possibly the employment of specialist staff to help with the conversion and running of the system. This cost is one of the main reasons why some organizations feel tied to their current systems and cannot switch to more modern database technology. The term legacy system is sometimes used to refer to an older, and usually inferior, system. 6. Performance Typically, a file-based system is written for a specific application, such as invoicing. As a result, performance is generally very good. However, the DBMS is written to be more general, to cater for many applications rather than just one. The effect is that some applications may not run as fast as they used to. 7. Higher impact of a failure The centralization of resources increases the vulnerability of the system. Since all users and applications rely on the availability of the DBMS, the failure of certain components can bring operations to a halt. Importance of Database in an Organisation 1. Simplify the search for and use of information within an organisation. 2. A good database allows an organisation to closely monitor the progress of the operation, allowing them to take quick and appropriate action if a problem arises. 3. Assisting in the organisation of data owned by the organisation, such as employee bios, students records, consumer biodata, product list, salary payment, bill payment, and others. 4. Facilitate the members' data access activities, which include data acquisition and manipulation, such as adding and deleting data, using the authority that has been granted. 5. Maintaining the data security of the organization, because any data can be protected by providing a login and password for each data. 6. The database can aid in the development of a better strategy for the future advancement of an organization. 7. Assist marketing activities for the database in collecting complete and detailed customer data in order to facilitate marketing activities for an organization or company. 8. A database can help an organization or company save money on operating costs when it comes to managing information. The organization can be well organized with a 22 database of all the information so that it can be accessed quickly and easily without spending a lot of money. Database Structures This section describes four (4) database structures which are relational databases, hierarchical databases, network databases and object-oriented databases. Regardless of the database structure used, there are two ways of looking at how data is stored and retrieved. These are the logical view and physical view of data. Logical View and Physical View of Data The logical view is more conceptual and abstract than the physical view. The logical level describes the data stored (name of the tables, their attributes, types and constraints) and the logical relationship among the data. Logical view thus describes the organization’s requirements for the data. The physical view on the other hand describes how records are stored, that is, the most effective way of storing, retrieving the objects, backup and recovery issues, among others. Four Types of DBMS There are various types of Database Management Systems. Four of them are discussed below. Relational DMBS In relational DBMS, the relationship between data files is relational, not hierarchical and the databases are in the form of tables (table-oriented) with rows and columns. Data in the various tables are related by common key. Relational databases work on the principle that each table has a key field that uniquely identifies each row, and that these key fields can be used to connect one table of data to another. Relational databases are more flexible than either the hierarchical or network database structures and comparatively simple and easy to implement. 23 In figure 1.4, record keys within the tables are used to link the tables. Student_file uses Studid to link with Studid in Assessment_file, and uses Progid and Hallid to link the Programme_File and Hall_File respectively. Programme_File and Hall_File are linked by Facultyid in the respective tables. 24 Student_ File Studid First Name Middle Name Last Name Progid Hallid Assessment_File Programme_File Progid Facultyid Programme Name Hall_File Hallid Studid Hall Name Quiz1 Facultyid Quiz2 Faculty Name Exam Total Grade Figure 3.5: Relational DMBS Hierarchical DMBS In Hierarchical DMBS, database is organized in pyramid fashion, like the branches of a tree extending downwards; refer to figure 1.5. The records are linked together such that each child record is linked to a parent record, but a parent can have more than one child record linked to it. A child can also be a parent with children beneath it. It is commonly used by mainframe computers and is one of the oldest approaches of organizing and storing data. The advantage of hierarchical databases is that they can be accessed and updated rapidly because the tree-like structure and the relationships between records are defined in advance. The disadvantage of this type of database structure is that each child in the tree may have only one parent and relationships or linkages between children are not permitted, even if they make sense from a logical standpoint. Hierarchical databases are so rigid in their design that adding a new field or record requires that the entire database be redefined. 25 UNIVERSITY FACULTY A DEPT A2 DEPT A1 FACULTY B DEPT B1 DEPT B2 FACULTY C DEPT B3 DEPT C1 DEPT C2 Figure 3.6: Hierarchical database management system Network DMBS As the name suggests, network databases are interconnected (cobweb) network of records. With network databases, each child or member can have more than one parent or owner as depicted in figure 1.6. Like hierarchical databases, network databases are used on mainframe computers. Since more connections can be made between different types of data, network databases are considered more flexible. The limitations are that similar to hierarchical databases, network databases must be defined in advance. There is also a limit to the number of connections that can be made between records. Football Football School A Hockey School B School C Table Tennis School D School E Figure 3.7: Network database management system Object-oriented DBMS Object-oriented DBMS offers more advanced capabilities than the other databases. Hierarchical and network databases handle data that can be represented by rows and columns. Object-oriented database can be used to store data in a variety of forms such as text, audio and video. 26 The disadvantages associated with object-oriented databases are that, they are more expensive to develop. Also, most organizations find themselves attached (’lock-in’) to a system that they have already deployed and are therefore reluctant to abandon or convert from those databases. However, the benefits to object-oriented databases are convincing. The ability to mix and match reusable objects provides greater multimedia capability. Object 1: Pay Slip Report Object 1 Instance Staff number 2022189 Name Christiana Oppey Number of hours 45 Pay Rate 90 Gross pay 4050 Tax 405 Net pay 3654 Object 2: Social Security Report Staff number Name Social Security Contribution Figure 3.8: Object-oriented DBMS DATABASE ADMINISTRATION Database administration is the management of the physical realization of a database system, which includes physical database design and implementation, setting security and integrity 27 controls, monitoring system performance, and reorganizing the database, as necessary. Thus Database administration refers to the whole set of activities performed by a database administrator to ensure that a database is always available as needed The database administration staff are more technically oriented than the data administration staff, requiring knowledge of specific DBMSs and the operating system environment. Although the primary responsibilities are centered on developing and maintaining systems using the DBMS software to its fullest extent, DBA staff also assist DA staff in other areas. Database Users Database users are the one who really use and take the benefits of database. There will be different types of users depending on their need and way of accessing the database. a. Application Programmers – They are the developers who interact with the database by means of DML queries. These DML queries are written in the application programs like C, C++, JAVA, Pascal etc. These queries are converted into object code to communicate with the database. For example, writing a C program to generate the report of employees who are working in particular department will involve a query to fetch the data from database. It will include embedded SQL query in the C Program. b. Sophisticated Users – They are database developers, who write SQL queries to select/insert/delete/update data. They do not use any application or programs to request the database. They directly interact with the database by means of query language like SQL. These users will be scientists, engineers, analysts who thoroughly study SQL and DBMS to apply the concepts in their requirement. In short, we can say this category includes designers and developers of DBMS and SQL. c. Specialized Users – These are also sophisticated users, but they write special database application programs. They are the developers who develop the complex programs to the requirement. d. Stand-alone Users – These users will have stand –alone database for their personal use. These kinds of database will have readymade database packages which will have menus and graphical interfaces. e. Native Users – these are the users who use the existing application to interact with the database. For example, online library system, ticket booking systems, ATMs etc which 28 has existing application and users use them to interact with the database to fulfill their requests. Types of DBA There are different kinds of DBA depending on the responsibility that one owns. a. Administrative DBA – This DBA is mainly concerned with installing, and maintaining DBMS servers. His prime tasks are installing, backups, recovery, security, replications, memory management, configurations and tuning. He is mainly responsible for all administrative tasks of a database. b. Development DBA – He is responsible for creating queries and procedure for the requirement. Basically his task is similar to any database developer. c. Database Architect – Database architect is responsible for creating and maintaining the users, roles, access rights, tables, views, constraints and indexes. He is mainly responsible for designing the structure of the database depending on the requirement. These structures will be used by developers and development DBA to code. d. Data Warehouse DBA –DBA should be able to maintain the data and procedures from various sources in the data warehouse. These sources can be files, COBOL, or any other programs. Here data and programs will be from different sources. A good DBA should be able to keep the performance and function levels from these sources at same pace to make the data warehouse to work. e. Application DBA –He acts like a bridge between the application program and the database. He makes sure all the application program is optimized to interact with the database. He ensures all the activities from installing, upgrading, and patching, maintaining, backup, recovery to executing the records works without any issues. f. OLAP DBA – He is responsible for installing and maintaining the database in OLAP systems. He maintains only OLAP databases. Database administration tasks. a. Evaluating and selecting DBMS products. b. Undertaking physical database design. c. Implementing a physical database design using a target DBMS. d. Defining security and integrity constraints. 29 e. Liaising with database application developers. f. Developing test strategies. g. Training users. h. Responsible for ‘signing off’ the implemented database system. i. Monitoring system performance and tuning the database, as appropriate. j. Performing backups routinely. k. Ensuring recovery mechanisms and procedures are in place. l. Ensuring documentation is complete including in-house produced material.\ m. Keeping up to date with software and hardware developments and costs, and installing updates as necessary. n. Selection of hardware and software o. Tuning database performance p. Improving query processing performance Additional Reading Resources Elmasri, R. & Navathe, S.B.(2011). Fundamentals of Database Systems (6 Ed.). Boston: Addison-Wesley. 30 UNIT4: ELECTRONIC BUSINESS Electronic business, also known as e-business or Internet business may be defined as the application of information and communication technologies (ICT) in support of all the activities of business. E-business is broader than e-commerce. Benefits of e-business The benefits of e-business are enormous. Some of them are discussed below. Create cost savings and operational efficiencies: E-business leads to cost savings and operational efficiencies as most of the manual aspects of doing business and their associated inefficiencies are replaced by electronic means which eliminates the bottlenecks associated with the traditional ways of business. Reach out more customers and markets: With the Internet as the medium, one’s clients in ebusiness are the whole world due to the ubiquitous nature of the Internet. Thus, making the potential market size very big. Make it easier to do business: With distance not barrier in e-business, doing business via the net is devoid of the challenges associated with the traditional way of doing business. Meet the needs and expectations of customers and clients: Ebusiness ensures better and quicker customer service. E-business allows people to carry out transactions without the barriers of time or distance. One can log on to the Internet at any point in time, be it day or night and transact business. This encourages clients to transact business at their convenience. Improve Marketing and Promotion: A well designed website is also an excellent medium for advertizing what one does, with an added advantage of reaching everyone connected to the net. E-business also facilitates targeted and personalized marketing. Strategic and Operational Benefits: The strategic and operational benefits of making a business ‘ebusiness enabled’ are that they help reduce the delivery time, labour cost and other cost incurred in business. Challenges of e-Business Hardware and Software Cost: High cost associated with providing hardware, software etc., to ensure the confidentiality and privacy of the transaction. Especially the information concerning customer credit card number, password and other bank details. No Paper-based Copy to Track Operations: Absence of paper-based copy of transaction to assist audit trail when the need arises. Risk of Abuse by Service Provider: Some mischievous ecommerce providers and untrusted traders can misuse confidential information relating to their clients for personal purposes. Security Threats: Ebusiness like most online-based transactions are prone to the activities of hackers, crackers and other Internet security threats. Customers also feel insecure about the integrity and confidentiality relating to their details about their transaction, in particular those concerning their credit cards etc. IMPLICATIONS OF THE INTERNET ON BUSINESS Increased Revenue as a result of Global-Wide Market Size The Internet has provided opportunity to make goods and services available online to globalwide customers. This translates into more revenue. EDI Becomes the Standard Method of Doing Business Electronic Data Interchange (EDI) is the electronic transmission or interchange of data/information using standardized format between organizations. EDI has become indispensable in ecommerce. Reduced Transaction Cost With EDI transaction, cost associated with business is reduced significantly. This is because most things are done electronically and they are devoid of the costs that are associated with the traditional way of carrying out transactions. Decreased use of Cash Doing business via Internet is devoid of face-to-face contact. Thus, payments are done using credit cards and other digital cash media. The risk of carrying cash is absent. Elimination of Intermediary Organizations With ecommerce, the buyer and the seller of goods or services interact directly without any intermediary such as a retailer, which is a benefit to the customer since it eliminates cost. Personalised or Individualised Marketing Internet facilitates the situation of targeting a product or service to an individual customer. The Internet is able to collect information about individual taste, interest and preferences and then creates product and/or advertisement of special interest to that individual. Increased use of Intranets or Extranets As we know, both the Intranet and Extranet are all ‘offspring’ of the Internet. They are used extensively in business for various purposes. Telecommuting The advent of Internet has given rise to telecommuting which is the situation where people work from remote location, usually home, using computers, fax, telephone, etc., and electronically linking to work/office to perform similar work rather than commuting to and from office. Increased Competition Competition is rife among businesses as all customers are within the reach of every organization via the Internet. ELECTRONIC COMMERCE Electronic commerce, commonly known as e-commerce or ecommerce, consists of the buying and selling of products or services over the Internet and other computer networks. E-commerce is a subset of e-business. Most big retailers have electronic commerce presence on the World Wide Web. E-retail, e-wholesale, e-marketing are also derivatives of ecommerce, and are commercial entities that operate their business only on the Internet. In e-commerce, businesses use online advertisements, also known as online marketing or Internet marketing to deliver marketing messages to potential customers. Types of Electronic Commerce Ecommerce can be classified according to the participants in the transactions. By that classification, the following types can be identified: B2B: Electronic commerce that is conducted between businesses is referred to as business-tobusiness (B-to-B, B2B). For example, an ecommerce transaction between a manufacturer and a wholesaler. B2G: Exchange of goods and services from one business to a government agency is referred to as business-to-government (B-to-G, B2G). B2C: Electronic commerce that is conducted between businesses and individual consumers is referred to as business-to-consumer (B-to-C, B2C). This is the type of electronic commerce conducted by companies such as Amazon.com. C2C: Electronic commerce that is conducted between a consumer and another is referred to as consumer-to-consumer (C-to-C, C2C). C2C is an Internet facilitated transaction between consumers through a third party. The most common form of C2C is the online auction. In this form of C2C, consumers post items for sale and other consumers bid to buy them. The third party that facilitates the transaction may charge a fee or commission. eBay is one of most foremost online market place where buyers and sellers meet and trade in wide amount of goods. In Ghana for example, tonaton.com provides the facilities that connects sellers and buyers to do their transaction electronically. Advantages of ecommerce The following are some of the advantages of ecommerce: a. E-commerce allows products to be sold directly to consumers without the need of retailers. At the convenience of your home or office, one can order an HP computer from www.hp.com. b. A benefit of ecommerce to customers is that, it facilitates them to make price and product comparison between businesses. It is very easy to make price and product comparisons online. Sites such as BizRate, NexTag and shopLocal help to find the best price of a product. c. Faster buying and selling procedure. d. Buying and selling can be transacted any time, any day. e. E-commerce facilitates reaching out to more customers as theoretically, there are no geographic limitations – nationally and internationally. f. Low operational costs and better quality of services. g. There is no need to set up physical company. h. Customers can easily select products from different providers without moving around physically. i. Cost incurred when doing business on the global level has reduced as with e-commerce, ones business presence on the Internet affords the business the opportunity to do business with customers globally. j. Improve marketing and promotion of goods and services. k. Ecommerce enables smaller companies to compete with larger companies. Disadvantages of ecommerce The following are some of the disadvantages of ecommerce: a. Businesses now find themselves in stiffer competition on the international level. b. The move to the ecommerce requires some level of investment in hardware, telecommunication equipment, software etc. c. Any one, good or bad, can pretend to be doing ecommerce. There are many fraudulent sites which cheat customers. d. There is no guarantee of product quality or service. e. Security – The integrity and confidentiality of some customer’s payment details have been abused. f. There are many hackers who look for opportunities and thus an ecommerce site, service, payment gateways, all are always prone to attack. Thus cybercrime and security in general are challenges. g. The direct touch in conducting business or commerce is absent. h. Loss of customer confidence in case of security breaches. Impacts of E-Commerce on Business E-commerce has impacted on business in many ways. Some of them are as follows: a. Product promotion. b. New sales channel (Wider market). c. Reduced cycle time. d. Enhanced Customer services. e. Customization of product and services. f. One-one or direct advertisement. g. Technology and Organizational learning. h. Trading online. i. Changing nature of work. j. Cashless and electronic payment systems. k. Cost savings. E-Commerce Applications • E-Marketing • E-Advertising • E-Banking • E-Learning • Mobile Commerce • Online Shopping • Entertainment E-Marketing E-Marketing also known as Internet Marketing, Online Marketing, Web Marketing. It is the marketing of products or services over the internet. It is considered to be broad in scope because not refers to marketing on the internet but also done in Email and wireless media. E-Marketing ties together the creative and technical aspects of the internet, including design development, advertising and sales. Internet marketing is associated with several business models i.e., B2C, B2B, C2C. Internet marketing is inexpensive when examine the ratio of cost to the reach of the target. E-Advertising It is also known as online advertising it is a form of promotion that uses internet and World Wide Web to deliver marketing messages to attracts customers. Example: Banner ads, Social network advertising, online classified advertising etc. The growth of these particular media attracts the attention of advertisers as a more productive source to bring in consumers. E-Banking Means any user with a personal computer and browser can get connected to his banks, website to perform any of the banking functions. In internet banking system the bank has a centralized data base i.e., web-enabled. Best example for E-Banking is ATM. An ATM is an electronic fund transfer terminal capable of handling cash deposits, transfer, Balance enquiries, cash withdrawals, and pay bills. • SERVICES THROUGH E-BANKING: Ø Bill Payment Service Ø Fund Transfer Ø Investing through Internet Banking Ø Shopping E-Learning:E-Learning comprises all forms of electronically supported learning and teaching. E-Learning applications and processes include web-based learning, computerbased learning. Content is delivered via. The internet, intranet/extranet, audio, or video tape, satellite TV. E-Learning is naturally suited to distance and flexible learning, but can also be used conjunction with face-to-face teaching. E-Learning can also refer to the educational website such as those offering learning scenarios worst and interactive exercises for children. A learning management system (LMS) is software used for delivering, tracking, and managing training /education. Mobile Commerce Mobile Commerce also known as M-Commerce, is the ability to conduct, commerce as a mobile device, such as mobile phone. Banks and other financial institutions use mobile commerce to allow their customers to access account information and make transactions, such as purchasing, withdrawals etc., Using a mobile browser customers can shop online without having to be at their personal computer. • SERVICES ARE: 1. Mobile ticketing 2. Mobile contract purchase and delivery mainly consumes of the sale of ring tones, wallpapers and games of mobile phones. 3. Local base services • Local discount offers • Local weather 4. Information services • News • Sports, Scores Online Shopping Online shopping is the process whereby consumers directly buy goods or services from a sell in real time, without intermediary services over the internet. An online shop, e-shop, e-store, internet shop web shop, web store, online store, or virtual shop evokes the physical analogy of buying products or services in a shopping center. In order to shop online, one must be able to have access to a computer, a bank account and debit card. Online shoppers commonly use credit card to make payments , however some systems enable users to create accounts and pay by alternative means ,such as • Cheque. • Debit cards. • Gift cards Online stores are usually available 24 by 7. Entertainment:The conventional media that have been used for entertainment are 1. Books/magazines. 2. Radio. 3. Television/films. 4. Video games. Online books /newspapers, online radio, online television, online firms, and online games are common place in internet where we can entertain. Online social networking websites are one of the biggest sources of E-entertainment for today’s tech-savvy generation. E-COMMERCE PAYMENT SYSTEMS E-commerce payment system provides the means for electronic payment for online transactions. A variety of online payment systems for e-commerce are in the offering, some of them are discussed below: Credit Cards: A credit card is any card that may be used to borrow money or buy products and services on credit. It is normally issued by banks, savings and loans enterprises, retail stores and other businesses. Credit card is the most common form of payment for e-commerce transactions. It consists of plastic card with a magnetic strip and it is portable enough to fit into wallets or purses. Holders of a valid card have the authorization to purchase goods and services up to a predetermined amount, called a credit limit. The vendor receives essential information from the cardholder. The bank issuing the card actually reimburses the vendor, and eventually the cardholder repays the bank through regular monthly payments. If the entire balance is not paid in full, the issuer can legally charge interest fees on the unpaid portion. Digital Wallets: A digital wallet or e-wallet is also another type of e-commerce payment system. Much like a physical wallet, a digital wallet can store your personal information and payment. Most wallets reside on the user's PC, but recent versions, called "thin" wallets, are placed on the credit card issuer's server. Once the software is installed on your digital wallet, you enter your personal information such as name and billing address, then connect it to your banking information so you can use it to withdraw funds from your account(s) when making on-line purchases. E-cash: It is an Internet-based system that allows funds to be transferred electronically and items purchased by credit card, cheque or by money order. E-cash provides secure and private on-line transaction processing. Mobile Payment: Another form of e-commerce payment system is mobile payment also referred to as mobile money, mobile money transfer, or mobile wallet. With this kind of system, a consumer uses a mobile device such as a cell phone to pay for products or services. Instead of using cash or credit cards to buy something, the user simply sends a payment request via text message. If the vendor has the mobile billing capability, the consumer's mobile account or credit card is charged for the purchase. Bank transfers. While not everyone has a credit card, you can be sure that almost all of your customers will have a bank account to keep their cash in. However, despite the fact that online shopping is at an all-time high, consumers still have concerns about security when handing over card details. The main benefit of bank transfers is that customers don’t have to disclose any financial details to you in order to make a purchase. UNIT 5: SOCIAL, ETHICAL AND HEALTH ISSUES IN ICT Introduction ICT is a key technology of the modern era and has been central and essential to key operations in modern industrial society, including manufacturing, transport and distribution, government, the military, health services, education and research. Their impact of ICT on society will most likely increased over the years Society has become exposed to the abuse and misuse of ICT thereby creating problems such as computer crime, software theft, hacking, viruses, invasions of privacy, an over- reliance on intelligent machines and workplace stress, each of which has created one or more social, ethical etc issues. In this unit we will discuss the following which are some of the new social issues that have come about due to ICT and its related technologies. COMPUTER CRIME AND COMPUTER CRIMINALS New technology brings with it new opportunities for crime, but in many ways, computers and computer networks have left many open doors for criminal to enter. With the advent of computers, criminals have found a new way to commit crimes. A computer crime or cybercrime is any unlawful activity that is done using a computer and computer network. A related word is netcrime. It refers more to criminal exploitation of the Internet. Computer crime is the act of performing any illegal action such as stealing, embezzling or defrauding an organization with the use of a computer. Many such crimes frequently go either undetected or unreported. Crimes such as the following are on the increased: i. People are stealing or doctoring data, or threatening to destroy data to extort money from companies. ii. ATMs (Automated teller machines), EFT (Electronic funds transfer), EDI (Electronic data interchange), cellular phones are all vulnerable. iii. Desktop publishing has made forgery and counterfeiting easier than it used to be. 1 Reasons for Increased in Crimes i. Rapid technology growth ii. Easy availability of hacker/hacking tools iii. Anonymity (Unrecognizability) iv. Cut-and-past programming technology v. Communication speed vi. High degree of internetworking vii. Increasing dependency on computers Some of the perpetrators of computer crimes are employees, hackers, crackers, cyberextortionist and cyberterrorist. Employees The largest category of computer criminals is the actual employees who have been trusted with the system and as such have easy access to the system. Newspapers are full of news about dishonest and mischievous employees who have used computers to defraud their organizations. Cracker A cracker is someone who accesses a computer or network illegally and has the intent of destroying data, corrupting program, stealing or altering data, introducing viruses and performing other malicious actions. Hacker Originally the term ‘hacker’ was a complimentary word for a computer enthusiast. Now it has a derogatory connotation with the same definition as cracker. A hacker therefore is also someone who accesses someone’s computer or network illegally for profit and other malicious intentions. 2 Cyberextortionist. A cyberextortionist is someone who carries out cyberextortion. Cyberextortion is a crime involving an attack or threat against an enterprise, coupled with a demand for money to avert or stop the attack. Cyberextortion can take forms such as denial of service (DoS) attacks, encrypting victim’s data, taking ‘hostage’ the ICT facilities of the victim, etc. The opportunities of cyberextortions have increased because a number of organizations and enterprises rely on the Internet for their business. Cyberterrorist A Cyberterrorist is someone who commits cyberterrorism. Cyberterrorism is any premeditated, politically motivated attack against information, computer systems, computer programs and data which results in physical violence or extreme financial loss against the victim. Cyberterrorism is a also a word used to describe the use of Internet based attacks in terrorist activities, including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet, by the means of tools such as computer viruses. Cyberterrorism is sometimes referred to as electronic terrorism or information war. Computer Fraud Computer fraud is a computer-related crime involving deliberate misrepresentation or alteration of data in order to obtain something of value. Computer fraud can therefore be described as a subset of computer crime. Examples of computer crimes are: a. Altering computer input in an unauthorized way. b. Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions. c. Altering or deleting stored data. d. Altering or misusing existing system tools or software packages, or altering or writing 3 code for fraudulent purposes. Cyberwarfare Cyberwarfare is also known as cyberwar and Cyber Warfare. It is the use of computers and the Internet in conducting warfare in cyberspace. Software Piracy It is the violating of copyright on software, that is, making an illegal (unauthorized) copy of software. With respect to software, it is illegal to download copyright-protected music and videos from the Internet. Software piracy costs the software industry billions of dollars a year. MALICIOUS PROGRAMS Malicious programs known as Malware, is a contraction of two words; Malicious and Software. It is a software designed to secretly access a computer system without the owner's informed consent. It is a term that refers to a variety of hostile, intrusive, or annoying software. Malware therefore includes computer viruses, worms, Trojan horses, spyware, dishonest adware, scareware, crimeware and unwanted software or programs. Computer Viruses A computer virus is a computer program that can copy itself and infect a computer. When the virus infects a computer, it can spread throughout, corrupt (damage) files, erased file, damaged disks, and shut down computer systems and negatively alter the ways the computer works. A virus can spread from one computer to another when the program that it has attached itself is copied onto another computer. It can also spread through a network or carried on a removable medium such as a CD, DVD or USB drive, or through email attachments, or programs downloaded from the Internet or even through Internet. Viruses are sometimes wrongly used to refer to other types of malwares such as Trojan horses, worms etc. Worms 4 A computer worm is a self-replicating malware computer program. Unlike a virus, it does not need to attach itself to an existing program. A worm may copy itself into the computer memory. The key difference between a virus and worm is the manner in which it reproduces and spreads. A virus is dependent upon the host file or boot sector, and the transfer of files between computers to spread, whereas a computer worm can execute completely independently and spread on its own accord through network connections. The security threat from worms is equivalent to that of viruses. Computer worms are capable of doing an entire series of damage such as destroying crucial files in your system, slowing it down to a large degree or even causing some critical programs to stop working. Some examples of worms are the MS-Blaster, Sasser worms and Internet worms. Trojan Horse In the field of computers, a Trojan horse is a program in which malicious or harmful code is contained or hidden inside in such a way that it can get control and do its chosen form of damage. The term comes from Greek mythology about the Trojan War. According to legend, the Greeks presented the citizens of Troy with a large wooden horse in which they had secretly hidden their warriors. During the night, the warriors emerged from the wooden horse and overran the city. A computer infected with malware can experience any of the following: a. Files/programs are corrupted. b. Files/programs disappear. c. The speed of the computer becomes slow. d. Systems settings or properties change. e. Screen displays unusual message or image. f. Music or unusual sound plays randomly. g. Available memory is less than expected. h. Programs or files do not work properly. i. Unknown programs or files mysteriously appear. 5 Safeguarding Against Computer Malware It is important to constantly check your computer and storage media for malwares. Checking for malwares require antivirus software, which scan disks and programs to detect and eradicate them. Antivirus software are programs that scan disks, prevent, detect and remove viruses. Some common antivirus programs are AVG, Kaspersky, McAfee VirusScan, etc. Because new viruses keep on appearing, it is important that you also constantly update your antivirus software to be able to handle these new viruses. This means that you should have proprietary antivirus software that will allow regular updates to be downloaded from the Internet. Though no method guarantees a computer or network is safe from malicious programs, some of these precautions below can be taken to reduce the risk of virus infection: a. Do not boot your computer with removable media inserted in the drives or plugged in the ports. b. Do not open an email attachment unless you are sure of its source. c. Install antivirus and update it regularly. d. Check all downloaded programs for malwares. e. If antivirus flag email attachment as infected, delete the attachment immediately. f. Scan for viruses before you use any removable media. g. Install firewall. h. Make backup copies of your important files. HARDWARE THEFT AND VANDALISM Hardware theft is the act of stealing computer equipment. Hardware vandalism on the other hand is the act of defacing or destroying computer equipment. Hardware theft and vandalism may be motivated by the perpetrator to hide evidence of fraud committed with the computer. Precautions to prevent hardware theft include the following: a. Use physical access controls, such as locked doors and windows. 6 b. Use cables to lock the equipment to desk, cabinet or floor. c. Install alarm systems for additional security. d. Never leave a notebook computer or handheld computer unattended in a public place. e. Use passwords, possessed objects and biometrics as a method of security. f. Back up all the files stored on the computer regularly. SOFTWARE THEFT Software theft is in can be categorized into three. These are stealing of software, intentionally erasing a software and software piracy. Stealing of Software With this kind of software theft, the perpetrator physically steals the media that contains the software. Intentionally Erasing of Software Computer vandals are fond of everything and intentionally erasing software is no exception. Programmers also intentionally delete software that they have written in-house when they are fired, as a form of retaliation. Software Piracy It is the violating of copyright on software, that is, making an illegal (unauthorized) copy of software. With respect to software, it is illegal to download copyright-protected music and videos from the Internet. INFORMATION THEFT Information theft is when someone steals confidential information. Such information can be used to the disadvantage of the victim. An organization can buy stolen information about its competitor. Personal information such as credit card numbers are also susceptible to theft if they are transmitted over a network. A variety of encryption techniques are used by individuals and companies to protect information on the Internet and networks. 7 Phishing Phishing is a criminally fraudulent (scam) process of attempting to acquire sensitive information such as usernames, passwords and credit card details by pretending as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. To avoid falling victim to phishing, users of the Internet are advised to adhere to the following: a. Never respond to an email asking for personal identification. b. If you doubt the authenticity of a message, verify it by contacting the institution itself. c. Avoid spoofed sites by entering web address into the browser, do not just click on link in message. d. Give an incorrect password first. A phishing site will accept it but a legitimate one would not accept it. INTELLECTUAL PROPERTY RIGHTS Intellectual property refers to unique and original works such as ideas, inventions, writings, art, processes, company and product names and logos. Intellectual property rights are the rights to which creators are entitled for their work. Issues of intellectual property are of concern because many of these works are available digitally and thus easily accessible. Plagiarism Plagiarism is the act of taking another person's writing, conversation, song or even idea and using it as your own. This includes information from web pages, books, songs, television shows, email messages, interviews, articles, artworks or any other medium. Copyright Copyright is a set of exclusive rights regulating the use of a particular expression of an idea or information. A copyright gives authors and artists exclusive rights to duplicate, publish and 8 sell their materials. Copyright protects any tangible form of expression. In most cases, these rights are of limited duration. For instance in some countries, copyright lasts for the life of the author plus 70 years. The symbol for copyright is © or in some instances (c). Copyright on Software Software users’ should read software license to know their restrictions. They should also follow the guidelines for commercial, shareware or freeware software. Generally, the copyright law and guidelines allow users to: a. Make one backup copy of a software program that you own. b. Use the back-up copy only if the original fails. c. Adapt a computer program to your use by adding to the content or adapting it to another language. You cannot sell, distribute or transfer the adapted version of that program. You are not allowed to: a. Make multiple back-up copies. b. Make one copy for home and one copy for school use. c. Make a copy for someone. COMPUTER OR INFORMATION PRIVACY While the obvious benefits of computers on networks/Internet they pose potential evasion of privacy and other privacy risks. Privacy The concept of privacy is narrower than security; being closely related to the idea of confidentiality, or the need to prevent authorised disclosure of data. In the field of ICT, information privacy refers to the right of individual or an organization to restrict or deny the dissemination or use of information about them. The Internet and Privacy Risk Anyone who uses the Internet should be concerned about privacy issues since there are a lot of programs on the net which can be tracking his/her activities or picking information about him or her without the knowledge of the user. Some of these programs are as follows: Cookies 9 A cookie also known as a web cookie, browser cookie, and HTTP cookie is a specialized program that is put on your computer from the web sites that you have visited. These programs are deposited without your knowledge and they are used to monitor your web activities. They record the sites you visit, what you do at the sites, your preferences and other information you provide about yourself such as passwords and credit card numbers. Most browsers are able to control many types of cookies. You can also use cookie-cutter programs to control unwanted cookies. Spyware and Adware Spyware is a type of malware that can be installed on computers and collects little bits of information at a time about users Internet activities without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Web Bug A web bug is an object that is embedded in a web page or e-mail and is usually invisible to the user. It collects and reports information back to a predefined server on the web. One common use is in e-mail tracking, that is, if an e-mail was read or forwarded to someone. Web bug can be used to secretly read a user’s email messages. Computer Monitoring It is also known as Spy software or keylogger. This is one of the dangerous types of spyware. It allows remote computer monitoring and keylogger recording in real time. The built-in keystroke recorder allows the one monitoring to know everything a user types in his emails, chats and other programs, including passwords, views and records Internet activity, trace all programs started and run by the user. The good news is that many developers have released anti spyware software that are dedicated to blocking or removing spyware. Spam Spam, also referred to as junk mail is an unsolicited mail. Sending of Spam violates acceptable computer user policies. The content of spam ranges from advertising to offensive material. Users can reduce the amount of spams they receive by having email filtering or installing anti- 10 spam program. The disadvantage of email filters and anti-spam program is that they mistakenly remove valid email messages. Tips to Protect Privacy while on the Web a. Encrypt sensitive e-mail. Use encrypting software to encrypt your sensitive emails to ensure that they are not readable by unauthorized people. b. Hide your identity. Use special web sites that forward email without disclosing your real identity. c. Block Cookies. Use a browser that can block undesired cookies. d. Becareful about releasing information about yourself. Do not be too generous with information about yourself when you are online. Do not disclose your personal information to strangers. COMPUTER ETHICS Computer ethics is a new branch of ethics that is growing and changing rapidly as computer technology also grows and develops. The term ‘computer ethics’ in a very broad sense includes standards of professional practice, codes of conduct, aspects of computer law, public policy, corporate ethics, freedom of speech in cyberspace, intellectual property, computer crime, software theft (piracy), information accuracy, intellectual property rights, codes of conduct and information privacy, etc. Information revolution has significantly altered many aspects of life - in banking and commerce, work and employment, medical care, national defense, transportation and entertainment. Consequently, information technology has begun to affect (in both good and bad ways) community life, family life, human relationships, education, freedom, democracy, and so on. As a result there is the need to have moral principles and guidelines that regulate the use of computers. Computer ethics is concerned with standards of conduct pertaining to the use of computers and information systems. 11 Examples of unethical computer codes of conduct include: a. Modifying certain information on the Internet, affecting the accuracy of the information. b. Selling information to other parties without the permission of the owner. c. Use information without authorization. d. Plagiarism. e. Pirating of software. Netiquette Netiquette is a contraction of Internet etiquette; the do's and don'ts of online communication. Netiquette is a term that refers to good behavior while connected to the Internet. It is mainly used when referring to behavior while using Internet facilities such as individual Web sites, emails, newsgroups, message boards, chat rooms or Web communities. It thus covers rules to maintain civility while a user is on the net. Some examples of netiquette are listed below: a. Not using someone else's name and pretending to be the one. b. Not posting or distributing material that is deemed illegal. c. Not using abusive or threatening language (avoiding flames during discussion on the net). d. Not posting racist remarks regarding peoples’ sex, race or gender. e. Not spamming message boards or chat rooms with useless or repeated messages. f. Not trying to obtain or use someone's password. g. Not trying to obtain personal information about someone. Usenet, mailing lists and other public posting areas have binding standards that users of those forums should adhere. For example, netiquette advises users to use simple formats because complex formatting may not appear correctly for all readers. Netiquette requires that people post constructive and relevant messages on places like Usenet newsgroups. Things such as posting messages on a different topic to the subject requested and commercial advertising are seen as bad Netiquette. Posting messages that contain bad spelling and grammar is even seen as bad Netiquette. 12 The Ten Commandments For Computer Ethics 1. Thou shalt not use a computer to harm other people. 2. Thou shalt not interfere with other people's computer work. 3. Thou shalt not snoop around in other people's files. 4. Thou shalt not use a computer to steal. 5. Thou shalt not use a computer to bear false witness. 6. Thou shalt not use or copy software for which you have not paid. 7. Thou shalt not use other people's computer resources without authorization. 8. Thou shalt not appropriate other people's intellectual output. 9. Thou shalt think about the social consequences of the program you write. 10. Thou shalt use a computer in ways that show consideration and respect. COMPUTERS IN THE WORKPLACE AND THEIR HEALTH CONCERNS Health Concern of Computer Use Another social issues associated with the usage ICT in general is the health concerns. Users are one of the key components in any information system. Thus protecting users against computer related health conditions is as important as safeguarding hardware, software, data and information. We describe below some health concerns associated with the use of computers. Computers and Health Risks A repetitive strain injury (RSI) is an injury of disorder of the muscles, nerves and tendon, ligaments and joints. Computer-related RSIs include tendonitis and carpal tunnel syndrome (CTS). Long term computer work can lead to tendonitis or CTS. Factors that account for these disorders include prolonged use of the keyboard and mouse as well as the shifting between the mouse and the keyboard. Another health-related condition due to computer usage is computer vision syndrome. Computer vision syndrome (CVS) is a temporary condition resulting from focusing the eyes 13 on a computer display for protracted, uninterrupted periods of time. Some symptoms of CVS include headaches, blurred vision, neck pain, fatigue, eye strain, dry and irritated eyes, double vision, polyopia and difficulty refocusing the eyes. These symptoms can be further aggravated by improper lighting conditions. Users of computers who spend long time sitting in front of computers may also complain of lower back ache and fatigue, which may be due to poor posture. Ergonomics Ergonomics is the study of physical relationship between people and their tools, such as their computer. It is the science of designing the workplace environment to fit the user. Proper ergonomic design is necessary to prevent repetitive strain injuries, which can develop over time and can lead to long-term disability. Ergonomics is employed to fulfill the two goals of health and productivity. It is relevant in the design of such things as safe furniture, easy-to-use interfaces for machines, and general working environment. GUIDELINES FOR HEALTHY COMPUTING Working with computers can be productive, rewarding and a lot of fun. Unfortunately, prolonged postures, coupled with high levels of concentration and the occasional frustration of things going less than perfectly, can lead to physical problems. Basic understanding in the way users ‘interface’ with the computer can help prevent common health-related problems. Knowledge of the principles of ergonomics, how people interact safely and efficiently with machines and their work environment, can save a lot of discomfort and maximize both productivity and enjoyment. Set your monitor for healthy viewing You must be able to see what you are doing easily to avoid eye strain and neck pain. Ergonomics experts recommend that viewing angle should be about 20 degrees to the centre of the monitor with a viewing distance of 18 to 28 inches. There should be adequate amounts of light. Use the control knobs on the monitor to get suitable viewing. Tilt and height positions of the monitor should be adjusted too for the user. Rearrange things and reposition yourself 14 until you can see well and feel comfortable. Chairs Use a chair with neck rest and arms rest. The chair should have support for the user’s lower back also. The chair should have adjustable seat height and the user should experiment with chair height and/or tilt. Try different chairs until you get the one that makes you feel comfortable. Keyboard Keyboard users should get the right height of the keyboard to prevent too much bend at the wrist and allow the forearm to have some support. The use of wrist rest to support your wrist is important. A common problem associated with the use of keyboard as a result of repetitive motions is Carpal Tunnel Syndrome. Carpal Tunnel Syndrome is considered to be a form of repetitive stress injury. Mouse The continual clicking and precise motions involved in mouse use are a repetitive action that can be a health hazard. A few basic rules can help make handling this convenient input device safer and more comfortable: a. Hold the mouse loosely. b. Use your whole arm and shoulder to move the mouse, not just your wrist. c. Keep your wrist relaxed and neutral, not bent. d. Avoid prolonged postures. e. Left handed users should use a "left handed" mouse, or configure the mouse to work best with their left hand. Desks Make enough space so that you have room to work, especially if you are moving your mouse around. Use a paper holder to keep letters or books at eye level. Your work space should be set up so that you need not twist your neck. Documents should be positioned at the same height and next to the monitor, especially if a lot of time is to be spent at these tasks. Make your work space user friendly. 15 Posture The posture you sit in should be comfortable to avoid back pain. Sit upright, with your knee at an angle of 90 degrees. Footrests help, as do cushions if your chair is not providing adequate support. The most important rule is to avoid prolonged positions. Shake your hands and shoulders regularly. Rest your Eyes Occasionally Besides good lighting, the most important eye consideration is to look away from the screen occasionally. Take Frequent Breaks At least once an hour, get right up off your seat and walk around, stretch, yawn, shake, breath, get the blood flowing and stimulate the joints. It is worth the time and trouble as you will feel better and work efficiently. Figure 5.1: Ergonomic sitting posture 16 17 UNIT 6 COMPUTER SECURITY Introduction Issues about computer security, privacy and associated issues have become so paramount of late than ever because of the fact that our society has become unduly reliant on computers to the extent that computers’ failure totally bring to halt operations in business. Besides, today’s computers are used to keep track and store almost every activity of humans such that there is the need to make sure that information on the computers are always accessible at the required times to the right user, and in an unmodified form. COMPUTER SECURITY Computer Security issues are important considerations in the design and operations of information systems in an organization. Security has been defined as the protection of data from accidental or deliberate threat which might cause unauthorised modification, disclosure or destruction of data and the protection of the information system from the degradation or non-availability of services as well as the protection of humans against injury and harm. Security is thus broadly defined to incorporate the following: • The protection of data and programs from unauthorised change or modification. • The assurance that systems operate as designed, and that users continue to receive the services that they need. • The protection of hardware against damage. • The protection of users against injury and harm arising from the use of computers. The consequences of a breach of security may cause: a. Loss of confidentiality (for example through hacking). b. Loss of integrity (for example due to alteration of data by mischievous employee) c. Loss of availability of computer services (for example due to fire outbreak). Core Principles of Computer Security The three key concepts that form the core principles of computer security are Confidentiality, Integrity and Availability. These three core concepts are also referred to as the CIA triad. 1 Confidentiality Integrity Availability Figure 14.1: CIA Triad Confidentiality It is the authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A breach of confidentiality leads to loss of confidentiality. A loss of confidentiality is the unauthorized disclosure of information either accidental or intentional. A breach of confidentiality occurs if a hacker breaks into a computer of an organization and gets access to its database. Integrity It is the guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. A breach of integrity leads to loss of integrity. A loss of integrity is the unauthorized modification or destruction of information. A loss of integrity occurs if an unauthorised user gets access to a system and modifies it for his or her personal gain. Availability It is ensuring timely and reliable access to and use of information and computing systems. A 2 breach of availability leads to loss of availability. A loss of availability is the disruption of access to or use of information or an information system. A power outage can lead to loss of availability if there are no backup power systems in place. Threats to Computer or Information Security Making computer and information systems secured means keeping them safe from criminals, natural disasters and other threats. Computer and information systems are more susceptible or vulnerable to threats. The following are some of the major threats: a. Hardware failure. b. Fire. c. Software failure. d. Electrical problems. e. Personnel actions. f. User Errors. g. Technical access penetration. h. Theft of data, services, equipment. i. Program changes. j. Telecommunications problem. k. Physical damage storage media. l. Damage to data. m. Damage to humans. n. Operational problems. o. Industrial espionage/fraud. p. War and Terrorisms. CONTROLS OR MEASURES TO ENSURE COMPUTER SECURITY To minimize errors, disasters, computer crimes and other breaches of security, special policies and procedures must be incorporated into the design and implementation of information systems. The combination of manual and automated measures that safeguard information systems and ensure that they perform according to management standards is known as controls. 3 Controls therefore are methods, policies and procedures that ensure protection of the organization’s assets, accuracy and reliability of its records, and operational adherence to management standards. The following are some of the controls that are usually implemented. Administrative Control Administrative controls (also called procedural controls) consist of approved written policies, procedures, standards and guidelines. They are thus formalized procedures to ensure that organization’s controls are properly executed and adhered to. Administrative controls form the framework for running the business and managing people. They inform people on how the business is to be run and how day-to-day operations are to be conducted. They also form the basis for the selection and implementation of logical and physical controls. Examples of administrative controls include the corporate security policy, password policy segregation of functions, written policies and procedures, as well as supervision. Segregation of functions or duties ensure that an individual cannot initiate and complete a critical task by himself. For example, an employee who submits a request for reimbursement should not also be able to authorize payment or print the cheque. An applications programmer should not also be the server administrator or the database administrator. These roles and responsibilities must be separated from one another so as to minimize the risk of errors or fraudulent manipulation for personal gains. Administrative controls also include job rotation, IT auditing, training, awareness and education of staff about the need and how to make the systems more secured. Human Resource policies and hiring practices such as screening of staff to establish their character and competence are also considered as part of administrative controls. Logical Controls Logical controls use software and data to monitor and control access to information and computing systems. The use of passwords, network intrusion detection systems, access control lists, constrained user interface are all examples of logical controls. Physical Controls 4 Physical controls monitor and control the environment of the work place and computing facilities. They also monitor and control access to and from such facilities. For example the use of doors, locks, heating and air conditioning, smoke and fire alarms, fire suppression systems, cameras, CCTV, motion detectors, barricades, fencing, security guards, cable locks. Others such as Badges & Swipe cards, Man-Traps, Safes & Locking, Computer cases are all effective physical control measures. Software Controls Software controls are built into the design of the software to monitor the use of the system and prevent unauthorized access to the software. Some software controls are in the form of input controls, processing controls and output controls. Backing Up and Recovering Procedures To prevent data loss, users of computer should regularly back up files they cannot afford to lose and store them in a safe remote location (offsite). A backup is a duplicate or copy of a database or program or storage media that can be used if the original is lost or destroyed. In case of a failure of the working copy, the backup copy is recovered (restored) onto the computer so that computer operations can continue. Organizations should have excellent backup and recovering procedures in place. Data Security Controls They ensure that organization’s operational data files on storage media are not subject to unauthorized access, change or destruction. The use of both logical access control measure such as password and physical restriction measures are used to ensure data security. Authentication Computer security authentication is verifying the identity of a person logging onto a network. It involves confirming the validity of a person in the form of identification such as a password, PIN, passphrase, biometrics, smart cards. Multifactor authentication uses two or more authentication such as password and fingerprint to provide increased security. 5 Encryption Data that are transmitted over network is vulnerable to unauthorized access. An approach to solve this problem is the use of encryption. Encryption is used to protect the confidentiality of data in transit. Encryption is the process of converting readable text into unreadable characters to prevent unauthorized access. To read the text, the recipient must decrypt the encrypted (scrambled) text into a readable form using an encryption key. Businesses and individuals use encryption techniques to transmit confidential data and information Firewall A firewall is a hardware and/or software that protect a network’s resources from intrusion by unauthorized users. All electronic communications coming into and leaving the organizations must be evaluated by firewall before access is permitted or denied based on set of rules. Companies use firewalls to protect network resources from outsiders and to restrict access to sensitive data. Firewalls therefore act as security buffer between an organization’s private network and all external networks. Others Security is also controlled by the use of authentication devices such as biometrics readers, Tokens, Smart Cards, etc. Others are the use of malware guards (antivirus), IT forensics, intrusion detection systems etc. 6

4 5852846895986117388

Related documents

Products

Support

4 5852846895986117388

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib