UNIT-I

MANAGEMENT INFORMATION SYSTEM

Definition:
It refers to the processing of information through computers and other intelligent devices
to manage and support managerial decisions within an organization.

Management Information Systems (MIS) is the study of people, technology, organizations,

and the relationships among them. MIS professionals help firms realize maximum benefit
from investment in personnel, equipment, and business processes. MIS is a people-
oriented field with an emphasis on service through technology. If you have an interest in
technology and have the desire to use technology to improve people‘s lives, a degree in
MIS may be for you.
An automated system designed to provide progress and status information to management
as an aid to decision making.
MIS stands for management information system. Business managers at all levels of an
organization, from assistant managers to executives, rely on reports generated from these
systems to help them evaluate their business' daily activities or problems that arise, make
decisions, and track progress.
Management Information System, commonly referred to as MIS is a phrase consisting of
three words: management, information and systems. Looking at these three words, it‘s
easy to define Management Information Systems as systems that provide information to
management.
That is the simple definition of MIS that generally sums up what a Management
Information System is, and what it should do. However, its role and impact on the smooth
operation of a company can never be overemphasized. That is the reason why every
successful company makes use of these systems in one way or another.
The reason why Management Information Systems are very important in the day-to-day
operation of companies is because these systems work with people, organizations,
technology and relationships among the people and organizations affecting the company.

MIS Importance:
Management Information System is formal method of collecting information in
summarized form. It is network established within an organization to provide information
to managers. It provides systematic and analytical information necessary to all level of
1
managers. It helps managers to take right decision at the right time. Importance of MIS is
described as follows:
1. Management Information System is always management oriented and keeps in view
every level of management and gets the desired information.
2. Integrated – refers to how different components (sub systems) are actually tied up
together. eg: different departments of organization linked together.
3. Useful for planning – as every organization makes log-term and short-term plans with
the help of information like sales & production, capital investments, stocks etc
management can easily plan..
4. Effective Management Information System helps the management to know deviations
of actual performance from pre-set targets and control things.
5. It‘s important for increasing efficiency.
6. MIS provides updated results of various departments to management.
7. MIS is highly computerized so it provides accurate results.
8. MIS adds to the intelligence, alertness, awareness of managers by providing them
information in the form of progress and review reports of an ongoing activity.
9. Helps managers in decision- making.
To gain the maximum benefits from your company's information system, you have to
exploit all its capacities. Information systems gain their importance by processing the data
from company inputs to generate information that is useful for managing your operations.
To increase the information system's effectiveness, you can either add more data to make
the information more accurate or use the information in new ways.
Management Information Systems (MIS) not only include software systems, but the entire
set of business processes and resources that are used to pull together information from
functional or tactical systems. Data is then presented in a user-friendly and timely manner
so that mid and upper-level managers can use it to take the right actions. The entire system
is designed so that the company will meet its strategic and tactical goals.
Nature and Scope of MIS:
The concept of MIS is interdisciplinary in nature, i.e. it has borrowed its concepts from a
large number of disciplines like Accounting, Computers, Organizations, Management,
Operations Research and Behavioural Sciences, etc .MIS is neither a pure science nor an
art; it is recognized as a combination of both. An information system is a logical system,
which is concerned with ‗how‘ something is being accomplished and thus may be
differentiated from physical system, which is the process itself and is concerned with the
content or ‗what‘ is going [Link] ,in fact encompasses both physical and information
systems. There has been a lot of debate on the issue whether MIS is more management –
2
oriented or computer –oriented. Though there are advocates of both sides, MIS should be
considered more of a management subject than of computers because of the simple logic
that computers are just tool in the hands of managers. Computers are used for their
characteristics like accuracy, speed and capacity to handle large amount of data.
Nowadays MIS finds application in all functional areas of every type of business
organizations at all levels. MIS caters to information needs of managers in an
organization, thus its scope lies in structured as well as unstructured type of information
which could be gathered from internal as well as external sources of the organization.
Further, with the advent of computers and communication technology, the scope of MIS
has increased manifold.

Structure of MIS: Structure of MIS may be understood by looking at the physical

components of the information system in an organization. The physical components of an
organizational information system may be hardware, software, database, manual
procedures and operating persons. A brief description of these components has been
outlined in the following paragraphs:
Hardware:
Hardware refers to the physical data processing equipment and peripheral devices, For
example, CPU, monitor, keyboard, printer, drives, tapes, communication devices, etc.
Software:
Software is a broad term given to the instructions or programs that direct the operating of
the hardware. Software could be of two types, i.e. system software and application
software.
Database:
The database consists of all data utilized by application software. Data is stored in files.

3
Procedures:
Formal operating procedures, which are required to operate a system, such as manuals, are
also regarded as physical elements.

Operating Personnel:
Personnel like Computer Operators, Computer Programmers, System Analysts, System
Managers, etc., are the operating people of the information systems.
Input and Output:
Various physical inputs and outputs from the information system, existing in forms like
printout, reports etc.

MIS - Classification of Information:

Information can be classified in a number of ways:
1. Classification by Characteristic :-Based on Anthony's classification of Management,
information used in business for decisionmaking is generally categorized into three types:
 Strategic Information: Strategic information is concerned with long term policy
decisions that defines the objectives of a business and checks how well these
objectives are met. For example, acquiring a new plant, a new product,
diversification of business etc, comes under strategic information.
 Tactical Information: Tactical information is concerned with the information
needed for exercising control over business resources, like budgeting, quality
control, service level, inventory level, productivity level etc.
 Operational Information: Operational information is concerned with
plant/business level information and is used to ensure proper conduction of specific
operational tasks as planned/intended. Various operator specific, machine specific
and shift specific jobs for quality control checks comes under this category. 

4
2. Classification by Application
In terms of applications, information can be categorized as:
 Planning Information: These are the information needed for establishing standard
norms and specifications in an organization. This information is used in strategic,
tactical, and operation planning of any activity. Examples of such information are
time standards, design standards.
 Control Information: This information is needed for establishing control over all
business activities through feedback mechanism. This information is used for
controlling attainment, nature and utilization of important processes in a system.
When such information reflects a deviation from the established standards, the
system should induce a decision or an action leading to control.
 Knowledge Information: Knowledge is defined as "information about
information". Knowledge information is acquired through experience and learning,
and collected from archival data and research studies.
 Organizational Information: Organizational information deals with an
organization’s environment, culture in the light of its objectives. Karl Weick's
Organizational Information Theory emphasizes that an organization reduces its
equivocality or uncertainty by collecting, managing and using these information
prudently. This information is used by everybody in the organization; examples of
such information are employee and payroll information.
 Functional/Operational Information: This is operation specific information. For
example, daily schedules in a manufacturing plant that refers to the detailed
assignment of jobs to machines or machines to operators. In a service oriented
business, it would be the duty roster of various personnel. This information is
mostly internal to the organization.
 Database Information: Database information construes large quantities of
information that has multiple usage and application. Such information is stored,

5
 retrieved and managed to create databases. For example, material specification or
supplier information is stored for multiple users.
Information and Systems Concept:
An information system (IS) is an organized system for the collection, organization,
storage and communication of information. More specifically, it is the study of
complementary networks that people and organizations use to collect, filters, and
process, create and distribute data.
The concept that information is the message has different meanings in different
contexts. Thus the concept of information becomes closely related to notions of
constraint, communication, control, data, form, education, knowledge, meaning,
understanding, mental stimuli, pattern, perception,
representation, and entropy.

Types of Information Systems:

1. TPS Transaction Processing System
2. MIS Management Information System
3. DSS Decision Support system
4. ESS Executive Support System
5. OAS Office Automation System
1. TPS are used primarily for structured operational, and to a lesser degree,
management controlapplications.
2. MIS are used for semi--structured, management control applications. It also
overlaps into the operational and strategic planning realms as well.

3. DSS are used primarily for unstructured decision-making whether that

occurs at theoperational, management and strategic planning levels.

4. ESS is used primarily for structured management and strategic planning

applications.
5. OAS are used as a facilitator of office correspondence and communication,
6
 underlies all ofthis activity.

A typical organization is divided into operational, middle, and upper level. The
information requirements for users at each level differ. Towards that end, there are
number of informationsystems that support each level in an organization.

 Pyramid Diagram of Organizational levels and information

requirements

 Transaction Processing System (TPS)

 Management Information System (MIS)

 Decision Support System (DSS)

 Artificial intelligence techniques in business

 Online Analytical Processing (OLAP)

Pyramid Diagram of Organizational levels and information requirements

Understanding the various levels of an organization is essential to understand the
information required by the users who operate at their respective levels.
The following diagram illustrates the various levels of a typical organization.
Operational Management Level
The operational level is concerned with performing day to day business transactions of
the organization.
Examples of users at this level of management include cashiers at a point of sale, bank
tellers, nurses in a hospital, customer care staff, etc.
Users at this level use make structured decisions. This means that they have defined
rules that guides them while making decisions.
For example, if a store sells items on credit and they have a credit policy that has some
set limit on the borrowing. All the sales person needs to decide whether to give credit
to a customer or not is based on the current credit information from the system.

Tactical Management Level

This organization level is dominated by middle-level managers, heads of departments,
supervisors, etc. The users at this level usually oversee the activities of the users at the
operational management level.

7
 Tactical users make semi-structured decisions. The decisions are partly based on set
guidelines and judgmental calls. As an example, a tactical manager can check the
credit limit and payments history of a customer and decide to make an exception to
raise the credit limit for a particular customer. The decision is partly structured in the
sense that the tactical manager has to use existing information to identify a payments
history that benefits the organization and an allowed increase percentage.

Strategic Management Level

This is the most senior level in an organization. The users at this level make
unstructured decisions. Senior level managers are concerned with the long-term
planning of the organization. They use information from tactical managers and
external data to guide them when making unstructured decisions.
Transaction Processing System (TPS)
Transaction processing systems are used to record day to day business transactions of the
organization. They are used by users at the operational management level. The main
objective of a transaction processing system is to answer routine questions such as;
 How printers were sold today?
 How much inventory do we have at hand?
 What is the outstanding due for John Doe?
By recording the day to day business transactions, TPS system provides answers to
the abovequestions in a timely manner.
 The decisions made by operational managers are routine and highly structured.
 The information produced from the transaction processing system is very detailed.
For example, banks that give out loans require that the company that a person works for
should have a memorandum of understanding (MoU) with the bank. If a person whose
8
employer has a MoU with the bank applies for a loan, all that the operational staff has
to do is verify the submitted documents. If they meet the requirements, then the loan
application documents are processed. If they do not meet the requirements, then the
client is advised to see tacticalmanagement staff to see the possibility of signing a MoU.

Examples of transaction processing systems include

 Point of Sale Systems – records daily sales
 Payroll systems – processing employees salary, loans management, etc.
 Stock Control systems – keeping track of inventory levels
 Airline booking systems – flights booking management.

Management Information System (MIS)

Management Information Systems (MIS) are used by tactical managers to monitor the
organization's current performance status. The output from a transaction processing system
is used as input to a management information system.
The MIS system analyzes the input with routine algorithms i.e. aggregate, compare and
summarizes the results to produced reports that tactical managers use to monitor, control
and predict future performance.
For example, input from a point of sale system can be used to analyze trends of products
that are performing well and those that are not performing well. This information can be
used to make future inventory orders i.e. increasing orders for well-performing products
and reduce the orders of products that are not performing well.

Examples of management information systems include

 Sales management systems – they get input from the point of sale system
 Budgeting systems – gives an overview of how much money is spent within the
organization for the short and long terms.
 Human resource management system – overall welfare of the employees, staff
turnover, etc.
Tactical managers are responsible for the semi-structured decision. MIS systems provide
the information needed to make the structured decision and based on the experience of the
tactical managers, they make judgement calls i.e. predict how much of goods or inventory
should be ordered for the second quarter based on the sales of the first quarter.
Decision Support System (DSS)
Decision support systems are used by senior management to make non-routine decisions.
Decision support systems use input from internal systems (transaction processing systems
and management information systems) and external systems.
The main objective of decision support systems is to provide solutions to problems that are
9
unique and change frequently. Decision support systems answer questions such as;

 What would be the impact of employees' performance if we double the

production lot at the factory?
 What would happen to our sales if a new competitor entered the market?
Decision support systems use sophisticated mathematical models, and statistical
techniques (probability, predictive modeling, etc.) to provide solutions, and they are very
interactive.
Examples of decision support systems include
 Financial planning systems – it enables managers to evaluate alternative ways of
achieving goals. The objective is to find the optimal way of achieving the goal. For
example, the net profit for a business is calculated using the formula Total Sales
less (Cost of Goods + Expenses). A financial planning system will enable senior
executives to ask what if questions and adjust the values for total sales, the cost of
goods, etc. to see the effect of the decision and on the net profit and find the most
optimal way.
 Bank loan management systems – it is used to verify the credit of the loan
applicant and predict the likelihood of the loan being recovered.

Artificial intelligence techniques in business

Artificial intelligence systems mimic human expertise to identify patterns in large data
sets. Companies such as Amazon, Facebook, and Google, etc. use artificial intelligence
techniques to identify data that is most relevant to you.
Let's use Facebook as an example, Facebook usually makes very accurate predictions
of people that you might know or went with to school. They use the data that you
provide to them, the data that your friends provide and based on this information make
predictions of people that you might know.
Amazon uses artificial intelligence techniques too to suggest products that you should
buy also based on what you are currently getting.
Google also uses artificial intelligence to give you the most relevant search results based
on yourinteractions with Google and your location.
These techniques have greatly contributed in making these companies very successful
because they are able to provide value to their customers.

Online Analytical Processing (OLAP)

Online analytical processing (OLAP) is used to query and analyze multi-dimensional
data and produce information that can be viewed in different ways using multiple
dimensions.
Let's say a company sells laptops, desktops, and Mobile device. They have four (4)
branches A, B, C and D. OLAP can be used to view the total sales of each product in
10
 all regions and compare the actual sales with the projected sales. Each piece of
information such as product, number of sales, sales value represents a different
dimension The main objective of OLAP systems is to provide answers to ad hoc queries
within the shortest possible time regardless of the size of the datasets being used.
Information Systems for Competitive Advantage
In Management Information Systems by Effy Oz (2008), there are eight ways to gain
competitive advantage: Reducing cost, raising barriers to market entrants, establishing
high switching costs, creating new products or services, differentiating products or
services, enhancing products or services, establishing alliances.
Locking in suppliers or buyers Competitive Advantage in any industry or business
venture is achieved when one particular organization performs more effectively
and/or efficiently than the others in the same category. This Competitive Advantage
does not have to be all encompassing of the industry and may only cover small
segments. A Competitive Advantage is achieved when an organization can do any one
thing, process, function, etc. more effectively and or efficiently than others in that
industry segment or in some cases across the entire industry.
According to the authors W.R. King, V. Grove, and E.H. Hufnagel (1989),
information technology is used as a strategic tool for companies to increase their
competitive advantage at a time when uncertainty is growing. The idea that
information technology can contribute to the optimization of enterprise resources,
enhances, enable and enhance business performance. This idea was accepted and
supported by many empirical studies (V. Sethi and WR King, 1994), (Chan, SL Huff,
DW Barclay, 1997), (AM Croteau and F. Bergeron, 2001).
Authors Rackoff, Wiseman, and Ullrich (1985) have identified several factors that
ensure computerization of competitive advantage of enterprises. They are:
• Modification, differentiation or changes that make the company stand out with its
products and services or weaken competition and reduce the competitive
advantages;
• Adapting and adjusting supply cutting costs, reducing consumer spending and
increasing competition expenses;
• Company being introduced innovative products or services that result in changes
in the way business is passed then in the industry;
• Improving growth and development by increasing volume, expanding
geographically and being harmonized with suppliers and customers;
• Forms of mergers and alliances through various agreements in marketing
[Link] the business environment is constantly changing and evolving, the
business itself changes all the time and with the growth and development
information needs to ask businesses will vary. At the same time computing system
needs to support growth, change and development. (Vakola and Wilson, 2004).
The findings of the authors mentioned above clearly show that businesses invest
in computing technology, because they believe that this technology will enable
them to be more competitive (Malaga A. Ross, 2001).

11
Some other authors Urwiller and Florick (2008) noted that to create competitive
difference as a result of computerization first condition are innovations in information
technology, which today have become an integral part of organizational strategy and
planning processes. Information Technology is not only possible, but is streamlined
entity and the way to create competitive edge. To achieve competitive difference
information technology and its use in business processes results in a new way of doing
business (e-business) as well as providing products and services electronically. So
information technology plays a crucial role in supporting the business by creating
competitive advantage (Competitive Advantage), offering services and products so that
customers appreciate more than the competition. This technology is able to provide
operational excellence (Operational excellence), initiatives in key business branches
(Major Business Initiatives) then the decision (Decision Making) and organizational
transformation (Organizational Transformation). In what manner is information
technology provides operational perfection (Operational Excellence) being efficient in
what we do, using transaction-processing systems within the organization Transaction
processing system (TPS) using Customer self-service systems(CSS) to make their
offer customers their transaction processing etc.

12
 UNIT-II
BUSINESS APPLICATIONS OF INFORMATION SYSTEMS
Business software or a business application is any software or set of computer programs
used by business users to perform various business functions. These business applications
are used to increase productivity, to measure productivity and to perform other business
functions accurately.
Technology has important effects on business operations. No matter the size of your
enterprise, technology has both tangible and intangible benefits that will help you make
money and produce the results your customers demand. Technological infrastructure
affects the culture, efficiency and relationships of a business.
For example, office software suites might include word processing, spreadsheet, database,
presentation, and email applications. Graphics suites such as Adobe Creative Suite include
applications for creating and editing images, while Sony Audio Master Suite is used for
audio production etc.
E-Commerce:
E-Commerce or Electronics Commerce is a methodology of modern business, which
addresses the requirements of business organizations. It can be broadly defined as the
process of buying or selling of goods or services using an electronic medium such as the
Internet.

E-Commerce or Electronics Commerce is a methodology of modern business, which

addresses the need of business organizations, vendors and customers to reduce cost and
improve the quality of goods and services while increasing the speed of delivery.
Ecommerce refers to the paperless exchange of business information using the following
ways −
 Electronic Data Exchange (EDI)
 Electronic Mail (e-mail)
 Electronic Bulletin Boards
 Electronic Fund Transfer (EFT)
 Other Network-based technologies

Features of E-Commerce:
1. Non-Cash Payment − E-Commerce enables the use of credit cards, debit cards,
smart cards, electronic fund transfer via bank's website, and other modes of
electronics payment.
2. 24x7 Service availability − E-commerce automates the business of enterprises and
the way they provide services to their customers. It is available anytime, anywhere.
3. Advertising / Marketing − E-commerce increases the reach of advertising of
products and services of businesses. It helps in better marketing management of
products/services.
4. Improved Sales − Using e-commerce, orders for the products can be generated
anytime, anywhere without any human intervention. It gives a big boost to existing
sales volumes.
5. Support − E-commerce provides various ways to provide pre-sales and post-
13
 sales assistance to provide better services to customers.
6. Inventory Management − E-commerce automates inventory management.
Reports get generated instantly when required. Product inventory management
becomes very efficientand easy to maintain.
7. Communication improvement − E-commerce provides ways for faster,
efficient, reliable communication with customers and partners.
E-commerce business models can generally be categorized into the following
categories.

 Business - to - Business (B2B)

 Business - to - Consumer (B2C)
 Consumer - to - Consumer (C2C)
 Consumer - to - Business (C2B)
 Business - to - Government (B2G)
 Government - to - Business (G2B)
 Government - to - Citizen (G2C)
Business - to - Business
A website following the B2B business model sells its products to an intermediate
buyer who then sells the product to the final customer. As an example, a wholesaler
places an order from a company's website and after receiving the consignment, sells
the end product to the final customer who comes to buy the product at one of its retail
outlets.
Business - to - Consumer
A website following the B2C business model sells its products directly to a customer.
A customer can view the products shown on the website. The customer can choose a
product and order the same. The website will then send a notification to the business
organization via email and the organization will dispatch the product/goods to the
customer.

Consumer - to - Consumer
A website following the C2C business model helps consumers to sell their assets like
residential property, cars, motorcycles, etc., or rent a room by publishing their
information on the website. Website may or may not charge the consumer for its
services. Another consumer may opt to buy the product of the first customer by

14
 viewing the post/advertisement on the website.

Consumer - to - Business
In this model, a consumer approaches a website showing multiple business
organizations for a particular service. The consumer places an estimate of amount
he/she wants to spend for a particular service. For example, the comparison of interest
rates of personal loan/car loan provided by various banks via websites. A business
organization who fulfils the consumer's requirement within the specified budget,
approaches the customer and provides its services.

Business - to - Government
B2G model is a variant of B2B model. Such websites are used by governments to trade
and exchange information with various business organizations. Such websites are
accredited by the government and provide a medium to businesses to submit
application forms to the government.

Government - to – Business
Governments use B2G model websites to approach business organizations. Such
websites support auctions, tenders, and application submission functionalities.

15
Government - to - Citizen
Governments use G2C model websites to approach citizen in general. Such websites
support auctions of vehicles, machinery, or any other material. Such website also provides
services like registration for birth, marriage or death certificates. The main objective of
G2C websites is to reduce the average time for fulfilling citizen‘s requests for various
government services.

E-Commerce advantages can be broadly classified in three major categories −

1. Advantages to Organizations
2. Advantages to Consumers
3. Advantages to Society

1. Advantages to Organizations
Using e-commerce, organizations can expand their market to national and international
markets with minimum capital investment. An organization can easily locate more
customers, best suppliers, and suitable business partners across the globe.
 E-commerce helps organizations to reduce the cost to create process, distribute,
retrieve and manage the paper based information by digitizing the information.
 E-commerce improves the brand image of the company.
 E-commerce helps organization to provide better customer services.
 E-commerce helps to simplify the business processes and makes them faster and
efficient.
 E-commerce reduces the paper work.
 E-commerce increases the productivity of organizations. It supports "pull" type
supply management. In "pull" type supply management, a business process starts
when a request comes from a customer and it uses just-in-time manufacturing
way.

[Link] to Customers
 It provides 24x7 supports. Customers can enquire about a product or service
and place orders anytime, anywhere from any location.
 E-commerce application provides users with more options and quicker delivery
of products.
 E-commerce application provides users with more options to compare and
select the cheaper and better options.

16
  A customer can put review comments about a product and can see what others
are buying, or see the review comments of other customers before making a
final purchase.
 E-commerce provides options of virtual auctions.
 It provides readily available information. A customer can see the relevant
detailed information within seconds, rather than waiting for days or weeks.
 E-Commerce increases the competition among organizationsand as a
result, organizations provide substantial discounts to customers.
3. Advantages to Society
Customers need not travel to shop a product, thus less traffic on road and low air pollution.
 E-commerce helps in reducing the cost of products, so less affluent people can
also afford the products.
 E-commerce has enabled rural areas to access services and products, which are
otherwise not available to them.
 E-commerce helps the government to deliver public services such as healthcare,
education, social services at a reduced cost and in an improved manner.
The disadvantages of e-commerce can be broadly classified into two major categories
−
1. Technical disadvantages
2. Non-Technical disadvantages

Technical Disadvantages
There can be lack of system security, reliability or standards owing to poor
implementation of e-commerce.
 The software development industry is still evolving and keeps changing rapidly.
 In many countries, network bandwidth might cause an issue.
 Special types of web servers or other software might be required by the vendor,
setting the e-commerce environment apart from network servers.
 Sometimes, it becomes difficult to integrate an e-commerce software or website
with existing applications or databases.
 There could be software/hardware compatibility issues, as some e-commerce
software may be incompatible with some operating system or any other
component.

Non-Technical Disadvantages
 Initial cost − The cost of creating/building an e-commerce application in-house
may be very high. There could be delays in launching an e-Commerce application
due to mistakes, and lack of experience.
 User resistance − Users may not trust the site being an unknown faceless seller.
Such mistrust makes it difficult to convince traditional users to switch from
physical stores to online/virtual stores.
 Security/ Privacy − It is difficult to ensure the security or privacy on online
transactions.
 Lack of touch or feel of products during online shopping is a drawback.
 E-commerce applications are still evolving and changing rapidly.
17
  Internet access is still not cheaper and is inconvenient to use for many potential
customers, for example, those living in remote villages.

ERP SYSTEM:-
Enterprise Resource Planning (ERP) is a software that is built to organizations belonging
to different industrial sectors, regardless of their size and strength.

The ERP package is designed to support and integrate almost every functional area of a
business process such as procurement of goods and services, sale and distribution, finance,
accountings, human resource, manufacturing, production planning, logistics & warehouse
management.

Functional Areas
ERP is a business management software is usually a suite of integrated applications that a
company can use to collect, store, manage, and interpret data from many functional areas
including −

 Financial Accounting − Deals with financial transactions and data.

 Human Resource − Deals with information related to employee of an
organization.
 Customer Relationship Management − Deals with capturing and managing
customer‘s relationship, facilitating the use of customer experience to evaluate
the knowledge database.
 Sales and Distribution − Deals with order placement, delivery, shipment and
invoicing.
 Logistics and Warehouse Management − Deals with storage of products and
shipment.
 Manufacturing and Material Management − Deals with the production and
production planning activities.

18
  Supply Change Management − Deals with the movement of products, storing,
managing, and controlling supplies.
 Business Intelligence − Analyzes data and converts the same to information.
Computers have become so complex and commonplace in organizations, it is much
easier to integrate all of the data and processing software modules and hardware into
one large unit that is easier to access and control. This is called Enterprise Resource
Planning, or ERP. Normally ERP systems use the same database throughout an entire
company to store various types of data for different computerized functions. When first
developed, ERP systems were used only for large manufacturing companies. Today,
they benefit all sizes of companies, even those that are quite small.

Foundation for Understanding ERP Systems:

During early phases of development, integrated solutions were designed for particular
process areas such as −
 Material Management − the integrated system was known as Material
Requirement Planning (MRP)
 Manufacturing − the integrated system was known as Manufacturing Resource
Planning However none of the integrated systems came with a complete
solution for an organization covering major business process areas. In early
1990‘s, the Gartner Group first used the acronym ERP. By mid–1990‘s, ERP
systems addressed all the core enterprise functions.

In the early stages, most of the ERP solutions were focused on automating back office
functions that were not directly affecting customers or general public. Later, front
office functions such as customer relationship management and e–business systems
were integrated.
What is ERP software?
ERP software has its roots in the Nineties manufacturing industry, where earlier forms
of the applications were used for manufacturing resource planning (MRP) and
computer integrated manufacturing (CIM).
However, ERP has grown to cover all core functions of a business, regardless of its
industry sector. As a result, both private and public sector organisations now use ERP
systems in some form or other.
ERP applications tend to be modular in nature, sharing vital business information
which is held on a central database repository, or repositories.

What does ERP software do?

ERP systems typically carry out financial and business planning functions, which
might formerly have been carried out by many smaller standalone applications.
Examples of ERP system modules include: product lifecycle management, supply
chain management (for example purchasing, manufacturing and distribution),
warehouse management, customer relationship management (CRM), sales order
processing, online sales, financials, human resources, and decision support system.
19
Why use ERP software?

One major benefit of having a single modular ERP system is that it can unite and link
together multiple processes and parts of the business, making the business run more
efficiently.
By automating various functions, you can also benefit from having, for example, good order
tracking, from acceptance through to fulfilment. In terms of the revenue cycle, you can track
invoices through to cash receipts.
ERP systems also centralise the data in one place, which can eliminate the problem of
synchronising changes between multiple systems, and allows business managers to get a
more accurate view of the business‘s information.
Having a single data repository can also lower the risk of losing sensitive data, if you use
appropriate data security and authorisation.

What are the drawbacks of ERP systems?

ERP systems can prove to be complex and difficult to customise, keeping in mind the
actual complexities and idiosyncrasies of each individual business itself.
Many firms fail to adequately invest in ongoing training for the involved IT personnel, and
there is often a lack of corporate policy to protect the integrity of the data in the ERP
systems and the ways in which it is used.
Business processes frequently have to be re-engineered to fit the new ERP system, and this
can lead to problems with processes and staff.
Also, ERP systems can be very expensive. This has led to a newer breed of simpler ERP
systems for smaller enterprises which carry a lower cost, and many established ERP
vendors now offer managed ERP services, offered over the web.
Finally, the fact that ERP systems centralise the data in one place can increase the risk of
loss of sensitive information in the event of a security breach.

Popular ERP Vendors

1. Microsoft Dynamics
2. Oracle e-Business Suite
3. SAGE
4. SAP Business One
5. Infor Global Solutions
6. NetERP from NetSuite

20
 7. Lawson Software

Business benefits of ERP:

1. Competition
2. Efficiency
3. Forecasting
4. Collaboration
5. Scalability
6. Integrated Information
7. Cost Saving
8. Streamlined Processes
9. Mobility
[Link]
[Link]
12. Regulatory Compliance
[Link]
[Link] Service
[Link]
Decision support systems (DSS)
Decision support systems (DSS) are interactive software-based systems intended to help
managers in decision-making by accessing large volumes of information generated from
various related information systems involved in organizational business processes, such as
office automation system, transaction processing system, etc.
DSS uses the summary information, exceptions, patterns, and trends using the analytical
models. A decision support system helps in decision-making but does not necessarily give
a decision itself. The decision makers compile useful information from raw data,
documents, personal knowledge, and/or business models to identify and solve problems
and make decisions.

Characteristics of a DSS
 Support for decision-makers in semi-structured and unstructured problems.
 Support for managers at various managerial levels, ranging from top executive to
line managers.
 Support for individuals and groups. Less structured problems often requires the
involvement of several individuals from different departments and organization
level.
 Support for interdependent or sequential decisions.
 Support for intelligence, design, choice, and implementation.
 Support for variety of decision processes and styles.
 DSSs are adaptive over time.
21
Classification of DSS
There are several ways to classify DSS. Hoi Apple and Whinstone classifies DSS as
follows:
 Text Oriented DSS: It contains textually represented information that could have
a bearing on decision. It allows documents to be electronically created, revised
and viewed as needed.
 Database Oriented DSS: Database plays a major role here; it contains organized
and highly structured data.
 Spreadsheet Oriented DSS: It contains information in spread sheets that allows
create, view, modify procedural knowledge and also instructs the system to
execute self- contained instructions. The most popular tool is Excel and Lotus 1-
2-3.
 Solver Oriented DSS: It is based on a solver, which is an algorithm or procedure
written for performing certain calculations and particular program type.
 Rules Oriented DSS: It follows certain procedures adopted as rules.
 Rules Oriented DSS: Procedures are adopted in rules oriented DSS. Export
system is the example.
 Compound DSS: It is built by using two or more of the five structures explained
above.

Types of DSS
Following are some typical DSS:
 Status Inquiry System: It helps in taking operational, management level, or
middle level management decisions, for example daily schedules of jobs to
machines or machines to operators.
 Data Analysis System: It needs comparative analysis and makes use of formula
or an algorithm, for example cash flow analysis, inventory analysis etc.
 Information Analysis System: In this system data is analyzed and the
information report is generated. For example, sales analysis, accounts
receivable systems, market analysis etc.
 Accounting System: It keeps track of accounting and finance related
information, for example, final account, accounts receivables, accounts
payables, etc. that keep track of the major aspects of the business.
 Model Based System: Simulation models or optimization models used for
decision- making are used infrequently and creates general guidelines for
operation or management.

22
Model of Decision Support System:-

Business Intelligence System:

The term 'Business Intelligence' has evolved from the decision support systems and gained
strength with the technology and applications like data warehouses, Executive Information
Systems and Online Analytical Processing (OLAP).
Business Intelligence System is basically a system used for finding patterns from existing
data from operations.

Characteristics of BIS
 It is created by procuring data and information for use in decision-making.
 It is a combination of skills, processes, technologies, applications and practices.
 It contains background data along with the reporting tools.
 It is a combination of a set of concepts and methods strengthened by fact-based
support systems.
 It is an extension of Executive Support System or Executive Information System.
 It collects, integrates, stores, analyzes, and provides access to business information
 It is an environment in which business users get reliable, secure, consistent,
comprehensible, easily manipulated and timely information.
 It provides business insights that lead to better, faster, more relevant decisions.

23
Benefits of BIS
 Improved Management Processes.
 Planning, controlling, measuring and/or applying changes that results in increased
revenues and reduced costs.
 Improved business operations.
 Fraud detection, order processing, purchasing that results in increased revenues and
reduced costs.
 Intelligent prediction of future.

Knowledge Management System:

A knowledge management system comprises a range of practices used in an organization
to identify, create, represent, distribute, and enable adoption to insight and experience.
Such insights and experience comprise knowledge, either embodied in individual or
embedded in organizational processes and practices.
Purpose of KMS
 Improved performance
 Competitive advantage
 Innovation
 Sharing of knowledge
 Integration
 Continuous improvement by:
 Driving strategy
 Starting new lines of business
 Solving problems faster
 Developing professional skills
 Recruit and retain talent
Activities in Knowledge Management
 Start with the business problem and the business value to be delivered first.
 Identify what kind of strategy to pursue to deliver this value and address the KM
problem.
 Think about the system required from a people and process point of view.
 Finally, think about what kind of technical infrastructure are required to support the
people and processes.
 Implement system and processes with appropriate change management and iterative
staged release.

24
 UNIT-III
MANAGEMENT OF INFORMATION RESOURCES

Information Systems Planning:

Information management is term that covers array of the systems and processes within an
organisation to create and use of corporate information. Information Systems Planning is
critical in developing and executing successful strategic plans in huge firms at global level.
It is observed in current business situation that the markets are very uncertain which
pushes companies to adopt effective, pro-active strategies in order to gain competitive
advantage. The strategy formula is oriented through company's operation and objectives
based on a cautious analysis of the involving company. Objectives of information system
planning are desired future positions and destinations the organizations intend to reach in
order to fulfil its mission. Its policies are a general guideline that directs and constraints
decision making within an organization.

Information technology enables a set of opportunities to gain competitive advantage and to

adjust the Information Systems for the benefit of organization.
In present scenario, information system planning is key issue faced by senior executives of
company. Information management planning mainly involves in identification of the stage
of IS in the organization, identification of the applications of organizational information
systems, evaluation of each of these applications, based on established evaluation criteria,
establishing a priority ranking for these application and determining the optimum
architecture of IS for serving the top priority applications. Theoretical literature of the
information systems planning suggests two challenging theories of effective planning in a
turbulent environment. One predicts that organizations using a formal, comprehensive

25
planning approach will be more successful. The other predicts that organizations using an
informal, incremental approach will be more successful in such an environment.
Stage model of Information System planning
1. Strategic planning:
a) Derivation from the organizational plan.
b) Strategic fit with organizational culture.
c) Strategy set transformation.
2. Information requirement analysis:
a) Define underlying organizational requirements.
b) Develop sub system matrix.
c) Define and evaluate information requirements for organizational sub-systems.
3. Resource allocation:
a) Return on investment
b) Charge out
c) Portfolio approach
d) Steering committees.
4. Project planning
a) Milestones
b) Critical path method
c) Gantt chart

Four Stage Models of Information Systems Planning

Acquisition of Information Systems:
An acquisition strategy is a top-level roadmap that focuses on highlighting and managing
risks to a successful outcome. Business requirements for supporting work processes
require integration across multiple systems, spanning multiple business or organizational
units.

26
The acquisition of information systems can either involve external sourcing or rely on
internal development or modification. With today's highly developed IT industry,
companies tend to acquire information systems and services from specialized vendors.
Information systems are a major corporate asset, with respect both to the benefits they
provide and to their high costs. Therefore, organizations have to plan for the long term
when acquiring information systems and services that will support business initiatives. At
the same time, firms have to be responsive to emerging opportunities. On the basis of
long-term corporate plans and the requirements of various individuals from data workers
to top management, essential applications are identified and project priorities are set. For
example, certain projects may have to be carried out immediately to satisfy a new
government reporting regulation or to interact with a new customer‘s information system.
Other projects may be given a higher priority because of their strategic role or greater
expected benefits.

Once the need for a specific information system has been established, the system has to be
acquired. This is generally done in the context of the already existing information systems
architecture of the firm. The acquisition of information systems can either involve external
sourcing or rely on internal development or modification. With today‘s highly developed
IT industry, companies tend to acquire information systems and services from specialized
vendors. The principal tasks of information systems specialists involve modifying the
applications for their employer‘s needs and integrating the applications to create coherent
systems architecture for the firm. Generally, only smaller applications are developed
internally. Certain applications of a more personal nature may be developed by the end
users themselves.

Acquisition from external sources

There are several principal ways to acquire an information system from outside the
organization.
 Outsourcing: Outsourcing entails transferring the major components of the firm‘s
systems and operations—such as data centres, telecommunications.
 Software: A specialized company that provides its services under long-term
contracts.
 Offshoring: Offshore outsourcing, a type of business process outsourcing (BPO),
is the exporting of IT-related work from the United States and other developed
countries to areas of the world where there is both political stability and lower
labor costs or tax savings.
 Cloud Computing: Cloud computing is a method for delivering information
technology (IT) services in which resources are retrieved from the Internet through
web-based tools and applications, as opposed to a direct connection to a server.
27
  Internet: A means of connecting a computer to any other computer anywhere in
the world via dedicated routers and servers.
 Software-as-a-Service: SaaS is software licensing model in which access to the
software is provided on a subscription basis, with the software being located on
external servers rather than on servers located in-house.
 Open Source: Software for which the original source code is made freely
available and may be redistributed and modified according to the requirement of
the user.
Implementation of Information Systems:
The design of a management information system may seem to management to be an
expensive project, the cost of getting the MIS on line satisfactorily may often be
comparable to that of its design, and the implementation has been accomplished when the
outputs of the MIS are continuously utilized by decision makers.

Once the design has been completed, there are four basic methods for implementing
the MIS.
These areas:
1. Install the system in a new operation or organization.
2. Cut off the old system and install the new
This produces a time gap during which no system is in operation. Practically,
installation requires one or two days for small companies or small systems.
3. Cut over by segments
This method is also referred as‖ phasing in‖ the new system. Small parts or
subsystems are substituted for the old. In the case of upgrading old systems, this
may be a very desirable method.
4. Operate in parallel and cut over.
The new system is installed and operated in parallel with the current system until it
has been checked out, then only the current system is cut out. This method is
expensive because of personal and related costs. Its big advantages are that the
system is fairly well debugged when it becomes the essential information system.
Implementation Tasks
Plan the implementation
The three main phases in implementation take place in series. These are
1. The initial installation
2. The test of the system as a whole
3. The evaluation, maintenance and control of the system.

28
Many implementation activities should be undertaken in parallel to reduce
implementation time. Training of personnel and preparation of software may be in
parallel with each other and with other implementation activities.
The first step in the implementation procedure is to plan the implementation. Some
analyst includes the planning of the implementation with the design of the system, the
planning and the action to implement the plan should be bound closely together.
Planning is the first step of management, not the last. The MIS design and the urgent
need for the system at the time the design is completed will weigh heavily on the plan
for implementation.

The major implementation tasks consists of-

1. Planning the implementation activities
2. Acquiring and laying out facilities and offices
3. Organizing the personnel for implementation
4. Developing procedures for installation and testing
5. Developing the training program for operating personnel.
6. Completing the system‘s software
7. Acquiring required hardware
8. Generating files
9. Designing forms
10. Testing the entire system
[Link] cutover to the new system
[Link] the system
[Link] the MIS
[Link] system maintenance (debugging and improving)

1. Planning the implementation activities Establish Relationships among tasks

For small projects, the order of performance may simply be described in text form. A Gantt
chart or network diagram makes visualization of the plan and schedule much clearer.
For large projects, many concurrent and sequential activities are interrelated so that a
network diagram must be employed in any good plan.
Establish a Schedule
Schedule is prepared by having the system designers estimate the times between the events
in the program network. The critical path (longest time through the network) can be
calculated. After specifying the starting date, the end date is established.

29
Cost Schedule to Tasks and Time
The cost for completing each task required to complete is established as part of the plan;
then the rate of expenditures should be budgeted.
Reporting and control of the work in progress may be obtained by weekly meetings. The
financial personnel must make certain that report formats allow them to show cost and
technical progress relationship as well as cost and time.

[Link] and laying out facilities and offices

For the installation of a new system to replace a current one may require a major revision of
facilities as well as completely new office, computer room etc.
The MIS project manager must prepare rough layouts and estimates of particular floor
areas that feel to be needed. The manager then prepares cost estimates. Space planning
must be done by the space to be occupied by people, the space occupied by equipment and
the movement of people and equipment in the work progress. A large investment in good
working conditions will repay its cost many times.

[Link] the personnel for implementation

As the implementation tasks have been defined, management usually assigns a project
manager to guide the implementation.
The purpose of the MIS is to increase the amount and quality of their contributions, the
system is their system.
Top management must make the middle managers for their involvement in
implementation, besides these, systems specialists, computer programmer; top
management should make sure that each people who will operate the system should have
active parts in the implementation.

[Link] procedures for installation and testing

After organizing the personnel for implementation the next task is to develop or
prepare the procedures for implementation. As the project leader has the network plan for
proceeding with the implementation, this leader calls the key people in the project to
prepare more detailed procedures for system installation.
Procedures for evaluating and selecting hardware must be spelled out. Procedures for
phasing in parts of the MIS or operating the MIS in parallel must be developed.
The major part of implementing the MIS is the testing of each segment of total system as it
is installed.
30
5. Developing the training program for operating personnel
A program is developed keeping in mind to impress management and support. After
developing the program, it is necessary to train operating personnel in their new duties.
They must have a thorough understanding of what the new MIS is like and what it is
supposed to do. They must learn how it will operate. They are faced with many changes in
their work and have to obtain acceptance of changes.
As there are various levels of personnel and these people will be working with only a
small part of the MIS, the seminars should be designed to provide them with an
understanding of the complete system.
[Link] the system’s software
As the software is developed internally or under contract, in both cases, the software
development must take in mind the nature of the hardware required.
As the system designers and programmers provide the flow diagrams and the block diagrams
during the detailed design state. Some modification may be required, as the implementation
stage progresses.
7. Acquiring required hardware
This acquisition is usually the limiting factor in getting am MIS implementation. These
tasks should be started during the design stage.
The decision is to be needed, whether to buy or lease the hardware. Capital expenditure
analysis is only one of many factors involved in this decision. Others are prestige, usage etc.
8. Generating files
In the implementation stage, the actual data must be obtained and recorded for the initial
testing and operation of the system. This requires format of the data, storage form and format
and remarks to indicate when the data have been stored.
The collection of data used in routine operations is often called the master file.
Responsibility for file maintenance for each file item should also be assigned. The
development of files or databases belongs to information system designers and storage and
retrieval experts.
The translation of specifications for files into computer programs is a function of computer
specialists.

9. Designing forms

31
 For controlling the marketing, a salesperson has to fill out the forms summarizing the day‘s
activities. The form ensures the right information to be supplied for computer storage.
Forms are required not just for input and output but also for transmitting data at intermediate
stages.
10. Testing the entire system
As the total system is installed, tests should be performed with the test specifications and
procedure. A test during installation stage consists of component tests, subsystem tests and
total system acceptance tests.
Components may be equipment (that can be new or old), new software programs, new data
collection methods, work procedures, reporting formats. Difficulties that occur during
component tests may lead t design changes.
As more components are installed, subsystems may be tested. There is a difference between
the testing of component and the testing of a system.
System tests require verification of multiple inputs, complex logic systems, and timing
aspects of many parts.
11. completing cutover to the new system
Cutover is a point at which the new component replaces the old component to the new
system replaces the old system. This involves old forms, old files and old equipment being
retried.
The debugging proves associated with the cutover to the new system may extend for several
months
12. Documenting the system
Documentation of the MIS means preparation of written descriptions of the scope, purpose,
information flow components, and operating procedures of the system.
Documentation is a necessity for troubleshooting, for replacement of subsystems, for
interfacing with other systems, for training new operating personnel and also for evaluating
and upgrading the system.
13. Evaluating the system
After the MIS has been operating smoothly for a short period of time, an evaluation of
each step in the design and of the final system performance should be made.
Evaluation should not be delayed beyond the time when the system‘s analysts have
completed most of the debugging. The longer the delay, the more difficult it will be for
designer to remember important details.
The evaluation should be made by the customer as well as by the designers.

32
14. Providing system maintenance
Control and maintenance of the system are the responsibilities of the line managers.
Control of the systems means the operation of the system as it was designed to operate.
Sometimes, well-intentioned people or operators may make unauthorized changes to
improve thesystem, changes that are not approved or documented.
Maintenance is closely related to control. Maintenance is that ongoing activity that
keeps theMIS at the highest levels of effectiveness and efficiency within cost constraints.
Maintenance is directed towards reducing errors due to design, reducing errors due to
environmental changes and improving the system‘s scope and services.
Evaluation of Information Systems:
Evaluation of MIS is an integral part of the management control process, in which the
organizations determine or appraise the quality or worth of their information systems. In
other words, evaluation of MIS is a process of measuring performance of organizational
information systems.
Evaluation Approaches:
There are different approaches to evaluate MIS in an organization. The MIS evaluation
approaches provide different means to measure accomplishments of system objectives.
 Quality Assurance Review: Quality assurance review or technical review focus
on assessing the information system‘s technical quality.
 Compliance Audits: Compliance audits or application control reviews assess the
adequacy and completeness of controls for the system inputs, outputs, processing,
security and access.
 Budget Performance Review: Evaluation of MIS budget performance
concentrates on compliance with a predetermined budget expenditure level for the
MIS development or operations process.
 MIS Personnel Productivity Measurements: The capability of MIS personnel
is typically determined in terms of productivity.
 Computer Performance Evaluation: The production capability of the computer
hardware is typically evaluated in terms of performance efficiencies and
bottlenecks that limit production.
 Service Level Monitoring: Service level monitoring focuses on assessing the
information and support provided to the user, based on the terms established
between the MIS user personnel.

 User Attitude Survey: This method is used in operational evaluation.

Operational considerations refer to whether the input data is adequately provided
and the output is usable.

33
  Post-Installation Review: The focus of the post-installation review (PIR) is often
on estimating whether the system meets the requirements.
 Cost Benefit Analysis: It is also known as economic evaluation. The analysis
quantifies the system‘s effect on organizational performance in terms of dollars.
Evaluation of Performance:
1. Effectiveness: This refers to the quality of the outputs from the systems.
Effectiveness means doing the right thing in the right manner so that desired result
may be achieved. Information system is said to be effective if its product (i.e.
output) is of quality, and the process of producing output is right (effective).
2. Efficiency: It is a measure of the amount of resources required to achieve the
output, i.e. the use of system resources to get results. Being efficient implies the
system is operating the right way.

Product-Based MIS Evaluation:

Since the focus of the product-based evaluation is on the product or the output from the
system, the evaluation may be termed as effectiveness evaluation. For assessing the
effectiveness of output form MIS, the following model may be used.
Model Structure:
Timeliness
Relevance
Accuracy
Completeness
Adequacy
Explicitness
Exception-based
Cost-Benefit-Based MIS Evaluation:
In cost/benefit evaluation, a thorough study of various expected costs, the benefits to be
expected from the system and expected savings, if any, is done. It is an economic evaluation
34
of the system, in which costs to be incurred for developing, implementing and operating a
system are to be justified against the expected benefits from the system.
In other words, cost/benefit analysis determines the cost-effectiveness of the firms.
Cost Elements:
 Initial Development Cost: it incurred in developing an information system. Various
elements of development cost include project planning cost, feasibility study cost,
design cost, conversation cost, implementation cost etc.
 Capital Cost: It is also one-time cost. It is the cost incurred in facilities and in
procuring various equipment, including hardware etc.
 Annual Operating Cost: It is the cost incurred in operating the system. It includes
computer and equipment maintenance cost, personnel cost, overheads, and supplies
cost.
 Identification of Cost and Benefits: Certain costs and benefits are more easily
identifiable than others. For example, direct cost.
 Classification of Cost and Benefits: The various categories of costs and benefits are
important to make a cost/benefit analysis. These categories may be tangible or
intangible, direct or indirect, fixed or variable.

Evaluation Models:
Having identified and categorised various costs and benefits, monetary value of each and
every cost as well as benefit is estimated. A system analyst/user manager may evaluate the
costs and benefits so estimated. For evaluation, there are several models, which are
available, namely:
i. Net Benefit Analysis
ii. Present Value Analysis
iii. Net Present Value
iv. Payback Method
v. Cash-flow Analysis
vi. Break-even Analysis etc.

Maintenance of Information systems:

The results obtained from the evaluation process help the organization to determine
whether its information systems are effective and efficient or otherwise. The process of
monitoring, evaluating, and modifying of existing information systems to make required
or desirable improvements may be termed as System Maintenance.
System maintenance is an ongoing activity, which covers a wide variety of activities,
including removing program and design errors, updating documentation and test data and

35
updating user support. For the purpose of convenience, maintenance may be categorized
into three classes, namely:
i) Corrective Maintenance: This type of maintenance implies removing errors in a
program, which might have crept in the system due to faulty design or wrong
assumptions. Thus, in corrective maintenance, processing or performance failures are
repaired.
ii) Adaptive Maintenance: In adaptive maintenance, program functions are changed to
enable the information system to satisfy the information needs of the user. This type
of maintenance may become necessary because of organizational changes which may
include:
a) Change in the organizational procedures,
b) Change in organizational objectives, goals, policies, etc.
c) Change in forms,
d) Change in information needs of managers.
e) Change in system controls and security needs, etc.

iii) Perfective Maintenance: Perfective maintenance means adding new programs or

modifying the existing programs to enhance the performance of the information
system. This type of maintenance undertaken to respond to user‘s additional needs
which may be due to the changes within or outside of the organization. Outside
changes are primarily environmental changes, which may in the absence of system
maintenance; render the information system ineffective and inefficient. These
environmental changes include:
a) Changes in governmental policies, laws, etc.,
b) Economic and competitive conditions, and
c) New technology.

IS SECURITY and CONTROL:

Today, organizations are increasingly becoming dependent on information
systems/technology. However these systems are vulnerable to a large number of potential
hazards, especially due tonetworked computing. Therefore, IS control and security is an
important issue of concern for themanagement. Some of the major threats to the
information systems are as follows:
 Error in handling, entering, transferring, or programming data
 Equipment malfunctions
 Accidental or malicious damage to computer resources
 Destruction from virus
 Theft of equipment and/or programs
 Inappropriate use of data
 Loss, theft, or changes of data,
36
 Fire or any other natural calamity

UNIT – IV
Building of Information Systems

37
What is Information Systems Development?
As the name suggests, information system development or commonly known as SLC (Systems Life Cycle) or SLDC
(Software Development Life Cycle) is a process of making and changing the system and the model and methodology
used. In other words, an SDLC is the preparation of a new system to replace the old system, both in whole and only
partially.
Development of information systems is generally done because of problems that cannot be accommodated by the old
system. For example, the hospital where you work make an overhaul SIMRS (Sistem Informasi Manajemen Rumah
Sakit/Hospital Management Information System) because of applications that previously could not do bridging with
BPJS. Considering the fact that the government has required it, then inevitably the hospital must adjust the SIMRS
it already has.
As for carrying out an information system development, the related team will consist of several personnel, namely
the project coordinator, system analyst and design, network designer, programmer, technician (hardware),
administrator, software tester, graphic designer, and documentary.

Information System Planning:

Information systems planning (ISP) is a process of defining objectives for organizational computing and
identifying suitable potential information technology (IT) applicable to the company. The increasing impact of
information systems (IS) on business performance has made ISP a key management issue for practitioners and
academics alike (Moynihan, 1990; Niederman et al., 1991). In China, since IT began to be applied either to support
business strategies or to create strategic opportunities, investment in information systems has increased rapidly. Some
Chinese companies, such as Bangwei, Lifung, have gained great success by applying IT. But for most Chinese
companies, it is still a challenge to align IT with their business strategies. Information systems planning has gained
much attention in recent years. A survey in 2005 reported that ISP was one of the key management issues for chief
information officers (CIOs) of China (Yang, 2003, Li and Huang, 2005).
Within information systems research, significant effort has been devoted to improving the planning effectiveness.
Early studies focused on developing frameworks and methodologies for ISP. Some methodologies, such as Business
System Planning (BSP), information engineering, and critical success factors (CSFs), are well known to scholars and
practitioners alike. Although existing frameworks and methodologies provide some direction for information systems
planning, many important dimensions of ISP remain unaddressed (Segars et al., 1998). For example, it is not clear
how a methodology is (or should be) actually implemented and how the process of planning is initiated.
To provide a comprehensive view of ISP, some studies were conducted to identify the process dimensions. Das et al.
(1991) and Lederer and Sethi (1996) developed process dimensions (prescriptions) to describe the planning process.
Earl (1993), Pyburn (1983) and Sabherwal and King (1995) identified the differences among various companies’ IS
planning processes or IS decision-making through field studies. Segars et al. (1998) developed process dimensions
and empirically tested their impact on planning effectiveness.
Although these studies of dimensions provided some descriptions of the planning process, they have not been
implemented in China and the relationships among the process dimensions remain unclear. Information systems
planning is a system which is structured by the process dimensions. So, there may be certain relationships among
different process dimensions. Understanding these relationships can help practitioners and academics view the ISP
more systemically, especially for current Chinese enterprises.
The purpose of this study is to propose a process model to describe the current Chinese enterprises’ structure of ISP,
which exhibits not only the relationship between process dimensions and the effectiveness of the planning process,
but also the relationships among different dimensions of the planning process. The remainder of the paper is
organized as follows. Section 2 discusses and provides process dimensions of ISP. Section 3 presents the process
model and proposes related hypotheses, followed by outlining analytical techniques and item measurements.
Empirical test results, study implications and limitations are discussed in the last section.

38
Information System Development Stages
An information system development consists of six important stages, it is system survey, needs analysis, design,
implementation, testing, change and maintenance.

 System survey
 Needs Analysis
 Design
 Implementation
 Testing
 Change and Maintenance

1. System Survey
The SLDC phase also consists of three main points: system identification, selection, and system planning.
a. System Identification
This process is to identify the problems facing the company and the system it has. The team will look for any
opportunities that can be done to overcome this.
b. Selection
The selection phase will apply evaluation points to the development project to ensure the solutions are created
in accordance with the company’s expected targets.
c. System Planning
This step is the step of developing a formal plan to start working on and implementing the information system
development concept that has been chosen.

2. Needs Analysis

39
 System requirements analysis is a technique for solving problems by decomposing the components of the system.
The aim is none other than to find out more about how each component works and the interaction between one
component with other components.
Some aspects that need to be targeted in the needs analysis in the development of information systems include
business users, job analysis, business processes, agreed rules, problems and solutions, business tools, and
business plans.

3. Design
The design or design of system development is intended to provide a complete blueprint as a guideline for the IT
team (especially programmers) in making applications. Thus the IT team no longer makes decisions or works in
a sporadic way.

4. Implementation
The stage of developing this information system is to work on a previously designed development.

5. Testing
A system needs to be tested to ensure that the development carried out is appropriate or not with the expected
results. Tests that are applied are various, such as performance, input efficiency, syntax (program logic), output,
and so on.
This information system development stage requires preparation of various supporting aspects. In addition to
applications, hardware readiness and several other related facilities also need to be prepared. As for
implementation, several activities carried out include data migration (conversion), training for users, and trials.

6. Change and Maintenance

This step covers the whole process in order to ensure the continuity, smoothness and improvement of the system.
In addition to monitoring the system at a certain time, maintenance also includes activities to anticipate minor
bugs (bugs), system improvements, and anticipation of some risks from factors outside the system.
Thus, information about the development of information systems or SLDC. May be useful!

Approaches of MIS Development:

MIS development is a strategic process of developing an informative information system for a company.
To do this, many experts from different levels of a system sit together and investigates and examine a
feasible approach to MIS development. An approach is a method of developing a system in such a way so
that it can be designed as per system needs and meet all the system objectives.

MIS (Management Information System) is an important source of information for an organization. An

approach of MIS development offers some significant facts for the organizations that influence each
approach. MIS approaches to distinguish between each other; organizations are using an appropriate MIS
development approach as per their need.

There are 3 different types of MIS –

1. Top-down approach
2. Bottom-up approach
3. Integrative approach

40
 1. Top-Down Approach:
In this method, the entire system is partitioned into a hierarchy of subsystems. The overall system is
divided into a number of subsystems, which are then divided into a number of other subsystems in a top-down
approach.

A behavioural classification is used in the top-down approach of MIS development. This approach also
defines the strategic and tactical decisions and the necessary decisions to operate the various key activities
of MIS development. Many of them, strategies, goals, and plans are recognized by top management
executives and conveyed to the administrative management levels.

The key objectives of the systems are established and ways to achieve them are decided in top-down
design. They're gradually pushed down the organizational hierarchy to be created and defined well.

2. Bottom-Up Approach

As its name implies, this approach mainly starts with the leaf-level or bottom-most management
and proceeds progressively to the upper management levels. After recognizing the primary
transactions, the needed file requirements and information processing programs are developed for
each life stream system which is then moved towards data integration that is stored in different

41
 files of the information system. A bottom-up approach is functional to identify the various factors
and understand the difficult situations and formulate strategies to deal with them.

3. Integrative Approach
In the integrative approach subsystems of a system are integrated with each other in such a way so that the
objective of the system can be fulfilled.

An integrative approach of a system development may consist of followings -

 Design a system that can be achieving the major objectives of the system using its subsystems. 
 Designing a system that combines the various functions performed by its subsystems.
 Designing a system that is not very clear to the user but is concealed under the previously existing
subsystems.

Managers at all levels can control the design using an integrated approach. Top management determines
the structure and design of MIS that is appropriate for the business.

What is Requirements Determination?

A requirement is a vital feature of a new system which may include processing or capturing of data,
controlling the activities of business, producing information and supporting the management.
Requirements determination involves studying the existing system and gathering details to find out what
are the requirements, how it works, and where improvements should be made.

OBJECTIVES
 Understand how to create a requirements definition
 Become familiar with requirements-analysis techniques
 Understand when to use each requirements-analysis technique
 Understand how to gather requirements using interviews, JAD sessions, questionnaires, document
analysis, and observation
 Understand the use of concept maps, story cards, and task lists as requirements-documentation
techniques
 Understand when to use each requirements-gathering technique
 Be able to begin creating a system proposal

42
Major Activities in requirement Determination
Requirements Anticipation
 It predicts the characteristics of system based on previous experience which include certain
problems or features and requirements for a new system.
 It can lead to analysis of areas that would otherwise go unnoticed by inexperienced analyst.
But if shortcuts are taken and bias is introduced in conducting the investigation, then
requirement Anticipation can be half-baked.
Requirements Investigation
 It is studying the current system and documenting its features for further analysis.
 It is at the heart of system analysis where analyst documenting and describing system
features using fact-finding techniques, prototyping, and computer assisted tools.
Requirements Specifications
 It includes the analysis of data which determine the requirement specification, description of
features for new system, and specifying what information requirements will be provided.
 It includes analysis of factual data, identification of essential requirements, and selection of
Requirement-fulfilment strategies.
Information Gathering Techniques
The main aim of fact finding techniques is to determine the information requirements of an organization
used by analysts to prepare a precise SRS understood by user.
Ideal SRS Document should −

 be complete, Unambiguous, and Jargon-free.

 specify operational, tactical, and strategic information requirements.
 solve possible disputes between users and analyst.
 use graphical aids which simplify understanding and design.
There are various information gathering techniques −
Interviewing
Systems analyst collects information from individuals or groups by interviewing. The analyst can be formal,
legalistic, play politics, or be informal; as the success of an interview depends on the skill of analyst as
interviewer.
It can be done in two ways −
 Unstructured Interview − The system analyst conducts question-answer session to acquire
basic information of the system.
 Structured Interview − It has standard questions which user need to respond in either close
(objective) or open (descriptive) format.
Advantages of Interviewing
 This method is frequently the best source of gathering qualitative information.
 It is useful for them, who do not communicate effectively in writing or who may not have
the time to complete questionnaire.
 Information can easily be validated and cross checked immediately.
 It can handle the complex subjects.
 It is easy to discover key problem by seeking opinions.
 It bridges the gaps in the areas of misunderstandings and minimizes future problems.

43
Questionnaires
This method is used by analyst to gather information about various issues of system from large number of
persons.
There are two types of questionnaires −
 Open-ended Questionnaires − It consists of questions that can be easily and correctly
interpreted. They can explore a problem and lead to a specific direction of answer.
 Closed-ended Questionnaires − It consists of questions that are used when the systems
analyst effectively lists all possible responses, which are mutually exclusive.
Advantages of questionnaires
 It is very effective in surveying interests, attitudes, feelings, and beliefs of users which are
not co-located.
 It is useful in situation to know what proportion of a given group approves or disapproves of
a particular feature of the proposed system.
 It is useful to determine the overall opinion before giving any specific direction to the system
project.
 It is more reliable and provides high confidentiality of honest responses.
 It is appropriate for electing factual information and for statistical data collection which can
be emailed and sent by post.
Review of Records, Procedures, and Forms
Review of existing records, procedures, and forms helps to seek insight into a system which describes the
current system capabilities, its operations, or activities.
Advantages
 It helps user to gain some knowledge about the organization or operations by themselves
before they impose upon others.
 It helps in documenting current operations within short span of time as the procedure
manuals and forms describe the format and functions of present system.
 It can provide a clear understanding about the transactions that are handled in the
organization, identifying input for processing, and evaluating performance.
 It can help an analyst to understand the system in terms of the operations that must be
supported.
 It describes the problem, its affected parts, and the proposed solution.
Observation
This is a method of gathering information by noticing and observing the people, events, and objects. The
analyst visits the organization to observe the working of current system and understands the requirements
of the system.
Advantages
 It is a direct method for gleaning information.
 It is useful in situation where authenticity of data collected is in question or when complexity
of certain aspects of system prevents clear explanation by end-users.
 It produces more accurate and reliable data.
 It produces all the aspect of documentation that are incomplete and outdated.
Joint Application Development (JAD)
It is a new technique developed by IBM which brings owners, users, analysts, designers, and builders to
define and design the system using organized and intensive workshops. JAD trained analyst act as facilitator
for workshop who has some specialized skills.

44
Advantages of JAD
 It saves time and cost by replacing months of traditional interviews and follow-up meetings.
 It is useful in organizational culture which supports joint problem solving.
 Fosters formal relationships among multiple levels of employees.
 It can lead to development of design creatively.
 It Allows rapid development and improves ownership of information system.
Secondary Research or Background Reading
This method is widely used for information gathering by accessing the gleaned information. It includes any
previously gathered information used by the marketer from any internal or external source.
Advantages
 It is more openly accessed with the availability of internet.
 It provides valuable information with low cost and time.
 It acts as forerunner to primary research and aligns the focus of primary research.
 It is used by the researcher to conclude if the research is worth it as it is available with
procedures used and issues in collecting them.
Feasibility Study
Feasibility Study can be considered as preliminary investigation that helps the management to take decision
about whether study of system should be feasible for development or not.
 It identifies the possibility of improving an existing system, developing a new system, and
produce refined estimates for further development of system.
 It is used to obtain the outline of the problem and decide whether feasible or appropriate
solution exists or not.
 The main objective of a feasibility study is to acquire problem scope instead of solving the
problem.
 The output of a feasibility study is a formal system proposal act as decision document which
includes the complete nature and scope of the proposed system.
Steps Involved in Feasibility Analysis
The following steps are to be followed while performing feasibility analysis −
 Form a project team and appoint a project leader.
 Develop system flowcharts.
 Identify the deficiencies of current system and set goals.
 Enumerate the alternative solution or potential candidate system to meet goals.
 Determine the feasibility of each alternative such as technical feasibility, operational
feasibility, etc.
 Weight the performance and cost effectiveness of each candidate system.
 Rank the other alternatives and select the best candidate system.

45
  Prepare a system proposal of final project directive to management for approval.

Types of Feasibilities
Economic Feasibility
 It is evaluating the effectiveness of candidate system by using cost/benefit analysis method.
 It demonstrates the net benefit from the candidate system in terms of benefits and costs to
the organization.
 The main aim of Economic Feasibility Analysis (EFS) is to estimate the economic
requirements of candidate system before investments funds are committed to proposal.
 It prefers the alternative which will maximize the net worth of organization by earliest and
highest return of funds along with lowest level of risk involved in developing the candidate
system.
Technical Feasibility
 It investigates the technical feasibility of each implementation alternative.
 It analyses and determines whether the solution can be supported by existing technology or
not.
 The analyst determines whether current technical resources be upgraded or added it that fulfil
the new requirements.
 It ensures that the candidate system provides appropriate responses to what extent it can
support the technical enhancement.
Operational Feasibility
 It determines whether the system is operating effectively once it is developed and
implemented.
 It ensures that the management should support the proposed system and its working feasible
in the current organizational environment.
 It analyses whether the users will be affected and they accept the modified or new business
methods that affect the possible system benefits.
 It also ensures that the computer resources and network architecture of candidate system are
workable.
Behavioural Feasibility
 It evaluates and estimates the user attitude or behavior towards the development of new
system.
 It helps in determining if the system requires special effort to educate, retrain, transfer, and
changes in employee’s job status on new ways of conducting business.
Schedule Feasibility
 It ensures that the project should be completed within given time constraint or schedule.
 It also verifies and validates whether the deadlines of project are reasonable or not.

Strategies for Information Requirements Determination

An information system should meet the needs of the host organization it serves. The requirements for the
information system are thus determined by the characteristics and procedures of the organizational system. But
correct and complete information requirements are frequently very difficult to obtain. Simply asking prospective
users of the information systems to specify the requirements will not suffice in a large percentage of cases. There
are three major reasons for the difficulty in obtaining a correct and complete set of requirements:
Copyright 1982 by International Business Machines Corporation. Copying is permitted without payment of royalty
provided that
(1) each reproduction is done without alteration and

46
(2) the Journal reference and IBM copyright notice are included on the first page. The title and abstract may be
used without further permission in computer-based and other information-service systems. Permission to republish
other excerpts should be obtained from the Editor.

There are three general approaches for getting information regarding the user’s requirements. They are
 Asking
 Getting information from the existing information system
 Prototyping.

ASKING

This strategy obtains information from users by simply asking them about the requirements. It assumes a
stable system where users are well informed and can overcome biases in defining their problem. There are
three key asking methods.

1. Questions: Questions may be open-ended or closed. An open-ended question allows the respondent to
formulate a response. It is used when feelings or opinions are important. A closed question requests one
answer from a specific set of responses. It is used when factual responses are known.

2. Brainstorming: Brainstorming is a technique used for generating new ideas and obtaining general
information requirements. This method is appropriate for getting non-conventional solutions to problems. A
guided approach to brainstorming asks each participant to define ideal solutions and then select the best one. It
works well for users who have sound system knowledge but have the difficulty of accepting new ideas.

[Link] consensus: This method asks participants for their expectations regarding specific variables. Each
participant fills out a questionnaire. The results are summarized and given to participants along with a follow-
up questionnaire. Participants are invited to change their responses. The results are again summarized and
given back to the participants. This debate by questionnaire continues until participants responses have
converged enough. This method is advantageous than brainstorming because the participants are not subjected
to psychological pressure.

GETTING INFORMATION FROM EXISTING INFORMATION SYSTEM

There are two methods in extracting information from an already existing system

1. Data Analysis approach

 Determining information from an existing application is called the data analysis approach.
 It simply asks the user what information is currently received and what other information is required.
 It depends on the user for getting accurate information.
 The analyst examines all reports, discusses each piece of information with the user, and determines
unfulfilled information needs by interviewing the user.
 The analyst is primarily involved in improving the existing flow of data to the user.
 The data analysis method is ideal for making structured decisions, although it requires that users articulate
their information requirements.
 A major drawback is a lack of established rules for obtaining and validating information needs that are not
linked to organizational objectives.

47
2. Decision Analysis

 This method breaks down a problem into parts, which allows the user to focus separately on the critical
issues.
 It also determines policy and organizational objectives relevant to complete each major decision.
 The analyst and the user then refine the decision process and the information requirements for a final
statement of information requirements.
 In this method information needs are clearly linked to decision and organizational objectives.
 It is useful for unstructured decisions and information tailored to the user’s decision-making style.
 The major drawback is that information requirements may change when the user is promoted or replaced

PROTOTYPING
The third strategy for determining user information requirements is used when the user cannot establish
information needs accurately before the information system is built. The reason could be the lack of an
existing model on which to decide requirements or a difficulty in visualizing candidate system. In this case the
user need to consider real life systems from which adjustments can be made. This iterative approach first set
up the initial requirements and builds a system to meet these requirements. As users gain experience, they
request additional requirements or modifications and the process continues. Prototyping is suitable for
environments where it is difficult to formulate a concrete model for defining information requirements.
Prototyping strategy is appropriate for determining high uncertainty information requirement.

Analysts use various tools to understand and describe the information system. One of the ways is using
structured analysis.

48
What is Structured Analysis?
Structured Analysis is a development method that allows the analyst to understand the system and its
activities in a logical way.
It is a systematic approach, which uses graphical tools that analyze and refine the objectives of an existing
system and develop a new system specification which can be easily understandable by user.
It has following attributes −
 It is graphic which specifies the presentation of application.
 It divides the processes so that it gives a clear picture of system flow.
 It is logical rather than physical i.e., the elements of system do not depend on vendor or
hardware.
 It is an approach that works from high-level overviews to lower-level details.
Structured Analysis Tools
During Structured Analysis, various tools and techniques are used for system development. They are −

 Data Flow Diagrams

 Data Dictionary
 Decision Trees
 Decision Tables
 Structured English
 Pseudocode

Data Flow Diagrams (DFD) or Bubble Chart

It is a technique developed by Larry Constantine to express the requirements of system in a graphical form.
 It shows the flow of data between various functions of system and specifies how the current
system is implemented.
49
  It is an initial stage of design phase that functionally divides the requirement specifications
down to the lowest level of detail.
 Its graphical nature makes it a good communication tool between user and analyst or analyst
and system designer.
 It gives an overview of what data a system processes, what transformations are performed,
what data are stored, what results are produced and where they flow.

Basic Elements of DFD

DFD is easy to understand and quite effective when the required design is not clear and the user wants a
notational language for communication. However, it requires a large number of iterations for obtaining the
most accurate and complete solution.
The following table shows the symbols used in designing a DFD and their significance −

Symbol Name Symbol Meaning

Square Source or Destination of Data

Arrow Data flow

Circle Process transforming data flow

Open Rectangle Data Store

Types of DFD
DFDs are of two types: Physical DFD and Logical DFD. The following table lists the points that
differentiate a physical DFD from a logical DFD.

Physical DFD Logical DFD

It is implementation dependent. It It is implementation independent. It focuses only on

shows which functions are performed. the flow of data between processes.

It provides low level details of It explains events of systems and data required by
hardware, software, files, and people. each event.

It depicts how the current system It shows how business operates; not how the system
operates and how a system will be can be implemented.
implemented.

50
Context Diagram
A context diagram helps in understanding the entire system by one DFD which gives the overview of a
system. It starts with mentioning major processes with little details and then goes onto giving more details
of the processes with the top-down approach.
The context diagram of mess management is shown below.

Data Dictionary
A data dictionary is a structured repository of data elements in the system. It stores the descriptions of all
DFD data elements that is, details and definitions of data flows, data stores, data stored in data stores, and
the processes.
A data dictionary improves the communication between the analyst and the user. It plays an important role
in building a database. Most DBMSs have a data dictionary as a standard feature. For example, refer the
following table −

[Link]. Data Name Description No. of Characters

1 ISBN ISBN Number 10

2 TITLE title 60

3 SUB Book Subjects 80

4 ANAME Author Name 15

51
Decision Trees
Decision trees are a method for defining complex relationships by describing decisions and avoiding the
problems in communication. A decision tree is a diagram that shows alternative actions and conditions
within horizontal tree framework. Thus, it depicts which conditions to consider first, second, and so on.
Decision trees depict the relationship of each condition and their permissible actions. A square node
indicates an action and a circle indicates a condition. It forces analysts to consider the sequence of decisions
and identifies the actual decision that must be made.

The major limitation of a decision tree is that it lacks information in its format to describe what other
combinations of conditions you can take for testing. It is a single representation of the relationships between
conditions and actions.
For example, refer the following decision tree −

Decision Tables
Decision tables are a method of describing the complex logical relationship in a precise manner which is
easily understandable.
 It is useful in situations where the resulting actions depend on the occurrence of one or
several combinations of independent conditions.
 It is a matrix containing row or columns for defining a problem and the actions.
52
Components of a Decision Table
 Condition Stub − It is in the upper left quadrant which lists all the condition to be checked.
 Action Stub − It is in the lower left quadrant which outlines all the action to be carried out
to meet such condition.
 Condition Entry − It is in upper right quadrant which provides answers to questions asked
in condition stub quadrant.
 Action Entry − It is in lower right quadrant which indicates the appropriate action resulting
from the answers to the conditions in the condition entry quadrant.
The entries in decision table are given by Decision Rules which define the relationships between
combinations of conditions and courses of action. In rules section,

 Y shows the existence of a condition.

 N represents the condition, which is not satisfied.
 A blank - against action states it is to be ignored.
 X (or a check mark will do) against action states it is to be carried out.

For example, refer the following table −

CONDITIONS Rule 1 Rule 2 Rule 3 Rule 4

Advance payment made Y N N N

Purchase amount = Rs 10,000/- - Y Y N

Regular Customer - Y N -

ACTIONS

Give 5% discount X X - -

Give no discount - - X X

Structured English
Structure English is derived from structured programming language which gives more understandable and
precise description of process. It is based on procedural logic that uses construction and imperative
sentences designed to perform operation for action.
 It is best used when sequences and loops in a program must be considered and the problem
needs sequences of actions with decisions.

53
  It does not have strict syntax rule. It expresses all logic in terms of sequential decision
structures and iterations.
For example, see the following sequence of actions −
if customer pays advance
then
Give 5% Discount
else
if purchase amount >=10,000
then
if the customer is a regular customer
then Give 5% Discount
else No Discount
end if
else No Discount
end if
end if

Pseudocode
A pseudocode does not conform to any programming language and expresses logic in plain English.
 It may specify the physical programming logic without actual coding during and after the
physical design.
 It is used in conjunction with structured programming.
 It replaces the flowcharts of a program.
Guidelines for Selecting Appropriate Tools
Use the following guidelines for selecting the most appropriate tool that would suit your requirements −
 Use DFD at high- or low-level analysis for providing good system documentations.
 Use data dictionary to simplify the structure for meeting the data requirement of the system.
 Use structured English if there are many loops and actions are complex.
 Use decision tables when there are a large number of conditions to check and logic is
complex.
 Use decision trees when sequencing of conditions is important and if there are few conditions
to be tested.

What is Systems Design?

Definition: Systems design is the process of defining elements of a system like modules, architecture,
components and their interfaces and data for a system based on the specified requirements. It is the
process of defining, developing and designing systems which satisfies the specific needs and
requirements of a business or organization.
Description: A systemic approach is required for a coherent and well-running system. Bottom-Up or
Top-Down approach is required to take into account all related variables of the system. A designer uses
the modelling languages to express the information and knowledge in a structure of system that is defined

54
by a consistent set of rules and definitions. The designs can be defined in graphical or textual modelling
languages.
Some of the examples of graphical modelling languages are
a. Unified Modelling Language (UML): To describe software both structurally and behaviourally
with graphical notation.
b. Flowchart: A schematic or stepwise representation of an algorithm.
c. Business Process Modelling Notation (BPMN): Used for Process Modelling language.
d. Systems Modelling Language (SysML): Used for systems engineering.
Design methods:
1) Architectural design: To describes the views, models, behaviour, and structure of the system.
2) Logical design: To represent the data flow, inputs and outputs of the system. Example: ER Diagrams
(Entity Relationship Diagrams).
3) Physical design: Defined as
a. How users add information to the system and how the system represents information back to the
user.
b. How the data is modelled and stored within the system.
c. How data moves through the system, how data is validated, secured and/or transformed as it flows
through and out of the system.

System Design Keys:

 Successfully understanding and defining the mission objectives and the concept of operations are
keys to capturing the stakeholder expectations, which will translate into quality requirements and
operational efficiencies over the life cycle of the project.
 Complete and thorough requirements traceability is a critical factor in successful validation of
requirements.
 Clear and unambiguous requirements will help avoid misunderstanding when developing the
overall system and when making major or minor changes.
 Document all decisions made during the development of the original design concept in the
technical data package. This will make the original design philosophy and negotiation results
available to assess future proposed changes and modifications against.
 The validation of a design solution is a continuing recursive and iterative process during which the
design solution is evaluated against stakeholder expectations.

What is MIS?
MIS is an organized integration of hardware and software technologies, data, processes, and human
elements. It is a software system that focuses on the management of information technology to provide
efficient and effective strategic decision making.
What is MIS? MIS is the acronym for Management Information Systems. MIS is a set of procedures
which, when executed, provides information to support decision making.

55
Systems Design
The objective of systems design is to produce the design specifications for the system that will satisfy the
requirements defined during the systems analysis. These specifications should be detailed enough to
become inputs to the programming stage that follows the design. The design process is usually broken
down into two parts:
1. Logical design - produces the general specification of the resources that will make up the
system.
2. Physical design - produces a complete, detailed specification of the named program
components, called modules, which are to be programmed, and of the databases to be
maintained by the system.
The following system aspects have to be determined and described in the appropriate documentation
during the system design:
1. Hardware and systems software platforms for the application.
2. Programs that will constitute the application and the modules that will make up the programs.
3. Specification of individual software modules
4. Design of the database
5. Design of user interfaces
6. Procedures for system use.

Logical Design
During the logical design, the developers create the general specification for the information system's
resources, often taking the existing system as a point of departure. The developers will devise alternative
major solutions to the problem identified during the analysis phase and recommend one of these solutions
for implementation.
Activities included in the logical design include:
1. The components of the hardware and systems software environment for the system are
specified.
2. System outputs and the inputs needed to produce these outputs are identified.
3. The user interface (means whereby the user interacts with the system), is specified.
4. The logical design of the database is developed
5. The programs that will compose the system and the modules that will make up the programs
are designed.
6. The procedures to be employed in operating the system are specified
7. The controls that will be incorporated in the system are specified, with information systems
auditors participating in the process.

Physical Design
The objective of physical design is to produce a complete specification of all system modules and of
interfaces between them, and to perform physical design of the database. Structured design methodologies
help specify module logic during this stage.
When physical design is completed, the following aspects of the system will have been specified:

56
 a. System outputs
b. System inputs
c. User-system interface
d. Platforms
e. Acquisition method
f. Modular design of the programs that will be developed for the application, interfaces
between the modules, and the specifications of the logic of individual modules.
g. Detailed test plan
h. Database
i. Controls
j. Documentation
k. Conversion plan

It is critical to sustain the processes of organizational change connected with system implementation. This
includes:
1. Reorganizing the affected units of the firm
2. Redesigning the jobs of people who will be affected by the system
3. Enhancing user motivation
4. Conducting user training.

Techniques and Tools of Structured Systems Design

The principal objective of structured design is to specify the structure of the programs in the system in
such a way that the system will be relatively easy to program and modify.
The principal product of the logical design stage of structured design is the structure charts of the
programs that need to be coded and tested. A structure chart specifies the modules that the program will
consist of and the interfaces between them. An interface is a call by a higher-level module - it calls a
lower-level module to do part of the task.
Structured systems design is based on two basic principles:
1. Modular Structure
2. Hierarchical Design

Modular Structure
Programs must be constructed of modules. A module is a named program routine that is handled as a unit
which is evoked (called) by their names during program execution. Characteristics of a module include:
 A module ought to perform completely a well-defined function in the overall system
 A module should be short enough so that its logic is relatively easy to understand.
 Modules are relatively independent from one another and thus, a modification of some of them
during maintenance will scarcely affect other modules. 

57
Hierarchical Design
Program modules are identified top-down; thus, a hierarchical program structure emerges. Characteristics
of a hierarchical design include:

 Start with the single top module that provides the overall control
 Break down its function into lower-level functions and so identify the modules it must call.
 Maintenance is made easier as the maintainer can understand the program structure by studying
the structure chart and relating it to the program code.

Programming
At this stage of its development, the system is coded, tested, and debugged in a process called
programming. Programming is writing instructions for computer execution and testing the written code to
ensure that it performs according to specifications. The objective of programming is thus to produce
reliable software based on appropriate design specifications.
Programming tasks include:

 Coding the software module specifications produced during system design into statements in a
programming language.
 Testing at several levels, beginning with testing individual modules as they are programmed and
culminating in acceptance or installation testing before the system is placed into operation.

Debugging - problems discovered during testing are tracked down to their source in the code and
removed.
To ensure quality of the product, the discipline of structured programming is essential. Coding the
program by relying on a small number of simple programming structures for organizing its logic. This
makes the program code relatively easy to understand, test, and modify.

Software Quality Assurance

Software quality assurance includes a variety of techniques aimed at producing a software product that
satisfies user requirements and organizational objectives.
Early detection of errors is the basis of cost-effective software quality assurance. Early errors that are not
detected right after they are made are expensive to correct later. The severity of errors varies.
The principal means of software quality assurance in the early development stages are walkthroughs and
inspections. The essential means of quality assurance when the program code is available is software
testing.

58
Walkthroughs and Inspections
A walkthrough is a review by a small group of people of a system development product presented by its
author. Walkthroughs should be scheduled frequently during systems development so that a manageable
piece of work can be thoroughly reviewed in one to two hours. Walkthroughs include:
 Specification walkthroughs, where the group looks for errors, omissions, and ambiguities in the
data flow diagrams at various levels, in the data dictionary entries, and in other components of
requirement’s specifications.
 Design walkthroughs, where program listings are studied.
 Code walkthroughs, where program listings are studied. 
 Test walkthroughs, to ensure that the test cases are prepared thoroughly. 

It is crucial for the effectiveness of walkthroughs that they are established as a quality assurance tool as
opposed to a management tool for evaluating the performance of IS professionals.
An inspection is similar to a walkthrough in its objectives, but it is a more formal review technique. In an
inspection, a review team checks a data flow diagram or a program against a prepared list of concerns. At
the heart of code inspection is the paraphrasing technique: An inspector verbally expresses the meaning of
one or more lines of code at a time, with other participants striving to detect errors in this code.
Inspections also include formal rework and follow-up stages to see that the discovered errors were
corrected.

Testing
Testing involves executing the information system components, and the entire system when available, for
the purpose of fixing errors.
General principles of testing include:
 A test plan must be prepared to specify the sequence in which the modules will be coded, in
individually tested, and then integrated into the program.
 Test cases must be prepared as part of the plan.
 Each test case should include a specification of the data to be submitted as inputs, as well as a
specification of the expected results of the test.
 All test results should be studied and recorded.
 Test cases should be prepared for both valid and invalid input conditions.
 Software tools are available to support testing and debugging; their use significantly increases the
effectiveness of the process.

The following are the principal levels of software testing:

1. Module testing
- after a module has been coded, the code is thoroughly reviewed and then tested with
predesigned test cases.
2. Integration testing
- after individual modules are coded and unit-tested, they are integrated into the overall
program. Generally, one module at a time is added to the structure and the resulting partial
product is tested.

59
 3. System testing
- the system is validated against its functional specifications, in an environment and
under loads that resemble the actual operation as closely as possible. The system is subjected
to stress loads to see whether it degrades gracefully. The system's compatibility is checked
against other systems it will have to interact with. Controls and recovery procedures are also
tested. It is very important to test the documentation that will accompany the system along
with the system itself.
A beta test of software is used to test the early copies of software by the intended end users in
order to uncover problems in actual use.
4. Acceptance testing
- a set of systems tests are run in order to ensure that the requirements of Aall users@
have been satisfied. A suite of tests validating the overall system operation is identified,
documented, and preserved for maintenance purposes. These regression tests will be used to
revalidate the system following each maintenance procedure.
5. Installation testing
- if acceptance testing was done before a system was installed in its production
environment, a set of system tests is run again following installation. The system is now ready
for operation.

Conversion
Following acceptance testing, a planned conversion to the new system is performed. The four common
conversion methods include:
1. Parallel operation
 this method is the safest method of conversion
 the old and new systems are run simultaneously until sufficient confidence is gained in the new
system.
 it is expensive to run both the old and new systems during this conversion method
2. Direct conversion
 this method is the most risky (and thus potentially the most expensive) method of conversion.
 at a certain point the old system is completely replaced by the new one.
3. Phased conversion
 involves a gradual conversion
 the new system is introduced in incremental stages, which are divided by function, organizational
units served, the hardware on with the new system will reside, or some other factor.
4. Pilot version

 involves a gradual conversion

 this method relies on introducing a part of the system into one carefully designated organizational
area, learning from this experience, and then introducing the complete system.

60
Postimplementation Review
The final phase of the development life cycle is actually conducted during systems operations. Its
objective is to assess both the system and the development methodology, and it is a vital aspect of
organizational learning. This stage is called the postimplementation review.
A properly conducted review pursues several objectives:
 The organizational impact of the system is studied and further effort is made to ensure successful
implementation. The review may trigger adjustments in organizational structure, business processes,
and job designs.
 A major system development project should be a source of organizational learning.
 The system's performance and controls are evaluated, with the IS auditors participating. Requests for
maintenance frequently follow this evaluation.

Maintaining Information Systems

Operational information systems must be maintained. Maintenance is the process of modifying an
information system to continually satisfy organizational and user requirements. There is a vast difference
between hardware and software maintenance in costs as well as in objectives.
Hardware maintenance - the purpose of maintaining computer system hardware is to keep the equipment
in working order without changing its functionality. Traditionally, this aspect of system maintenance has
been covered by maintenance contracts with equipment manufacturers.
Systems maintenance - the principal effort in system maintenance is directed at maintaining the
applications software. Software maintenance includes all modifications of a software product after it has
been turned over to operations. The cost of this maintenance over the useful life of an application is
typically twice the development cost.

Software maintenance actually consists of three types of activities:

1. Perfective maintenance
- enhancing and modifying the system to respond to changing user requirements and
organizational needs, improving system efficiency, and enhancing documentation.
2. Adaptive maintenance
- changing the application to adapt it to a new hardware or software environment. Adaptive
maintenance may involve, for example, moving an application from a mainframe to a client/server
environment, or converting it from a file to a database environment.
3. Corrective maintenance
- correcting an error discovered during operations.

The Dynamics of Software Maintenance

A software maintenance procedure consists of three steps:

61
 We need to understand the software to be modified and identify the parts targeted for maintenance.
 We must then modify the appropriate components of the application system without adversely
affecting the rest of the system
 We must test and thus validate the modified components, as well as the entire system.

Technologies Assisting the Development of Information Systems

Two relatively new technologies offer particular promise to raise the productivity of information systems
development and enhance the quality of the resulting product. These include:
1. CASE
2. Object oriented development (OOD)
Computer aided software engineering (CASE) technology offers development tools that automate
important aspects of the software development process.
Object oriented development (OOD) is a software development methodology that offers the all-important
possibility of large-scale software reuse: an ability to build up a collection of basic software components
from which larger and larger systems may be constructed.

Computer-Aided Software Engineering (CASE)

Computer-Aided Software Engineering (CASE) tools assist software developers in planning, analyzing,
designing, programming, and maintaining information systems. The principal advantage of a CASE tool
is that it offers an integrated package of capabilities for several of these tasks.
The best-known CASE tools assist the developer in creating a complete set of requirements specifications
for a system, with all the data flow diagrams and with the entities defined in the data dictionary. The tool
subsequently supports the development of structure charts. Alternative development methodologies and
the design of databases are also supported.
CASE tools combine several technologies:
1. Software development methodologies, such as structured systems development
2. Fourth-generation languages for nonprocedural coding
3. Graphical user interfaces.
It is important to stress to students that reference to CASE most often means the Afront-end@ tools that
support the earlier phase of systems development, such as analysis and design. However, CASE tools also
include the Aback-end@ tools such as code generators - software that produces program code from a
terse specification.
CASE tools are an excellent vehicle for rapid applications development through prototyping. They help to
develop the hierarchy of menus for the user interface and specify screens and reports, all of which can be
done in consultation with the users. The code generator then produces the necessary code.
The focal facility of a CASE tool is the information repository, a central database for storing and
managing project data dictionaries, which can contain all the information about the system being

62
developed. This information begins with the plans and goes on to the entities that appear in data flow
diagrams, onto the code, and even to the project management information. CASE tools facilitate
traceability - the ability to relate program code to the analysis and design entities it implements.
CASE tools provide automatic assistance for checking the consistency and completeness of the products
as the development goes on. The availability of this information makes it easier to introduce
modifications in a consistent fashion at any time during system development or maintenance.
CASE tools can also contribute significantly to improved maintenance of information systems. In the first
place, the use of CASE during the development means better documented systems, with essential
documentation kept in the repository and thus relatively easy to maintain. It is possible to trace a user's
request for an enhancement from a DFD to the code modules to be modified and thus to determine the
impact of the change. CASE tools make it possible to maintain system specifications as they are changed
during maintenance.
Certain CASE tools are expressly designed for maintenance activities. Such packages automatically recast
a program from unstructured code into a structured format that relies disciplined programming.
More elaborate CASE packages for maintenance support reverse engineering - developing analysis and
design specifications from the program code.
CASE technology has contributed significantly in reducing time-to-market for products and services.
However, CASE is a complex technology, requiring organizational and individual learning. Quality
improvements are likely to come before increases in productivity of systems development or
maintenance. The complexity of CASE tools and the lack of integrated support for systems development
have limited their adoption.

Object-Oriented Development
Object-oriented development (OOD) aims to build a software model of the real-world system. This
explicit modeling is done by defining and implementing classes of objects using the vocabulary of the
business that will be supported by the information system.
The central principal in object-oriented development (OOD) is building the system as a collection of
interacting objects. If program objects represent real-world objects, we obtain a rather close
correspondence between the program components and their real-world equivalents. Much of the
development proceeds by defining the classes of objects for the information system. Classes are templates
of objects and, conversely, objects are instances of classes. The classes and objects that information
systems deal with are relatively permanent in their behaviour. Therefore, code libraries can be built up, to
be used as needed.
The appeal of OOD is the ability to build up libraries of reusable code. Developers are able to use
software components developed for other systems - and tested through prior use.
Producing reusable software components is only one of the potential benefits of the object-oriented
approach. The process of systems analysis and design based on object orientation is a powerful technique
for gaining understanding of a business system and casting this understanding into modifiable software
components. With OOD, there is a smooth transition from analysis to design - both of these development
tasks deal with objects and classes of objects.

OOD is especially promising for:

63
 1. Graphical user interfaces, where objects such as icons are common
2. Complex applications running on several computers, such as client/server systems, where different
objects can be allocated to different processors.
3. Multimedia applications, which need to support a variety of objects, such as test, voice, image,
and video.

Management of Information Systems Projects

Proper management of a large software development maintenance project has three main aspects:
1. Estimation of the effort needed to develop the system
2. Project planning (or scheduling)
3. The organization of development teams.

Estimation of System Development Effort

In general, projects start with a small number of people in the initial stages of systems analysis and
design. The number then peaks during the coding and testing stage. The actual shape of the curve depends
on a variety of factors.
There are several ways to estimate the development time and cost for a software system.
1. Estimating is done by analogy with a previously developed system.
2. Establishing a measure for the software product and by determining the relationship of this
measure to the cost and time of software development. A frequent measure is the estimated count
of lines of the code to be delivered.
3. Functional points technique of estimating software development effort early in development by
considering the number and complexity of the system inputs, outputs, inquiries, and files.

Project Scheduling and Tracking: Use of Software Tools

Once the total development effort on the project has been estimated, a project schedule may be
established. A schedule breaks the project up into stages, which may be further broken down into
lower-level activities. Major activities terminate in a milestone, which is defined in terms of
completed deliverables.
Methods used to schedule activities as a project progress include:
 PERT/CPM - is a method of scheduling systems development or maintenance activities and
controlling the project. Figure 16.11 - a PERT chart shows the precedence relationships among the
activities listed and the numbered completion events (milestones). The critical path consists only
of critical activities. Any delay in an activity on this path will cause project delay. 
Using PERT/CPM, enables us to answer questions such as these: [Figure 16.11]
1. How much total time will be needed to complete the project
2. What are the scheduled start and finish times for each activity
3. Which activities are critical and must be completed exactly as scheduled
4. How long may noncritical activities be delayed.

64
  Gantt Chart - is a graphical tool for project management that represents project tasks over time
as a bar chart.

Software Project Teams

Most software projects, in both development and maintenance, are carried out by teams. Team
composition varies depending on the development phase - initially it may include largely systems
analysts, but in the end it will consist chiefly of programmers. It is generally recognized that teams
should be small (no more than 10 people), since the development of a complex product such as an
information system calls for intense communication among team members.
Two organizational structures for a team, representing opposite extremes are the:
1. Chief programmer team
 is built around an outstanding software developer, the chief programmer, who personally defines
the requirements specifications and design for the system and programs the key modules.
 the chief programmer is assisted by others, such as a back-up programmer of almost equal
qualifications, an administrator responsible for the managerial aspects of the project, the project's
software librarian responsible for the documentation and keeping current with new program
versions, and by several other professionals.
 the team is built hierarchically, with all the members answering to the chief programmer
 the chief programmer team is more applicable to large project involving a known set of
technologies.

2. Democratic team

 all the team members bear equal responsibility for the project, and the relationships between them
are informal.
 there is much communication among team members in a democratic team than in a chief
programmer team.
 team members are assigned fixed roles, which may be rotated s the situation requires.
 frequently, decisions are made by consensus.
 because the team's operation is highly dynamic, it is vital to preserve group memory as the work
on the project progresses.
 the role is assigned to the project librarian, who maintains all the project information in an
accessible computerized form.
 the democratic team lends itself better when new technologies are applied in smaller, exploratory
projects.

65
Conceptual design and design methods
What is conceptual design?
Conceptual design is a framework for establishing the underlying idea behind a design and a plan for how it will be
expressed visually.
It is related to the term “concept art”, which is an illustration (often used in the preproduction phase of a film or a
video game) that conveys the vision of the artist for how the final product might take form. Similarly, conceptual
design occurs early on in the design process, generally before fine details such as exact colour choices or
illustration style. The only tools required are a pen and paper.
Conceptual design has the root word “concept,” which describes the idea and intention behind the design. This is
contrasted by “execution”, which is the implementation and shape that a design ultimately takes.
Essentially, the concept is the plan, and the execution is the follow-through action. Designs are often evaluated for
quality in both of these areas: concept vs execution. In other words, a critic might ask: what is a design trying to
say, and how well does it say it?

Most importantly, you can’t have one without the other. A poorly executed design with a great concept
will muddle its message with an unappealing art style. A well-executed design with a poor concept might
be beautiful, but it will do a poor job of connecting with viewers and/or expressing a brand.
For the purposes of this article, we’ll focus on the concept whereas execution involves studying the
particulars of design technique.

The purpose of conceptual design

The purpose of conceptual design is to give visual shape to an idea. Towards that end, there are three
main facets to the goals of conceptual design:

To establish a basis of logic

Artistic disciplines have a tendency to be governed by emotion and gut feeling. Designs, however, are
meant to be used. Whether it is a piece of software or a logo, a design must accomplish something
practical such as conveying information or expressing a brand—all on top of being aesthetically pleasing.
Conceptual design is what grounds the artwork in the practical questions of why and how.

To create a design language

Since the concept is essentially just an idea, designers must bridge the gap between abstract thought and
visual characteristics. Design language describes using design elements purposefully to communicate and
evoke meaning.
As explained earlier, the conceptual design phase isn’t going to go as far as planning every stylistic detail,
but it will lay the groundwork for meaningful design choices later on.

To achieve originality
There’s a famous saying that nothing is original, and this is true to an extent. The practice of design—like
any artistic discipline—is old, with designers building on the innovations of those who came before.

66
But you should at least aspire to stand on the shoulders of those giants. And the concept and ideation
phase in the design process is where truly original creative sparks are most likely to happen.

The conceptual design approaches

Now that we understand what conceptual design is and its purpose, we can talk about how it is done. The
conceptual design approach can be broken down into four steps and we’ll discuss each in detail.
It is important to note that these steps don’t have to be completed in any particular order. For example,
many designers jump to doodling without any concrete plan of what they are trying to achieve. How a
person comes up with ideas is personal and depends on whatever helps them think.
It can also be related to how you best learn—e.g. people who learn best by taking notes might have an
easier time organizing their concepts by writing them down. And sometimes taking a more analytical
approach (such as research) early on can constrain creativity whereas the opposite can also lead to
creativity without a purpose.
Whatever order you choose, we would recommend that you do go through all of the steps to get a concept
that is fully thought through. With that out of the way, let’s dive into the conceptual design process.

1. Definition
You must start your design project by asking why the project is necessary. What is the specific goal of the
design and what problem is it meant to solve?
Defining the problem can be a lot trickier than it at first appears because problems can be complex. Often,
a problem can be a symptom of deeper issues, and you want to move beyond the surface to uncover the
root causes.
One technique for doing so is known as the Five Whys, in which you are presented with a problem and
keep asking “Why?” until you arrive at a more nuanced understanding. Otherwise, if you fail to get to the
exact root of the problem, your design solution would have been ultimately flawed. And the design
solution—the answer to the problem—is just another way of describing the concept.

2. Research
Designs must eventually occupy space (whether physical or digital) in the real world. For this reason, a
design concept must be grounded in research, where you will understand the context in which the design
must fit.
This can start with getting information on the client themselves—who is the brand and what is their
history and mission, their personality? You must also consider the market.
Who are the people that will interact with the design? In order for the concept to speak effectively to these
people, you must conduct target audience research to understand who they are and what they are looking
for in a design. Similarly, researching similar designs from competitors can help you understand industry
conventions as well as give you ideas for how to set your concept apart.
Finally, you will want to research the work of other designers in order to gather reference material and
inspiration, especially from those you find particularly masterful. Doing so can show you conceptual
possibilities you might never have imagined, challenging you to push your concepts. You’ll want to
collect these in a mood board, which you will keep handy as you design.

67
3. Verbal ideation
Concepts are essentially thoughts—which is to say, they are scattered words in our minds. In order to
shape a concept into something substantial, you need to draw some of those words out. This phase is
generally referred to as brainstorming, in which you will define your concept verbally.
This can be as straightforward as simply posing the problem (see the first step) and creating a list of
potential solutions.
There are also some helpful word-based techniques, such as mind-mapping or free association. In both of
these cases, you generally start with a word or phrase (for logos, this is usually the brand name and for
other designs, it can be based on some keywords from the brief).
You then keep writing associated words that pop into your head until you have a long list. It is also
important to give yourself a time limit so that you brainstorm quickly without overthinking things.
The purpose of generating words is that these can help you come up with design characteristics (in the
next step) to express your concept. For example, the word “freedom” can translate into loose flowing
lines or an energetic character pose.
Ultimately, it is helpful to organize these associated ideas into a full sentence or phrase that articulates
your concept and what you are trying to accomplish. This keeps your concept focused throughout the
design process.

4. Visual ideation
At some point, concepts must make the leap from abstract ideas to a visual design. Designers usually
accomplish this through sketching.
One helpful approach is to create thumbnails, which are sketches of a design that are small enough to fit
several on the same page.
Like brainstorming (or verbal ideation) the goal is to come up with sketches fast so that your ideas can
flow freely. You don’t want to get hung up on your first sketch or spend too much time on minute detail.
Right now, you are simply visualizing possible interpretations of the concept.

This phase is important because while you may think you have the concept clear in your mind, seeing it
on the page is the true test of whether it holds water. You may also surprise yourself with a sketch that
articulates your concept better than you could have planned.
Once you have a couple sketches that you like, you can refine this into a much larger and more detailed
sketch. This will give you a presentable version from which you can gather feedback.

Dream big with conceptual design

The remainder of the design process is spent executing the concept. You will use the software of your
choice to create a working version of your design, such as a prototype or mockup. Assuming your design
is approved by the client, test users or any other stakeholders, you can go about creating the final version.
If not, use conceptual design to revisit the underlying concept.

68
Conceptual design is the bedrock of any design project. For this reason, it is extremely important to get
right. Creating a concept can be difficult and discouraging—over time, you might find your garbage bin
overflowing with rejected concepts.
But this is exactly why it is so helpful to have a delineated process like conceptual design to guide you
through the messy work of creating ideas. But at the end of the day, getting a design of value will require
both a great concept and a skilled designer.

69
 UNIT – V
Introduction to Cyber Crime

Cyber Crime:
“Cybercrime” is an amorphous field. It refers broadly to any criminal activity that pertains to or is committed through
the use of the Internet. A wide variety of conduct fits within this capacious definition. We will concentrate in this
chapter on five activities that have been especially notorious and that have strained especially seriously the fabric of
traditional criminal law: use of the Internet to threaten or stalk people; online fraud; “hacking”; online distribution
of child pornography; and cyberterrorism.
Cybercrime is not an old sort of crime to the world. It is defined as any criminal activity which takes place on or over
the medium of computers or internet or other technology recognised by the Information Technology Act. Cybercrime
is the most prevalent crime playing a devastating role in Modern India. Not only the criminals are causing enormous
losses to the society and the government but are also able to conceal their identity to a great extent. There are number
of illegal activities which are committed over the internet by technically skilled criminals. Taking a wider
interpretation, it can be said that, Cybercrime includes any illegal activity where computer or internet is either a tool
or target or both. The term cybercrime may be judicially interpreted in some judgments passed by courts in India;
however, it is not defined in any act or statute passed by the Indian Legislature. Cybercrime is an uncontrollable evil
having its base in the misuse of growing dependence on computers in modern life. Usage of computer and other
allied technology in daily life is growing rapidly and has become an urge which facilitates user convenience. It is a
medium which is infinite and immeasurable. Whatsoever the good internet does to us, it has its dark sides too.1 Some
of the newly emerged cybercrimes are cyber-stalking, cyber-terrorism, e-mail spoofing, e-mail bombing, cyber
pornography, cyberdefamation etc. Some conventional crimes may also come under the category of cybercrimes if
they are committed through the medium of computer or Internet.

The evolution of Cybercrime:

A History of Cyber Crime:
We have learnt to place a great deal of faith in computer systems since they have become a vital part of the everyday
operations of corporations, organisations, governments, and people. As a result, we've entrusted them with extremely
essential and valuable information. Things of value have always been a target for criminals, as history has proved.
Cyber Crime is no exception. As consumers fill their personal computers, phones, and other devices with valuable
information, they provide a target for criminals to aim at in order to profit from the activity.
In the past, a criminal would have to commit a robbery in some form or another in order to acquire access to a person's
goods. In the instance of data theft, the thief would need to break into a facility and sift through files in search of the
most valuable and profitable information. In today's society, criminals may attack their victims from afar, and because
of the nature of the internet, these actions are unlikely to be punished.

Cyber Crime in the 70s and 80s

Criminals took advantage of the tone mechanism employed on phone networks in the 1970s. The assault was known
as phreaking, and it involved the attacker reverse-engineering the telephone companies' long-distance call tones.
The first computer worm appeared on the internet in 1988, wreaking havoc on businesses. The Morris worm, named
after its inventor Robert Morris, was the first worm. Despite the fact that this worm was not designed to be malevolent,
it nonetheless did a lot of damage. In 1980, the United States Government Accountability Office assessed that the
cost of the damage may have been as much as $10,000,000.00.
The first recorded ransomware assault, which targeted the healthcare business, occurred in 1989. Ransomware is a
sort of malicious software that encrypts a user's data and locks it until a tiny ransom is paid, after which a
cryptographic unlock key is sent. 20,000 floppy discs were delivered across 90 nations by an evolutionary researcher
named Joseph Popp, who claimed the discs contained software that could be used to analyse an individual's risk
factors for developing the AIDS virus. The disc, on the other hand, included malware that, when run, presented a

70
message requesting payment for a software licence. Ransomware assaults have developed significantly over time,
with the healthcare industry continuing to be a major target.

The birth of the web and a new dawn for Cyber Crime
The web browser and email were widely available in the 1990s, providing new tools for cybercriminals to exploit.
The cybercriminal was able to dramatically increase their reach as a result of this. Until the cybercriminal had to
carry out a physical transaction, such as handing over a floppy disc. Cybercriminals might now use these new, very
susceptible web browsers to send virus code around the internet. Cybercriminals adapted what they'd learnt in the
past to operate via the internet, with disastrous repercussions.
With phishing assaults, cybercriminals were also able to reach out and scam individuals from afar. It was no longer
required to interact with folks on a one-on-one basis. You could attempt to trick millions of users simultaneously.
Even if only a small percentage of people took the bait you stood to make a lot of money as a cybercriminal.
The decade of the 2000s saw the emergence of social media as well as identity theft. Identity theft has become the
new financial piggy bank for criminal groups all over the world, thanks to the emergence of databases storing millions
of users' personal identifying information (PII).
Because of this information and the general public's lack of cybersecurity knowledge, hackers were able to perpetrate
a variety of financial frauds, including creating bank accounts and credit cards in the names of others.

Cyber Crime in a fast-paced technology landscape

Cybercriminal behaviour has only become worse in recent years. We've seen the cybercriminal grow more adept and
difficult to apprehend as computer systems have gotten quicker and more complicated. Botnets, which are a network
of private computers infected with malicious software and used by criminals to manage millions of infected computer
systems throughout the world, are already commonplace.
These botnets allow hackers to overburden organisational networks while concealing their origins:

 We see constant ransomware attacks across all sectors of the economy

 People are constantly on the lookout for identity theft and financial fraud
 Continuous news reports regarding the latest point of sale attack against major retailers and hospitality
organizations.

Origin of word Cybercrime:

This term owes its origin to the word "cybernetics" which deals with information and its use; furthermore, cybernetics
is the science that overlaps the fields of neurophysiology, information theory, computing machinery and automation.
However, beyond this, there does not seem to be any further connection to the term "cybernetics" as per other sources
searched. It is closely related to control theory and systems theory.
People are curious to know how cybercrimes are planned and how they actually take place. Worldwide, including
India, cyberterrorists usually use computer as a tool, target or both for their unlawful act to gain information which
can result in heavy loss/damage to the owner of that intangible sensitive information.
Internet is one of the means by which the offenders can gain priced sensitive information of companies, firms,
individuals, banks and can lead to intellectual property (IP) crimes (such as stealing new product, plans, its
description, market program plans, list of customers, etc.), selling illegal articles, pornography/child pornography,
etc. This is done using methods such as Phishing, Spoofing, Pharming, Internet Phishing, wire transfer, etc. and use
it to their own advantage without the consent of the individual. "Phishing" refers to an attack using mail programs to
deceive or coax Internet users into disclosing confidential information that can be then exploited for illegal purposes.
Figure 1 shows the increase in Phishing hosts.

71
Cyber Crime:
Cybercrime is a crime that involves a computer, networking device or network. Most cybercrimes are committed by
cybercriminals to make a profit, some cybercrimes are used to directly damage or disable computers or equipment,
while others use computers or networks to spread malware, illegal information, images or other content. Some
cybercrimes target both computers, i.e., infecting computer viruses, which then spread to other machines and
sometimes to entire networks. The primary consequence of cybercrime is financial; Cybercrime involves a variety of
for-profit criminal activities, including ransom-ware attacks, email and internet fraud and identity scams, as well as
attempts to steal financial account, credit card or other payment card information. Cybercriminals can target one's
personal information as well as corporate data for theft and resale. Following are the some different types of cyber-
crimes...

 Hacking: Simply put, hacking is the permission of an intruder. Hackers are basically computer programmers,
who have advanced knowledge about computers and usually misuse this knowledge for wrong reasons. They are
usually technologists who have expert level skills in a particular software program or language. As intended,
there may be many, but the most common are very simple and can be explained by human instincts such as greed,
fame, power, etc. Some people do it entirely to show off their skills through relatively harmless activities. Such
as improving software and even hardware to carry out tasks beyond the manufacturer's purpose, others seem to
be destroyed. Due to greed and sometimes voluntary tendencies, a hacker can break into the system to steal
personal banking information, corporation financial data, etc…
 Virus Diffusion: Viruses are computer programs that attach themselves to systems or files and infect
them, and tend to spread to other computers on the network. They disrupt computer operations and affect
stored data either by modification or deletion altogether. Unlike viruses, "worms" do not require a host to
stick to. They only make replicas without consuming all the available memory in the system. The word
"worm" is sometimes used for the selfish purpose of "malware". The term is frequently changed in reference
to hybrid viruses / worms thatdominate the current viral situation. Trojan horses differ from viruses in their
mode of transmission. They masquerade as legal files, such as email attachments from a friend with a trusted
name and do not spread you.
 Logic Bomb: A logic bomb, also known as a "slag code", is a piece of malicious code that is intentionally
inserted into software to perform malicious actions when triggered by a specific event. It is not a virus,
72
 although it usually behaves the same. This program is inserted precisely into the program where it is dormant
until a specific program is completed. Malicious software, such as viruses and worms, often contain logic
bombs that run on a specific payload or at a predetermined time. Payload of logic bombs to the user of the
software and it performs unwanted functions. Codes programmed to execute at a particular time are known
as "time-bombs." For example, the infamous “Friday the 13th” virus attacked the host system only on certain
dates; Every Friday it "exploded" (duplicated itself) which was the thirteenth of the month, so the system
slows down. Logic bombs are usually assigned by disgruntled employees working in the IT sector. You may
have heard of "Dissatisfied Employees Syndrome" in which employers of fired angry employees use logic
bombs to delete databases, temporarily stabilize networks, or even trade internally. The trigger associated
with the execution of a logic bomb could be a specific date and time, an entry not received from the database,
or a failure to place commands at the usual time, meaning that the person no longer works there. Many logic
bombs only stay in the network in which they work. So often they are an internal affair. This makes them
easier to design and operate than viruses. No need to duplicate it; which is a more complex task. To protect
your network from logic bombs, you need constant monitoring of data on every computer on the network
and efficient anti-virus software.
 Phishing: This is a technique to extract confidential information, such as credit card numbers and
username passwords, under the guise of a legitimate enterprise. Phishing is usually carried out through email
spoofing. You may have received emails with links to legitimate websites. You may have been suspicious
and have not clicked on the link. The malware may have installed itself on your computer and stolen private
information. Cybercriminals use social engineering to trick you into downloading malware from the Internet
or filling out your personal information under false pretences. There are a few things to keep in mind when
it comes to phishing scams in email.
 Email Spamming and Bombing: Email bombing is characterized by a victim's email account or
mail server crashing as a result of a large number of emails being sent to the target address by a prohibited
user. Message is useless and too long to use resources. If multiple accounts on the mail server are targeted,
denial of service may result. Frequent mail in your mail can be easily detected by the spam filter. Email
bombing is usually carried out using botnets (private Internet connected computers whose security is
compromised by malware and under the control of attackers) as a DDOS attack.
 Web Jacking: Web jacking is called "hijacking". Here, the hacker fraudulently takes control of the
website. It may change the content of the original site or redirect its controlled user to another fake similar
page. The owner of the website no longer has control and the attackers may use the website for their own
benefit. Cases of ransom have been reported by the attackers, as well as pornographic material posted on the
site. The attack of the web jacking method can be used to create a clone of the website and to present the
victim with a new link stating that the site has been moved. Unlike the usual phishing methods, when you
hover your cursor over the provided link, the URL presented will be original, not the attacker's site. But when
you click on a new link, it opens and is quickly replaced with a malicious web server. The name on the
address bar will be slightly different from the original website which will make the user think that it is a legal
site.
 Cyber Stalking: Cyber stalking is a new form of internet crime in our society when a person is being
pursued or followed online. A cyber stalker does not physically follow your victim; He literally does this
through his online actions to gather information about the pastor and to harass and verbally threaten him.
This is an attack on someone's online privacy. Cyber stacking uses the Internet or any other electronic means
and is different than offline stacking, but usually with it. The most common victims of this crime are women
who are victimized by men and children by adult predators and paedophiles. Cyber stalkers thrive on
inexperienced web users who are unaware of the rules of native and internet safety. A cyber stalker may be
a stranger, but a person you know can easily become a stranger.
 Data Diddling: Data dissection is the process of unauthorized exchange of data before or during access
to a computer and back after the process is complete. Using this technique, the attacker can improve the
expected output and is difficult to track. In other words, the information that will be entered is altered, the
virus programmed to alter the data, the programmer or creator of the database or of application, anyone else
involved in the recording process, encoding, checking, investigating, converting or transmitting data is the
easiest computer related crime. There is a method, because even a computer amateur can do it. Although this

73
 is an easy task, it can have detrimental effects. For example, a person in charge of accounting indicates that
the data may change, either for himself or for a friend or relative. They are able to steal from the enterprise
if the information changes or fails. Other examples include forging or forging documents and exchanging
valid computer tapes or cards with readymade replacements. Electrical circles in India have fallen victim to
data diddling by computer criminals when private parties were computerizing their systems.

Information Security:
Information Security is not only about securing information from unauthorized access. Information Security is
basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection,
recording or destruction of information. Information can be physical or electronic one. Information can be anything
like Your details or we can say your profile on social media, your data in mobile phone, your biometrics etc. Thus
Information Security spans so many research areas like Cryptography, Mobile Computing, Cyber Forensics, Online
Social Media etc.
During First World War, Multi-tier Classification System was developed keeping in mind sensitivity of information.
With the beginning of Second World War formal alignment of Classification System was done. Alan Turing was the
one who successfully decrypted Enigma Machine which was used by Germans to encrypt warfare data.
Information Security programs are built around 3 objectives, commonly known as CIA – Confidentiality, Integrity,
Availability.
Confidentiality – means information is not disclosed to unauthorized individuals, entities and process. For example,
if we say I have a password for my Gmail account but someone saw while I was doing a login into Gmail account.
In that case my password has been compromised and Confidentiality has been breached.
Integrity – means maintaining accuracy and completeness of data. This means data cannot be edited in an
unauthorized way. For example, if an employee leaves an organisation, then in that case data for that employee in all
departments like accounts, should be updated to reflect status to JOB LEFT so that data is complete and accurate and
in addition to this only authorized person should be allowed to edit employee data.
Availability – means information must be available when needed. For example, if one needs to access information
of a particular employee to check whether employee has outstood the number of leaves, in that case it requires
collaboration from different organizational teams like network operations, development operations, incident response
and policy/change management.
Denial of service attack is one of the factors that can hamper the availability of information.
Apart from this there is one more principle that governs information security programs. This is Non repudiation.
Non repudiation – means one party cannot deny receiving a message or a transaction nor can the other party deny
sending a message or a transaction. For example, in cryptography it is sufficient to show that message matches the
digital signature signed with sender’s private key and that sender could have a sent a message and nobody else could
have altered it in transit. Data Integrity and Authenticity are pre-requisites for Non repudiation.
Authenticity – means verifying that users are who they say they are and that each input arriving at destination is
from a trusted source. This principle if followed guarantees the valid and genuine message received from a trusted
source through a valid transmission. For example, if take above example sender sends the message along with digital
signature which was generated using the hash value of message and private key. Now at the receiver side this digital
signature is decrypted using the public key generating a hash value and message is again hashed to generate the hash
value. If the 2 value matches, then it is known as valid transmission with the authentic or we say genuine message
received at the recipient side
Accountability – means that it should be possible to trace actions of an entity uniquely to that entity. For example,
as we discussed in Integrity section Not every employee should be allowed to do changes in other employees’ data.
For this there is a separate department in an organization that is responsible for making such changes and when they
receive request for a change then that letter must be signed by higher authority for example Director of college and
74
person that is allotted that change will be able to do change after verifying his bio metrics, thus timestamp with the
user (doing changes) details get recorded. Thus, we can say if a change goes like this then it will be possible to trace
the actions uniquely to an entity.
At the core of Information Security is Information Assurance, which means the act of maintaining CIA of
information, ensuring that information is not compromised in any way when critical issues arise. These issues are not
limited to natural disasters, computer/server malfunctions etc.
Thus, the field of information security has grown and evolved significantly in recent years. It offers many areas for
specialization, including securing networks and allied infrastructure, securing applications and databases, security
testing, information systems auditing, business continuity planning etc.

Cyber Criminals:
Cybercriminals are individuals or teams of people who use technology to commit malicious activities on digital
systems or networks with the intention of stealing sensitive company information or personal data, and generating
profit.
Cybercriminals are known to access the cybercriminal underground markets found in the deep web to trade malicious
goods and services, such as hacking tools and stolen data. Cybercriminal underground markets are known to
specialize in certain products or services.
Laws related to cybercrime continue to evolve across various countries worldwide. Law enforcement agencies are
also continually challenged when it comes to finding, arresting, charging, and proving cybercrimes.

Cybercriminals, Hackers, and Threat Actors

Hacking does not necessarily count as a cybercrime; as such, not all hackers are cybercriminals. Cybercriminals hack
and infiltrate computer systems with malicious intent, while hackers only seek to find new and innovative ways to
use a system, be it for good or bad.
Cybercriminals also differ greatly from threat actors in various ways, the first of which is intent. Threat actors are
individuals who conduct targeted attacks, which actively pursue and compromise a target entity’s infrastructure.
Cybercriminals are unlikely to focus on a single entity, but conduct operations on broad masses of victims defined
only by similar platform types, online behaviour, or programs used. Secondly, they differ in the way that they conduct
their operations. Threat actors follow a six-step process, which includes researching targets and moving laterally
inside a network. Cybercriminals, on the other hand, are unlikely to follow defined steps to get what they want from
their victims.
Note, however, that cybercriminals have also been known to adopt targeted attack methodologies in their operations.
Cybercrime is taken very seriously by law enforcement. In the early long periods of the cyber security world, the
standard cyber criminals were teenagers or hobbyists in operation from a home laptop, with attacks principally
restricted to pranks and malicious mischief. Today, the planet of the cyber criminals has become a lot of dangerous.
Attackers are individuals or teams who attempt to exploit vulnerabilities for personal or financial gain.

Types of Cyber Criminals:

1. Hackers: The term hacker may refer to anyone with technical skills, however, it typically refers to an individual
who uses his or her skills to achieve unauthorized access to systems or networks so as to commit crimes. The intent
of the burglary determines the classification of those attackers as white, grey, or black hats. White hat attackers
burgled networks or PC systems to get weaknesses so as to boost the protection of those systems. The owners of the
system offer permission to perform the burglary, and they receive the results of the take a look at. On the opposite
hand, black hat attackers make the most of any vulnerability for embezzled personal, monetary or political gain. Grey
hat attackers are somewhere between white and black hat attackers. Grey hat attackers could notice a vulnerability
and report it to the owners of the system if that action coincides with their agenda.

75
(a). White Hat Hackers – These hackers utilize their programming aptitudes for a good and lawful reason. These
hackers may perform network penetration tests in an attempt to compromise networks to discover network
vulnerabilities. Security vulnerabilities are then reported to developers to fix them.
(b). Gray Hat Hackers – These hackers carry out violations and do seemingly deceptive things however not for
individual addition or to cause harm. These hackers may disclose a vulnerability to the affected organization after
having compromised their network.
(c). Black Hat Hackers – These hackers are unethical criminals who violate network security for personal gain. They
misuse vulnerabilities to bargain PC frameworks.
2. Organized Hackers: These criminals embody organizations of cyber criminals, hacktivists, terrorists, and state-
sponsored hackers. Cyber criminals are typically teams of skilled criminals targeted on control, power, and wealth.
These criminals are extremely subtle and organized, and should even give crime as a service. These attackers are
usually profoundly prepared and well-funded.
3. Internet stalkers: Internet stalkers are people who maliciously monitor the web activity of their victims to acquire
personal data. This type of cybercrime is conducted through the use of social networking platforms and malware,
that are able to track an individual’s PC activity with little or no detection.
4. Disgruntled Employees: Disgruntled employees become hackers with a particular motive and also commit
cybercrimes. It is hard to believe that dissatisfied employees can become such malicious hackers. In the previous
time, they had the only option of going on strike against employers. But with the advancement of technology there
is increased in work on computers and the automation of processes, it is simple for disgruntled employees to do more
damage to their employers and organization by committing cybercrimes. The attacks by such employees brings the
entire system down. Please refer for: Cyber Law (IT Law) in India

Classification of Cyber Criminals:

Legal Perspectives
Indian Perspectives
Cybercrimes and Indian ITA 2000
Global Perspective on Cybercrime
Cybercrime era (Refer Nina God Bole et al)

the term cybercrime is well known and needs no introduction. Crime is a great hurdle in the development of a country.
It adversely affects the members of the society and lowers down the economic growth of the country. Computer
technology provides a boost to the human life and makes it easier and comfortable. It adds accuracy, speed and
efficiency to the life of human being. But a computer is exploited by the criminals and its illegal use leads to
cybercrime. To combat cybercrime, India enacted the Information Technology Act,2000 which was drastically
amended in the year 2008 providing more powerful and stringent law. Cybercrime is a crime done with the misuse
of information technology for unauthorized or illegal access, electronic fraud; like deletion, alteration, interception,
concealment of data, forgery etc... Cybercrime is an international crime as it has been affected by the global revolution
in information and communication technologies (ICTs). It has affected the global community. It would be unlawful
act where the computer is either a tool or a target or both. Continuous attempts have been made to specify different
types of cybercrime, their detection and preventive methods. Cybercrimes have become the most potentially
damaging threat to IT-related activities, transactions, and assets. Unfortunately, some organizations do not seem to
be much alert to detect, address, or protect themselves from these threats.
The internet has become an integral part of everyone’s life. It has also given new dimensions to our economic and
social life. But at the same time, we cannot be oblivious of the negative side of use of computers and internet. It is
very unfortunate that computer crime is rampant and is increasing exponentially as the side effect of the excessive
76
use of computers and internet. The internet security problem is immensely growing and cybercrimes are continuously
increasing even though we are using many countermeasures. The following figures would reveal the worldwide
penetration percentage of cybercrimes.

NEED FOR CYBER LAW

Today, it cannot be overemphasized that billions of users are using internet. The internet is used almost everywhere
like in home, shop, office, railway station, college etc. by the users. The internet and our economies have also become
interwoven. The internet generates both wealth and employment. Unfortunately, the internet is misused by hackers
and organised criminals. The growth of cybercrime is increasing proportionately to the internet explosion.
Cybercrime is expanding parallel with the growing number of internet users.
The internet is open to the public and the internet users are at risk and targeted for mental harassment, financial gain
through malware and social evil purposes. Therefore, for detection and prevention of such cyber threat, the industries
are developing a range of products for use in the home and the business, for example, intrusion detection systems,
firewalls, antivirus software etc… Despite all the preventive steps, we are not able to get rid of cybercrime.
The internet security problem is immensely growing and cybercrime continues to thrive even though we are using
many countermeasures. Due to these consequences, there was need to adopt a strict law by the cyber space authority
to regulate criminal activities relating to cyber and to provide better administration of justice to the victim of
cybercrime. In the modern cyber technology world, it is very much necessary to regulate cybercrimes and most
importantly cyber law should be made stricter in the case of cyber terrorism and hackers.

Legal Perspectives:
LEGISLATIVE MEASURES FOR PREVENTION OF CYBER CRIMES
Statutory Provisions Governing Cyber Defamation in India
The Indian Penal Code, 1860
The Indian Penal Code, 1860 contains provisions dealing with the menace of cyber defamation.

 Section 499 of IPC. Defamation.

Whoever, by words either spoken or intended to be read, or by signs or by visible representations, makes or
publishes any imputation concerning any person intending to harm, or knowing or having reason to believe that
such imputation will harm, the reputation of such person, is said to defame that person. However, there are 10
exceptions viz., imputation of truth required to be made or published in public good, expression of public conduct
of public servants in good faith, expression of conduct of any person touching any public question in good faith,
publication of reports of proceedings of Courts, expression of opinion respecting merits of case decided in Court
or conduct of witness and others concerned in good faith, expression of opinion respecting merits of public
performance in good faith, censure passed in good faith by person having lawful authority over another,

77
 accusation preferred in good faith against any person by authorized person, imputation on the character of another
made in good faith by person for protection of the interest of the person making it or of any other person, or for
the public good, caution intended for good of person to whom conveyed or for public good.
The exceptions are based on the ground of truth, good faith or public interest, and strike a balance between
freedom of speech and expression guaranteed under Article 19(1) (a) of the Constitution of India and the
individual’s rights to reputation. The expression ‘harm’ used in Section 499 means harm to the reputation of the
aggrieved party. No imputation is said to harm a person's reputation, unless that imputation directly or indirectly,
in the estimation of others, lowers the moral or intellectual character of that person, or lowers the character of
that person in respect of his caste or of his calling, or lowers the credit of that person. The harm to reputation of
the person is made with necessary men’s rea (guilty mind). The offence of defamation is punishable under Section
500 of IPC with a simple imprisonment up to 2 years or fine or both.

 Section 469 of IPC. Forgery for purpose of harming reputation.

Whoever commits forgery, intending that the document or electronic document forged shall harm the reputation
of any party, or knowing that it is likely to be used for that purpose, shall be punished with imprisonment of
either description for a term which may extend to three years, and shall also be liable to fine. The phrase
“intending that the document forged” under Section 469 was replaced by the phrase “intending that the document
or electronic record forged” vide the Information and Technology Act, 2000. The offence is cognizable, bailable,
non-compoundable. It is worthwhile to mention here that cognizable offence means an offence for which a police
officer may arrest without warrant. A warrant case means a case relating to an offence which is punishable with
death, imprisonment for life or imprisonment for a term exceeding 2 years . A bailable offence means an offence
which is shown as bailable in the First Schedule appended to Code of Criminals Procedure, 1973 or which is
made bailable by any other law and non-bailable offence means any other offence.

 Section 470 of IPC. Forged document or electronic record.

A false document or electronic record made wholly or in part by forgery is designated a forged document or
electronic record. The word ‘document or electronic record’ was substituted for the word document vide
Information Technology Act, 2000.

 Section 503 of IPC. Criminal intimidation.

Whoever, threatens another with any injury to his person, reputation or property, or to the person or reputation
of any one in whom that person is interested, with intent to cause alarm to that person, or to cause that person to
do any act which he is not legally bound to do, or to omit to do any act which that person is legally entitled to
do, as the means of avoiding the execution of such threats, commits criminal intimidation. Section 503 of IPC
covers the offence of criminal intimidation by use of e-mails and other electronic means of communication for
threatening or intimidating any person or his property or reputation. It is punishable with imprisonment for a
term which may extend to 2 years, or fine, or both under section 504. The offence is non-cognizable, bailable
and compoundable.

[Link]

The Information Technology Act, 2000

In May 2000, both the houses of the Indian Parliament passed the Information Technology Bill. The Bill received
the assent of the President in August 2000 and came to be known as the Information Technology Act, 2000.
Cyber laws are contained in the IT Act, 2000 / amendment thereof. This Act aims to provide the legal
infrastructure for e-commerce in India. And the cyber laws have a major impact for e-businesses and the new
economy in India. So, it is important to understand what are the various perspectives of the IT Act, 2000 and
what it offers.

78
 The Information Technology Act, 2000 also aims to provide for the legal framework so that legal sanctity is
accorded to all electronic records and other activities carried out by electronic means. The Act states that unless
otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the
same shall have legal validity and enforceability.

Since the first computer crime law, the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984,
the government has been trying to track down and stop online criminals. The FBI has tried many programs and
investigations in order to deter Internet crime, like creating an online crime registry for employers (Metchik
29). The reality is that Internet criminals are rarely caught. One reason is that hackers will use one computer in
one country to hack another computer in another country. Another eluding technique used is the changing of
the emails, which are involved in virus attacks and “phishing” emails so that a pattern cannot be recognized.
An individual can do their best to protect themselves simply by being cautious and careful. Internet users need
to watch suspicious emails, use unique passwords, and run anti-virus and anti-spyware software. Do not open
any email or run programs from unknown sources.

Advantages of Cyber Laws

The IT Act, 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such
laws so that people can perform purchase transactions over the Net through credit cards without fear of
misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity
or enforceability, solely on the ground that it is in the form of electronic records. In view of the growth in
transactions and communications carried out through electronic records, the Act seeks to empower
government departments to accept filing, creating and retention of official documents in the digital format.
The Act has also proposed a legal framework for the authentication and origin of electronic
records/communications through digital signature. From the perspective of e-commerce in India, the IT Act,
2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the e-
businesses would be that email would now be a valid and legal form of communication in our country that can
be duly produced and approved in a court of law.
Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the
Act. Digital signatures have been given legal validity and sanction in the Act. The Act throws open the doors for
the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures
Certificates. The Act now allows Government to issue notification on the web thus heralding e-governance. The
Act enables the companies to file any form, application or any other document with any office, authority, body
or agency owned or controlled by the appropriate Government in electronic form by means of such electronic
form as may be prescribed by the appropriate Government. The IT Act also addresses the important issues of
security, which are so critical to the success of electronic transactions. The Act has given a legal definition to
the concept of secure digital signatures that would be required to have been passed through a system of a
security procedure, as stipulated by the Government at a later date.
Under the IT Act, 2000, it shall now be possible for corporate to have a statutory remedy in case if anyone
breaks into their computer systems or network and causes damages or copies data. The remedy provided by
the Act is in the form of monetary damages, not exceeding Rs. 1 crore. Under The IT Act, 2000, Cyber Crime is
a collective term encompassing both ‘Cyber Contraventions’ and ‘Cyber Offences’.

[Link]

79
Cyber-crime: A Global Perspective
Cybersecurity constitutes one of the top five risks of most firms, especially in Big Tech and Banking & Financial
Services. A weekend reading led to some interesting data points from various sources such as AV-Test and Cove
ware, among others, and that further led to me pondering over the mitigating actions that we can take as
individuals and as organisations for some, if not all, of these cybercrime risks. I extend my thanks to the respective
experts who shared their knowledge, enabling me to piece together some parts of the larger jigsaw puzzle.

Global cybercrime damage costs this year are expected to breach US $6 trillion an annum. That is almost one-
fourth of the US GDP or twice the GDP of India. This is expected to scale up to US $10.5 trillion an annum by
2025. Cyber attackers are disrupting critical supply chains, at least 4 times more than in 2019.

Yet, approximately 4 of every 5 organisations don’t consider themselves having proper responses to cyber-attacks
which creates a need for a cybersecurity risk management team for them. Let’s have a look at the individual
components.

Cyber-crime: How does it impact India

India is no exception to the global trends in cyber-crime and expects cyber frauds to continue to rise in 2021.
India ranks 11th worldwide in the number of attacks caused by servers that were hosted in the country, with 2.3
million incidents reported in Q1 2020. Cyberattacks reported in 2020 were up nearly three times from 2019 and
more than 20 times compared to 2016.

While digital transformation, move to cashless transactions and zero contact communication supported with
proliferation in internet and mobile phone usage, cyber risks in India have risen exponentially during the
pandemic. According to the annual IBM X-Force Threat Intelligence Index, India reported the second-highest
number of cyber-attacks after Japan in the Asia-Pacific region in 2020, accounting for 7 percent of all cyber-
attacks observed in Asia in 2020.

The cybersecurity market in India is expected to grow to over $3 billion by 2022, at about 150% of the global
rate. A 2019 report by IBM revealed that cyberattacks cost India ₹12.8 crores on an average between July 2018
and April 2019, while the average cost of a data breach globally was ₹27 crore. Besides these financial losses,
cyberattacks can and have caused huge dents in organizational brand value.

45% of adult Indian internet users faced identity threat in 2020, up almost 40% since 2019, at 2.7 crore – over 2
percent of India’s entire population.

A German cybersecurity firm, Greenbone Sustainable Resilience, reported that medical records of over 120
million Indian patients (mostly from Maharashtra and Karnataka) were leaked on the Internet. The leaked records
included pictures of the patients, X-rays, CT scans and MRIs.

Stuart Solomon, COO of Massachusetts based Recorded Future, had made an interesting claim based on malware
tracing. He alleged that a Chinese group called Red Echo, “has been seen to systematically utilize advanced cyber
intrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation
and transmission infrastructure.” The firm claimed that the electricity outage in Mumbai on 13th October 2020,
was orchestrated by Red Echo. Whether Red Echo was acting as a state actor or not, the threat is nonetheless
real.

80
The latest one in the country is a fake SMS message, that claims to offer an app to register for Covid-19
vaccination in India. Once the link is clicked, this installs malicious code that gains permissions to the user’s
data, such as contact lists, and spreads via SMS to the user’s contacts.

Having perused these data points, it does not take much to decipher that these incidents are only expected to
increase. Let’s look at some of the steps that can be taken to mitigate or reduce the impact;

Mitigants, we look at the mitigants from an individual and an organisational perspective

Individuals For home usage, some cyber etiquettes generally are good enough to firstly avoid being attacked, and
if one does become a victim of cyber-crime, can minimize impact;

Genuine hardware and genuine updated software;

Full-service internet security suites are preferred;
Usage of Virtual Private Networks is preferred, though this may slow things down slightly;
Avoiding spurious websites;
Usage of strong passwords, with alphanumeric characters (mix of the alphabet and numerals), symbols, not less
than 8 words but preferably 10 or more words, not repeating passwords across sites;
Avoid clicking on pictures on WhatsApp or other sites, that are forwards;
Minimizing sharing personal information on social media, to prevent social engineering;
Avoid losing data by backing it up periodically;
To be extra cautious while outside work premises;
And if one is unfortunate to have been a victim, report to local authorities.
Organisations

Organisations need a much more structured approach to manage cybersecurity risks. Also, before commencing,
it is important to realise that Human errors (~95%) are a major cause of cybersecurity breaches – any
sophisticated programme that does not consider this element will be fraught with deficiencies. Having
cybersecurity management can help mitigate the risks across the organisation.

A typical programme in a global organisation would mostly involve the following, amongst other steps, though
may not be in any specific order.

81