S.Y.

MCA
(TWO YEARS PATTERN)
SEMESTER - III (CBCS)

MANAGEMENT
INFORMATION SYSTEM
SUBJECT CODE: MCAE343
 © UNIVERSITY OF MUMBAI

Dr. Suhas Pednekar

Vice Chancellor
University of Mumbai, Mumbai
Prof. Ravindra D. Kulkarni Prof. Prakash Mahanwar
Pro Vice-Chancellor, Director,
University of Mumbai IDOL, University of Mumbai

Programme Co-ordinator : Prof. Mandar Bhanushe

HOD Science and Technology IDOL,
Mumbai University, Vidyanagari, Santacruz (E).
Course Co-ordinator : Mrs. Reshma Kurkute
Assistant Professor (M.C.A)
IDOL Mumbai University, Vidyanagari, Santacruz (E).
Course Writers : Ms. Rani Podichetty
Assistant Professor
VK. B college of Arts and Commerce, Mumbai .
: Ms. Gauri Ansurkar
Assistant Professor
KSD’s Model College (Autonomous), Dombivli 421201.
: Dr. Trivani koul
Assistant Professor
Yashwantrao Chavan College, koperkharine.
: Mr. Shaikh Ahtesham
Assistant Professor
Anjuman-i-Islam’s Akbar Peerbhoy College of
Commerce and Economics, Mumbai.
: Dr. Ansari Mohd. Nasir
Assistant Professor
P D Hinduja Trust’s K P B Hinduja College of Commerce
: Mrs. Laxmi Pandya
Assistant Professor
Tolani College of Commerce, Mumbai.

July 2022, Print - 1

Published by : Director,
Institute of Distance and Open Learning,
University of Mumbai,
Vidyanagari,Mumbai - 400 098.

DTP Composed and Printed by:

Mumbai University Press
Vidyanagari, Santacruz (E), Mumbai-400098.
 CONTENTS
Chapter No. Title Page No.

1. Management Information Systems (MIS) .........................................................1

2. Management Information Systems (MIS) -II...................................................13

3. Organizations and Information Systems..........................................................25

4. Concepts of Management Information Systems...............................................44

5. Decision Support System(DSS) ......................................................................63

6. ERP, SCM And CRM ......................................................................................77

7. Business Intelligence for MIS..........................................................................98

8. Managing Information Systems and Information

Technology Infrastructure.............................................................................. 111

9. Information Security and Threats...................................................................123

 S.Y. MCA
SEMESTER - III (CBCS)
MANAGEMENT INFORMATION SYSTEM
SYLLABUS

Module Detaile Contents Hrs

1 Management Information Systems (MIS): 6

Perspectives on Information Systems, Nature and scope of MIS,

Characteristics of MIS, Need and Role of MIS, Impact of MIS,
functions and future of MIS, MIS: A support to the management,
MIS: organization effectiveness, MIS for a digital firm
Self Learning Topics: Case Study on digital firm
2 Information System and MIS: 7

Organisations and Information Systems: Modern

Organisation, Information Systems in Organisations,
Managing Information Systems in Organisations
Concepts of Management Information Systems:
Data and Information, Information as a Resource, Information
in Organisational Functions, Types of Information
Technology, Types of Information Systems, Decision Making
with MIS, Communication in Organizations. Self Learning
Topics: Case Study: Management Issues- Challenges for
Managers
3 Decision Support System, Knowledge Management and 8
Management of Global Enterprise:
Decision Support System(DSS), DSS Models, Group
Decision Support System(GDSS), Knowledge based
Expert System(KBES), Enterprise Resource Planning(ERP)
System, ERP Model and Modules, Benefits of ERP, Supply
Chain Management(SCM), Information Management in
SCM, Customer Relationship Management(CRM)
Self Learning Topics: Study of EMS and MIS
4 Business Intelligence for MIS: 6

Business Intelligence and MIS, what is Business Intelligence

(BI), Tools and Techniques of BI, why is BI Developed?
How is BI used? Process of generation of BI, MIS and BI.
Self Learning Topics: Case illustration of BI
5 Managing Information Systems and Information 6
Technology Infrastructure:
Managing Information System: Challenges of Managing
the IT Function, Vendor Management, IT Governance,
Information Technology Infrastructure and Choices:
What is the IT Infrastructure?, IT Infrastructure Decisions,
Infrastructure Components, Networks
Self Learning Topics: Case Study of Managing Information
System
6 Information Security: 7

Introduction, Threats and Vulnerability, Controlling Security

Threat and Vulnerability, Managing Security Threat in
E-Business, Measures of Information Security, Information
Security Management.
Self Learning Topics: Network Security, and Cyber
Security for Information
 1
MANAGEMENT INFORMATION
SYSTEMS (MIS)
Unit Structure
1.0 Objectives
1.1 Introduction
1.2 Introduction to MIS
1.3 MIS of Definition
1.4 MIS Meaning
1.5 Perspectives on Information Systems
1.6 Nature and scope of MIS
1.6.1 Features of MIS
1.7 Component of MIS
1.7.1 People Resources
1.7.2 Data Resources
1.7.3 Software Resources
1.8 Objectives of MIS
1.8.1 Data Capturing
1.8.2 Data Storage
1.8.3 Data Processing
1.8.4 Data and Information Distribution
1.8.5 Prediction and forecasting
1.8.6 Planning and control
1.9 Characteristics of MIS
1.9.1 System Approach
1.9.2 Management Oriented
1.9.3 Need Based
1.9.4 Exception Based
1.9.5 Future Oriented
1.9.6 Integrated
1.9.7 Long Term Planning
1.9.8 Sub System concept
1.9.9 Central Database
1.10 Advantages of MIS
1.11 Role of MIS
1
Management Information 1.11.1 Decision Making
System
1.11.2 Coordination among the department
1.11.3 Finding out the problems
1.11.4 Comparison of Business Performance
1.11.5 Strategies for an Organization
1.12 Challenges of MIS
1.12.1 High cost
1.12.2 Training of Employee
1.12.3 Maintenance Cost
1.13 Limitations of MIS
1.14 Requirements of Management Information System
1.15 Summary
1.16 Reference for further reading

1.0 OBJECTIVES

The main objective of learning this MIS subject is to make students

understand that how MIS can provides the data to identify non-performing
areas and leads to better business productivity and efficiency, better
communication and helps in decision making and most important to get
better knowledge of customer needs.

1.1 INTRODUCTION

The main goal of MIS is to provide information for decision making on

planning, imitating, organizing, and controlling the operations of the
subsystems of the firm and to provide a systematic organization in the
process.

1.2 INTRODUCTION TO MIS

Management Information System is an integrated system that helps

management with relevant information needed to run their business
effectively and efficiently.
The core aim is to make raw data into useful information that helps in
managerial decision making.

1.3 MIS OF DEFINITION

A management information system is an information system which is used

for decision making and for the coordination, control, analysis and
visualization of information in an organization. Its involves people,
processes and technology in an organizational context.

22
1.4 MIS MEANING Management Information
Systems (MIS)

A management information system (MIS) is a computer system which is an

electronic device comprises of hardware and software that serves as the
backbone of an organization operations.

1.5 PERSPECTIVES ON INFORMATION SYSTEMS

From business point of view information systems are a part of a series of

value added activities for acquire, transforming and distributing information
that managers can use to improve decision making, enhance organizational
performance and ultimately increase firm profitability.

1.6 NATURE AND SCOPE OF MIS

MIS can be referred as a system or a process which facilitates the smooth

working of the organisation. The nature of MIS is truly manifold because
its plays a vital role in business decision, from costs to employee
management.
1.6.1 Features of MIS

• MS is used or utilised by every level of a management.

• It focuses on the strategic goals and objectives for the management.
• It’s also provides an effective system to analyse costs and revenue and
further reviews effectively and efficiently to bring a balance in
finance and costs.
• MIS is sustaining either through manual systems or automated system
or a combination of both.
• It also plays an accretive role in identifying, locating, measuring,
tackling, and limiting risks.

3
Management Information • It set down a framework which includes set of rules and regulation for
System
the management to bring a clear and concise communication between
employees.
• It provides an impartial system for collecting, assessing, and
aggregating information for a business.
Scope of MIS
MIS involves in performing a number of task simultaneously such as:-
• Processing data
• Initiating transaction
• Responding to inquiries
• Producing reports and its summaries
• Manage the data created within the structure of a particular business.

1.7 COMPONENT OF MIS

1.7.1 People Resources

Its includes end users and IS specialists. End users are also called as (user
or clients) are the people who use an information system or the information
it produces.
1.7.2 Data Resources
Data resources are transformed by information processing activities into a
variety of information products for end users. Information processing
consists of input, processing, output, storage, and control activities.
1.7.3 Software Resources
Software resources includes not only the sets of operating instructions
called programs, which direct and control computer hardware, but also the
sets of information processing instructions needed by people, called
procedures.
44
 Management Information
Systems (MIS)

1.8 OBJECTIVES OF MIS

1.8.1 Data Capturing or Data Gathering

It is the process of gathering data from various sources. This includes
customer touch points like stores and e-commerce sites, mobile shopping,
self-checkout etc.
It can also come from output of one or more systems like sales, finances,
market analysis, operation etc. and from digital, social media sites. All data

5
Management Information collected and stored in a database or in data files. The data can be stored on
System
various storage media like hard drives, DVDs etc.
1.8.2 Data Storage or Information Storage
It means storing information in a safe manner so as to make it available for
any future use. Cloud based application store data on virtual server
converting raw data into meaningful information is what experts call data
processing.
1.8.3 Data Processing
Data processing is an important function of MIS as information is the core
necessity for achieving competition advantage giving the right the
information to the right person at the right time is termed as information
distribution. The information could be in the form of a report, an image, a
message, files, and a video or even audio. The gathered data needs to be
processed in a system so that it can in help to the management. The data is
processed into information which is used for planning, controlling,
organizing, and directing functionalities at different levels of the
organization.
1.8.4 Data and Information Distribution
The Distribute Information process is responsible for getting information to
stakeholders about the project in a timely manner. It describes how reports,
and other information, are distributed and to whom. Executing the
communications management plan also occurs during this process. Data is
defined as 'groups of non-random symbols in the form of text, images, and
voice representing quantities, action and objects'. Information is interpreted
data; created from organized, structured, and processed data in a particular
context. A set of information systems physically distributed over multiple
sites, which are connected with some kind of communication network.
1.8.5 Prediction and forecasting
To facilitate comparison, information is presented in the form of charts,
tables and graphs with the help of modern arithmetic statics or simulation.
MIS can predict business trends using historical as a base. Reports are
generated based on the comparing needs to help management plain in
advance enabling each functional department to work efficiently.
1.8.6 Planning and control
One of the most important supporting tools in planning and control. It
is computerized integrated system which gives accurate information about
the past, present and projected. It helps to do analysis on variance, reason
to enjoy success and most important to take further decision. Planning
involves establishing goals and communicating these goals to employees of
the organization. The control function assesses whether goals were achieved
and is often used to evaluate the performance of employees, departments,
and the organization as a whole.
66
1.9 Characteristics of MIS Management Information
Systems (MIS)

1.9.1 System Approach

The information system follows a System’s approach. The system’s
approach implies a holistic approach to the study of system and its
performance in the light for the objective for which it has been constituted.
1.9.2 Management Oriented
The top-down approach must be followed while designing the MIS. The
top-down approach suggests that the system development starts from the
determination of management needs and overall business objectives. The
MIS development plan should be derived from the overall business plan.
Management oriented characteristic of MIS also implies that the
management actively directs the system development efforts.

1.9.3 Need Based

MIS design and development should be as per the information needs of
managers at different levels, strategic planning level, management control
level and operational control level. In other words, MIS should cater to the
specific needs of managers in an organization’s hierarchy.
1.9.4 Exception Based
MIS should be developed on the exception-based reporting principle, which
means an abnormal situation, i.e. the maximum; minimum or expected
values vary beyond tolerance limits. In such situations, there should BE
exception reporting to the decision-maker at the required level.
7
Management Information 1.9.5 Future Oriented
System
Besides exception-based reporting, MIS should also look at the future. In
other words, MIS should not merely provide past or historical information;
rather it should provide information, on the basis of projections based on
which actions may be initiated.
1.9.6 Integrated
Integration is a necessary characteristic of a management information
system. Integration is significant because of its ability to produce more
meaningful information. For example, in order to develop an effective
production scheduling system, it is necessary to balance such factors as
setup costs, Workforce, Overtime rates, Production capacity, Inventory
level, Capital requirements and Customer services.
1.9.7 Long Term Planning
MIS is developed over relatively long periods. Such a system does not
develop overnight. A heavy element of planning is involved. The MIS
designer must have the future objectives and needs of the company in mind.
1.9.8 Sub System concept
The process of MIS development is quite complex and one is likely to lose
insight frequently. Thus, the system, though viewed as a single entity, must
be broken down into digestible sub-systems which are more meaningful at
the planning stage
1.9.9 Central Database
A central database is a mortar that holds the functional systems together.
Each system requires access to the master file of data covering inventory,
personnel, vendors, customers, etc. It seems logical to gather data once,
validate it properly and place it on a central storage medium, which can be
accessed by any other subsystem.

1.10 ADVANTAGES OF MIS

A central database is a mortar that holds the functional systems together.

Each system requires access to the master file of data covering inventory,
personnel, vendors, customers, etc. It seems logical to gather data once,
validate it properly and place it on a central storage medium, which can be
accessed by any other subsystem.

• Provide better customer service

• Increase customer revenue
• Discover new customer
• Help sales staff close deals faster
• Simplify marketing and sales processes
88
1.11 ROLE OF MIS Management Information
Systems (MIS)

A management information system (MIS) plays an important role in

business organizations.
1.11.1 Decision Making
Management Information System (MIS) plays a significant role in the
decision-making process of any organization. In any organization, a
decision is made on the basis of relevant information which can be retrieved
from the MIS.
1.11.2 Coordination among the department
Management Information System satisfies multiple need of an organization
across the different functional department.
1.11.3 Finding out the problems
As we know that MIS provides relevant information about every aspect of
activities. Hence, if any mistake is made by the management then MIS,
information will help in finding out the solution to that problem.
1.11.4 Comparison of Business Performance
MIS store all past data and information in its Database. That why the
management information system is very useful to compare business
organization performance.
1.11.5 Strategies for an Organization
Today each business is running in a competitive market. An MIS supports
the organization to evolve appropriate strategies for the business to assent
in a competitive environment.

9
Management Information
System
1.12 CHALLENGES OF MIS

1.12.1 High cost

Development of new computerized based information system is a problem
for the organization due to the cost factor and it creates problems because
with the change of time there is need of up-to-date of the information
system.
1.12.2 Training of Employee
Employees should have the capacity of learning of the information system
with the changing competitive and business environment; otherwise it will
be difficult for the organization to stay in the market.
1.12.3 Maintenance Cost
Sometimes a problem arises due to server crash and website crash.
Sometimes it leads to the loss of information. So, maintenance cost is
needed to tackle the above problem

1.13 LIMITATIONS OF MIS

Even though MIS has many benefits but it also has its
limitations. Limitations of MIS are discussed below:

• While MIS may solve some critical problems but it is not a solution
to all problems of an organization.

• It cannot meet the special demands of each person.

MIS if designed in an improper manner does not serve the
management and hence is of little relevance.
10
10
• The MIS is not good if the basic data is obsolete and outdated. Management Information
Systems (MIS)

• Mostly information provided by the MIS is in quantities form. Hence,

it ignores the qualitative information like the attitude of an
employee.

1.14 REQUIREMENTS OF MANAGEMENT

INFORMATION SYSTEM

• Database
• Qualified System and Management Staff
• Top Management Support
• Active Participation of Operating Management
• Control and Maintenance of Management Information System
• Evaluation of Management Information System

1.15 SUMMARY

Management Information Systems (MIS), referred to as Information

Management and Systems, is the discipline covering the application of
people, technologies, and procedures collectively called information
systems, to solving business problems.

1.16 REFERENCE FOR FURTHER READING.

https://www.geektonight.com/what-is-mis/
https://www.google.com

1.17 BILBLIOGRAPGY

https://www.geektonight.com/what-is-mis/
https://www.google.com
MCQ FOR PRACTICE
Q1. The back bone of any organization is_________
a. information’
b. employee’
c. Management
d. Capital
Q2. The flow of information through MIS is
a. need dependent
b. organization dependent
c. information dependent
d. management dependent
11
Management Information Q3. Internal information for MIS may come from any one of the following
System
department.
a. customers care department
b. hr department
c. marketing department
d. production department
Q4. MIS normally found in a manufacturing organization will not be
suitable in the ______.
a. service sector
b. banking sector
c. agriculture sector
d. all of the above
Q5. ______ involves the investigation of new approaches to existing
problems
a. systems analysis
b. creative analysis
c. critical analysis
d. organizational analysis



12
12
 2
MANAGEMENT INFORMATION
SYSTEMS (MIS) -II
Unit Structure
2.0 Objectives
2.1 Introduction
2.2 Impact of MIS
2.3 Functions and future of MIS
2.3.1 Data Capturing
2.3.2 Processing Data
2.3.4 Storage Information
2.3.5 Retrieval of Information
2.3.6 Dissemination of MI
2.4 MIS: A support to the management
2.4.1 Planning
2.4.2 Organization
2.4.3 Staffing
2.4.4 Directing
2.4.5 Coordinating
2.4.6 Controlling
2.5 MIS: organization effectiveness
2.5.1 Leadership
2.5.2 Communication
2.5.3 Accountability
2.5.4 Delivery
2.5.5 Performance
2.5.6 Measurement
2.6 MIS for a digital firm
2.6.1 The Network Revolution and the Internet
2.6.2 New Option for organization design: The digital firm and the
collaborative Enterprise.
2.6.3 Electronic Commerce
2.6.4 Electronic Business
2.6.5 Intranet
2.6.6 Extranet
2.6.7 Positive Impact of Information Systems
2.7 Summary
2.8 Reference for further reading

13
Management Information
System
2.0 OBJECTIVES

The objective of the MIS is to provide information for a decision support in

the process of management. It should help in such a way that the business
goals are achieved in the most efficient manner.
Since the decision making is not restricted to a particular level, the MIS is
expected to support all the levels of the management in conducting the
business operations. Unless the MIS becomes a management aid, it is not
useful to the organization.

2.1 INTRODUCTION

Management Information systems support the activities of managers in

organizations. Management Information systems support various business
strategies for competitive advantage. Information systems technology is a
factor of production, like capital and labor. A System to convert Data from
External and Internal Sources into Information and to communicate that
Information, in an appropriate form, to Managers at all levels in all
functions to enable them to make timely and effective decisions for
planning, directing and controlling the activities for which they are
responsible.

2.2 IMPACT OF MIS

• As Management Information System plays a vital role in the

organization; it creates an impact on the organization’s functions
performance and productivity.
• The impact of MIS on the functions is in its management with a good
MIS support the management of marketing, finance, production and
personnel becomes more efficient.
• The tracking and monitoring of the functional targets becomes easy.
• The functional managers are informed about the progress,
achievements aby providing certain information indicating and
probable trends in the various aspects of business.
• This helps in forecasting and long-term perspective planning.
• The manager’s attention is bought to a situation which is expected in
nature, inducing him to take an action or a decision in the matter.
• Disciplined information reporting system creates structure database
and knowledge base for all the people in the organization.
• The information is available in such a form that it can be used straight
away by blending and analysis, saving the manager’s valuable time.
• MIS creates another impact in the organization which relates to the
understanding of the business itself. The MIS begins with the
definition of data entity and its attributes. It uses a dictionary of data,
14
14
 entity and attributes, respectively, designed for information Management Information
Systems (MIS) -II
generation in the organization.
• Since all the information system use the dictionary, there is common
understanding of an event in the organization.
• MIS calls for a systematization of the business operations for an
effective system design.
• This leads of streaming of the operations which complicates the
system design.
• It improves the administration of the business by bringing a discipline
in its operations as everybody is required to follow and use systems
and procedures.
• This process brings a high degree of professionalism in the business
operations.
• The goals and objectives of MIS are the products of business goals
and objectives. It can help indirectly to pull the entire organization in
one direction towards the corporate goals and objective by providing
the relevant information to the organization.
• A design system with the focus on managers makes an impact on the
managerial efficiency.
• The fund of information motivates an enlightened manager to use a
variety of tools of the management.
• It helps him to resort to such exercise as experimentation and
modeling .
• The use of computer enables him to use manually.
• The ready-made packages make this task simple.
• The impact on the managerial ability to perform.
• It improves decision making ability considerably high.
• Since, the MIS works on the basic system such as transaction
processing and database, the hard work of clerical work is transferred
to the computerized system, relieving the human mind for better
work.
• It will be observed that lot of manpower is engaged in this activity in
the organization.
• 70 percent of the time is spent in recording, searching, processing and
communicating.
• This MIS has a direct impact on this overhead.
• It creates information-based working culture in the organization.
• Firms seek to economize on the cost of participating in markets
(transaction costs).

15
Management Information • MIS lowers market transaction costs for firm, making it worthwhile
System
for firms to transact with other firms rather than grow the number of
employees.
• Empowers lower-level employees to make decisions without
supervision and increase management efficiency
• Management span of control (the number of employees supervised by
each manager) will also grow
• MIS give both large and small organizations additional flexibility to
overcome the limitations posed by their size.
• Small organizations use information systems to acquire some of the
muscle and reach of larger organizations.
• Large organizations use information technology to achieve some of
the agility and responsiveness of small organizations.
• Customization and personalization: MIS makes it possible to tailor
products and services to individuals.
• Factors to consider while planning a new system:
a) Organizational structure, hierarchy, specialization, routines,
and business processes.
b) The organization’s culture and politics.
• The type of organization and its style of leadership:
a) Groups affected by the system and the attitudes of workers who
will be using the system.
• The kinds of tasks, decisions, and business processes that the
information system is designed to assist
• Flexibility and multiple options for handling data and evaluating
• information (CREAM WIZARD)
• Capability to support a variety of management styles, skills, and
knowledge.
• Capability to keep track of many alternatives and consequences
• sensitivity to the organization’s bureaucratic and political
requirements.
• Change Management:
a) MIS become bound up in organizational politics because they
influence access to a key resource (FINANCE).
b) They potentially change an organization’s structure, culture,
politics, and work.
c) Most common reason for failure of large projects is due to
organizational and political resistance to change.

16
16
 Management Information
Systems (MIS) -II

2.3 FUNCTIONS AND FUTURE OF MIS

MIS is set up by an organization with the prime objective to obtain

management information to be used by its managers in decision-making.
Thus, MIS must perform the following functions in order to meet its
objectives.
1) Data Capturing:
MIS captures data from various internal and external sources of an
organization. Data capturing may be manual or
through computer terminals. End users, typically record data about
transactions on some physical medium such as paper form or enter it
directly into a computer system.
2) Processing of data:
The captured data is processed to convert it into the required
management information. Processing data is done by such activities
as calculating, comparing, sorting, classifying and summarizing.
3) Storage of information:
MIS stores processed or unprocessed data for future use. If any
information is not immediately required, it is saved as an
organizational record. In this activity, data and information are
retained in an organized manner for later use. Stored data is
commonly organized into fields, records, files and databases.
4) Retrieval of information:
MIS retrieves information from its stores as and when required by
various users. As per the requirements of the management users, the
retrieved information is either disseminated as such or it is processed
again to meet the exact demands.

17
Management Information 5) Dissemination of MI:
System
Management information, which is a finished product of MIS, is
disseminated to the users in the organization. It could be periodic,
through reports or online through computer terminals.

2.4 MIS: A SUPPORT TO THE MANAGEMENT

The management process is executed through a variety of decisions taken

at each step of planning, organizing, staffing, directing coordinating and
control. If the management is able to spell out the decisions required to be
taken, the MIS can be designed suitably.

Decisions in Management: Steps in management are:

1) Planning: A selection from various alternatives –strategic, resources,
methods, etc.
2) Organization: A selection of a combination out of several
combinations of the goals, people, resources, method and authority.
3) Staffing: providing a proper manpower complement.
4) Directing: Choosing a method from various methods of directing the
efforts in the organization.
5) Coordinating: Choice of the tools and the techniques for
coordination the efforts for optimum results.
6) Controlling: A selection of the exceptional conditions and the
decision guidelines.
18
18
2.5 MIS: ORGANIZATION EFFECTIVENESS Management Information
Systems (MIS) -II

• MIS plays a very important role in the organization; it creates an

impact on the organization's functions, performance and productivity.
The impact of MIS on the functions is in its management with a good
MIS supports the management of marketing, finance, production and
personnel becomes more efficient.

• It can be defined as the efficiency with which an association is able

to meet its objectives.

• This means an organization that produces a desired effect without

waste.

• Organizational effectiveness is about each individual doing

everything they know how to do and doing it well; in other words
organizational efficiency is the capacity of an organization to produce
the desired results

• with a minimum expenditure of energy, time, money, and human and

material resources.

• The six systems are broader in scope than functional departments and
must be understood independently and interpedently as part of an
integrated whole.

• The six systems set up the conditions and components necessary to

create a healthy, high performing organizations.

19
Management Information 1) Leadership :
System
To achieve high performance or sustain results, leaders must define
and refine key processes and execute them with daily discipline.
They must translate vision and values into strategy and objectives,
processes and practices, actions and accountabilities, execution and
performance.
Leader addresses three questions:
a) Vision and Value
b) Strategy and Approach
c) Structure and Alignment
2) Communication:
Leader should maximize their contribution to daily conversations,
they must engage and align people around a common cause, reduce
uncertainty, keep people focused, equip people for moments of truth
that creates on-table culture, prevent excuses, learn from experience ,
treat mistakes as intellectual capital, and leverage the power of
leadership decisions to shape beliefs and behaviours.
3) Accountability:
Leaders translate vision and strategic direction into goals and
objectives actions and accountabilities. Performance accountability
systems clarify what is expected of people and align consequences or
rewards with actual performance. Leaders need to build discipline
into their leadership process and management cycle to achieve
accountability, predictability, learning, renewal, and sustainability.
4) Delivery:
The best organizations develop simple process that is internally
efficient, locally responsive, and globally adaptable. Complexity is
removed from the customer experience to enable them to engage in
way as those are elegant and satisfying. Establishing and optimizing
operational performance is an ongoing journey.
5) Performance:
The human performance system is designed to attract, develop, and
retain the most talented people. The idea is to hire the best people and
help them develop their skills, talents, and knowledge over time.
6) Measurement:
A system of metrics, reviews and course corrections keep the business
on track. Organizations need concrete measures that facilitate quality
control, consistent behaviours, and predictable productivity and
results.
20
20
 Management Information
Systems (MIS) -II

2.6 MIS A DIGITAL FIRM

• The Network Revolution and the Internet: The internet

1) The Internet
2) International network of networks
3) Universal technology platform: Any computer can
communicate with any other computer
4) World Wide Web and Web sites

• The Network Revolution and the Internet: What You Can Do on

the Internet
1) Communicate and collaborate
2) Access information
3) Participate in discussions
4) Supply information
5) Find entertainment
6) Exchange business transactions

• New Options for Organizational Design:

• The Digital Firm and the Collaborative Enterprise

1) Flattening organizations
2) Separating work from location
3) Reorganizing workflows
4) Increasing flexibility
5) Redefining organizational boundaries
21
Management Information • Electronic commerce
System
• Electronic business
• Digital market: Information system that links buyers and sellers to
exchange information, products, services, payments
• Electronic Commerce (e-commerce): buying and selling goods and
services electronically
• Electronic Business: executing all the firm’s business processes with
Internet technology
• Intranet: private, secure business network based on Internet
technology
• Extranet: extension of intranet to authorized external users
Positive Impacts of Information Systems

• Faster calculations and paperwork

• Analysis of customer purchase patterns and preferences
• More efficient business services
• Medical advances
• Instant global distribution of information

2.15 SUMMARY

An organization technically is a formal social structure that produces

outputs.

• An organization behaviorally is a collection of obligations and

responsibilities that is balanced over periods of conflict and conflict
resolution.

• Organizations have hierarchy structure, accountability, principles of

efficiency, routines and processes, organizational politics, culture and
environment...etc
An organization technically is a formal social structure that produces
outputs.

• An organization behaviorally is a collection of obligations and

responsibilities that is balanced over periods of conflict and conflict
resolution.

• Organizations have hierarchy structure, accountability, principles of

efficiency, routines and processes, organizational politics, culture and
environment...etc
An organization technically is a formal social structure that produces
outputs.
22
22
• An organization behaviorally is a collection of obligations and Management Information
Systems (MIS) -II
responsibilities that is balanced over periods of conflict and conflict
resolution.

• Organizations have hierarchy structure, accountability, principles of

efficiency, routines and processes, organizational politics, culture and
environment...etc
An organization technically is a formal social structure that produces
outputs.

• An organization behaviorally is a collection of obligations and

responsibilities that is balanced over periods of conflict and conflict
resolution.

• Organizations have hierarchy structure, accountability, principles of

efficiency, routines and processes, organizational politics, culture and
environment.
This course will help the students to understand the importance and the
impact of MIS in various business sectors. How MIS evolved over the time
and its helps the organization in decision making.

2.16 REFERENCE FOR FURTHER READING.

https://www.slideshare.net/
https://www.learnpick.in/
http://www.openlearningworld.com/
https://ecomputernotes.com/
https://www.geektonight.com/what-is-mis/
https://www.google.com

2.17 BILBLIOGRAPGY

https://www.slideshare.net/
https://www.learnpick.in/
https://ecomputernotes.com/
http://www.openlearningworld.com/
https://www.geektonight.com/what-is-mis/
https://www.google.com

23
Management Information MCQ FOR PRACTICE
System
Q1. The information of MIS comes from the boot _______ source.
A. Internal
B. External
C. Superficial
D. internal and external
Q2. MIS is normally found in ______sector
A. Service
B. Education
C. Manufacturing
D. Marketing
Q3. Management information system usually NOT serves managers
interested in _______ results.
A. weekly
B. monthly
C. yearly
D. day-to-day
Q4. _______ is an important factor of a management information
system.
A. Information
B. System
C. Planning
D. Personnel
Q5. Information technology is the combination of computer science
and ______
A. telecommunications
B. electronics
C. digital marketing
D. networking


24
24
 3
ORGANIZATIONS AND INFORMATION
SYSTEMS
Unit Structure
3.0 Introduction to Information System and MIS
3.1 Modern Organization
3.2 Information Systems in Organizations
3.3 Managing Information Systems in Organizations
3.4 List of References
3.5 Quiz
3.6 Exercise
3.7 Video Links

3.0 INTRODUCTION TO INFORMATION SYSTEM AND

MIS

What is IS?
An information system (IS) can be any organized combination of people,
hardware, software, communications networks, data resources, and policies
and procedures that stores, retrieves, transforms, and disseminates
information in an organization.
People rely on modern information systems to communicate with one
another using a variety of physical devices (hardware), information
processing instructions and procedures (software), communications
channels (networks), and stored data (data resources). Although today’s
information systems are typically thought of as having something to do with
computers, we have been using information systems since the dawn of
civilization.
An Information System can be described in two different ways: the
components that make up an information system and the role that those
components play in an organization.
Information systems support an organization's business operations,
managerial decision making and strategic competitive advantage. Such
system is called roles of information systems.
An information system depends on the resources of people (end users and
IS specialists), hardware (machines and media), software (programs and
procedures), data (data and knowledge bases), and networks
25
Management Information (communications media and network support) to perform input, processing,
System
output, storage, and control activities that transform data resources into
information products.
This information system model highlights the relationships among the
components and activities of information systems. It also provides a
framework that emphasizes four major concepts that can be applied to all
types of information systems:

• People, hardware, software, data, and networks are the five basic
resources of information systems.

• People resources include end users and IS specialists, hardware

resources consist of machines and media, software resources include
both programs and procedures, data resources include data and
knowledge bases, and network resources include communications
media and networks.

• Data resources are transformed by information processing activities

into a variety of information products for end users.

• Information processing consists of the system activities of input,

processing, output, storage, and control.
All information systems use people, hardware, software, data, and network
resources to perform input, processing, output, storage, and control
activities that transform data resources into information products.

The components of an information system

An information system consists of five major resources:
people, hardware, software, data, and networks. Let’s briefly discuss several
basic concepts and examples of the roles these resources play as the
fundamental components of information systems. You should be able to
recognize these five components at work in any type of information system
you encounter in the real world.
26
26
People are the essential ingredient for the successful operation of all Organizations and
Information Systems
information systems. These people resources include end users and IS
specialists.

• End users (also called users or clients) are people who use an
information system or the information it produces. They can be
customers, salespersons, engineers, clerks, accountants, or managers
and are found at all levels of an organization. In fact, most of us are
information system end users. Most end users in business are
knowledge workers, that is, people who spend most of their time
communicating and collaborating in teams and workgroups and
creating, using, and distributing information.

• IS specialists are people who develop and operate information

systems. They include systems analysts, software developers, system
operators, and other managerial, technical, and clerical IS personnel.
Briefly, systems analysts design information systems based on the
information requirements of end users, software developers create
computer programs based on the specifications of systems analysts,
and system operators help monitor and operate large computer
systems and networks.
Components of IS

• Computer hardware
This is the physical technology that works with information.
Hardware can be as small as a smartphone that fits in a pocket or as
large as a supercomputer that fills a building. Hardware also includes
the peripheral devices that work with computers, such as keyboards,
external disk drives, and routers. With the rise of the Internet of
things, in which anything from home appliances to cars to clothes will
be able to receive and transmit data, sensors that interact with
computers are permeating the human environment.

• Computer software
The hardware needs to know what to do, and that is the role of
software. Software can be divided into two types: system software
and application software. The primary piece of system software is the
operating system, such as Windows or iOS, which manages the
hardware’s operation. Application software is designed for specific
tasks, such as handling a spreadsheet, creating a document, or
designing a Web page.

• Telecommunications
This component connects the hardware together to form a network.
Information technology is the combination of computer science and
telecommunications. Connections can be through wires, such as Ethernet
cables or fibre optics, or wireless, such as through WiFi. A network can be
27
Management Information designed to tie together computers in a specific area, such as an office or a
System
school, through a local area network (LAN). When computers are more
distributed, the network is called a wide area network (WAN). The Internet
itself can be thought of as a network of networks.

• Database and Data Warehouse

This component contains "materials" that work with other
components. A database is a place where data is collected and can be
retrieved by querying it using one or more specific criteria. A data
warehouse contains all data in any format required by your
organization. Databases and data warehouses have become even more
important in information systems with the advent of “big data,” a term
that refers to a truly huge amount of data that can be collected and
analysed.

• Human Resources and Procedures

The last and perhaps most important component of an information
system is the human element. So that the knowledge contained in
massive databases and data warehouses can be turned into learning,
the people needed to execute systems and the procedures they follow
can interpret what has happened in the past and guide future actions.

What is MIS?
A management information system (MIS) can be defined as a system that:

• Provides information to support managerial functions like planning,

organizing, directing, controlling.

• Collects information in a systematic and a routine manner which is in

accordance with a well-defined set of rules.

28
28
• Includes files, hardware, software and operations research models of Organizations and
Information Systems
processing, storing, retrieving and transmitting information to the
users.
A management information system (MIS) is a subset of the overall internal
controls of a business covering the application of people, documents,
technologies, and procedures by management accountants to solving
business problems such as costing a product, service or a business wide
strategy. Management information systems are distinct from regular
information systems in that they are used to analyse other information
systems applied in operational activities in the organization. From an
academic point of view, the term is commonly used to refer to a group of
information management technologies related to, for example, automation
or human decision support. Decision support systems, expert systems and
information systems for managers.
Objectives of Management Information Systems (MIS)

• Accelerate the decision-making process by providing timely

information. This helps decision makers choose the best course of
action.

• Provides information needed to function at each level of government.

• Helps to identify critical factors for closely monitoring the successful

functioning of an organization.

• Support decision making in both structured and unstructured problem

environments.

• Provides documentation systems for people, computers, procedures,

means of interactive querying, collection, classification, retrieval, and
transmission of information to users.
Characteristics of Management Information Systems (MIS)

• Management Oriented: The system is designed to work from top to

bottom. This does not mean that the system is designed to provide
information directly to senior management. Relevant information is
also provided for other levels of management. For example, in a
marketing information system, activities such as processing sales
orders, shipping products to customers, and issuing product invoices
are mostly operational control activities. Merchants may also track
this information to know sales territories, order sizes, territories and
product lines if the system is properly designed. However, if the
system is designed keeping in mind the top management, then data on
external competition, market and pricing can be created to know the
market share of the company’s product and to serve as a basis of a
new product or market place introduction.

• Management Directed: Because of management orientation of MIS,

it is necessary that management should actively direct the system
29
Management Information development efforts. In order to ensure the effectiveness of system
System
designed, management should continuously make reviews.

• Integrated: The world “integration” means that the system has to

cover all the functional areas of an organization so as to produce more
meaningful management information, with a view to achieving the
objectives of the organization. It has to consider various subsystem
their objectives, information needs, and recognize the
interdependence, that these subsystems have amongst themselves, so
that common areas of information are identified and processed
without repetition and overlapping

• Common Data Flows: Because of the integration concept of MIS,

common data flow concept avoids repetition and overlapping in data
collection and storage combining similar functions, and simplifying
operations wherever possible.

• Heavy Planning Elements: Management information systems

cannot be built overnight. It takes two to four years for organizations
to successfully implement it. Therefore, the development of MIS
requires long-term planning to meet the future needs and goals of the
organization. Therefore, the developer of an information system must
ensure that the information system is deprecated before it is put into
practice.

• Flexibility and Ease of Use: When building a MIS system, it makes

it flexible by adding all possible types of tools that may appear in the
future. A feature that is often combined with flexibility is ease of use.
A MIS should be easy to use and include all the features that make it
easily accessible to a wide range of users.

3.1 MODERN ORGANIZATION

Organisation establishes relationship between people, work and resources.

It is a process of identifying and grouping of work to be performed and
defining and delegating the responsibility and authority. Responsibility
always flows from subordinate to superior whereas Authority always flows
from superior to subordinate.
A modern organizational structure does not have a hierarchical, top-down
power arrangement. Also referred to as a contemporary organizational
structure, it removes the departmental boundaries between employees and
has them work on projects together in pursuit of the business' goals.
Employees working on projects receive requirements and productivity goals
but have the power to determine for themselves the best way to complete
the project. Typically, this structure promotes sharing skills and resources
across the organization to reach its goals.
A structural chart is a graphic representation of the modules in the system
and the interconnection between them

30
30
 Organizations and
Information Systems

Types of modern organizational structures include:

• Matrix organizational structure

When following this structure, the organization still has departments
but creates project groups that include employees from different
departments. An employee working in this structure can have two
managers: a project manager and a functional manager or department
head. For example, an organization launching a new product might
create a project team that includes people from research and
development, marketing, and finance.
▪ Benefits of this type of structure include:

Enabling a flexible work environment

Fostering a balanced decision-making process
Promoting open communication and shared resources across the
business
▪ Potential disadvantages include:

Creating confusion about authority

Tracking budgets and resources can be difficult
Limiting efficiency of key performance indicators (KPIs)

• Flat Organizational Structure

This structure is suitable for small companies or start-ups as the
organization removes intermediate levels of management between
employees and managers. Here, employees have little control and
freedom to form teams and choose projects to work on based on
interests or skills.

31
Management Information ▪ Benefits of this type of structure include:
System

Reducing budget costs due to lack of middle management

Building relationships between staff and superiors
Facilitating a quicker, easier decision-making process
▪ Potential disadvantages include:
Requiring extensive planning to be effective
Causing confusion over who makes decisions
Requiring contingency plans to resolve conflicts

• Hierarchical structure
In a hierarchical organizational structure, employees are grouped and
assigned a supervisor. It is the most common type of organizational
structure. Employees may be grouped together by their role or
function, geography or type of products or services they provide. This
structure is often depicted as a pyramid because there are multiple
levels or authority with the highest level of leadership at the top, their
direct employees below them and so forth.
▪ Benefits of this type of structure include:
Establishing clearly defined levels of authority
Promoting teamwork and department loyalty
Fostering employee development and promotion opportunities
▪ Potential disadvantages include:
Limiting collaboration
Restricting innovation
Creating bureaucracy that must be managed

• Functional structure
In a functional structure, the organization is divided into groups by
roles, responsibilities or specialties. For example, within an
organization you may have a marketing department, finance
department and sales department with each overseen by a manager
who also, has a supervisor that oversees multiple departments. A
functional structure can be beneficial because departments can trust
that their employees have the skills and expertise needed to support
their goals.
▪ Benefits of this type of structure include:

Establishing clearly defined roles and expectations

Facilitating improved performance and productivity
32
32
Allowing for skill development and specialization Organizations and
Information Systems
▪ Potential disadvantages include:

Creating barriers, or silos, between functions

Limiting employees’ communication and knowledge with other
departments
Inhibiting collaboration and innovation

• Divisional Structure
In a divisional structure, organizations are split into divisions based
on specific products, services or geographies. For this reason, this
structure is typically used by large companies that operate in wide
geographic areas or own separate, smaller companies. Each division
has its own executive leadership, departments and resources. For
example, a large software company may separate its organization
based on product type, so there's a cloud software division, corporate
software division and a personal computing software division.
▪ Benefits of this structure include:

Allowing divisions to work independently

Meeting individual divisions' needs more quickly and
specifically
Promoting focus of specific products or services
▪ Potential disadvantages include:

Scaling limitations
Duplicating resources or activities
Decentralizing decision-making
• Network Structure
In a network structure, managers at an organization will coordinate
relationships with both internal and external entities to deliver their
products or services. For example, a retail company will just focus on
selling clothing items but will outsource the design and production of
these items in a partnership with other company. This structure
focuses more on open communication and relationships than
hierarchy.
▪ Benefits of this type of structure include:

Giving the organization more agility and flexibility

Allowing the core company to focus on what it's best at
Helping lower costs through outsourcing

33
Management Information ▪ Potential disadvantages include:
System

Duplicating services and resources

Creating confusion about specific roles and job functions
Growing too complex and difficult to manage

• Line Structure
In a line structure, authority within the organization flows from top to
bottom and there are no specialized or supportive services. It is one of
the simplest types of organization structure. It is also known as
Military organisation. The organization is typically divided into
departments that are overseen and controlled by a general manager,
and each department has its own manager with authority over its staff.
The departments work independently to support the organization's
primary goal.
▪ Benefits of this type of structure include:

Fostering effective communication and stable environment

Providing clearly defined responsibilities and lines of authority
Adapting easily to changing conditions or situations
▪ Potential disadvantages include:

Limiting specialization
Becoming rigid and inflexible
Giving too much power to a manager

• Team – based Structure

In a team-based organizational structure, employees are grouped into
skills-based teams to work on specific tasks while all working toward
a common goal. Often, this is a flexible structure that allows
employees to move from team to team as they complete projects. This
structure focuses on problem-solving and employee cooperation.
▪ Benefits of this type of structure include:

Helping streamline an organization's processes by breaking

down silos
Enabling more decision-making power with minimal
management
Increasing flexibility by focusing on experience instead of
seniority

34
34
 ▪ Potential disadvantages include: Organizations and
Information Systems
Decreasing organization consistency
Limiting contact with other functions
Increasing potential for conflict
• Circular Structure
A circular organizational structure relies on hierarchy to depict
higher-level employees within the inner rings of a circle and the
lower-level employees along the outer rings. Seated at the center of
the organization, leaders do not send orders down the chain of
command, but rather outward. While many of the other structure types
contain different departments that work independently with
individual goals, this structure removes that strict separation and
looks at the bigger picture with all departments being part of the same
whole.
▪ Benefits of this type of structure include:
Encouraging communication across all levels of staff
Promoting free flow of information across the business
Collaborating amongst departments, rather than separation
▪ Potential disadvantages include:
Causing confusion over who to report to
Requiring more resources and training
Causing slowdown in decision-making
• Process – based structure
In a process-based structure, the organization is designed around the
flow of its processes and how the duties performed by its employees
interact with one another. Instead of flowing from top to bottom, this
structure outline services from left to right.
An executive at the top of the structure oversees the departments
below, which represents the different processes, but each process
cannot start until the one before it has finished. And each department
will have its own management and team working to fulfil their duties
so that the business can move onto the next task and eventually reach
its ultimate goal, such as selling a product to consumers.
▪ Benefits of this type of structure include:
Improving business' efficiency and speed
Encouraging teamwork between departments
Adapting easily to meet industry changes
▪ Potential disadvantages include:
Erecting barriers, or silos, between groups
Limiting communication
Requiring more resources to achieve process optimization
35
Management Information
System
3.2 INFORMATION SYSTEMS IN ORGANIZATIONS

How does IS help in Organizations?

• Seamless communication.
A key component of organizational leadership and management is
gathering and distributing information so that every position has the
things they need to succeed in their company role. Information
systems assist in disseminating information by allowing managers
and other organization leaders to store data in folders and documents
that can be seamlessly shared with the appropriate employees. Most
information systems also allow users to communicate remotely so that
no matter where an employee is, they can receive information and
react accordingly.

• More efficient operations management.

Information systems enable organizations to collect and access recent
information as well as keep a comprehensive collection of all
organization data. Combined, this enables businesses to operate more
efficiently as things like real time sales data offer insights into
immediate customer purchases to inform better stocking or
production practices.

• Better record keeping.

No matter what industry an organization is in, efficient record keeping
is necessary. There are industry regulations that need to be adhered to
and recorded proof those regulations have been adhered to. Then there
is the long list of different financial records that are a component of
every business. Information systems make record keeping easier,
faster, and more accurate with features that enable document storage,
revision histories, communication records, and other aspects of
operational data. This type of record keeping is not just useful for
ensuring an organization stays within the necessary regulatory and
financial lines, but it also assists business leaders in preparing cost
estimates and making better forecasts to understand how certain past
actions influenced operations.

• More informed decision making.

This point bears repeating as frequently information systems are used
to inform the decision-making processes that can make or break an
organization. Organizations and corporate leaders need the most
accurate and up-to-date information to make the best decisions for the
future of their group. In addition to providing historical trends,
information systems can be configured to provide real-time business
information and predict future opportunities.
Successful organizations, large and small, use available technology to
manage their business activities and aid decision-making. They use
36
36
 information systems to collect data and process it according to the Organizations and
Information Systems
needs of analysts, managers, or business owners. Businesses use a
variety of information systems to operate more efficiently by
interacting with customers and partners, reducing costs, and
generating revenue.

3.3 MANAGING INFORMATION SYSTEMS IN

ORGANIZATIONS

Management information systems (MIS) provide information in the form of

reports and displays to managers and many business professionals.
Management information system is an integrated human-machine based
system.
For example, sales managers may use their networked computers and Web
browsers to receive instantaneous displays about the sales results of their
products and access their corporate intranet for daily sales analysis reports
that evaluate sales made by each salesperson.
Managers and other decision makers use an MIS to request information at
their networked workstations that supports their decision-making activities.
This information takes the form of periodic reports, exceptions and
requirements reports, and immediate responses to inquiries. Web browsers,
applications, and database management software provide access to
information on an organization's intranet and other operational databases.
Remember that online databases are supported by transaction processing
systems. Business environment data is pulled from databases on the Internet
or extranets when needed.
The information of MIS comes from the both internal and external source.
System is an important factor of a management information system.
The Management Information System provides managers with a variety of
information products. These systems provide four main reporting options.
• Periodic Scheduling Report.
This traditional format of providing information to managers uses a
predetermined format designed to provide information to managers
on a regular basis. Common examples of these regular scheduled
reports are daily or weekly sales analysis reports and monthly
financial reports.
• Exception Report.
In some cases, the report is generated only when exception condition
occurs, in other cases the report is generated periodically, but only
contains information about these exception conditions. For example,
credit manager may be provided with a report that includes only
information about customers who have exceeded their credit limits.
Exception reporting reduces information overload instead of
overwhelming decision makers with regular detailed business activity
reports.
37
Management Information • Request and Response Reports.
System
Information is available whenever an administrator needs it. For
example, through a web browser, DBMS query language and report
generator, administrators of PC workstations can obtain immediate
responses as a result of requests for necessary information, or find and
receive customized reports.
Therefore, managers do not have to wait for the scheduled regular
report to arrive.
• Send report.
The information is sent to the administrator's network workstation.
In organization, management information systems tools used for
supporting processes, operations, intelligence, information
technology etc. MIS tools are used for moving and managing
information. They are the core of information management discipline.
Ms produces data driven reports which helps businesses to make
correct decisions in perfect time.
MIS overlaps with other business disciplines but there are some
differences.
• Enterprise Resource Planning (ERP): this discipline ensures that
all departmental systems are integrated. MIS uses all connected
systems to access the data generate reports.
• IT Management: this department look into the installation and
maintenance of hardware and software which are the parts of the MIS.
The distinction between the two has always been fuzzy.
• E-commerce: this activity provides the data that will be using and
generating the report which will affect the ecommerce processes
further.

3.4 LIST OF REFERENCES

• Management Information System, James O‘Brien, 7th edition, TMH
• Introduction to Information System, James O‘Brien, George M.
Marakas 15th edition, TMH, ISBN 978–0-07–337677-6
• Introduction to Management Information Systems (MIS) - MBA
Knowledge Base (mbaknol.com)
• Chapter 1: What Is an Information System? – Information Systems
for Business and Beyond (pressbooks.com)
• 5 Components of Information Systems | Britannica
• Traditional Organization Structure: Definition and Differences From
the Modern Organizational Structure | Indeed.com
• How Do Information Systems Help Organizations Thrive? (ecpi.edu)

38
38 • The Role of Management Information Systems | Smartsheet
• 10 Types of Organizational Structures (With Pros and Cons) | Organizations and
Information Systems
Indeed.com
• The Role of Management Information Systems | Smartsheet

3.5 QUIZ

1. Information systems support an organization's business operations,

managerial decision making and strategic competitive advantage.
Such system is called
a) Business process reengineering
b) Roles of information systems
c) Globalization
d) Competitive advantage
2. ________ is a graphic representation of the modules in the system and
the interconnection between them.
a) Structural chart
b) System chart
c) Flow chart
d) Pie chart
3. The information of MIS comes from the boot _______ source.
a) Only Internal
b) Only External
c) Both Internal & External
d) superficial
4. _______ is an important factor of a management information system.
a) Information
b) Planning
c) Personnel
d) System
5. Management information system is __________human-machine
based system.
a) an integrated
b) an interpreted
c) an interdependent
d) an independent
6. Information technology is the combination of computer science and
_____.

39
Management Information a) electronics
System
b) telecommunications
c) digital marketing
d) networking
7. How can organisational structures that are characterised by
democratic and inclusive styles of management be described?
a) Hierarchical
b) Flat
c) Functional
d) Matrix
8. Functional structures help to create _____ of work task
a) specialisation
b) teamwork
c) project work groups
d) multi-skilled employees.
9. What is not a purpose of an organisational structure?
a) To formalise authority
b) To limit workers' rights
c) To coordinate people and resources
d) To organise lines of communication block group
10. Specialisation is a feature of which organisational structure?
a) Matrix
b) Divisional
c) Multi-divisional
d) Functional
11. What is I in MIS?
a) Information
b) Informative
c) Inform
d) Informa
12. Organisation establishes relationship between?
a) People, work and resources
b) Customer, work and resources
c) People, work and management
d) Customer, work and management

40
40 e)
13. Organisation is a process of Organizations and
Information Systems
A: Identifying and grouping of work to be performed
B: Defining and delegating the responsibility and authority
a) Only A
b) Only B
c) Both A & B
d) Neither A nor B
14. Responsibility always flows from_____
A: Superior to subordinate
B: Subordinate to superior
a) Only A
b) Only B
c) Both A & B
d) Neither A nor B
15. Authority always flows from_____
A: Superior to subordinate
B: Subordinate to superior
a) Only A
b) Only B
c) Both A & B
d) Neither A nor B
16. The following is not a type of organisation structure _____.
a) Line organisation
b) Functional organisation
c) Line and staff organisation
d) Flexible organisation
17. The following is also known as Military organisation.
a) Line organisation
b) Functional organisation
c) Circular organisation
d) Flexible organisation
18. A credit manager may be provided with a report that includes only
information about customers who have exceeded their credit limits.
This is an example of ______ report.
41
Management Information a) exception
System
b) send
c) periodic scheduling
d) request and response
19. Daily or weekly sales analysis reports and monthly financial reports
are an example of ______ report.
a) exception
b) send
c) periodic scheduling
d) request and response
20. When a DBMS query is fired to retrieve information on demand then
it can act as an example of ______ report.
a) exception
b) send
c) periodic scheduling
d) request and response

3.6 EXERCISE

1. What is IS?
2. Explain components of IS.
3. What is MIS?
4. Explain objectives and characteristics of MIS.
5. Short note on modern organization.
6. How does IS help in Organizations?
7. Explain in detail about the types of modern organizational structures.
8. Short note on

• Matrix organizational structure

• Flat organizational structure

• Process – based organizational structure

• Team -based organizational structure

• Functional organizational structure

• Circular organizational structure

9. What are the types of reports in MIS?
42
42
3.7 VIDEO LINKS Organizations and
Information Systems

1. (2261) Introduction to Information Systems - YouTube

2. (2261) Components of Information System - YouTube
3. (2261) Functions and Characteristics of Management Information
System in hindi - YouTube
4. (2261) Modern and Traditional Organizations #DrNix - YouTube
5. (2261) Organisation Structure - YouTube
6. (2261) Types of Organizational Structures - YouTube
7. (2261) Basic Kinds of Management Information System (MIS)
Reports - YouTube



43
 4
CONCEPTS OF MANAGEMENT
INFORMATION SYSTEMS
Unit Structure
4.0 Data and Information
4.1 Information as a Resource
4.2 Information in Organisational Functions
4.3 Types of Information Technology
4.4 Types of Information Systems
4.5 Decision Making with MIS
4.6 Communication in Organizations
4.7 Self-Learning Topics: Case Study: Management Issues- Challenges
for Managers
4.8 List of References
4.9 Quiz
4.10 Exercise
4.11 Video Links
The applicability of Management Information Systems (MIS) has evolved
over a period of time comprising many different facets of the organizational
function. MIS is a need in all the organizations. The initial concept of MIS
was processing available data available in the organization and present it in
the form of reports at regular time intervals. The system was largely capable
of handling the data from collection to processing. It was more impersonal,
requiring each individual to pick and choose the processed data and use it
according to the requirements. This concept was further modified when a
distinction was made between data and information.

4.0 DATA AND INFORMATION

Information is the product of data analysis. This concept is analogous to raw

materials and finished products. However, data can be analysed in different
ways, creating different shades and characteristics of information as a
product. Therefore, the concept of the system should be human-centric, as
different people may have different orientations to information. This
concept has been modified so that the system should present information in
a format and format that influences the user and triggers a decision or
investigation. It was later realized then even though such an impact was a
welcome modification, some sort of selective approach was necessary in Concepts of Management
Information Systems
analysis and reporting. Hence, the concept of exception reporting was
imbibed in MIS. The norm for an exception was necessary to evolve in the
organization. The concept remained valid till and to the extent that the norm
for an exception remained true and effective. Since the environment turns
competitive and is ever changing, fixation of the norm for an exception
becomes a futile exercise at least for the people in the higher echelons of
the organization. Then the concept was developed that the system should be
able to handle demand-based exception reports. This need can be an
individual or a group of people. This required storing all the data together
in a format that anyone could access and process as needed. The concept is
that the data is the same, but different people see it differently.
Data can be defined as groups of non-random symbols (words, values,
numbers) that represent things that have happened.
Data is data obtained by observation or research and recorded. Often these
are referred to as raw data or master data and are often records of an
organization's day-to-day transactions.
Eg; date, amount and other details of a bill or check, details of a person's
payroll, national insurance and taxes, leaving machines or shifts, number of
vehicles passing a road monitoring point sets, etc.
Data comes from both external and internal sources, and while most
external data is in a concrete, easy-to-use form — for example, bank
statements, purchase invoices — activities Internally, proper measurement
and recording requirements are developed and maintained in order for the
data to be recorded. Most cost accounting, inventory control, production
control, and similar systems would fall into the latter category.
Information is data that has been interpreted and understood by the recipient
of the message. It should be noted that the user, not just the sender, is
involved in the transformation of data into information. There is a thought
process and understanding involved and whereby a given message can have
different meanings to different people.
It also follows that data that has been analysed, summarized or otherwise
processed to produce a message or report that would normally be considered
management information will not become information unless get
understood. It is the user who determines whether a report contains
information or only processed data.
Accordingly, it is essential that the producer of reports and messages of all
types know the requirements of the user, background, position in the
organization, knowledge (or not) of language and mathematics and the
context in which the message will be used to increase the likelihood that
information will be drawn from the message.
In a nutshell, information is the knowledge and understanding of the
recipient. It reduces uncertainty and has unexpected value. If a message or
report does not have these attributes, as far as the recipient is concerned, it
45
Management Information contains only data, not information. This is a crucial point that is not always
System
understood by information professionals.
Characteristics of data

• They are data obtained by reading, observing, counting, measuring

and weighing etc. then recorded
• Data comes from external and internal sources (activities with the
company).
• Data can be generated as an automated by-product of a process but
essential operations such as invoice production or otherwise must
enter a special counting or measurement process and record the
results.
• The data source needs considerable attention because if the data
source fails, any resulting information will be worthless.
Characteristics of information

• Relevance: The information should be related to the issue under

consideration. Often reports, news, tables, etc. contain irrelevant parts
that prevent the user of the information from understanding the true
meaning of what the sender wants.

• Accuracy: Information must be trusted by the administrator and

accurate enough for the intended purpose.

• Integrity: Ideally, all the information needed to make a decision

should be available. However, in practice this is often not possible.
The information related to the key elements of the problem needs to
be complete. This suggests that there needs to be an interaction
between the information provider and the user to ensure that the key
elements are identified.

• Trust in Sources: In order for information to be valuable, it must be

used. To use the manager must trust the source. Improves reliability
data processing output

• The source was reliable in the past

• There is good communication between the information

producer and the manager.

• Communicating with the Right People: Everyone has a defined area

of activity and responsibility and needs to receive information that
helps them perform their assigned tasks. In reality, this is not as easy
as it sounds

4.1 INFORMATION AS A RESOURCE

Information is knowledge derived from facts placed in the appropriate

46
46 context to reduce uncertainty from the manager's perspective, and
information helps reduce uncertainty about alternative behavioural policies Concepts of Management
Information Systems
in the decision-making process.
Information is a value-added resource. Just as value is added to a product as
it moves from raw material stage to final product, the same is true of
conversion of data into information. Information has a specific cost
associated with it just as if it were acquired from market. Therefore,
obtaining and using information effectively is as essential as any other
resource.
The availability of information about alternatives increases your chances of
making the right decision. Information is considered one of the most
important corporate resources. This is a source of competitiveness as it
allows management to beat competitors at critical stages.
Both internal and external data sources contribute in journey from data to
information and hence it helps in major decision making or strategy
building.
It acts as major resource in analytical processing to generate insights and
reports.

4.2 INFORMATION IN ORGANISATIONAL FUNCTIONS

Its role is to support key aspects of running an organization, such as

communication, record keeping, decision making, data analysis, and more.
Companies use this information to improve business operations, make
strategic decisions, and gain competitive advantage.
Management using information systems has greater potential if such
systems are technology-aware. This technology not only speeds up the
processing, storage and retrieval of data, but also brings a lot of flexibility
to the system by introducing various options that facilitate end-user tasks.
For example, in a manual system, monthly sales information can only be
created in paper format. It will be delivered to the marketing manager on
paper. This means that you won't get monthly revenue information while
traveling, but technology-based information systems will allow marketing
managers' mobile computing devices to get monthly revenue-related
information, even via mobile communications technology. This way it
makes job much easier. These types of options are possible when
technology is used. They affect both the quality of information and the
delivery of information, providing users (managers) with a wide range of
options.
The information is intended to be shared by all those involved in the
achievement of the company's common goals and, in turn, they contribute
to the company's stock of information.
Information has various security risks. Therefore, it must be protected by
implementing appropriate security policies and procedures that do not
impede the seamless flow between its users. Most information is
organization-specific and its value depends on its use by decision-makers. 47
Management Information It has a high obsolescence rate and therefore needs to reach users as soon as
System
possible. The excess of this resource must be removed from the total
information repository.
Following are few ways in which information is used in organization:
• Business Process Support: Treat the input as a request from the
customer and the output as a service to the customer. Supports current
operations and uses the system to affect subsequent operations.
• Supporting the operation of the business organization: IS supports
the operation of the business organization through timely information
provision, maintenance and improvement. This gives your
organization more operational flexibility.
• Decision Support: IS supports the decision making of employees in
their day-to-day operations. It also helps managers make decisions to
achieve their organization's goals and objectives. A variety of
mathematical models and IT tools are used to develop strategies to
meet competitive requirements.
• Organizational Strategy: Today, all companies are entering the
competitive market. IS supports organizations in developing
appropriate strategies to help companies survive in the competitive
environment.
The role of information in decision making cannot be exaggerated.
Effective decisions require accurate and timely and related
information. MIS provides the accurate and timely information of
needed to facilitate the decision-making process and enables
organizations to effectively execute planning, control and operational
functions.

4.3 TYPES OF INFORMATION TECHNOLOGY

Information technology is a broad set of technologies/technology

disciplines such as computer science and engineering, telecommunications,
electronics, etc., that contribute to the management of information.
Information technology ensures faster and more accurate data processing so
that the right information can be delivered to the right people at the right
time with greater efficiency. Information technology helps information
systems bring more value to management through the intervention of
technology not only in the field of communication but also in providing
information, visualization, communication and ease. access.
There are various types of information technology used in business, few of
them are mentioned below:

• Computers
Computers are used in some businesses. They are equipped with
software that allows them to perform all sorts of tasks: Analysing
financial information, sending and receiving emails, and designing
48
48 sales presentations. This computer is designed as a desktop device or
 mobile laptop for use in the office or travel. PCs (personal computers) Concepts of Management
Information Systems
running Microsoft Windows are the most commonly used. Macintosh
computers running the Apple operating system are also used, but are
primarily used by professionals. Computers are essential to enable
businesses to manage their daily activities more productively and
efficiently.

• Software
Computers use different types of programs and operational
information called software to perform specific tasks. Companies use
productivity tools such as Microsoft Word, a word processing
package, and Microsoft Excel, a financial spreadsheet system.
Microsoft PowerPoint and Apple Keynote are also used to quickly
and easily create professional-looking sales presentations. Companies
use specific software that suits their needs.
● Networking
Networking is used to interact with groups of people, share
information and documents, store information, and communicate via
email. You can also share printers and storage devices on your
computer. The network can be limited to computers in the office or
connected to multiple offices. Networking is essential to your
business as it provides a way to build relationships with others in
relevant areas to find and grow new customers and partnerships.
● Telephone Communication
Communication is the key to building business relationships. For this
reason, businesses use some type of telephone system to communicate
with their customers and organizations. This provides a fast and
efficient personal connection with other users. Good customer service
with customers and effective communication with employees will
ultimately help build and grow your business's reputation. Currently,
there are business telephone systems with various functions to meet
the needs of companies. Voice over internet protocol, Voice over IP,
is very popular and allows users to make calls over the internet instead
of traditional analog phone systems.

● Accounting System
Accounting System is software that allows businesses to manage their
expenses and income. Quickbooks are most commonly used by small
businesses. It is easy to set up and maintain. Large enterprises, on the
other hand, use SAP Business One or Sage Accpac to enhance
customization and integration with other systems. The choice of the
right accounting system depends on the size and needs of your
business. Before making a decision, it's a good idea to consult an
accountant to review your options.

49
Management Information ● Inventory Management System
System
The Warehouse Management System is used to manage all of the
company's inventory. It accurately tracks items, including quantity in
stock, updates the system when new stock arrives and is sold, and
keeps accurate records. Companies need an appropriate and organized
inventory management system to maintain the proper balance of items
in their inventory, understand their inventory, and check their
finances.

4.4 TYPES OF INFORMATION SYSTEMS

An information system is a system-based concept that focuses on

transactions, events, and data. It is the systematic process involved in
collecting, storing, processing, retrieving and disseminating information,
ensuring the repeatability of the delivery of good quality information within
an organization.
Types of information systems are as follows:
Transaction Processing System
The Transaction Processing System (TPS) performs data collection,
storage, processing, and output functions for essential business operations.
The TPS information system collects data from user input and then
generates an output based on the collected data. An example of a TPS
system is an online airline reservation system.
In such a system, the traveller selects (enters) a flight itinerary and favourite
places, and the system updates (processes) the list of available places by
deleting the traveller’s selection. The system then creates a copy (output) of
the invoice and ticket. TPS information systems can be based on real-time
processing or batch processing and can help business owners meet demand
without hiring additional staff.
Customer Relationship Management System
Business owners use customer relationship management (CRM) systems to
synchronize their sales and marketing activities. CRM systems accumulate
and track customer activity, including shopping trends, product defects, and
customer inquiries. The capabilities of a typical CRM information system
allow customers to interact with your company to get feedback about your
service or product and to solve problems.
Businesses may also use CRM systems within their premises as a
component of their collaboration strategy. Thus, a CRM information system
allows business partners to interact with each other in the development of
ideas and products. Even if your business partners are remote, you can
collaborate in real time.
Business Intelligence Systems
Business intelligence systems (BIS) can be complex as they identify, extract
and analyse data for various operational needs, particularly for decision
50
50
making purposes. BIS information systems may provide analyses that Concepts of Management
Information Systems
predict future sales patterns, summarize current costs and forecast sales
revenues, they perform ETL processes.
Business intelligence systems collect data from the various data warehouses
in an organization and provide management with analyses according to lines
of business, department or any breakdown that management desires. For
example, financial institutions use BIS systems to develop credit risk
models that analyse the number and extent of lending or credit given to
various sectors. These systems may use various techniques and formulas to
determine the probability of loan defaults.
Knowledge Management Systems
Knowledge Management Systems (KMS) organize and analyse knowledge
and then redistribute or share it with individuals in an organization. The
purpose of these information systems is to innovate, increase productivity,
integrate and preserve knowledge within organizations. Although KMS
information systems are typically sold to large enterprises, small businesses
can also benefit from knowledge gathering.
The KMS Information System acts as a central repository and stores
information in a standard format. These systems allow business owners to
remain consistent and respond quickly to customer and partner requests.
Management Information System
Small business managers and owners rely on an industry specific
management information system, or MIS, to get current and historical
operational performance data, such as sales and inventories data.
Periodically, the MIS can create prescheduled reports, which company
management can use in strategic, tactical and operational planning and
operations. For example, an MIS report may be a pie chart that illustrates
product sales volume by territory or a graph that illustrates the percentage
increase or decrease in a product's sales over time.
Small business managers and owners also rely on the MIS to conduct
“whatif” ad hoc analyses. For example, a manager might use the system to
determine the potential effect on shipping schedules if monthly sales
doubled.
Decision Support System
A decision support system, or DSS, allows small business managers and
owners to use predefined or ad hoc reports to support operations planning
and problem resolution decisions. With DSS, users find answers to specific
questions as a means to evaluate the possible impact of a decision before it
is implemented. The answers to queries may take the form of a data
summary report, such as a product revenue by quarter sales report.
To conduct an analysis, business owners and managers use an interface – a
dashboard – to select a particular graphic representation of a key
performance indicator that measures the progress toward meeting a specific 51
Management Information goal. For example, a manufacturing dashboard might display a graphic
System
representing the number of products manufactured on a particular line.
Executive Support System
The executive support system, or ESS, contains predefined reports that help
small business owners and managers identify long term trends in support of
strategic planning and nonroutine decision making. System users click on
any icon displayed on the ESS screen and enter report criteria to view
individual predefined reports and graphs, which are based on companywide
and functional department data, such as sales, scheduling and cost
accounting.
The ESS reports brief the business manager or owner on an issue, such as
market trends and buyer preferences. The ESS system also offers analysis
tools used to predict outcomes, assess performance and calculate statistics
based on existing data.

4.5 DECISION MAKING WITH MIS

A simple view of decision making is that it is a problem of choice among

several alternatives. A complete scenario includes a search for opportunities
for decisions. A company's manager may face a choice of with clear choices
(for example, choosing a supplier from among existing suppliers). She may
also face the problem of designing a creative decision option (for example,
how to sell a new product to maximize the port). Finally, she is unresponsive
and can see decision problems as an opportunity to be discovered by
studying the business of the company and its environment (for example,
how she clarifies the production process). There is plenty of anecdotal and
empirical evidence that determines the final quality of a decision,
structuring the decision problem and identifying creative decision options.
The decision support system is primarily aimed at this widest type of
decision making, and in addition to decision support in system modelling
and analysis. By depending on the scope decision making is divided into
two broad categories. The decision-making process can be planned in
advance.
Programmed decisions: These are decisions made using standard rules,
procedures, or quantitative methods. They are often referred to as "rules of
thumb," are commonly accepted guidelines or procedures that usually lead
to a good decision. To make a programmed decision, the decision maker
uses the performance program. This is the standard sequence of actions that
members of an organization routinely follow when they encounter a
particular type of problem or opportunity. For example, warehouse
management decision, machine loading decision, plan, etc.
Unprogrammed decision: This type decision handles anomalous or
exceptional situations. They are the decisions made in response to the new
issues and opportunities. This type of decision contains a high level of
uncertainty and cannot be delegated to a low level and can affect things. But
always affects people. Examples: merger, acquisition of, launch of new
52
52
product, staffing, etc. Whether the decision is programmatic or non- Concepts of Management
Information Systems
programmatic, the relies heavily on input from the management information
system.
Good decision-making option guarantees viable decisions in organization.
MIS gives administrators quick access to information. This may include
interaction with other decision support systems, information requests, cross-
references of external information, and potential data mining techniques. In
another example, MIS is also said to have revolutionized the decision-
making process through an automated system. Such system administrators
are no longer dependent on the 24-hour service worker, and instead the
machine is said to be programmed to do the routine decisions on behalf of
people.
Decision and MIS
The development of information and communication technology as a
change in social structure has also influenced the decision-making tasks of
manager. Many organizations are preparing for effective and efficient use
of the new Information and Communication technology. Information and
Communications technology has two advantages for organizations. First,
makes it easy for organizations and administrators to collect data. This
further supports decision-making process. Second, telecommunications
technology enables organizations to better operate and make effective
decisions in a globally competitive environment. Information and
Communication technology improves the quality of decision making, an
important element for an organization. Causes dramatic changes at the level
of the organization. This includes the leadership and strategy of the
organization, as well as the actions of the members of the. Information and
communication technology has become an integral part of the decision-
making process of organizations, and managers at all levels are increasingly
receiving support from information and communication technology.
Modern information and communication technology is definitely an
information management system that offers services in many areas.
Information and Communication Technology allows you to collect, analyse,
and evaluate data, send it from one point to another, and instantly access
information. Reduce costs, increase productivity, carefully improve
adjustments, lead times and controls. It leads to better service. Undoubtedly,
management has been essential for humans since the last many years.
Looking at the various management activities, it is clear that the essence of
all management activities is decision making.
Decision making is an integral part of management. Management is very
smart for all tasks. It determines your organization's policies and
development goals for. Organizational design, selection, evaluation and
management practices, and decision making in all formats are one of the
most important pillars. In a simple definition, the decision is to choose a
path between different paths.
MIS is useful in the area of decision making as it can monitor by itself
disturbances in a system, determine a course of action and take action to get 53
Management Information the system in control. It is also relevant in nonprogrammer decisions as it
System
provides support by supplying information for the search, the analysis, the
evaluation and the choice and implementation process of decision making.
MIS is an organization-a great effort to provide information about the
decision-making process. This system is a formal commitment by managers
to make computer available to all managers. MIS sets the stage for
achievements in other areas: DSS, virtual offices, and knowledge base
systems. The main idea behind MIS is to maintain a continuous supply of
information for management. Next, a decision is made based on the data
and information collected from MIS. MIS may be viewed as a mean for
transformation of data, which are used as information in decision-making
processes.
MIS also plays an important role in offering a wide range of optimized
options that allow decision makers to make priorities. This guarantees that,
whatever choices are made by decision makers, the outcome, more often
than not, becomes positive.

4.6 COMMUNICATION IN ORGANIZATIONS

Communication and management are inextricably linked. Communication

is the process of exchanging information between two or more people. The
role of planning, organizing, teaching, and managing management depends
on effective communication. The administrator must be able to receive
accurate information in order to make a plan and send accurate information
about the plan to be implemented. When information is sent and received
correctly, you can notify everyone in your organization. However, if the
information is misinterpreted or disseminated, communication can cause
serious problems for the organization.
We can say that “effective communication is a building block of successful
organizations”. In other words, communication acts as organizational
blood.
The communication process model is basic mechanism of information flow
in an organisation.
The communication process may seem simple: one person sends a message
and others receive it. The process becomes more complex, however,
because the information in the message must be sent and received
accurately. The communication-process model describes how the
information is sent and received.

54
54 The communication process model
The easiest way to understand a model is when one person is Concepts of Management
Information Systems
communicating with another. The sender, who initiates the communication,
has information that other recipients need to know. However, the
information must be encoded in a format before it can be sent. In simple
cases, the information is put into the words spoken to the recipient.
Alternatively, you can convert the information into printed text, tables,
charts, or graphs and provide it to your recipients. In more complex cases,
the information is encoded into words or images and then converted into
electronic signals that are sent to the recipient. A channel is the medium
through which information is transmitted. It can be air carrying sound
waves, paper carrying text or images, or wires or magnetic fields carrying
electronic signals. In the opening example, management had information
about when Matthias was hired and started. They wanted employees of the
company to have this information, so they put it in a message and sent it to
them.
Recipient reverses the process. Recipient receives an encrypted message
and decrypts it. That is, it transforms the message back into understandable
information. In the first example, the employee reads the message and
knows who is hired and when to start.
The role of the manager is to achieve the goals of the organization. To do
this, the manager creates a plan that defines what needs to be done, when to
do it, and how to do it. To implement the plan, managers need to share this
information with everyone in the organization. In other words, you need to
communicate your plan to the members of your organization. However,
managers do more than just educate people about what they need to do to
support their plans. You also need to support your plans, build commitments
to your organization, build trust and collaboration, and motivate people to
inform everyone about events and actions that affect your organization.
Good communication not only provides information, but also helps create a
culture in which people feel they belong and want to support their
organization. Below are some of the benefits of effective communication.

• Guarantee clarity. Confusion, uncertainty, and ambiguity make

people uncomfortable and uncooperative. Clear roles,
responsibilities, and relationships give everyone the information they
need to work and understand their contributions to the organization.
Effective communication reduces costs associated with conflicts,
misunderstandings and mistakes.

• Build a relationship. A culture that promotes open communication

eases tensions between employee levels, both professionally and
socially. In a credible and collaborative culture, people are more
likely to seek help with a problem and suggest solutions or
improvements. Effective communication creates a communal culture
that promotes teamwork and collaboration.

• Obligation created. Effective communication involves not only

sending but also receiving information. Managers can add value to
everyone in the organization by listening to employee concerns,
55
Management Information giving opinions about their work and workplace, and considering
System
suggestions. When employees value an organization, they can be
more aggressive and motivated. Effective communication creates
support and engagement.

• Define expectations. If you don't know what you're expecting and

how you're being evaluated, you can't work well.

4.7 SELF LEARNING TOPICS: CASE STUDY:

MANAGEMENT ISSUES- CHALLENGES FOR
MANAGERS

● Requirement of a skilled staff

For a management information system to function optimally, a

business organization needs professionals who are not only business
savvy but also have excellent technical know-how. This is because
businessmen can get the most out of MIS only if they know the
technology of MIS. Moreover, finding such a qualified professional
is not an easy task for a company. Therefore, the need for qualified
personnel is one of the biggest challenges for management
information systems.

● Finding and Retaining Talented Professionals

Finding and Retaining Talented Professionals is certainly a big

challenge, but maintaining the same talent is even bigger. This is
because business technology is advancing at a very fast pace. This
leads to the development of new opportunities for IT professionals.
These fascinating opportunities often divert talent from moving from
one management company to another. Therefore, it is difficult for
most companies to find and maintain a MIS specialist who can
properly manage their management information systems.

● Adapting to the ever-changing world of business technology

As mentioned earlier, business technology advances are occurring at

a very fast pace. To stay ahead of the competition in the competitive
environment of the enterprise sector, enterprise organizations need to
adopt these advances on a regular basis. This means that you need to
continually migrate from your current management information
system to an updated version or another better MIS. During this
transition, business organizations will need to make additional efforts
to support their employees in adapting to changes, which is not an
easy task. In fact, it can sometimes be really frustrating for employees
to reprogram their minds in response to the latest advances in
management information systems. In summary, it is a challenge for
business organizations to keep up with the ever-changing world of
business technology.
56
56
● Developing and Implementing the Right Strategy Concepts of Management
Information Systems
The right data plays a key role in the success of your business, and
managed information systems help organizations collect data across
their networks. However, it is often not easy to process and correctly
interpret the vast amount of data collected. This makes it difficult for
management to use the data to develop and implement appropriate
strategies that can support the growth of the organization. Therefore,
enterprise organizations have to spend a great deal of effort to fully
interpret the data, which is a very difficult task.

4.8 LIST OF REFERENCES

• Management Information Systems- A global digital Enterprise

perspective, 5th

• edition - By W.S.Jawdekar, TMG Publications

• Management Information System, James O‘Brien, 7th edition, TMH

• Management Information Systems, Loudon and Loudon, 11th edition,

Pearson.

• C. W. Frenzel and J. C. Frenzel, 2004. “Management of Information

Technology”, 4th edition Thomson course technology, Cengage
Learning.

• Difference between Data and Information | MIS

(businessmanagementideas.com)

• Types of Information Systems in an Organization (chron.com)

• Concept of Management Information Systems (MIS) - MBA

Knowledge Base (mbaknol.com)

• The Concept of Information as a Resource - Computer Notes

(ecomputernotes.com)

• 6 Most Important Features of Information as a Corporate Resource

(yourarticlelibrary.com)

• Journal of Management Research and Analysis, January – March

2015, Decision Making Based On Management Information System
And Decision Support System by Ghaffarzadeh S. A. M.

• Communication and Management | Principles of Management

(lumenlearning.com)

• Importance of Communication in an Organization

(managementstudyguide.com)

• The 7 Most Common Types of Business Technology – Zimega

Technology Solutions- IT Support for Your Business (zimegats.com) 57
Management Information
System
4.9 QUIZ

1. The current major stage in the business use of IS is oriented towards

______________.
a) Cost reduction and productivity
b) Gaining competitive advantage
c) Strategic advantage and costs
d) Improved customer relationship management
2. Which of the following statements, about the use of decision support
systems, is true?
a) They are applied only to the choice phase of the problem-
solving process.
b) They are only applied to frequent, recurring problems.
c) They are only applied to highly-structured problems
d) They assist decision makers at all levels within the
organization.
3. ______________ often referred to as "rules of thumb," are commonly
accepted guidelines or procedures that usually lead to a good decision.
a) Optimization models
b) Satisficing models
c) Heuristics
d) Programmed decisions
4. ______________ represent(s) the application of information concepts
and technology to routine, repetitive, and usually ordinary business
transactions
a) E-commerce
b) Transaction processing systems
c) Management information systems
d) Decision support systems
5. ______________ system is concerned with the way information is
used for purpose of control and applies technologies.
a) Feedback
b) Interview
c) Interaction
d) Conference
58
58
6. In a company ______________ is the centre which consists of all Concepts of Management
Information Systems
processing activities.
a) Production
b) Data
c) Information
d) Sales
7. ______________ models to analysis a problem and provides possible
solution for management evaluation
a) Decision.
b) Standard.
c) Structural.
d) Periodic.
8. _____ information systems may provide analyses that predict future
sales patterns, summarize current costs and forecast sales revenues,
they perform ETL processes.
a) BIS
b) KMS
c) TPS
d) CRM
9. Which of the following is NOT a goal of transaction processing
systems?
a) Capture, process, and store transactions
b) Produce a variety of documents related to routine business
activities
c) Reduce manual effort associated with processing business
transactions
d) Produce standard reports used for management decision
making
10. __________ ensures faster and more accurate data processing so that
the right information can be delivered to the right people at the right
time with greater efficiency.
a) Information technology
b) Science and technology
c) Communication technology
d) Computer technology
59
Management Information 11. The ______ acts as a central repository and stores information in a
System
standard format.
a) KMS
b) TPS
c) CRM
d) BIS
12. _________ is an integral part of management.
a) Decision making
b) Feedback
c) Managers
d) Employees
13. _________ contains predefined reports that help small business
owners and managers identify long term trends in support of strategic
planning and nonroutine decision making.
a) Executive Support System
b) Customer Relationship Management System
c) Business Intelligence System
d) Decision Support System
14. A _____ is the medium through which information is transmitted.
a) input
b) mode
c) channel
d) connector
15. Recipient receives an encrypted message and ____ it.
a) opens
b) encrypts
c) decrypts
d) access
16. ___________ acts as organizational blood
a) capital
b) communication
c) employee
d) management
60
60
17. Which of the following is the correct sequence of Communication Concepts of Management
Information Systems
process model?
a) Sender>Encoding>
Channel>Decoding>Receiver>Feedback
b) Sender>Decoding>Channel>Encoding>Receiver>Feedback
c) Sender>Encoding>Feedback>Channel>Decoding>Receiver
d) Receiver>Encoding>Channel>Decoding>Sender>Feedback
18. __________ is software that allows businesses to manage their
expenses and income.
a) Accounting System
b) Networking System
c) Inventory System
d) Telecommunication System
19. _________ are most commonly used by small businesses.
a) Quickbooks
b) Slowbooks
c) Macbooks
d) Blackbooks
20. ________ systems accumulate and track customer activity, including
shopping trends, product defects, and customer inquiries?
a) CRM
b) KMS
c) DSS
d) TPS

4.10 EXERCISE

1. What is data and information?

2. What are the characteristics of data and information?
3. Short note on Information as a resource.
4. List and explain types of information technologies used in business.
5. What are types of information systems?
6. What are the ways in which information is used in organization?
61
Management Information 7. Explain decision making in MIS.
System
8. Explain basic types of decisions.
9. Describe communication process model with neat diagram.
10. What are the benefits of effective communication?
11. What are the challenges faced by managers?

4.11 VIDEO LINKS

1. INFORMATION | DATA vs INFORMATION | DATA

COLLECTION METHODS | MANAGEMENT INFORMATION
SYSTEM - YouTube
2. (2277) Characteristics of Information in Hindi | Information
Characteristics | Techmoodly - YouTube
3. (2277) Transaction Processing System (TPS) (in hIndi)- Introduction,
Types, Roles, Features, - YouTube
4. Decision Support System | Intro | Types | Benefits | Artificial
Intelligence | KBES | MIS - YouTube
5. (2277) Management Information System | Unit 2 | Planning |
Corporate Planning | Decision Making | CCS - YouTube
6. (2277) Role of Management Information System | MIS and
Management Efficiency | Study at Home with me - YouTube
7. MIS 4 IS Opportunities and Challenges - YouTube



62
62
 5
DECISION SUPPORT SYSTEM(DSS)
Unit Structure
5.0 Objectives:
5.1. Introduction to Decision Support System
5.1.1 A brief history of Decision Support Systems
5.1.2 Components of a Decision Support System
5.1.3 Types of Decision Support System
5.1.4 Data-driven
5.1.5 Model-driven
5.1.6 Knowledge-driven
5.1.7 Communication -driven
5.1.8 Advantages of DSS
5.1.9 Disadvantages of DSS
5.2. Introduction of Group Decision Support System.
5.2.1 What is GDSS ?
5.2.2 Advantages of GDSS :
5.2.3 Disadvantages of GDSS :
5.2.4 Features of Group Decision Support System (GDSS):
5.2.5 Components of Group Decision Support System (GDSS) :
5.3 Knowledge Based Expert System
5.3.1 History of KBS
5.3.2 How does it work?
5.3.3 Components of a KBS
5.3.4 Types of knowledge-based systems
5.3.5 Advantages of KBS
5.3.6 Disadvantages of KBS
5.3.7 Challenges of knowledge-based systems
5.4 Summary
5.5 References for further reading. 63
Management Information
System
5.0 OBJECTIVES:

This chapter will make the readers understand the following concepts:

• Concept of decision support system

• History of DSS

• Understand components of DSS

• Different types of DSS

• Knowledge based DSS

• Concept Of KBS

• Components of KBS

• Design approach of KBS

5.1. INTRODUCTION TO DECISION SUPPORT SYSTEM

As organizations grow, they usually have multiple data sources that store
different kinds of information. The data that is present within various
sources in the organization can provide meaningful insights to the business
users if analysed in a proper way and can assist in making data as a strategic
tool leading to improvement of processes. A decision support system (DSS)
is an information system that aids a business in decision-making activities
that require judgment, determination, and a sequence of actions. The
information system assists the mid- and high-level management of an
organization by analyzing huge volumes of unstructured data and
accumulating information that can help to solve problems and help in
decision-making. A DSS is either human-powered, automated, or a
combination of both. Broadly speaking, a decision support system (DSS) is
an analytics software program used to gather and analyze data to inform
decision making. There are many different types of decision support
systems, from modern business intelligence which uses AI and machine
learning to suggest insights and analyses for humans to perform, to model-
based DSS systems which use predefined criteria to perform automated
calculations and deliver best-case decisions. For all types, DSS is used in
timely problem solving to improve efficiency and streamline operations,
planning and company management.
A decision support system produces detailed information reports by
gathering and analyzing data. Hence, a DSS is different from a normal
operations application, whose goal is to collect data and not analyze it.
In an organization, a DSS is used by the planning departments – such as the
operations department – which collects data and creates a report that can be
used by managers for decision-making. Mainly, a DSS is used in sales
projection, for inventory and operations-related data, and to present
64
64 information to customers in an easy-to-understand manner.
Theoretically, a DSS can be employed in various knowledge domains from Decision Support
System(DSS)
an organization to forest management and the medical field. One of the main
applications of a DSS in an organization is real-time reporting. It can be
very helpful for organizations that take part in just-in-time (JIT) inventory
management.
In a JIT inventory system, the organization requires real-time data of their
inventory levels to place orders “just in time” to prevent delays in
production and cause a negative domino effect. Therefore, a DSS is more
tailored to the individual or organization making the decision than a
traditional system.
5.1.1 A brief history of Decision Support Systems
Decision Support Systems have evolved over the past three decades from
simple model-oriented systems to advanced multi-function entities. During
the 1960’s, most Decision Support Systems were fairly based on powerful
(and expensive) mainframe computers which provided managers with
structured, periodic reports. MIS theory developments during the 1970’s
saw Decision Support Systems evolve into more elaborate computer-based
systems that supported production, promotion, pricing, marketing and some
logistical functions. By early 1980’s Decision Support Systems enjoyed
more interests from academics and the framework for Decision Support
Systems was greatly expanded by the end of the decade. It was only during
the 1990’s that a paradigm shift occurred in Decision Support Systems and
more complex systems, which incorporated, advanced database technology
and client/server capabilities, were emerging from many areas in business
processes. As many organizations started to upgrade their network
infrastructure, object oriented technology and data warehousing started to
make its mark on Decision Support Systems. The rapid expansion of the
Internet provided additional opportunities for the scope of Decision Support
Systems and consequently many new innovative systems such as OLAP and
other web-drive systems were developed.
5.1.2 Components of a Decision Support System
The three main components of a DSS framework are:
1. Model Management System
The model management system S=stores models that managers can
use in their decision-making. The models are used in decision-making
regarding the financial health of the organization and forecasting
demand for a good or service.
2. User Interface
The user interface includes tools that help the end-user of a DSS to
navigate through the system.
3. Knowledge Base
The knowledge base includes information from internal sources
(information collected in a transaction process system) and external
sources (newspapers and online databases).
65
Management Information
System

In nutshell Components of DSS can be categorized as:

1. Inputs: Records, Data factors, numbers, and characteristics for
analyzing.
2. User Knowledge and Expertise: To run the proper functioning
and provide inputs, the user must know how to use the system.
3. User Interface: DSS should support model construction and
model analysis by providing a well-structured user interface.
4. Decisions: Based on user requirements, results are generated by
the Decision Support System.
5.1.3 Types of Decision Support System
There are various types of decision support system, which are classified as:

5.1.4 Data-driven
Data-driven DSS refers to a category or type of Decision Support System
that emphasizes access to and manipulation of a time-series of internal
company data and sometimes external data. Simple file systems accessed
by query and retrieval tools provide the most elementary level of
functionality.

66
66
Decision Support System includes file drawer systems, data analytics Decision Support
System(DSS)
systems, analytical information systems, data storage systems and
emphasizes access and manipulation of large structured data databases.
Examples: chats and instant messaging software’s, online collaboration and
net-meeting systems. Most data-driven DSSs are targeted at managers, staff
and also product/service suppliers. It is used to query a database or data
warehouse to seek specific answers for specific purposes.
5.1.5 Model-driven
Decision Support System model comes from a variety of fields or
specialties and could include accounting models, financial models,
representative models, optimization models, etc. n some decision situations,
quantitative models embedded in a Decision Support System (DSS) can
help managers make better decisions. Model-driven DSS use algebraic,
decision analytic, financial, simulation, and optimization models to provide
decision support. This category of DSS is continuing to evolve, but research
can resolve a variety of behavioral and technical issues that impact system
performance, acceptance and adoption. This article includes a brief survey
of prior research. It focuses on model-driven DSS built using decision
analysis, optimization, and simulation technologies; implementation using
spreadsheet and web technologies; issues associated with the user interface;
and behavioral and technical research questions.
Model-driven DSS can be used to aid decision making in a variety of
situations. It can assist managers in making:

• Credit and lending decisions

• Product demand forecasting
• Budgeting decisions
• Marketing decisions
• Production forecasting decisions
• Resource allocation decisions
• Project planning
• Investment decisions
5.1.6 Knowledge-driven
This Knowledge-driven focuses on knowledge and advise managers to take
action on the basis of a certain knowledge base analysis. Predefined facts,
Stored procedures, rules, and limitations are also referred to solve problems.
It also has special expertise in problem-solving and is closely associated
with data mining.
Knowledge-Driven DSS can suggest or recommend actions to managers.
These DSS are person-computer systems with specialized problem-solving
expertise. The "expertise" consists of knowledge about a particular domain,
understanding of problems within that domain, and "skill" at solving some 67
Management Information of these problems. A related concept is Data Mining. It refers to a class of
System
analytical applications that search for hidden patterns in a database. Data
mining is the process of sifting through large amounts of data to produce
data content relationships. Tools used for building Knowledge-Driven DSS
are sometimes called Intelligent Decision Support methods (cf., Dhar and
Stein, 1997).
5.1.7. Communication -driven
Globalization has not only expanded the product markets. It has also made
organizations geographically more dispersed. Therefore, the way the
business is done and decisions are made has also changed significantly.
Collaborative decision-making has become more valuable than ever.
This is why there is an increased emphasis on developing and implementing
communications-driven group decision support systems. Decision making,
in the current business environment, is a collaborative process with
participation from in-house and remotely located teams or temporary work
groups or task forces. In such a scenario, communications-driven group
DSS makes it easier for every participant to send and receive
communication and interact with others in real time, from their respective
locations, without meeting physically.
A communications-driven group DSS

• Fosters collaboration between cross functional business teams at same

or different locations
• Allows geographically separated decision makers connect face-to-
face in real time
• Allows data sharing with rest of the team members, work groups or
task force
5.1.8 Advantages of DSS also as 'purpose' apart from above

• Improves efficiency and speed of decision-making activities.

• Increases the control, competitiveness and capability of futuristic
decision-making of the organization.
• Facilitates interpersonal communication.
• Encourages learning or training.
• Since it is mostly used in non-programmed decisions, it reveals new
approaches and sets up new evidences for an unusual decision.
• Helps automate managerial processes.
5.1.9 Disadvantages of DSS
Besides limitations, decision support systems also have some
disadvantages, such as:

68
68
• Information Overload: A computerized decision making system Decision Support
System(DSS)
may sometimes result in information overload. Since it analyzes all
aspects of a problem, it leaves a user in a dilemma what to consider
and what not to consider. Not each bite of information is necessary in
decision making. But when it’s present, a decision maker finds it
difficult to ignore information that is not a priority.
• Too much Dependence on DSS: It is true that decision support
systems are integrated into businesses to make everyday decisions
faster and more easily. Some decision makers develop a tendency to
depend too much on computerized decision making and don’t want to
apply their own brains. Clearly, there is a shift in focus and decision
makers may not hone their skills further because of excessive
dependence on DSS.
• Devaluation of Subjectivity: A decision support system promotes
rational decision making by suggesting alternatives basis the
objectivity. While bounded rationality or restricted irrationality plays
a critical role in decision making, subjectivity cannot and should not
be rejected. A DSS promotes objectivity and relegates subjectivity,
which can have serious impact on a business.
• Overemphasis on Decision Making: Clearly the focus of
computerized decision making is on considering all aspects of a
problem all the time, which may not be required in many of the
situations. It is essentially important to train the users to ensure
effective and optimal use of DSS.
• Cost of Development: The cost of decision making decreases once a
decision support system is installed. But development and
implementation of a DSS requires a huge monetary investment.
Customization may attract higher cost. If you’re on a tight budget, you
might not get a customized DSS specific to your needs.

5.2 INTRODUCTION OF GROUP DECISION SUPPORT

SYSTEM.

5.2.1 What is GDSS?

GDSS is the abbreviation for Group Decision Support System. It is a system
that supports decision-making and has been designed and structured in such
a way so that the members constituting a group can interact with each other
to arrive at a particular decision. It provides support for various group
decision-making activities such as file sharing, integration of the individual
opinions with that of the group, communication, modelling of group actions
and any other action which requires interaction of the group members.
The decision support systems that have been mentioned till now facilitate a
single person to take decisions by providing computerised support. These
decisions fall into the unstructured or semi-structured category. Most of the
decisions that have to be taken in the organisation are generally a group
effort rather than taken by a single person.
69
Management Information The main characteristic of the Group Decision Support Systems or GDSS
System
is to support exchange and flow of information and ideas seamlessly
between various members of the decision-making group. It also maintains
the privacy of the members. There are also many other terms that have been
introduced for the use of information technology in decision-making within
a group. Some of the popular terms that are in use include Group Support
System (GSS), Computer-Supported Co-operative Work (CSCW),
computerised collaborative work support and Electronic Meeting System
(EMS). Groupware is the term that has been coined for software used in
such a scenario.
Thus, a computer-based system is interactive in nature and helps in solving
problems that are unstructured in nature when a group of decision makers
are working in collaboration with each other.
5.2.2 Advantages of GDSS :
1) More Information in Less Time :
It is possible to gather huge amount of information in a very short
time period as GDSS facilitates the members of the team to work
parallel.
2) Greater Participation :
The risks associated with conformity pressure and groupthink is
greatly decreased when the members of the group work in a GDSS
because the members are able to express their thoughts freely. This is
due to the anonymity feature extended by GDSS.
3) More Structure :
In a GDSS environment the discussions are much more concentrated
and focused. Irrelevant degradations are greatly reduced.
4) Automated Documentation :
Comments are preserved forever and the system provides the result
without any delay. Excellent graphics makes viewing more attractive.
5.2.3 Disadvantages of GDSS :
1) Cost :
A significant amount of cost may be associated with putting up the
infrastructure consisting of the room, network connectivity and
the software.
2) Security :
This risk arises when the facility for setting up GDSS has been rented.
There are chances that information gets leaked to the peers by a low
level employee.

70
70
3) Technical Failure : Decision Support
System(DSS)
The system must be properly implemented to reduce the risk
associated with loss of connectivity and power loss. It is
highly dependent on LAN/WAN infrastructure and bandwidth.
4) Keyboarding Skills :
If the members get frustrated they might participate less.
5) Training :
There is variation in the learning curve of the user in various
situations.
6) Perception of Messages :
MIS-interpretations may occur in case the members communicate less
verbally.
5.2.4 Features of Group Decision Support System (GDSS):
1) Ease of Use :
It consists of an interactive interface that makes working with GDSS
simple and easy.
2) Better Decision Making :
It provides the conference room setting and various software tools that
facilitate users at different locations to make decisions as a group
resulting in better decisions.
3) Emphasis on Semi-structured and Unstructured Decisions :
It provides important information that assists middle and higher level
management in making semi-structured and unstructured decisions.
4) Specific and General Support :
The facilitator controls the different phases of the group decision
support system meeting (idea generation, discussion, voting and vote
counting, etc.) what is displayed on the central screen and the type of
ranking and voting that takes place, etc. In addition, the facilitator also
provides general support to the group and helps them to use the
system.
5) Supports all Phases of the Decision Making :
It can support all the four phases of decision making, viz intelligence,
design, choice, and implementation.
6) Supports Positive Group Behaviour :
In a group meeting, as participants can share their ideas more openly
without the fear of being criticized, they display more positive group
behavior towards the subject matter of the meeting.
71
Management Information 5.2.5 Components of Group Decision Support System (GDSS) :
System
A group decision support system (GDSS) is composed of 3 main
components, namely hardware, software tools, and people.
1) Hardware :
It includes electronic hardware like the computer, equipment used for
networking, electronic display boards and audio-visual equipment. It
also includes the conference facility, including the physical set up –
the room, the tables, and the chairs – laid out in such a manner that
they can support group discussion and teamwork.
2) Software Tools :
It includes various tools and techniques, such as electronic
questionnaires, electronic brainstorming tools, idea organizers, tools
for setting priority, policy formation tool, etc. The use of these
software tools in a group meeting helps the group decision-makers to
plan, organize ideas, gather information, establish priorities, take
decisions and document the meeting proceedings. As a result,
meetings become more productive.
3) People :
It compromises the members participating in the meeting, a trained
facilitator who helps with the proceedings of the meeting, and an
expert staff to support the hardware and software. The GDSS
components together provide a favorable environment for carrying
out group meetings.

5.3 KNOWLEDGE BASED EXPERT SYSTEM KBES

A Knowledge Based System or a KBS is a computer program that uses

artificial intelligence to solve problems within a specialized domain that
ordinarily requires human expertise. Knowledge-based system is a more
general than the expert system. A knowledge-based system is a major area
of artificial intelligence. These systems can make decisions based on the
data and information that resides in their database. In addition, they can
comprehend the context of the data being processed.
A knowledge-based system is comprised of a knowledge base and an
interface engine. The knowledge base functions as the knowledge
repository, while the interface engine functions as the search engine.
Learning is a key element to a knowledge-based system, and learning
simulation improves the system over time. Knowledge-based systems are
categorized as expert systems, intelligent tutoring systems, hypertext
manipulations systems, CASE-based systems, and databases having an
intelligent user interface.

72
72
 Decision Support
System(DSS)

5.3.1 History of KBS

The first knowledge-based systems were rule based expert systems.
Representing knowledge explicitly via rules had several advantages:

• Acquisition and maintenance- Using rules meant that domain

experts could often define and maintain the rules themselves rather
than via a programmer.

• Explanation: Representing knowledge explicitly allowed systems to

reason about how they came to a conclusion and use this information
to explain results to users. For example, to follow the chain of
inferences that led to a diagnosis and use these facts to explain the
diagnosis.

• Reasoning: Decoupling the knowledge from the processing of that

knowledge enabled general purpose inference engines to be
developed. These systems could develop conclusions that followed
from a data set that the initial developers may not have even been
aware of. As knowledge-based systems became more complex the
techniques used to represent the knowledge base became more
sophisticated. Rather than representing facts as assertions about data,
the knowledgebase became more structured, representing information
using similar techniques to object-oriented programming such as
hierarchies of classes and subclasses, relations between classes, and
behaviour of objects. As the knowledge base became more structured
reasoning could occur both by independent rules and by interactions
within the knowledge base itself. For example, procedures stored as
demons on objects could fire and could replicate the chaining
behaviour of rules.
5.3.2 How does it work?

• Problem-solving power does not lie with smart reasoning techniques

nor clever search algorithms but domain dependent real-world
knowledge.

73
Management Information • Real-world problems do not have well-defined solutions • KBS allow
System
this knowledge to be represented and creates an explained solution.

• A KBS draws upon the knowledge of human experts captured in a

knowledge-base to solve problems that normally require human
expertise

• Uses Heuristic (cause-and-effect) rather than algorithms KBS as

realworld problem solvers
5.3.3 Components of a KBS
Knowledge Base: The accumulation, transfer, and translation of problem-
solving skills from experts and/or documented knowledge sources to a
computer programme to develop or increase the knowledge base is known
as knowledge acquisition.
The component of an expert system that contains the system’s knowledge
organized in collection of facts about the system’s domain
Knowledge is represented in the form of rules using IF ELSE. These IF
ELSE rules is used to form chains of knowledge.
There are 2 types:

• Forward chaining(fact driven)

• Backward chaining(goal driven)

Explanation Facility: It’s a subsystem that describes what’s going on in the
system.
Inference Engine
It derives answers from the knowledge base. This is the brain of the expert
system that provides a methodology for reasoning about the information in
the knowledge base, and for formulating conclusions. Inference Engine: It
functions as an interpreter, analysing and processing rules. It performs the
duty of matching antecedents from user replies and firing rules.
Knowledge acquisition: The accumulation, transfer, and translation of
problem-solving skills from experts and/or documented knowledge sources
to a computer programme for the purpose of developing or increasing the
knowledge base is known as knowledge acquisition.
User Interface
The component of an expert system that contains the system’s knowledge
organized in collection of facts about the system’s domain. The user
interface is used by the user to communicate with the knowledge base.
5. 3.4 Types of knowledge-based systems
Here are some types of knowledge-based systems:
74
74
Case-based systems Decision Support
System(DSS)
Case-based systems use case-based reasoning. This involves reviewing past
knowledge of similar situations. Based on what it finds, the knowledge-
based system provides solutions that were effective in those given
situations.
Expert systems
Expert systems are one of the most common types of knowledge-based
systems. These systems mimic human experts' decision-making processes,
making them helpful for complex analyses, calculations and predictions. In
addition to presenting solutions, they provide specific explanations for the
problems they're solving.
Hypertext manipulation systems
Hypertext manipulation systems store knowledge by linking text to other
texts and by using hypertext. Hypertext refers to a network of discrete
blocks of information interconnected as a way to store data. This type of
system allows you to access many types of data easily.
5.3.5 Advantages of KBS

• Increase available of expert knowledge

• Efficient and cost effective
• Consistency of answers
• Explanation of solution
• Deals with uncertainty
Knowledge-based systems are useful for providing expertise to people who
require it, especially when they're attempting to make decisions quickly.
They can be helpful for providing recommendations for various industries,
and their potential may continue to grow as technology evolves. Some
examples of current uses for knowledge-based systems include:
Blackboard systems
A blackboard knowledge-based system allows users to collaborate to
achieve a solution. Human experts can continuously input new information
into the system, helping to create partial solutions as they investigate the
final outcome. The system uses partial solutions to determine the
appropriate answer to a problem.
Classification systems
Classification systems analyze data and assign it to appropriate groups. This
type of knowledge-based system allows you to determine what the
classification status is for a section of data. It may be particularly useful for
scientists, such as analyzing chemical components to determine the
classification of particular chemical compounds.
75
Management Information Eligibility analysis systems
System
Eligibility analysis systems may include guided questions for a user. These
are often rule-based systems because they typically allow users to continue
to answer questions until one of their responses indicates they're not eligible
for the service. This type of system may be useful for those looking to make
their screening processes more efficient, such as government organizations
or hiring professionals.
Medical diagnosis systems
Medical diagnosis systems help diagnose patients based on their symptoms
in medical history. They may answer a series of questions or a medical
professional may enter the information for them, and, based on their
responses, the knowledge-based system identifies what condition they may
be experiencing, Many of these systems also recommend treatment methods
the patient may consider based on their responses and potential diagnosis.
It's important to note the system alone is not an appropriate replacement for
professional medical care.
5.3.6 Disadvantages of KBS

● Lack of common sense

● Inflexible, difficult to modify
● Restricted domain of expertise limited to KB - Not always reliable
5.3.7 Challenges of knowledge-based systems

• Some challenges of using knowledge-based systems include:

• Acquiring, organizing and manipulating large volumes of data and
information
• Experiencing potential anomalies in the systems, such as redundant
rules and circular dependencies
• Handling the limitations of scientific and cognitive techniques
• Navigating the generally abstract nature of knowledge
• Providing a system that is only as high quality as the data and
information it contains
• Requiring accurate and extensive data to perform correctly

5.4 SUMMARY

• A decision support system (DSS) is a computerized system that

gathers and analyzes data, synthesizing it to produce comprehensive
information reports.
• A decision support system differs from an ordinary operations
application, whose function is just to collect data.

76
76
• Decision support systems allow for more informed decision-making, Decision Support
System(DSS)
timely problem-solving, and improved efficiency in dealing with
issues or operations, planning, and even management.
• A group decision support system (GDSS) is an interactive computer-
based system that facilitates a number of decision-makers (working
together in a group) in finding solutions to problems that are
unstructured in nature.
• The tools and techniques provided by the group decision support
system improve the quality and effectiveness of the group meetings.
• A group decision support system (GDSS) meeting comprises different
phases, such as idea generation, discussion, voting, vote counting and
so on.
• A group decision support system (GDSS) is composed of 3 main
components, namely hardware, software tools, and people.
• A knowledge-based system (KBS) is a computer
program that reasons and uses a knowledge base to solve complex
problems.
• A knowledge-based system is a major area of artificial intelligence.
• These systems can make decisions based on the data and information
that resides in their database. In addition, they can comprehend the
context of the data being processed.
• A knowledge-based system is comprised of a knowledge base and an
interface engine.

5.5 REFERENCES FOR FURTHER READING.

Web References:
1. https://www.guru99.com/data-mining-vs-datawarehouse.html
2. https://www.tutorialspoint.com/dwh/dwh_overview
3. https://www.geeksforgeeks.org/
4. https://blog.eduonix.com/internet-of-things/web-mining-text-
mining-depth-mining-guide



77
 6
ERP, SCM AND CRM
Unit Structure
6.0 Objectives
6.1 Introduction of ERP
6.1.1 Why Do Companies Implement ERP Software?
6.1.2 Benefits of ERP Systems
6.1.3 ERP MODELS
6.1.4 Benefits of ERP modules
6.2 Supply Chain Management (SCM)
6.2.1 Introduction
6.2.2 Why is supply chain management important?
6.2.3 Scope of SCM
6.2.4 SCM Processes
6.2.5 Advantages of SCM
6.2.6 Key features of effective supply chain management
6.2.7 Information Management in SCM
6.3 Customer Relationship Management(CRM)
6.3.1 Understanding Customer Relationship Management (CRM)
6.3.2 Components of CRM
6.3.3 Types of CRM technology
6.3.4 Advantages of Customer Relationship Management
6.4 Summary

6.0 OBJECTIVES:

This chapter will make the readers understand the following concepts:

• Meaning of ERP
• Need of ERP
• ERP models
• Introduction to SCM
• Need of SCM
• Working of SCM
• Information Management in SCM
77
Management Information • Advantages of SCM
System
• Concept of CRM
• Need of CRM
• Implementation of CRM

6.1 INTRODUCTION OF ERP

Growing companies eventually reach a point where spreadsheets no longer

cut it. That’s where enterprise resource planning software comes in: ERP
systems collect and organize key business information and help
organizations run lean, efficient operations, even as they expand.
At its core, an ERP is an application that automates business processes, and
provides insights and internal controls, drawing on a central database that
collects inputs from departments including accounting, manufacturing,
supply chain management, sales, marketing and human resources (HR).
Once information is compiled in that central database, leaders gain cross-
departmental visibility that empowers them to analyze various scenarios,
discover process improvements and generate major efficiency gains. That
translates to cost savings and better productivity as people spend less time
digging for needed data.
ERP which stands for Enterprise Resource Planning is a modular software
system designed to integrate the main functional areas of a company’s
business processes into one integrated system.
ERP software standardizes, simplifies, and integrates business processes
including finance, human resources, procurement, distribution, and other
departments.
ERP software that’s tailored to meet the needs of an individual business
pays major dividends, making these systems a critical tool for companies
across industries and of all sizes. Many of the world’s best-known and most
successful firms have leaned on ERP for the last quarter century. Now, this
software can be configured and priced to meet the needs of all-size
businesses.
Put simply, an ERP system helps unify people, core business processes and
technology across an organization.
ERP systems have become table stakes for businesses looking to use
resources wisely. They can help leaders reallocate human and financial
capital or build more efficient core business processes that save money
without sacrificing on quality or performance.
An ERP is also an asset when it comes to planning and coordination.
Employees can see current available inventory and customer orders in
detail, then compare supplier purchase orders and forecasted future demand.
If necessary, they can make adjustments to head off problems. ERP software
78
78
improves communication and collaboration as well because workers can ERP, SCM And CRM
check on the status of other departments to guide their own decisions.
As a comprehensive source of data, an ERP system also provides a host of
reports and analytics that can be difference-makers for the business.
Turning a vast trove of information into charts and graphs that clearly
illustrate trends and help model possible results is an ERP capability
executives find invaluable.
6.1.1 Why Do Companies Implement ERP Software? Adv an organz gains from implementing ERP
The following are some common reasons why they use ERP.
To integrate financial information
Without an integrated system, each department, such as finance, sales, etc.,
must relies on a separate system. This requires companies to pay different
fees for each system. Employees must also spend time reconciling financial
data rather than figuring out how to improve the company.
To manage orders and inventory
With ERP software, companies can easily manage orders, production,
inventory, and distribution. Since the entire process is managed through a
single system, delays can be avoided, inventory is always at an adequate
level, and customer expectations are always met.
To manage and analyze customer data
Most ERP systems provide CRM modules to track all customer interactions
and provide information regarding orders, shipping, returns, service
requests, and others. ERP software also allows retailers to gain insight into
customer behaviour and needs.
To standardize and speed up production
Manufacturing companies, especially those with a desire for mergers and
acquisitions, often find that several business units make similar widgets
using different computer methods and systems. ERP systems can
standardize and automate the manufacturing processes. This standardization
saves time, increases productivity, and reduces costs.
To manage human resources
Many companies, especially those with multiple business units, have
difficulty managing employee needs, distributing salaries and incentives, or
tracking their working hours.
ERP systems allow companies to maintain employee information, manage
payrolls, monitor attendance, track expenses, manage leave requests,
provide assessments, manage taxes, and a lot more.

79
Management Information Employees can also be granted access rights to submit leave and
System
reimbursement requests, view pay checks, record working hours, view
information about other employees, and so on.
To handle procurement
Without the help of an integrated system, companies will have
difficulty managing the purchase of goods and communicating with
suppliers. ERP systems allow companies to automate purchases, control
costs incurred for purchasing goods, and speed up the order management.
To gain comprehensive insights
Generating reports is a time-consuming task. But with an ERP system,
financial, tax
summary, sales reports, etc. can be created in just seconds. ERP systems
allow companies to create accurate and complete reports that can help
stakeholders make better business decisions.
6.1.2 Benefits of ERP Systems
Today’s ERP solutions have rich feature sets that bring countless benefits
to businesses. While what an individual firm sees as the greatest value of
this technology will vary, here are key universal advantages ERP delivers:
1. Cost savings:
Perhaps the biggest value proposition of ERP systems is they can save
your organization money in a number of ways. By automating many
simple, repetitive tasks, you minimize errors and the need to add
employees at the same rate as business growth. Cross-company
visibility makes it easier to spot inefficiencies that drive up costs and
leads to better deployment of all resources, from labor to inventory to
equipment. And with cloud ERP, companies may quickly see
incremental value from the software, over and above what they’re
spending.
2. Workflow visibility:
With all workflows and information in one place, employees with
access to the system can see the status of projects and the performance
of different business functions relevant to their jobs. This visibility
may be particularly valuable to managers and leaders, and it’s far
faster and easier than searching for the right documents and constantly
asking colleagues for updates.
3. Reporting/analytics:
Data is useful only if companies can analyze and understand it, and
an ERP helps with that. Leading solutions have impressive reporting
and analytics tools that allow users to not only track KPIs, but display
any metrics or comparisons they can dream up. Since an ERP is all-
encompassing, it can help a business understand how a change or
problem with a process in one department affects the rest of the
company.

80
80
4. Business insights/intelligence: ERP, SCM And CRM

Because ERPs can access real-time data from across the company,
these systems can uncover impactful trends and provide extensive
business insights. This leads to better decision-making by
organizational leaders who now have easy access to all relevant data.
5. Regulatory compliance & data security:
Financial reporting standards and governmental and industry-specific
data security regulations change frequently, and an ERP can help your
company stay safe and compliant. An ERP provides an audit trail by
tracking the lifecycle of each transaction, including adherence to
required approval workflows. Businesses may also reduce the chance
of errors and related compliance snafus with automation. ERP
software provides financial reports that comply with standards and
regulations, and SaaS applications are well-equipped to help
companies with PCI-DSS compliance.
6. Risk management:
ERP technology reduces risk in a few ways. Granular access control
and defined approval workflows can strengthen financial controls and
reduce fraud. Additionally, more-accurate data heads off mistakes
that could lead to lost sales or fines. And finally, the ability to see the
status of the entire operation enables employees to quickly handle
risks posed by business disruptions.
7. Data security:
ERP providers understand that your system houses critical, sensitive
data and take necessary steps to ensure it is secure. This diligence is
more important than ever as the volume and scale of cyberattacks
increase. Cloud ERP software, in particular, uses cutting-edge
security protocols to ensure your company doesn’t fall victim to a
damaging attack.
8. Collaboration:
Employees are most effective when they work together. ERP
solutions make it easy to share information — like purchase orders,
contracts and customer-support records — among teams. It knocks
down walls between departments by giving employees appropriate
access to real-time data on related business functions.
9. Scalability:
The right ERP system will be scalable and flexible enough to meet
your company’s needs today and for the foreseeable future. Cloud
systems in particular adapt to minor and major operational changes
even as the amount of data the organization captures and demand for
access increase.
81
Management Information 10. Flexibility:
System
While ERP software helps businesses follow best practices, it also
offers the flexibility to support unique processes and objectives. The
system gives administrators the ability to build out company-specific
workflows and create automatic reports important to different
departments and executives. An ERP enhances your organization’s
innovation and creativity.
11. Customization:
While most companies find that modern ERPs support their
businesses “out of the box,” some firms need to add to the extensive
built-in functionality. If you have a lot of specialized processes, look
for an extensible system that allows your integrator or IT staff to write
code that adds needed features, or that can integrate with homegrown
or legacy solutions. However, before going the custom route, take a
close look at your processes — the prebuilt functionality and
configurations modern ERP solutions support are based on best
practices gathered from thousands of companies. Aim to minimize
customizations.
12. Customer & partner management:
An ERP can strengthen a company’s partner and customer
relationships. It can provide insights on suppliers, shipping carriers
and service providers, with the cloud enabling even better, more
convenient information exchange. When it comes to customers, the
solution can track survey responses, support tickets, returns and more
so the organization can keep its finger on the pulse of customer
satisfaction.

82
82
6. 1.3 ERP MODELS ERP, SCM And CRM

An ERP module is a software component or part of the ERP program that

takes care of a particular operation or department. All ERP software,
including SAP, Oracle, Netsuite and more are made up of multiple ERP
modules such as financial management and accounting, warehousing and
inventory, supply chain, procurement and more. ERP modules are powerful
tools for adapting business processes across departments and improving
cross-departmental workflows. In the following article, we have presented
some of the most common and basic ERP modules that can be found in all
ERP systems. Sources: 2, 6, 11
Enterprise Resource Planning (ERP) consists of various modules or
components that are part of the overall system, depending on the business
unit. An ERP system consists of modules, and each module focuses on a
certain area of the business process, including finance and marketing. ERP
Finance Module, Manufacturing Module, ERP Supply Chain Module,
Human Resources Module, Production Management Module, Sales and
Sales Module, Quality Management Module, Customer Relationship
Management Module and Purchasing Module, Material Management
Module
The different modules of the ERP software represent the business processes
and help to unify data and processes at a central location. Each ERP module
is designed for a specific business function and provides data and support
processes to help employees do their job better. The various functions of a
company in an ERP system consist of different modules. Sources: 4, 8, 10
Sales & Marketing
The sales and marketing module in the ERP software helps to store
information about leads and customers, including inquiries, offers, contact
details, invoices, etc. It is a kind of CRM system for companies that helps
to improve the relationship between business prospects and customers,
provide support and improve the customer experience. Sources: 4
The various ERP department modules manage the core business functions
uniformly and are designed to facilitate the seamless flow of information
between multiple departments such as sales, inventory management,
customer relationship management, human resources, finance, etc. Sources: 3
Supply Chain Management
One of the most popular ERP systems is the Supply Chain Management
module, which helps companies manage the entire material flow from the
manufacturer to the retailer and the end customer. The goal of the Oracle
ERP Manufacturing Module for ERP is to provide complete inventory
management and streamline the production cycle for supply chain
components with a management system. Another function of the product
management module in an ERP system is the automation of the
manufacturing process through functions such as material invoicing and
BOM cost estimation to track additional costs. Sources: 3, 5, 10
83
Management Information With this module, companies are able to make decisions based on the latest
System
information from their ERP system. Real-time data is similar to standalone
supply chain management software and is an essential feature of the ERP
software module Supply Chain Management. With advanced databases and
real-time analysis of data and features of ERP systems, this module provides
accurate business forecasts. Sources: 0, 1, 3
ERP software comes with multiple systems and modules to be purchased
by an organization according to the usefulness of its business. Many
different ERP software modules are available to complement the system and
customize the solution for your business. Since different companies have
different objectives when choosing the software, they can choose the ERP
module that suits their business processes and is tailored to their business
needs. Sources:
Human Resources & Personnel
The HR and personnel module of an ERP system helps to maintain a
comprehensive employee database. It takes care of activities such as the
preparation of payslips, payouts, payslips, etc. Sources: 3
By integrating different modules into an ERP system and collecting data
from different departments within the company, a centralized repository of
business data is created. The most important ERP modules store employee
data such as general information such as working hours, attendance, sick
leave, vacation, etc. Sources: 7, 11
Finance & Accounting Management
Organizations need sophisticated purchasing options to purchase the raw
materials and components needed for manufacturing through sophisticated
procurement software modules from ERP vendors and third-party vendors.
Finance and accounting modules are important ERP modules because they
enable companies to understand their current financial situation and future
prospects. Sources: 8, 12
The key functions of the finance and management module in an ERP system
are the recording and management of receivables and liabilities, cash
management and the preparation of financial reports such as balance sheets,
profit and loss accounts and cash flow accounts. The ERP finance module
also shares data with other core business functions such as Inventory
Management, Production Planning, Purchase, Customer Relationship
Management (CRM) and others. Transactions between one module or
another have a financial impact on the accounting system because they
trigger actions that transfer data between the ERP and the finance
module. Sources: 10, 12
The financial management module of an ERP system helps to collect and
track financial information and makes it available in the form of annual
financial statements. An ERP financial module is a software component that
takes over the most important accounting and financial management
functions of a resource planning system for companies.
84
84
 ERP, SCM And CRM

6.1.4 Benefits of ERP modules

• ERP modules help your business attain the desired efficiency and
enhance day-to-day activities by automating all business processes.
• It keeps all the data in a centralized place and gives clear data
whenever you need it.
• It improves business reporting with the help of reporting features with
real-time data.
• It helps to eliminate the manual process and reduces errors done by
the manual errors. Thus, it increases the efficiency and productivity
of the business.
• It provides better communication within the department as well as
between the departments. When there is a smooth flow of
information, cooperation in the workplace also increases.
• It helps the business provide good customer service by enhancing on-
time delivery and order accuracy.
• It allows the business to control who can use, share, and edit the data.
• ERP modules analyze the real-time data.
• Enhances profitability by avoiding extra expenses like an additional
store of inventories.
• It improves the cash flow with better invoicing.

6.2 SUPPLY CHAIN MANAGEMENT (SCM)

2.1 Introduction
Supply chain management is the handling of the entire production flow of
a good or service — starting from the raw components all the way to
delivering the final product to the consumer. A company creates a network
of suppliers (“links” in the chain) that move the product along from the
suppliers of raw materials to those organizations that deal directly with
users.
85
Management Information How does supply chain management work?
System
According to CIO, there are five components of traditional supply chain
management systems:
Planning
Plan and manage all resources required to meet customer demand for a
company’s product or service. When the supply chain is established,
determine metrics to measure whether the supply chain is efficient,
effective, delivers value to customers and meets company goals.
Sourcing
Choose suppliers to provide the goods and services needed to create the
product. Then, establish processes to monitor and manage supplier
relationships. Key processes include: ordering, receiving, managing
inventory and authorizing supplier payments.
Manufacturing
Organize the activities required to accept raw materials, manufacture the
product, test for quality, package for shipping and schedule for delivery.
Delivery and Logistics
Coordinate customer orders, schedule deliveries, dispatch loads, invoice
customers and receive payments.
Returning
Create a network or process to take back defective, excess or unwanted
products.
6.2.2 Why is supply chain management important?
Effective supply chain management systems minimize cost, waste and time
in the production cycle. The industry standard has become a just-in-time
supply chain where retail sales automatically signal replenishment orders to
manufacturers. Retail shelves can then be restocked almost as quickly as
product is sold. One way to further improve on this process is to analyze the
data from supply chain partners to see where further improvements can be
made.
By analyzing partner data, the CIO.com post identifies three scenarios
where effective supply chain management increases value to the supply
chain cycle:

• Identifying potential problems. When a customer orders more

product than the manufacturer can deliver, the buyer can complain of
poor service. Through data analysis, manufacturers may be able to
anticipate the shortage before the buyer is disappointed.

86
86
• Optimizing price dynamically. Seasonal products have a limited ERP, SCM And CRM
shelf life. At the end of the season, these products are typically
scrapped or sold at deep discounts. Airlines, hotels and others with
perishable “products” typically adjust prices dynamically to meet
demand. By using analytic software, similar forecasting techniques
can improve margins, even for hard goods.

• Improving the allocation of “available to promise”

inventory. Analytical software tools help to dynamically allocate
resources and schedule work based on the sales forecast, actual orders
and promised delivery of raw materials. Manufacturers can confirm a
product delivery date when the order is placed — significantly
reducing incorrectly-filled orders.
6.2.3 Scope of SCM

6.2.4 SCM Processes

• Customer Relationship Management

• Customer Service Management

• Demand Management

• Customer Order Fulfillment

• Manufacturing Flow Management

• Procurement Management

• Product Development and Commercialization

• Returns Management
87
Management Information 6.2.5 Advantages of SCM
System
SCM have multi-dimensional advantages −
• To the suppliers −
▪ Help in giving clear-cut instruction
▪ Online data transfer reduce paper work
• Inventory Economy −
▪ Low cost of handling inventory
▪ Low cost of stock outage by deciding optimum size of
replenishment orders
▪ Achieve excellent logistical performance such as just in time
• Distribution Point −
▪ Satisfied distributor and whole seller ensure that the right
products reach the right place at right time
▪ Clear business processes subject to fewer errors
▪ Easy accounting of stock and cost of stock
● Channel Management −
▪ Reduce total number of transactions required to provide product
assortment
▪ Organization is logically capable of performing customization
requirements
● Financial management −
▪ Low cost
▪ Realistic analysis
● Operational performance −
▪ It involves delivery speed and consistency.
● External customer −
▪ Conformance of product and services to their requirements
▪ Competitive prices
▪ Quality and reliability
▪ Delivery
▪ After sales services

88
88
● To employees and internal customers − ERP, SCM And CRM

▪ Teamwork and cooperation

▪ Efficient structure and system
▪ Quality work
▪ Delivery
6.2.6 Key features of effective supply chain management
The supply chain is the most obvious “face” of the business for customers
and consumers. The better and more effective a company’s supply chain
management is, the better it protects its business reputation and long-term
sustainability.
IDC’s Simon Ellis in The Path to a Thinking Supply Chain¹ defines what is
supply chain management by identifying the five “Cs” of the effective
supply chain management of the future:
• Connected: Being able to access unstructured data from social
media, structured data from the Internet of Things (IoT) and more
traditional data sets available through traditional ERP and B2B
integration tools.
• Collaborative: Improving collaboration with suppliers increasingly
means the use of cloud-based commerce networks to enable multi-
enterprise collaboration and engagement.
• Cyber-aware: The supply chain must harden its systems and protect
them from cyber-intrusions and hacks, which should be an enterprise-
wide concern.
• Cognitively enabled: The AI platform becomes the modern supply
chain's control tower by collating, coordinating and conducting
decisions and actions across the chain. Most of the supply chain is
automated and self-learning.
• Comprehensive: Analytics capabilities must be scaled with data in
real time. Insights will be comprehensive and fast. Latency is
unacceptable in the supply chain of the future.
Many supply chains have begun this process, with participation in
cloud-based commerce networks at an all-time high and major efforts
underway to bolster analytics capabilities.
6.2.7 Information Management in SCM
Information management systems have the potential to change
organizations and promote the emergence of new businesses. Their main
goal is to enhance information flow and facilitate the decision making
process. An information management system is one of the few elements of
supply chain that can offer both improved performance and lower cost.
It enables companies to maintain key information in an accessible format
and helps to take operational and planning decisions. The adoption and
89
Management Information successful implementation of software and network technology contribute
System
in a large way for the supply chain success facilitating the flow of
information and enhancing the efficiency of supply chain activities.
Logistics activities are key activities in the supply chain, including
planning, designing, implementing and managing the flow, storage of
materials and information exchange in order to support basic logistics
functions such as procurement, distribution, transportation, inventory
management, packaging and manufacturing. Information technologies are
seen as a resource of a company, as a source of its competitive advantage
and serve as a catalyst of change in a company.
With the growing trend toward the use of international supply chains and e-
commerce, logistics service providers for product warehousing,
transportation and delivery are placing greater emphasis on information
technologies in order to remain competitive globally. In the last decades,
innovative technologies that have deeply affected the way business are
performed and the way that companies compete. Innovations in digital
commerce play a key role in managing inter-organizational networks of
supply chain members. The internet represents a powerful technology for
commerce and communication between supply chain participants as well as
a technique for the improvement of supply chain management.
The fact that Information Technologies have a positive impact on efficiency
as well as the overall performance of every company that uses them,
regardless of its primary activity, is already well known. Therefore, supply
chain companies can also greatly benefit from the use of Information
Technologies. Nevertheless results depend mostly on the level and type of
Information Technologies usage, which are correlated to the company's size
and availability of technology, make the integration of business processes
along the supply chain still possible just with proper use of right
technologies. And the fact that the use of information technologies requires
redesign and reorganization of logistics processes, which can be seen as one
of the most important barriers to technology adoption. Therefore new
technologies and tools are required to gain and/or obtain stability and
effectiveness of the supply chain.
Examples of information systems in supply chain management
Information Technologies Used in Supply chain or Logistics
• Barcoding. ...
• Electronic Data Interchange (EDI) ...
• Extensible Markup Language (XML) ...
• Data Management. ...
• Imaging. ...

• Artificial Intelligence Systems. ...

• Radio Frequency or RF Technology. ...

• Computer on Board and Satelite Tracking.

90
90
6.3 CUSTOMER RELATIONSHIP MANAGEMENT(CRM) ERP, SCM And CRM

Customer relationship management (CRM) is the combination of practices,

strategies and technologies that companies use to manage and analyse
customer interactions and data throughout the customer lifecycle. The goal
is to improve customer service relationships and assist in customer
retention and drive sales growth. CRM systems compile customer data
across different channels, or points of contact, between the customer and
the company, which could include the company's website, telephone, live
chat, direct mail, marketing materials and social networks. CRM systems
can also give customer-facing staff members detailed information on
customers' personal information, purchase history, buying preferences and
concerns.
From the organization's point of view, this entire relationship encompasses
direct interactions with customers, such as sales and service-related
processes, forecasting, and the analysis of customer trends and behaviours.
Ultimately, CRM serves to enhance the customer's overall experience.
6.3.1 Understanding Customer Relationship Management (CRM)
Elements of CRM range from a company's website and emails to mass
mailings and telephone calls. Social media is one-way companies adapt to
trends that benefit their bottom line. The entire point of CRM is to build
positive experiences with customers to keep them coming back so that a
company can create a growing base of returning customers.
Increasingly, the term CRM is being used to refer to the technology systems
companies can engage to manage their external interactions with customers
at all points during the customer lifecycle, from discovery to education,
purchase, and post-purchase.
With an estimated global market value of over $40 billion in 2018, CRM
technology is widely cited as the fastest-growing enterprise-software
category, which largely encompasses the broader software-as-a-
service (SaaS) market. Five of the largest players in the CRM market today
include cloud computing giant Salesforce, Microsoft, SAP, Oracle and
Adobe Systems.
The goal of customer relationship management is to gather enough
information about a customer and use it well enough to increase that
customer's positive interactions with the company, thereby increasing that
company's sales.
For small businesses, customer relationship management includes
processes and systems for:

• Lead generation and conversion: Identifying and targeting a

company's ideal customers; generating quality sales leads; planning
and implementing marketing campaigns with clear goals and
objectives
91
Management Information • Relationship building: Creating regular communication channels;
System
building and improving relationships with customers; providing
individualized attention to the most profitable customers
• Customer service: Providing employees with the information they
need to understand customers' wants and needs, address concerns,
solve problems, and increase customer satisfaction
CRM systems are collaborative. These systems are used to gather data
through all phases of the customer relationship (marketing, sales, and
service).
6.3.2 Components of CRM
At the most basic level, CRM software consolidates customer information
and documents it into a single CRM database so business users can more
easily access and manage it.
Over time, many additional functions have been added to CRM systems to
make them more useful. Some of these functions include recording various
customer interactions over email, phone, social media or other channels;
depending on system capabilities, automating various workflow automation
processes, such as tasks, calendars and alerts; and giving managers the
ability to track performance and productivity based on information logged
within the system.
• Marketing automation. CRM tools with marketing
automation capabilities can automate repetitive tasks to enhance
marketing efforts at different points in the lifecycle for lead
generation. For example, as sales prospects come into the system, it
might automatically send email marketing content, with the goal of
turning a sales lead into a full-fledged customer.

• Sales force automation. Sales force automation tools track customer

interactions and automate certain business functions of the sales cycle
that are necessary to follow leads, obtain new customers and build
customer loyalty.
• Contact center automation. Designed to reduce tedious aspects of a
contact center agent's job, contact center automation might include
prerecorded audio that assists in customer problem-solving and
information dissemination. Various software tools that integrate with
the agent's desktop tools can handle customer requests in order to cut
down on the length of calls and to simplify customer service
processes. Automated contact center tools, such as chatbots, can
improve customer user experiences.
• Geolocation technology, or location-based services. Some CRM
systems include technology that can create geographic marketing
campaigns based on customers' physical locations, sometimes
integrating with popular location-based GPS (global positioning
system) apps. Geolocation technology can also be used as a
networking or contact management tool in order to find sales
92
92 prospects based on a location.
• Workflow automation. CRM systems help businesses optimize ERP, SCM And CRM
processes by streamlining mundane workloads, enabling employees
to focus on creative and more high-level tasks.

• Lead management. Sales leads can be tracked through CRM,

enabling sales teams to input, track and analyze data for leads in one
place.

• Human resource management (HRM). CRM systems help track

employee information, such as contact information, performance
reviews and benefits within a company. This enables the HR
department to more effectively manage the internal workforce.

• Analytics. Analytics in CRM help create better customer satisfaction

rates by analyzing user data and helping create targeted marketing
campaigns.

• Artificial intelligence. AI technologies, such as Salesforce Einstein,

have been built into CRM platforms to automate repetitive tasks,
identify customer-buying patterns to predict future customer
behaviors and more.

• Project management. Some CRM systems include features to help

users keep track of client project details such as objectives, strategic
alignment, processes, risk management and progress.

• Integration with other software. Many CRM systems can integrate

with other software, such as call center and enterprise resource
planning (ERP) systems.
6.3.3 Types of CRM technology
The four main vendors of CRM systems
are Salesforce, Microsoft, SAP and Oracle. Other providers are popular
among small to midsize businesses, but these four tend to be the choice for
large corporations. The types of CRM technology offered are as follows:
6.3.3.1 Cloud-based CRM
With CRM that uses cloud computing, also known as SaaS (software as a
service) or on-demand CRM, data is stored on an external, remote network
that employees can access anytime, anywhere there is an internet
connection, sometimes with a third-party service provider overseeing
installation and maintenance. The cloud's quick, relatively easy deployment
capabilities appeal to companies with limited technological expertise or
resources.
Data security is a primary concern for companies using cloud-based
systems, as the company doesn't physically control the storage and
maintenance of its data. If the cloud provider goes out of business or is
acquired by another company, an enterprise's data can be compromised or
lost. Compatibility issues can also arise when data is initially migrated from
a company's internal system to the cloud. 93
Management Information Companies might consider cloud CRM as a more cost-effective option.
System
Vendors typically charge the user on a subscription basis and offer the
option of monthly or yearly payments. However, cost may still be a concern,
because paying subscription fees for software can be more costly over time
than with on-premises models.
Popular cloud-based CRM providers include Salesforce, HubSpot and
Zendesk.
6.3.3.2 On-premises CRM
This system puts the onus of administration, control, security and
maintenance of the database and information on the company using the
CRM software. With this approach, the company purchases licenses
upfront, instead of buying yearly subscriptions from a cloud CRM provider.
The software resides on the company's own servers and the user assumes
the cost of any upgrades. It also usually requires a prolonged installation
process to fully integrate a company's data. Companies with complex CRM
needs might benefit from an on-premises deployment.
Many cloud-based providers, such as Salesforce and WorkWise, also offer
on-premises versions of their CRM software.
6.3.4 Advantages of Customer Relationship Management
Enhances Better Customer Service
CRM systems provide businesses with numerous strategic advantages. One
of such is the capability to add a personal touch to existing relationships
between the business and the customers. It is possible to treat each client
individually rather than as a group, by maintaining a repository on each
customer’s profiles. This system allows each employee to understand the
specific needs of their customers as well as their transaction file.
The organization can occasionally adjust the level of service offered to
reflect the importance or status of the customer. Improved responsiveness
and understanding among the business employees results in better customer
service. This decreases customer agitation and builds on their loyalty to the
business. Moreover, the company would benefit more by getting feedback
over their products from esteemed customers.
Facilitates discovery of new customers
CRM systems are useful in identifying potential customers. They keep track
of the profiles of the existing clientele and can use them to determine the
people to target for maximum clientage returns.
New customers are an indication of future growth. However, a growing
business utilizing CRM software should encounter a higher number of
existing customers versus new prospects each week. Growth is only
essential if the existing customers are maintained appropriately even with
recruitment of new prospects.
94
94
Increases customer revenues ERP, SCM And CRM

CRM data ensures effective co-ordination of marketing campaigns. It is

possible to filter the data and ensure the promotions do not target those who
have already purchased particular products. Businesses can also use the data
to introduce loyalty programs that facilitate a higher customer retention
ratio. No business enjoys selling a similar product to a customer who has
just bought it recently. A CRM system coordinates customer data and
ensures such conflicts do not arise.

Helps the sales team in closing deals faster

A CRM system helps in closing faster deals by facilitating quicker and more
efficient responses to customer leads and information. Customers get more
convinced to turn their inquiries into purchases once they are responded to
promptly. Organizations that have successfully implemented a CRM system
have observed a drastic decrease in turnaround time.

Enhances effective cross and up selling of products

Cross – selling involves offering complimentary products to customers

based on their previous purchases. On the other hand, up – selling involves
offering premium products to customers in the same category. With a CRM
system, both cross and up – selling can be made possible within a few
minutes of cross – checking available data.

Enhances customer loyalty

CRM software is useful in measuring customer loyalty in a less costly

manner. In most cases, loyal customers become professional
recommendations of the business and the services offered. Consequently,
the business can promote their services to new prospects based on
testimonials from loyal customers. Testimonials are often convincing more
than presenting theoretical frameworks to your future prospects. With
CRM, it could be difficult pulling out your loyal customers and making
them feel appreciated for their esteemed support.

Builds up on effective internal communication

A CRM strategy is effective in building up effective communication within

the company. Different departments can share customer data remotely,
hence enhancing team work. Such a strategy is better than working
individually with no links between the different business departments. It
increases the business’s profitability since staff no longer have to move
physically move while in search of critical customer data from other
departments.

95
Management Information
System
6.4 SUMMARY

• ERP software can integrate all of the processes needed to run a

company.

• ERP solutions have evolved over the years, and many are now
typically web-based applications that users can access remotely.

• Some benefits of ERP include the free flow of communication

between business areas, a single source of information, and accurate,
real-time data reporting.
• An ERP system can be ineffective if a company doesn't implement it
carefully.
• Supply chain management (SCM) is the centralized management of
the flow of goods and services and includes all processes that
transform raw materials into final products.
• By managing the supply chain, companies can cut excess costs and
deliver products to the consumer faster.
• Good supply chain management keeps companies out of the headlines
and away from expensive recalls and lawsuits.
• The five most critical elements of SCM are developing a strategy,
sourcing raw materials, production, distribution, and returns.
• A supply chain manager is tasked with controlling and reducing costs
and avoiding supply shortages.
• A good CRM doesn’t stop at collecting information; it helps you
harness all of that data to:
• Get personal at scale, sending the right messages at the right times to
leads and clients
• Focus sales teams on the hottest prospects
• Shorten the sales cycle
• Monitor, analyse, and improve results

QUESTIONS

1. Explain various ERP Modules?

2. Explain scope of SCM?
3. What do you mean by CRM?
4. Explain Key features of effective Supply Chain Management?
5. Write short notes on CRM technology?
96
96
REFERENCES ERP, SCM And CRM

Enterprise Resource Planning ... by Alexis Leon

Directing the ERP Implementation by Michael W. Pelphrey

The CRM Handbook - Jill Dyché

Customer Relationship Management The Foundation of Contemporary

Marketing Strategy By Roger J. Baran Robert J. Galka



97
Management Information
System
7
BUSINESS INTELLIGENCE FOR MIS
Unit Structure
7.1 Objectives
7.2 Business Intelligence and MIS
7.3 what is Business Intelligence (BI),
7.4 Tools and Techniques of BI
7.5 why is BI Developed? How is BI used?
7.6 Process of generation of BI
7.7 MIS and BI.
7.8 Self Learning Topics: Case illustration of BI
7.9 Summary
7.10 Sample Questions
7.11 References

7.1 OBJECTIVES

• To Understand the nature of management information systems and

their applications in business.

• To Identify the major management challenges in building and using

information systems.

• To Learn and explore IT security and Infrastructure of management

information Systems and to understand the Business Intelligence and
its component.

7.2 BUSINESS INTELLIGENCE AND MIS

The term 'Business Intelligence' has evolved from the decision support
systems and gained strength with the technology and applications like data
warehouses, Executive Information Systems and Online Analytical
Processing (OLAP).
Business Intelligence System is basically a system used for finding patterns
from existing data from operations.

98
98
The definition of the term ‘Management Information System’ has been Business Intelligence for MIS
varies from person to person. It has more than one definition, some of which
are given below
1) The MIS is defined as a system which provides information to support
decision making process in the organization.
2) The MIS is defined as a system based on the database of the
organization evolved for the purpose of providing information to the
people in the organization.
3) According to Coleman and Riley ‘an MIS (a) applies to all
management levels; (b) is linked to an organizational subsystem; (c)
Functions to measure performance, monitor progress, evaluate
alternatives or provides knowledge for change or collective action,
and (d) is flexible both internally and externally’.
4) According to Schwartz, ‘MIS is a system of people, equipment
procedures, documents and communication that collects, validates,
operates, stores, retrieves, and present data for use in planning ,
budgeting , accounting, controlling and other management process’.
5) Thomas R. Prince defined MIS as ‘an approach that visualizes the
business organization a single entity composed of various inter-
related and inter – dependent sub systems looking together to provide
timely and accurately information for management decision making,
which leads to the optimization of overall enterprise goals’.
6) Frederick B. Cornish defined MIS as ‘structure to provide the
information needed when needed and where needed. Further, the
system represents the internal communication network of the business
providing the necessary intelligence to plan, execute and control.
Before business intelligence took over, many enterprises had another
information system called the MIS. Management Information Systems were
the heart of every business and played a vital role in data collecting, storage,
processing, and reporting. However, MIS had its disadvantages and became
a burden for many businesses.
With business intelligence entering the market, enterprises adopted BI, not
to replace MIS but to revamp their entire internal system. MIS is a small
part of the business intelligence framework and is no longer enough in the
competitive world to help establishments make the right decisions. Though
management information systems are still used by enterprises, many have
digitally transformed the systems and processes to get the best of business
intelligence. BI helps enterprises reduce their costs and increase returns by
enhancing customer experience and taking the businesses deeper into the
market.

7.3 WHAT IS BUSINESS INTELLIGENCE (BI)

BI(Business Intelligence) is a set of processes, architectures, and

technologies that convert raw data into meaningful information that drives
99
Management Information profitable business actions. It is a suite of software and services to transform
System
data into actionable intelligence and knowledge.
BI has a direct impact on organization’s strategic, tactical and operational
business decisions. BI supports fact-based decision making using historical
data rather than assumptions and gut feeling.
BI tools perform data analysis and create reports, summaries, dashboards,
maps, graphs, and charts to provide users with detailed intelligence about
the nature of the business.
Business intelligence or BI is a wider concept that combines MIS, business
analytics, data mining, data visualization, and much more. It is a modern
framework that helps enterprises adopt the data-driven model to make better
decisions based on historical and real-time data. BI gives businesses a
comprehensive view of the enterprise data and makes use of this
information to understand market trends, improve customer experience,
evaluate existing policies, and make changes to build a better enterprise.
Today’s BI tools and solutions offer self-service analysis to employees from
different levels in the organization. Business intelligence tools are flexible,
scalable, and user-friendly.

7.4 TOOLS AND TECHNIQUES OF BI

Business intelligence (BI) tools are types of application software that collect
and process large amounts of unstructured data from internal and external
systems, including books, journals, documents, health records, images,
files, email, video, and other business sources.
Typically used for more straightforward querying and reporting of business
data, business intelligence tools can combine a broad set of data analysis
applications including ad hoc analysis and querying, enterprise reporting,
online analytical processing (OLAP), mobile BI, real-time BI, operational
BI, cloud and software as a service BI, open-source BI, collaborative BI,
and location intelligence. It can also include data visualization software for
designing charts, as well as tools for building BI dashboards and
performance scorecards that display business metrics and KPIs to bring
company data to life in easy-to-understand visuals.
Tableau
Tableau is one of the most popular and simple Microsoft BI tools used in
organizations today. A much sought-after platform of BI, Tableau is among
the top in the best BI tools list. This integrated tool allows even non-
technical users to easily build personalized reports and dashboards to gain
valuable information. Further, it offers a varied range of graphical
representations that are extremely interactive and pleasing. This tool mainly
serves two functions, the collection of data and data analysis. It gathers data
from various sources such as spreadsheets and cloud applications. This
Business Intelligence software is used in numerous industries and business
100
100
sectors, including banking, manufacturing, education, sales, Business Intelligence for MIS
telecommunication, and more.
Features of Tableau:

• You can share dashboards and tools to perform group analysis on any
given dataset.

• You have the option to choose between two versions, the 32-bit
version and the 64-bit version.

• It has a feature to automatically update data, which allows the

organization to receive the latest data and extract useful information
from it in real-time.

• You can deploy the tool either on a local server or on the cloud server.
Datapine
Datapine is another commonly used BI software that is easy-to-use yet
powerful. This tool allows both professionals like Data Analysts and non-
technical professionals to analyze, explore, and visualize data from several
data sources. Additionally, it helps you collect the data from these sources
and analyze it using advanced analytical and predictive features.
Features of Datapine:

• It consists of easy and fast data connectors that integrate the necessary
data sources in a matter of a few seconds.

• You can use its unique drag-and-drop feature to create appealing data
visualizations in a few clicks, providing a user-friendly interface.

• It also involves advanced dashboards with interactive modern

features.

• There are at least 80 predefined dashboard templates catering to

various industries.
Sisense
The main purpose of the BI tool, Sisense, is to gather, analyze, and visualize
datasets, irrespective of their size. It is one of the most frequently used
dashboard BI tools with an intuitive feature that offers a user-friendly drag-
and-drop interface, allowing anyone to use and understand it, including
those who are not from an IT background.
In Sisense, you need to gather and store data in a singular database that can
be accessed for visualization and reporting purposes. Further, you can use
the data to build dashboards through various visualization and analytical
tools offered by the software. Moreover, you can share reports and
dashboards with your team members or other departments within the
organization, as well as outside. This allows enterprises to analyze various
patterns and build informed business strategies for improvement. 101
Management Information Features of Sisense:
System
• Its interactive and user-friendly dashboard provides drag-and-drop
features, along with accessible tools.

• Since data is centralized here, the time taken for data processing is
lesser.

• It offers attractive visualizations.

• You can use this tool to work on all sizes of datasets with no
complications.

• This tool also consists of the ETL facility, report and query writer,
data warehouses, and customized dashboards.
Yellowfin BI
Yellowfin BI, one of the best BI tools, is used as an end-to-end analytics
platform, combining Machine Learning and data visualization. You can
filter tons of data via intuitive filtering features such as radio buttons and
checkboxes. Besides, its mobile accessibility feature and flexibility allow
you to use, monitor and understand the dashboard from anywhere.
Features of Yellowfin BI:

• You can easily access the dashboard from anywhere including the
Wiki, the company intranet, mobile devices, or the website.
• Features like mapping mobile BI assist you to access and monitor the
organizational data.
• It allows you to make smarter and faster collective decisions.
• It offers interactive reports and data-rich presentations that can make
your insights more effective and presentable.
Power BI
Microsoft Power BI is one of the widely-used open-source BI tools that
provide an environment for the analysis, integration, and visualization of
data. This tool is efficient and effective in assisting organizations to make
informed business decisions.
Features of Power BI:

• Even non-technical users can easily use it to create a Power BI

project.
• It uses Power Pivot to perform analytical operations, and it is easy to
learn unlike the command language of Excel.

• Its Power Query feature allows you to load data automatically even
from extremely old databases for the report making.

102
102 • You can also use this software to share reports for free.
QlikView Business Intelligence for MIS

QlikView is a trending BI tool that allows you to develop apps, dashboards,

and visualizations. Besides, QlikView allows you to get a complete
overview of the information available in your data.
Features of QlikView:

• Its simple feature of drag-and-drop allows you to build interactive and

extremely flexible data visualizations.
• You can use natural search to navigate and access complex
information.
• It responds immediately to changes, updates, and interactions.
• It supports several file types and data sources.
• It provides easy security for content and data across endless devices.
• It uses a centralized hub to share relevant data and data analysis, along
with apps.
Top Business Intelligence Techniques
OLAP
Online Analytical Processing (OLAP) is an important business intelligence
technique, that is used to solve analytical problems with different
dimensions. A major benefit of using OLAP is that its multi-dimensional
nature provides leniency for users to look at data issues from different
views. By doing so, they can even identify hidden problems in the process.
OLAP is mainly used to complete tasks like budgeting, CRM data analysis,
and financial forecasting.
Data Visualization
Data is often stored in form of numbers that are put together as a matrix.
But interpreting the matrix to make business decisions is a critical task. A
commoner, or even an analyst, can find the progress of data when it is stored
as a set. To untangle the knot, data visualization is used. Data visualizations
help professionals look at data from more than one dimension and help them
make informed decisions. Therefore, visualization of data in charts is an
easy and convenient way to understand the stance.
Data Mining
Data mining is the process of analyzing large quantities of data to discover
meaningful patterns and rules by automatic or semi-automatic means. In a
corporate data warehouse, the amount of data stored is very huge. Finding
the actual data that could drive business decisions is quite critical.
Therefore, analysts use data mining techniques to unravel the hidden
patterns and relationships in data. Knowledge discovery in databases is the
whole process of using the database along with any required selection,
processing, sub-sampling, choosing the proper way for data transformation.

103
Management Information Reporting
System
Reporting in business intelligence represents the whole process of
designing, scheduling, generating the performance, sales, reconciliation,
and saving the content. It helps companies to effectively gather and present
information to stand by the management, planning, and decision-making
process. Business leaders get to view the reports at daily, weekly, or
monthly intervals as per their needs.
Analytics
Analytics in Business Intelligence defines the study of data to extract
effective decisions and figure out the trends. Analytics is famous among
business companies as it lets analysts and business leaders deeply
understand the data they have and drive value from it. Many business
perspectives, from marketing to call centers to use analytics in different
forms. For example, call centers leverage speech analytics to monitor
customer sentiments and improve the way answers are presented.
Multi-Cloud
Following the outbreak of the pandemic and the lockdown that came to
effect, companies across the globe started moving their routine working into
cloud modes. The rise of cloud technology has greatly impacted many
businesses. However, even after the restrictions are lifted, companies still
prefer to work over the cloud because of its lenient accessibility and easy-
to-use attributes. Moving a step forward, even Research & Development
initiatives are being moved to the cloud, thanks to its cost-saving and easy-
to-use nature.
ETL
Extraction-Transaction-Loading (ETL) is a unique business intelligence
technique that takes care of the overall data processing routine. It extracts
data from storage, transforms it into the processor, and loads it into the
business intelligence system. They are mainly used as a transaction tool that
transforms data from various sources to data warehouses. ETL also
moderates the data to address the need of the company. It improves the
quality level by loading it into the end targets such as databases or data
warehouses.
Statistical Analysis
Statistical analysis uses mathematical techniques to create the significance
and reliability of observed relations. It also grasps the change of behavior
in people that are visible in data with its distribution analysis and confidence
intervals. Post data mining, analysts carry out statistical analysis to devise
and get effective answers.

7.5 WHY IS BI DEVELOPED? AND HOW IS BI USED?

Business intelligence refers to the tools, techniques, strategies, applications
and practices businesses employ to collect, integrate, analyze and visualize
information. These tools help you make better decisions and drive
104
104
competitive advantages by leveraging robust predictive Business Intelligence for MIS
analytics capabilities.
Understand Customers: With effective business intelligence strategies
and practices, businesses can gauge their customers by analyzing their
buying patterns and creating robust customer profiles and personas. They
help develop better products and rich experiences for their users. One
example where organizations leverage the power of BI to understand
customers is customer segmentation. Most companies take customer
feedback in real time to retain existing customers and approach new ones.
Customer segmentation allows marketers to create distinct groups with
higher accuracy levels based on what products the customers buy, when
they buy, which channels they use to purchase and how often they buy.
These segments provide customers with a seamless experience through
custom offers, discounts and more.
Boost Business Operations Visibility: Organizations that leverage
business intelligence have better control and visibility over their processes.
It helps them identify and rectify errors or inefficiencies in existing
processes. It also allows them to predict unforeseen challenges and act
accordingly. Finding out the root cause of a problem and knowing where
and why the delays occur can prove useful for a logistics company
struggling with late deliveries. This level of insight into business processes
can also improve services.
Get Actionable Insights: It is important to back your business decisions
with sufficient data. BI gives you access to enormous amounts of
information to gain valuable insights and make better decisions. Some of
these metrics include the percentage of customers abandoning their carts.
This data gives you an idea of where customers are dropping off and lets
the business take necessary actions to mitigate the cart abandonment rates.
Improved Efficiency: Having a robust business intelligence solution in
place empowers you to boost the efficiency of your business, improve
overall performance and increase revenue. Making data available across all
departments reduces the waiting times for report requests and increases the
productivity of all teams with self-service capabilities. Data should be
available for everyone in the organization. It helps teams stay informed and
make data-driven decisions.
Access to Real-Time Data: A business intelligence solution provides
access to real-time information that reduces the risk of potential errors while
preparing critical data reports. Having access to real-time data enables you
to monitor the company’s health, detect and address operational
inefficiencies, act on short-term market fluctuations and boost customer
experiences.
Stronger Marketing Efforts: BI solutions let you create marketing
campaigns that boost ROI. It provides key metrics, including customer
acquisition cost (CAC), cost per lead (CPL), click-through rate (CTR) of
campaigns and more. It also enables you to understand employee
productivity, revenue, profit margins, sales in specific regions, department-
specific performances and more. It can uncover the strengths and
105
Management Information weaknesses of business processes and operations. It can also set up alerts to
System
track key metrics that matter most to your business.
Provides Competitive Advantages: Business intelligence solutions allow
you to understand what your competitors are up to, their strategies,
approaches and more. It helps you improve your products and services
while providing a seamless customer experience. Moreover, a company that
closely monitors its internal processes and systems always stays ahead of
the game. Manage and manipulate large amounts of data to perform
competitive analysis. Moreover, budgeting, planning and forecasting are
powerful ways to stay ahead of the competition. You can track competitors’
sales and marketing performance and learn to differentiate your products
and services.
Improved Reporting: These systems help you create robust reports while
slicing data to uncover hidden insights and trends. These insights help
organizations make better decisions and gain an advantage over their
competitors with ad hoc reporting capabilities. Monitor KPIs using KPI
software by leveraging financial, operations and sales data from different
sources. Generate reports in real time to make accurate decisions. Reports
consist of easy-to-read visualizations such as tables, charts and graphs.
Interactive reports let you play around with different variables and gauge
trends, patterns and insights.
Identify Market Trends: Leverage external market data to detect sales
trends and target regions that qualify for huge profit margins. Analyze
customer data and market conditions to identify new markets. Some
organizations leverage social media to gauge the market through user
comments and feedback. Social media proves to be a valuable source for
insights into customer preferences and pain points.
Increase Revenue: Leverage BI tools to ask questions about why things
happened through making comparisons across various dimensions. Identify
sales weaknesses, get customer feedback, analyze competitors and improve
operations with the help of BI to boost revenue.
Human Resources: Businesses utilize human resources data to perform
employee productivity analysis, compensation and payroll tracking,
determine upskilling needs, gain useful insights into employee performance
and satisfaction and create high-performing organizations.
Finance: BI tools provide valuable insights into financial performance. It
helps you track quarterly and annual budgets, identify potential issues
before they occur and boost organizational health and financial stability. It
tracks customer behaviors to prevent fraudulent activities and ensures
regulatory compliance while addressing potential insider threats.
Sales and Marketing: BI solutions analyze consumer behavior and buying
patterns to develop products and services to match their needs. You can
create robust visualizations for sales performance, in-depth conversion rates
and total revenue analysis. Gauge markets to identify potential selling
opportunities and perform competitive analysis to plan future courses of
106
106
action. View performance and trends of current and past marketing Business Intelligence for MIS
campaigns, a breakdown of cost per lead, return on investment, site traffic
analytics and actionable information on marketing dashboards.

7.6 PROCESS OF GENERATION OF BI

The development of a business intelligence system can be assimilated to a

project, with a specific final objective, expected development times and
costs, and the usage and coordination of the resources needed to perform
planned activities.
Analysis: During the first phase, the needs of the organization relative to
the development of a business intelligence system should be carefully
identified. This preliminary phase is generally conducted through a series
of interviews of knowledge workers performing different roles and
activities within the organization. It is necessary to clearly describe the
general objectives and priorities of the project, as well as to set out the costs
and benefits deriving from the development of the business intelligence
system.
Design - The second phase includes two sub-phases and is aimed at deriving
a provisional plan of the overall architecture, taking into account any
development in the near future and the evolution of the system in the
midterm
Planning - The planning stage includes a sub-phase where the functions of
the business intelligence system are defined and described in greater detail.
Subsequently, existing data as well as other data that might be retrieved
externally are assessed. This allows the information structures of the
business intelligence architecture, which consist of a central data warehouse
and possibly some satellite data marts, to be designed.
Implementation and control: The last phase consists of five main sub-
phases. First, the data warehouse and each specific data mart are developed.
These represent the information infrastructures that will feed the business
intelligence system. In order to explain the meaning of the data contained
in the data warehouse and the transformations applied in advance to the
primary data, metadata archive should be created.

107
Management Information
System
7.7 MIS AND BI.

Business Intelligence (BI) is a modern age technological concept where

organizations irrespective of whether big or small invests in these solutions.
The reasons for such investments are different based on the business wise
specific requirements and industry verticals. The best part that BI offers
over MIS is the interactivity function.
MIS is just a small part of the entire Business Intelligence (BI) framework.
These were especially used for revenue and expense reporting, burdened
with inaccuracy, inconsistency and unmanageable complications.
Business Intelligence aka BI is a modern age technological idea where
organizations irrespective of size invests in these solutions. The reasons for
such investments are different based on the business-wise specific
requirements and industry verticals. The best part that BI offers over
Management Information Systems aka MIS is the interactivity function.
MIS is just a small part of the entire BI framework.
Traditional MIS systems turn out with imprecision, inconsistency, and
unruly complexity. Thus the way the data is collected, stored, compiled and
presented to management makes it unfit for analysis and decision making.
Limitations of MIS

• Conventional MIS furnishes reports and data in an aggregate form

• Conventional MIS doesn’t facilitate data massaging between inter-

department or cost/profit centres
Benefits of Business Intelligence System over conventional MIS.

• Uniform, reliable and error-free reports: rather than aggregated

reports

• Data warehouse/Data lake from multiple systems and

software: integrate customer, process, marketing, finance, etc
specific data at a single source of truth

• Role-specific & row-level security enabled reports: allow access of

data to the manager with information relevant to their function/role

• Web-based dashboards: prevent access of sensitive data to

unauthorized users

• Scheduling automated refresh: set alerts and rules to view the latest
data and receive reports securely from systems.

• Reduction in man-hours (FTE: full-time employee): save a

considerable amount of time and efforts switching between teams.

108
108
7.8 SELF LEARNING TOPICS: CASE ILLUSTRATION Business Intelligence for MIS

OF BI

Conduct a case study on any two of the following topics:

1) How does Netflix use Business Intelligence?
2) New York Shipping Exchange: BI Reduces IT dependency.
3) SKF Bearings: BI Streamlining Manufacturing Process.
4) Starbucks Loyalty card and BI integration.
5) Tesla – connect car wirelessly.
6) Twitter – Use of BI to fight with inappropriate contents.
7) UBER – BI Application in core aspect.
8) Walmart – BI in understanding online customer behaviour.

7.9 SUMMARY

Information is considered as the lifeblood of the organization. It plays an

important and effective role in managing the day-to-day affairs of a business
organization. Business managers at top level and at operational level are
generally confronted with complex problems which are emerging as a result
of high rate of growth, change in business size, and development in the field
of technical, change in consumer’s preferences and change in brand
loyalties, intense degree of competition nationally and internationally, and
changing government policies and regulations etc..

7.10 SAMPLE QUESTIONS

1) List different Definitions Business Intelligence as defined by different

Authors and researchers?
2) List the various BI tools available. Also explain the features of BI
Tools.
3) Explain any five Business Intelligence techniques.
4) Explain the reasons why is BI Developed?
5) Explain the application of BI in business domain?
6) List and explain the different phases in development of BI System.

109
Management Information
System
7.11 REFERENCES

1. Management Information Systems- A global digital Enterprise

perspective, 5th edition - By W.S.Jawdekar, TMG Publications
2. MIS: Managing Information Systems in Business, Government and
Society, 2ed by Rahul De, Wiley
3. Management Information System, James O‘Brien, 7th edition, TMH
4. Management Information Systems, Loudon and Loudon, 11th edition,
Pearson.



110
110
 8
MANAGING INFORMATION SYSTEMS
AND INFORMATION TECHNOLOGY
INFRASTRUCTURE
Unit Structure
8.1 Objectives
8.2 Introduction
8.3 Managing Information System
8.3.1 Challenges of Managing the IT Function
8.3.2 Vendor Management
8.3.3 IT Governance
8.4 Information Technology Infrastructure and Choices.
8.4.1 What is the IT Infrastructure?
8.4.2 IT Infrastructure Decisions
8.4.3 Infrastructure Components
8.4.4 Networks
8.5 Self Learning Topics: Case Study of Managing Information System
8.6 Summary
8.7 Practice Questions
8.8 References

8.1 OBJECTIVES

To make you understand the role of information technology in an

organization.
To understand the leadership role of Management Information Systems in
achieving business competitive advantage through informed decision
making.
To analyze and synthesize business information and systems to facilitate
evaluation of strategic alternatives.
To effectively communicate strategic alternatives to facilitate decision
making.

8.2 INTRODUCTION

MIS Meaning: A management information system is an acronym of three

words, viz., Management, information, system. In order to fully understand
the term MIS, let us try to understand these three words.
111
Management Information 1. Management: Management is the art of getting things done through
System
and with the people in formally organised groups.
2. Information: Information is data that is processed and is presented in
a form which assists decision-making. It may contain an element of
surprise, reduce uncertainty or provoke a manager to initiate an
action.
3. System: A system is an orderly grouping of interdependent
components linked together according to a plan to achieve a specific
goal. The term system is the most loosely held term in management
literature because of its use in different contexts.
MIS is the Study of People, Technology and Organizations.

8.3 MANAGING INFORMATION SYSTEM:

8.3.1 Challenges of Managing the IT Function

1. Lack of Powerful Computing Platforms
The major challenge in growing processing power of computers has
been the lack of energy and space to power supercomputers. IT
managers have always been on the lookout for better and faster
systems which will help in the faster processing of the large amounts
of data available today.
2. Data Acquisition Problems
Firewalls which protect emails, applications and web browsing can
cause important packet losses in the TCP/IP networks. This can result
in important data loss and reduce the network speeds considerably,
making the online collaboration impossible. Similar losses can occur
due to the switches and routers which do not have the required high-
speed memory.
3. Compute Management and Provisioning
One of the biggest challenges for IT managers is the humongous
amounts of data that is available today. High-performance computing
of these large data sets will require virtualization and automation to
avoid adding more people to these processes. The major challenge for
IT managers is to simplify these tasks and speed up the processing.
4. Lack of Efficient Data Storage Architectures
Cloud storage has taken over in most of the cases in the modern world.
Though it is a cost-effective and scalable alternative for data storage
for IT managers, it does not provide the required data storage
architectures which can accommodate a variety of applications. The
IT community needs something more flexible which is beyond space
and cost in cloud storage options.
112
112
5. Dearth of Ways to Improve Data Analytics Managing Information
Systems and Information
Currently there are not many methods in place which can be used by Technology Infrastructure
IT managers to separate quality data from the humongous data sets. It
is important to identify patterns in the data and correctly analyze it
and use it to take business decisions in infrastructure management.
6. Improper Networks and Connectivity
For any organization to work smoothly, it is important that there is a
good and reliable network in place. Without a reliable network
connection, IT infrastructure management can be a difficult task for
any IT manager of the organization. New software-based methods and
network architecture design are required for the optimization of data.
7. Decreased performance levels
In a fiercely competitive business environment, companies expect
their employees to perform their best and meet their productivity
goals. While it is common for employees to go through periods of
time where they are less productive and motivated, there are ways to
help them feel motivated again. If left unresolved, a decrease in
productivity can affect the performance of other team members and
overall project goals.
8. Hiring skilled employees
Making the right hiring decisions is crucial for the long-term success
of a business. Apart from the right skills and experience, managers
look for people who can fit in with the company culture. The team can
benefit from new employees who can settle in quickly and do not
require extensive guidance. A wrong hiring decision can negatively
impact your team's morale. If some employees constantly fail to
handle their assigned tasks, it could affect the team's overall
performance and result in friction within the team.
9. Poor communication and Team Work
Another challenge that managers face when overseeing teams is
ensuring effective communication. Because every team member has
a different personality, there is a chance for miscommunication from
time to time. Communication problems can escalate and affect work
relationships and productivity.
A lack of cohesiveness in a team can cause several managerial issues.
The team might have poor communication or face trouble working
well together. Some team members may focus more on completing
their specific tasks and less on collaborating with the rest of the team.
This can have a detrimental effect on a project's progress and can even
affect the company's long-term business interests.
10. Time management
Managers are in charge of ensuring that the team completes their work
on schedule. If the team falls behind, it might affect other planned
schedules and the company's business interests. This can create stress
within the team and lead to poor productivity or work quality. In their 113
Management Information rush to finish the project, the employees might lose their focus and
System
make mistakes, resulting in revisions and more delays.
11. Retaining high performers
Employees with specialised skills are in demand across industries. It
is part of a manager's job to make an effort to retain these high
performers. Otherwise, they are likely to move on to other companies
where they are better appreciated. Staff retention is one of the most
pressing issues in management.
8.3.2 Vendor Management
Vendor management is a term that describes the processes organizations use
to manage their suppliers, who are also known as vendors. Vendor
management includes activities such as selecting vendors, negotiating
contracts, controlling costs, reducing vendor-related risks and ensuring
service delivery.
The vendors used by a company will vary considerably depending on the
nature of the organization, and could include companies as diverse as
seafood suppliers, IT vendors, cleaners and marketing consultants. Vendors
can also range in size from sole traders to large organizations.
Companies may use a vendor management strategy to ensure vendor
relationships deliver the intended value, with efficient processes. A strategy
may include areas such as setting out clear and quantifiable goals, tracking
KPIs and building and maintaining effective relationships with vendors.
Companies may also classify their suppliers in order to identify their
strategic vendors and invest in strengthening those relationships. Other
considerations may include taking steps to avoid relying too heavily on a
particular vendor.
Vendor management process
The vendor management process includes a number of different activities,
such as:
• Selecting vendors. The vendor selection process includes researching
and sourcing suitable vendors and seeking quotes via requests for
quotation (RFQs) and requests for proposal (RFPs), as well as
shortlisting and selecting vendors. While price will inevitably be a
consideration during the selection process, companies will also need
to evaluate other factors when deciding which vendors to appoint for
a particular contract, such as a vendor’s reputation, capacity and track
record, as well as the vendor’s ability to communicate effectively.
• Contract negotiation. It’s important to get the contract right at the
outset and to ensure the terms agreed benefit both parties. Negotiating
a contract can take time, and the process will include defining the
goods or services that will be included, the start and end dates of the
arrangements and all essential terms and conditions. Attention may
also need to be paid to areas such as confidentiality and non-compete
clauses.

114
114
• Vendor onboarding. This will involve gathering the documentation Managing Information
Systems and Information
and information needed to set the vendor up as an approved supplier Technology Infrastructure
to the company and ensure that the vendor can be paid for the goods
or services they provide. As well as essential contact and payment
information, the onboarding process may also include information
such as relevant licenses held by the vendor, as well as tax forms and
insurance details.

• Monitoring vendor performance. As part of the vendor management

process, companies will monitor and evaluate the performance of
their vendors. This may include evaluating their performance against
key performance indicators (KPIs) such as quality and volume of
goods or delivery dates.

• Monitoring and managing risk. Vendors should be monitored for risks

that could impact the company, such as the risk of compliance
breaches, lawsuits, data security issues and loss of intellectual
property. Companies will also need to monitor the risk that a vendor’s
actions or a failure to provide goods and services as agreed may result
in disruption to the company’s operations.

• Payment. Ensuring vendors are paid on time for the goods and
services they provide, in line with the agreed terms.
8.3.3 IT Governance
IT governance is the alignment of leadership, organizational structures, and
processes to actualize and sustain the organizational objectives through the
use of IT.
The need for IT governance is felt because the interests of the organization
and those managing the IT systems can be at odds or in other words, there
is a conflict between these two imperatives. Thus, IT governance is needed
to ensure that the IT systems are doing their assigned duty and that the
objectives of the CEO and the CIO are the same. Indeed, it can be said that
IT governance includes all the key stakeholders in the organization starting
with the executive management and the boards and including the staff,
customers, and other stake holders. It also needs to be mentioned that
corporate governance and IT governance must not be viewed in isolation
but must act and move in tandem. IT governance is a subset of corporate
governance and that both must be framed in a mutually dependent manner.
the objectives of IT governance can be summed up as assuring the creation
of value through the use of IT; oversight of the management’s performance;
mitigation of the risks associated with the use of IT; and a general tendency
to have oversight over the IT systems so that there is alignment between the
organizational goals and the goals of the IT systems. The key reasons why
organizations use the IT frameworks are to ensure that they use the IT
systems in an efficient and effective manner. Further, risk mitigation and
performance management are key business imperatives, which the
organization must follow so that there are no surprises for its operations and
that the business objectives are being met.
115
Management Information
System
8.4 INFORMATION TECHNOLOGY
INFRASTRUCTURE AND CHOICES:

8.4.1 What is the IT Infrastructure?

Technology powers nearly every aspect of today’s businesses, from an
individual employee’s work to operations to goods and services. When
properly networked, technology can be optimized to improve
communication, create efficiencies and increase productivity.
IT infrastructure refers to the composite hardware, software, network
resources and services required for the existence, operation and
management of an enterprise IT environment. IT infrastructure allows an
organization to deliver IT solutions and services to its employees, partners
and/or customers and is usually internal to an organization and deployed
within owned facilities.
If an IT infrastructure is flexible, reliable and secure, it can help an
enterprise meet its goals and provide a competitive edge in the market.
Alternatively, if an IT infrastructure isn’t properly implemented, businesses
can face connectivity, productivity and security issues—like system
disruptions and breaches. Overall, having a properly implemented
infrastructure can be a factor in whether a business is profitable or not.
With an IT infrastructure, a company can:

• Provide a positive customer experience by providing uninterrupted

access to its website and online store.

• Develop and launch solutions to market with speed.

• Collect data in real time to make quick decisions.

• Improve employee productivity.

8.4.2 IT Infrastructure Decisions
In order for IT organizations to efficiently deliver on their objectives to
provide reliable computing services to the business, IT organizations must
provide the services in a repeatable and predictable manner. This leads to
the definition and creation of a variety of best practices. Best practices can
include a combination of how people interact with the process, decision
making steps, and leveraging technology to invoke a variety of tasks -
people, process, and technology. These best practices are readily
implemented as flows within the Decisions Workflow Automation
Platform.
What’s driving your IT infrastructure purchase? Nearly half of new
infrastructure purchases are refreshing or replacing older infra, the other
half are powering a new project or adding capacity. No matter which
category you fall into, your choices on how to architect a solution are
significantly more robust than they were just five years ago. According to
116
116
IDC, the average lifecycle of an x86 server is 4-5 years. Considering the Managing Information
Systems and Information
hardware, software and technology advances, how do you evaluate which Technology Infrastructure
architecture will not only power your applications but also reduce IT
complexity and ensure you are maximizing your per core licensing
expenses?
Getting your IT infrastructure right is one of the most important decisions
an organization can make for a company. It can increase efficiency and
productivity, help you take advantage of business opportunities, and
improve the user experience for customers and employees.
Getting it wrong also has consequences. You can add new levels of
frustration for everyone, lose business, and prevent the company from
competing the way it should. It becomes a speed limit on your path to
success, and an obstacle to productivity. And at its worst, it can be the
reason the business fails. But it doesn’t have to be that way.
Companies make better IT decisions and overcome the three key stumbling
blocks. Once an organization has their baseline and some level of
benchmarking, they often look at optimizing the cost:performance
efficiency by moving some of their workloads or applications to alternative
infrastructures, internally or externally. But which infrastructure options are
going to best meet your needs? Here are the four key questions to answer to
improve your infrastructure decision-making:
1. What are my costs now? As we’ve discussed in previous baselining
blogs, it’s critical to understand your existing unit cost efficiency
based on your current infrastructure capacity, consumption patterns
and costs.
2. What could the costs be? You need an apples-to-apples comparison
of your costs to other options in the market, whether that’s additional
on-premise infrastructure, a cloud service provider, or a hybrid of the
two.
3. What is everyone else paying? Ideally you’d like to know what others
in the market are paying. Not the list prices, but what do other
organizations like yours actually pay and what is their infrastructure
cost efficiency.
4. What are my costs after I make a move? Once you know all the of the
above information and you make a decision to optimize your
infrastructure footprint in some way, after that change is made you
need the ability to track forecast-to-actual cost efficiency. In other
words, am I improving as expected, and what are the next steps for
further improvement (or additional course correction)?
Deciding what type of IT infrastructure is right for your company can be
deceptively difficult. While one option might have initial appeal, a careful
analysis might reveal better choices. It’s important to give consideration to
a number of factors before making a final decision. Some of those factors
include:
117
Management Information 1. Business plan. What is the company trying to accomplish
System
specifically? As a growing company (or a market leader), what type
of infrastructure would put you in the best position to succeed? How
would a different type of format help you accomplish your goals
faster, and how would you overcome the drawbacks?
2. Employee feedback. It’s important to get input from the people who
will be using your IT infrastructure on a daily basis. What’s limiting
them today, and what would help them do their job better? What
technology frustrations could be solved with a different or updated
approach? You might find that their concerns reveal challenges that
weren’t considered at the executive level. Consulting with favored
clients or vendors could be beneficial as well. If they’re impacted by
your IT decisions, their outside view might reveal missed
opportunities or obstacles your team hadn’t considered.
3. Existing IT assets. Assessing your needs involves assessing what
you already have. If you’ve already made a significant hardware
investment, abandoning it entirely would be a costly and wasteful
decision. But if you’re starting from scratch, or you know your IT
assets are lacking, you have more freedom to go in a new direction.
Incorporating what you have into a new plan (if possible) would be
an efficient way to expand your opportunities while making the most
of existing resources.
8.4.3 Infrastructure Components
The components of IT infrastructure are made up of interdependent
elements, and the two core groups of components are hardware and
software. Hardware uses software—like an operating system—to work.
And likewise, an operating system manages system resources and hardware.
Operating systems also make connections between software applications
and physical resources using networking components.
Hardware
Hardware components can include:

• Desktop computers
• Servers
• Data centers
• Hubs
• Routers
• Switches
• Facilities
Software
Software components can include:

• Content management systems (CMS)

• Customer relationship management (CRM)
118
118
• Enterprise resource planning (ERP) Managing Information
Systems and Information
• Operating systems Technology Infrastructure

● Web servers
Facilities
Facilities or physical plants provide space for networking hardware, servers
and data centers. It also includes the network cabling in office buildings to
connect components of an IT infrastructure together.
Network
Networks are comprised of switches, routers, hubs and servers. Switches
connect network devices on local area networks (LAN) like routers, servers
and other switches. Routers allow devices on different LANs to
communicate and move packets between networks. Hubs connect multiple
networking devices to act as a single component.
Server
A core hardware component needed for an enterprise IT infrastructure is a
server. Servers are essentially computers that allow multiple users to access
and share resources.
Server room/data center
Organizations house multiple servers in rooms called server rooms or data
centers. Data centers are the core of most networks.
8.4.4 Networks
A computer network is a communications system connecting two or more
computers that work to exchange information and share resources
(hardware, software and data). A network may consist of microcomputers,
or it may integrate microcomputers or other devices with larger
computers. Networks may be controlled by all nodes working together
equally or by specialized nodes coordinating and supplying all
resources. Networks may be simple or complex, self-contained or
dispersed over a large geographical area.
Network architecture is a description of how a computer is set-up
(configured) and what strategies are used in the design. The
interconnection of PCs over a network is becoming more important
especially as more hardware is accessed remotely and PCs
intercommunicate with each other.
Different communication channels allow different types of networks to be
formed. Telephone lines may connect communications equipment within
the same building. Coaxial cable or fiber-optic cable can be installed on
building walls to form communication networks. You can also create your
own network in your home or apartment. Communication networks also
differ in geographical size.
Three important networks according to geographical size are LANs, MANs
and WANs.
119
Management Information Local Area Network (LAN)
System
A LAN allows all users to share hardware, software and data on the
network.
Minicomputers, mainframes or optical disk storage devices can be
added to the network.
Metropolitan Area Network (MAN)
Metropolitan Area Network (MAN)
A MAN is a computer network that may be citywide. This type of network
may be used as a link between office buildings in a city. The use of cellular
phone systems expand the flexibility of a MAN network by linking car
phones and portable phones to the network.
Wide Area Networks (WAN)
Wide Area Networks (WAN)
A WAN is a computer network that may be countrywide or worldwide. It
normally connects networks over a large physical area, such as in different
buildings, towns or even countries. A modem connects a LAN to a WAN
when the WAN connection is an analogue line.
For a digital connection a gateway connects one type of LAN to another
LAN, or WAN, and a bridge connects a LAN to similar types of LAN. This
type of network typically uses microwave relays and satellites to reach users
over long distances. The widest of all WANs is the Internet, which spans
the entire globe.
Network protocols
Protocols are the set of conventions or rules for interaction at all levels of
data transfer. They
have three main components:

• Syntax – data format and signal types

• Semantics – control information and error handling

• Timing – data flow rate and sequencing

Numerous protocols are involved in transferring a single file even when
two computers are directly connected. The large task of transferring a piece
of data is broken down into distinct sub tasks. There are multiple ways to
accomplish each task (individual protocols). The tasks are well described
so that they can be used interchangeably without affecting the overall
system.

120
120
Internet Managing Information
Systems and Information
Technology Infrastructure
The Internet is a giant worldwide network. The Internet started in 1969
when the United States government funded a major research project on
computer networking called ARPANET (Advanced Research Project
Agency NETwork). When on the Internet you move through
cyberspace.
Cyberspace is the space of electronic movement of ideas and information.
The web provides a multimedia interface to resources available on the
Internet. It is also known as WWW or World Wide Web. The web was
first introduced in 1992 at CERN (Centre for European Nuclear Research)
in Switzerland. Prior to the web, the Internet was all text with no graphics,
animations, sound or video.

8.5 SELF LEARNING TOPICS: CASE STUDY OF

MANAGING INFORMATION SYSTEM

1. Management Information System at Dell –

https://www.mbaknol.com/management-information-systems/case-study-
management-information-system-at-dell/
2. MIS Project Harvard Case Solution & Analysis
https://www.thecasesolutions.com/mis-project-142261
3. Management Information System: Case Study of Amazon.Com
https://www.academia.edu/34174509/Management_Information_System_
Case_Study_of_Amazon_Com
4. Nestle Management Information System Case Study
https://www.studypool.com/documents/1331576/nestle-management-
information-system-case-study-questions
5. Case Study on MIS: Information System in Restaurant
https://www.mbaknol.com/management-information-systems/case-study-
on-mis-information-system-in-restaurant/

8.6 SUMMARY

Information is considered as the lifeblood of the organization. It plays an

important and effective role in managing the day-to-day affairs of a business
organization. Business managers at top level and at operational level are
generally confronted with complex problems which are emerging as a result
of high rate of growth, change in business size, and development in the field
of technical, change in consumer’s preferences and change in brand
loyalties, intense degree of competition nationally and internationally, and
changing government policies and regulations etc.. 121
Management Information
System
8.7 PRACTICE QUESTIONS

1. Define Management Information System. Explain in what way MIS

helps an organization.
2. What are the challenges of managing IT functions in an organization?
Explain in details.
3. Explain the importance of Vendor management in MIS.
4. Explain the step by step process of vendor management.
5. Write a note on IT Governance.
6. What is IT Governance?
7. What is the process of IT infrastructure decision making?
8. Explain the different components of IT Infrastructure.
9. Write a short note on computer networks.
10. Prepare a case study on MIS in any one of the following:
i. Financial MIS
ii. Marketing MIS
iii. Sales and Marketing
iv. Accounting and Finance
v. Human Resources
vi. Office Automation/Enterprise Collaboration

8.8 REFERENCES

1. Management Information Systems- A global digital Enterprise

perspective, 5th edition - By W.S.Jawdekar, TMG Publications
2. MIS: Managing Information Systems in Business, Government and
Society, 2ed by Rahul De, Wiley
3. Management Information System, James O‘Brien, 7th edition, TMH
4. Management Information Systems, Loudon and Loudon, 11th edition,
Pearson.



122
122
 9
INFORMATION SECURITY AND
THREATS
Unit Structure
9.0 Objectives
9.1 Information Security
9.1.1 Introduction
9.1.2 Principles of Information Security
9.1.3 Information Security vs Cyber Security
9.2 Threats and Vulnerability
9.2.1 Introduction
9.2.2 Information Security Concerns
9.3 Controlling Security Threat and Vulnerability
9.4 Managing Security Threat in E-Business
9.5 Measures of Information Security
9.6 Information Security Management

9.0 OBJECTIVES

Learning Objectives: This is to make the students familiar with various

concerns of information security that prevails in both local and global
network environment.
Learning Outcomes: Students will be aware of the various information
security concerns and challenges prevailing in an organisation at local and
global network level.

9.1 INTRODUCTION

The term 'information security' means protecting information and

information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction to provide integrity,
confidentiality, and availability.
Information security, sometimes abbreviated to infosec or data security, is
a set of practices followed to ensure data security and prevent unauthorized
access or alterations, during storage as well as transmission from one
physical system to another.
123
Management Information As the importance of knowledge is increasing in the 21st century's, all
System
efforts to keep information secure have correspondingly become
increasingly important.
PRINCIPLE OF INFORMATION SECURITY -CIA Triad
Confidentiality
Confidentiality is about preventing an unauthorised user to access the
information. The purpose of the confidentiality principle is to keep personal
information private and to ensure that it is visible and accessible only to
those individuals who own it or need it to perform their organizational
functions.
Integrity
Integrity is about keeping the information consistent which includes
protection against unauthorized changes (additions, deletions, alterations,
etc.) to data. This principle ensures that data is accurate and reliable and is
not modified whether accidentally or maliciously.
Availability
Availability is about making the system available to the authorised users
whenever required. The purpose of availability is to make the technology
infrastructure, the applications, and the data available when they are needed
for an organizational process or for an organization’s customers.
Information Security vs Cybersecurity
Information security includes Cybersecurity as a subcategory. Information
security is a broad field that covers many areas such as physical security,
endpoint security, data encryption, and network security. It is also closely
related to information assurance, which protects information from threats
such as natural disasters and server failures.
Cybersecurity primarily addresses technology-related threats, with
practices and tools that can prevent or mitigate them. Another related
category is data security, which focuses on protecting an organization’s data
from accidental or malicious exposure to unauthorized parties.
They can be summarised as follows: -

• Value of Data: Infosec and Cybersec both are aiming to protect is

the value of data. Data that is more valuable to you and your
organization should have the highest levels of protection. Cyber
security tries to safeguard your organization’s commercial
information and protect IT systems from digital hacking activities that
could result in valuable data being accessed. Infosec is aimed at
protecting the value of your company’s information assets from any
type of threat, digital or not.

124
124
• Security professional priorities: Cybersecurity professionals are Information Security
and Threats
most concerned with preventing active threats, such as hacking
attempts and viruses. On the other hand, infosec professionals have a
broader remit, including policies, procedures, and organizational roles
and responsibilities to ensure confidentiality, integrity, and
availability.

• Focus of infosec vs cybersec: Cyber security focuses on establishing

protection from digital threats arising outside the organization.
Information security focuses on implementing policies and
procedures to protect the confidentiality, integrity, and availability of
all types of information asset.

• Threats: Cyber security is only concerned with cyber threats.

Information security is concerned with threats of all types.

9.2 INFORMATION SECURITY THREATS AND

VULNERABILITIES

Introduction
The word ‘threat’ and ‘vulnerability’ are often used interchangeably
but they are not the same. A threat is a person or event that has the potential
for impacting a valuable resource adversely. A vulnerability is that quality
of a resource or its environment that allows the threat to be realized. An
armed bank robber is an example of a threat. A bank teller is an example of
a valuable resource that may be vulnerable during a bank robbery. Bullet-
proof glass between the robber and the teller denies the robber the
opportunity to shoot the teller. The threat remains present, but one of its
harmful effects (a gun shot) has been mitigated by a protection mechanism
(the glass).
A vulnerability refers to a known as a loophole of an asset (resource) that
can be exploited by one or more attackers. In other words, it is a known
issue that allows an attack to succeed.
For example, when a team member resigns and you forget to disable their
access to external accounts, change logins, or remove their names from
company credit cards, this leaves your business open to both intentional and
unintentional threats. However, most vulnerabilities are exploited by
automated attackers and not a human typing on the other side of the
network.
Information Security threats can be many like Software attacks, theft of
intellectual property, identity theft, theft of equipment or information,
sabotage, and information extortion.
Threat can be anything that can take advantage of a vulnerability to breach
security and negatively alter, erase, harm object or objects of interest.

125
Management Information Software attacks means attack by Viruses, Worms, Trojan Horses etc.
System
Many users believe that malware, virus, worms, bots are all same things.
But they are not same, only similarity is that they all are malicious software
that behaves differently.
Malware is a combination of 2 terms- Malicious and Software. So,
Malware basically means malicious software that can be an intrusive
program code or anything that is designed to perform malicious operations
on system. Malware can be divided in 2 categories:
1. Infection Methods
2. Malware Actions
Malware on the basis of Infection Method is classified into following:
1. Virus – They have the ability to replicate themselves by hooking
them to the program on the host computer like songs, videos etc and
then they travel all over the Internet. The Creeper Virus was first
detected on ARPANET. Examples include File Virus, Macro Virus,
Boot Sector Virus, Stealth Virus etc.
2. Worms – Worms are also self-replicating in nature, but they don’t
hook themselves to the program on host computer. Biggest difference
between virus and worms is that worms are network aware. They can
easily travel from one computer to another if network is available and
on the target machine, they will not do much harm, they will, for
example, consume hard disk space thus slowing down the computer.
3. Trojan – The Concept of Trojan is completely different from the
viruses and worms. The name Trojan is derived from the ‘Trojan
Horse’ tale in Greek mythology, which explains how the Greeks were
able to enter the fortified city of Troy by hiding their soldiers in a big
wooden horse given to the Trojans as a gift. The Trojans were very
fond of horses and trusted the gift blindly. In the night, the soldiers
emerged and attacked the city from the inside.
Their purpose is to conceal themselves inside the software that seem
legitimate and when that software is executed, they will do their task
of either stealing information or any other purpose for which they are
designed. They often provide backdoor gateway for malicious
programs or malevolent users to enter your system and steal your
valuable data without your knowledge and permission. Examples
include FTP Trojans, Proxy Trojans, Remote Access Trojans etc.
Bots –: can be seen as advanced form of worms. They are automated
processes that are designed to interact over the internet without the
need for human interaction. They can be good or bad. Malicious bot
can infect one host and after infecting creates connection to the central
server which will provide commands to all infected hosts attached to
126
126 that network called Botnet.
Malware classified on the basis of Actions: Information Security
and Threats
• Theft of intellectual property means violation of intellectual
property rights like copyrights, patents etc.
• Identity theft means to act someone else to obtain person’s personal
information or to access vital information they have like accessing the
computer or social media account of a person by login into the account
by using their login credentials.

• Theft of equipment and information is increasing these days as the

devices are portable today and the information capacity is increasing.
• Sabotage means destroying company’s website to bring losses to
organisation by preventing transactions and also affecting the
confidence of the customer on the company thereby impacting the
overall goodwill of an organisation.
• Information extortion means theft of company’s property or
information to receive payment in exchange. For example,
ransomware may lock victims file making them inaccessible thus
forcing victim to make payment in exchange. Only after payment
victim’s files will be unlocked.
Information Security Concerns
Security Concerns can be classified into the following four concerns
Environmental concerns include undesirable site-specific chance
occurrences such as lightning, dust and sprinkler activation.
Examples of Environmental (Unknown or Unforeseen circumstances or
contingency)

• Fire
• Flood
• Tsunami
• Earthquake
• Volcanic Eruptions
• Lightning
• Severe Weather
• Smoke
• Dust
• Insects
• Rodents
• Chemical Fumes
• Sprinkler Activation
• Water Leakage - pipe breakage, hole in roof, condensation 127
Management Information • Explosion - nearby gas line, chemical plant, tank farm, munitions
System
depot
• Vibration - nearby railroad track, jet traffic, construction site
• Electromagnetic Interference - suggested by poor radio reception or
jittery workstation displays
• Electrostatic Discharge - suggested by "sparking" to grounded objects
Physical concerns include undesirable site-specific personnel actions,
either intentional or unintentional, such as theft, vandalism and trip
hazards.
Example of Physical (undesirable site-specific personnel actions)

• Unauthorized Facility Access

• Theft

• Vandalism

• Sabotage

• Extortion

• Terrorism / Bomb Threat

• Labor Unrest - employees and support contractors

• War / Civil Unrest

• Improper Transportation - equipment dropped, submerged, exposed

to weather or X-rayed in transit

• Improper Mounting/Storage - equipment exposed to bumps, kicks or

weather

• Spillage / Droppage - hazardous materials permitted near equipment

(e.g. food, liquids)

• Magnets / Magnetic Tools - can erase data or damage sensitive

equipment

• Collision - fork lift, auto, plane, wheelchair

• Trip Hazards / Falls - equipment poses personnel hazards

• Fire Hazards - flammable materials stored nearby

Site-Support concerns include foundational site aspects such as electrical
power, telephone service and climate control. These three categories of
concerns are generally not resolvable as part of system design and
administration - they are more appropriately addressed as part of facility
design and maintenance, thereby encompassing all systems present.
128
128
Example of Site-Support Information Security
and Threats
• Power Outage

• Extreme / Unstable Temperatures

• Extreme / Unstable Humidity

• Unsafe Environment - unfit for human occupation

• Facility Inaccessibility - blocked ingress

• Inability to Cut Power - during fire, flood, etc.

• Electrical Noise / Bad Ground - suggested by flickering lights or

jittery workstation displays

• Improper Maintenance - unqualified support or preventive

maintenance behind schedule

• Personnel Unavailability - inability to contact operations or support

personnel

• Telephone Failure - inability to contact site from outside, inability to

call out, service completely unavailable

• Inappropriate Fire Suppression - water, foam, PKP, Halon

• Inappropriate Trash Disposal - sensitive data released in an

unauthorized manner
Technical concerns, includes insidious system-specific situations such as
improper system operation, malicious software and line tapping. The actual
threats are few: untrained and nefarious users and system calamities. It is
far more useful to explore the many avenues (vulnerabilities) open to these
users and events, and to consider ways to prevent these occurrences and/or
provide for rapid recovery.
Example of Technical concerns

• Improper / Inadequate Procedure - foreseeable events not supported

by complete and accurate documentation and training

• Improper Operation - operating equipment beyond capacity or outside

of manufacturer's constraints

• Improper Hardware Configuration - prescribed hardware configured

in other than the prescribed manner during installation

• Improper Software Configuration - prescribed software configured in

other than the prescribed manner during installation

• Unauthorized Hardware / Modification - adding other-than-

prescribed hardware or making unauthorized hardware modifications
129
Management Information • Unauthorized Software / Modification - adding other-than-prescribed
System
software or making unauthorized software modifications

• Unauthorized Software Duplication - creating copies of licensed

software that are not covered by a valid license

• Unauthorized Logical Access - acquiring the use of a system for

which no access has been authorized (as opposed to gaining physical
access to the hardware)

• Malfeasance (exceeding authorizations) - acquiring the use of a

system in excess of that which has been authorized

• Unsanctioned Use / Exceeding Licensing - utilizing authorized

system resources for unauthorized purposes (resume, church bulletin,
non-job-related e-mail or Internet browsing) or exceeding a user
licensing agreement

• Over- or Under-Classification - labeling of a resource at a higher or

lower level of sensitivity than appropriate

• Malicious Software - software whose purpose is to degrade system

performance, modify or destroy data, steal resources or subvert
security in any manner

• Hardware Error / Failure [functionality] - hardware that stops

providing the desired user services/resources

• Hardware Error / Failure [security] - hardware that stops providing

the desired security services/resources

• Software Error / Failure [functionality] - software that stops providing

the desired user services/resources

• Software Error / Failure [security] - software that stops providing the

desired security services/resources

• Media Failure - storage media that stops retaining stored information

in a retrievable/intact manner

• Data Remanence - storage media that retains stored information in a

retrievable/intact manner longer than desired (failure to totally erase)

• Object Reuse - a system providing the user with a storage object (e.g.
memory or disk space) that contains useful information belonging to
another user

• Communications Failure / Overload - a communications facility that

stops providing service or is unable to provide service at the requested
capacity

• Communications Error - a communications facility that provides

inaccurate service
130
130
• Data Entry Error - a system accepting erroneous data as legitimate Information Security
and Threats

• Accidental Software Modification / Deletion - deleting or otherwise

making unavailable necessary software

• Accidental Data Modification / Deletion - deleting or otherwise

making unavailable necessary data

• Accidental Data Disclosure - inadvertently revealing sensitive data to

an unauthorized user

• Repudiation - participating in a process or transaction but then

denying of having done so

• Masquerading - participating in a process or transaction but posing as

another user

• Message Playback - recording a legitimate transmission for

retransmission at a later time in an attempt to gain unauthorized
privileges

• Message Flooding - generating an inordinately large quantity of

transmissions in an attempt to make a system or service unavailable
due to overload

• Line Tapping - connecting to a communications facility in an

unauthorized manner in an attempt to glean useful information

• Electronic Emanations - information-bearing spurious emissions

associated with all electronic equipment (prevented by TEMPEST
equipment or shielding)

• Geo-location - a system inadvertently revealing the current physical

location of a user

• Security Threats/Concerns can also be categorised as follows: -

• Natural threats, such as floods, hurricanes, or tornadoes

• Unintentional threats, like an employee mistakenly accessing the

wrong information

• Intentional threats, such as spyware, malware, adware companies,

or the actions of a disgruntled employee
Common Threats
Unsecure or Poorly Secured Systems
Legacy systems(old systems) are always at the risk as they are not immune
to the latest loopholes and threats available. Organizations must identify
these poorly secured systems, and mitigate the threat by securing or
patching them, decommissioning them, or isolating them.
131
Management Information Social Media Attacks
System
Many people have social media accounts, where they often unintentionally
share a lot of information about themselves. Attackers can launch attacks
directly via social media, for example by spreading malware via social
media messages, or indirectly, by using information obtained from these
sites to analyze user and organizational vulnerabilities and use them to
design an attack.
Social Engineering/Phishing Attacks
Social engineering involves attackers sending emails and messages that
trick users into performing actions that may compromise their security or
divulge private information. Attackers manipulate users by addressing the
subject of the mail as urgent, important or other any fear title. Because the
source of a social engineering message appears to be trusted, people are
more likely to comply, for example by clicking a link that installs malware
on their device, or by providing personal information, credentials, or
financial details.
Malware on Endpoints
Organizational users work with a large variety of endpoint devices,
including desktop computers, laptops, tablets, and mobile phones, many of
which are privately owned and not under the organization’s control, and all
of which connect regularly to the Internet.A primary threat on all these
endpoints is malware, which can be transmitted by a variety of means, can
result in compromise of the endpoint itself, and can also lead to privilege
escalation to other organizational systems. Different malwares that affect
the target’s systems in a different ways are as follows:-
1. Adware – Adware is not exactly malicious but they do breach privacy
of the users. They display ads on a computer’s desktop or inside
individual programs. They come attached with free-to-use software,
thus main source of revenue for such developers. They monitor your
interests and display relevant ads. An attacker can embed malicious
code inside the software and adware can monitor your system
activities and can even compromise your machine.
2. Spyware – It is a program or we can say software that monitors your
activities on computer and reveal collected information to an
interested party. Spyware are generally dropped by Trojans, viruses
or worms. Once dropped they install themselves and sits silently to
avoid detection.
One of the most common example of spyware is KEYLOGGER. The
basic job of keylogger is to record user keystrokes with timestamp.
Thus capturing interesting information like username, passwords,
credit card details etc.
3. Ransomware – It is type of malware that will either encrypt your
files or will lock your computer making it inaccessible either
132
132
 partially or wholly. Then a screen will be displayed asking for Information Security
and Threats
money i.e. ransom in exchange. This malicious software is designed
to encrypt the victim’s data storage drives, rendering them
inaccessible to the owner. If the ransom demand isn’t met, the key
will be deleted and the data lost forever with it.
4. Scareware – It masquerades as a tool to help fix your system but
when the software is executed it will infect your system or destroy it.
The software will display a message to frighten you and force to take
some action like pay them to fix your system.
5. Rootkits – are designed to gain root access or we can say
administrative privileges in the user system. Once gained the root
access, the exploiter can do anything from stealing private files to
private data.
6. Zombies – They work similar to Spyware. Infection mechanism is
same but they don’t spy and steal information rather they wait for the
command from hackers.
Trojans. This references a kind of delivery system for malware. A Trojan
is any piece of malware that masquerades as a legitimate program to trick
victims into installing it on their systems. Trojans can do a lot of damage
because they slip behind your outermost network security defenses by
posing as something harmless while carrying a major threat inside—like a
certain infamous horse did to the city of Troy in Homer’s “Iliad.”

Worms. Worms are programs that can self-replicate and spread through a
variety of means, such as emails. Once on a system, the worm will search
for some form of contacts database or file sharing system and send itself out
as an attachment. When in email form, the attachment is part of an email
that looks like it’s from the person whose computer was compromised.
Denial of service (DOS) attack occurs when hackers deluge a website with
traffic, making it impossible to access its content. A distributed denial of
service (DDOS) attack is more forceful and aggressive since it is initiated
from several servers simultaneously. As a result, a DDOS attack is harder
to mount defenses against it.
SQL injections are network threats that involve using malicious code to
infiltrate cyber vulnerabilities in data systems. As a result, data can be
stolen, changed, or destroyed.
Man-in-the-middle attacks involve a third party intercepting and
exploiting communications between two entities that should remain private.
Eavesdropping occurs, but information can be changed or misrepresented
by the intruder, causing inaccuracy and even security breaches.
Lack of Encryption
Encryption processes encode data so that it can only be decoded by users
with secret keys. It is very effective in preventing data loss or corruption in
case of equipment loss or theft, or in case organizational systems are
compromised by attackers. Unfortunately, this measure is often overlooked
133
Management Information due to its complexity and lack of legal obligations associated with proper
System
implementation.
Security Misconfiguration
Modern organizations use a huge number of technological platforms and
tools, in particular web applications, databases, and Software as a Service
(SaaS) applications, or Infrastructure as a Service (IaaS) from providers like
Amazon Web Services.Enterprise grade platforms and cloud services have
security features, but these must be configured by the organization. Security
misconfiguration due to negligence or human error can result in a security
breach. Another problem is “configuration drift”, where correct security
configuration can quickly become out of date and make a system
vulnerable.
Hidden Backdoor Programs
This is an example of an intentionally created computer security
vulnerability. When a manufacturer of computer components, software, or
whole computers installs a program or bit of code designed to allow a
computer to be remotely accessed (typically for diagnostic, configuration,
or technical support purposes), that access program is called a backdoor.
Superuser or Admin Account Privileges
One of the most basic tenets of managing software vulnerabilities is to limit
the access privileges of software users. The less information/resources a
user can access, the less damage that user account can do if compromised.
However, many organizations fail to control user account access
privileges—allowing virtually every user in the network to have so-called
“Superuser” or administrator-level access. Some computer security
configurations are flawed enough to allow unprivileged users to create
admin-level user accounts.
Automated Running of Scripts without Malware/Virus Checks
One common network security vulnerability that some attackers learned to
exploit is the use of certain web browsers’ (such as Safari) tendencies to
automatically run “trusted” or “safe” scripts. By mimicking a trusted piece
of code and tricking the browser, cybercriminals could get the browser
software to run malware without the knowledge or input of the user—who
often wouldn’t know to disable this “feature.”
Unknown Security Bugs in Software or Programming Interfaces
Computer software is incredibly complicated. When two or more programs
are made to interface with one another, the complexity can only increase.
The issue with this is that within a single piece of software, there may be
programming issues and conflicts that can create security vulnerabilities.
When two programs are interfaced, the risk of conflicts that create software
vulnerabilities rises. Programming bugs and unanticipated code interactions
rank among the most common computer security vulnerabilities—and
cybercriminals work daily to discover and abuse them.

134
134
IoT Devices Information Security
and Threats
The Internet of Things (IoT) encompasses many “smart” devices, such as
Wi-Fi capable refrigerators, printers, manufacturing robots, coffee makers,
and countless other machines. The issue with these devices is that they can
be hijacked by attackers to form slaved networks of compromised devices
to carry out further attacks.
Employees within the organisation
The biggest security vulnerability in any organization is its own employees.
Whether it’s the result of intentional malfeasance or an accident, most data
breaches can be traced back to a person within the organization that was
breached.For example, employees may abuse their access privileges for
personal gain. Or, an employee may click on the wrong link in an email,
download the wrong file from an online site, or give the wrong person their
user account credentials—allowing attackers easy access to your systems.
Some of the same prevention techniques mentioned in the anti-phishing
bullets can be applied to prevent data breaches caused by employees.
Password Attacks
With the right password, a cyber attacker has access to a wealth of
information. Social engineering is a type of password attack that Data
Insider defines as “a strategy cyber attackers use that relies heavily on
human interaction and often involves tricking people into breaking standard
security practices.” Other types of password attacks include accessing a
password database or outright guessing.
The Explosion of Data
Data storage on devices such as laptops and cell phones makes it easier for
cyber attackers to find an entry point into a network through a personal
device. For example, in the May 2019 book Exploding Data: Reclaiming
Our Cyber Security in the Digital Age, former U.S. Secretary of Homeland
Security Michael Chertoff warns of a pervasive exposure of individuals’
personal information, which has become increasingly vulnerable to cyber-
attacks.
Common Network Vulnerabilities
Some of the most common network vulnerabilities include the
following gaps in your application security: when applications are not
kept up-to-date, tested, and patched, the doors are open to code injection,
cross-site scripting, insecure direct object references, and much more.
Security attacks can also be classified into
● Active attack
● Passive attack

135
Management Information Active Attack
System
An active attack involves intercepting a communication or message and
altering it for malicious effect. There are three common variants of an active
attacks:

• Interruption—the attacker interrupts the original communication

and creates new, malicious messages, pretending to be one of the
communicating parties.

• Modification—the attacker uses existing communications, and either

replays them to fool one of the communicating parties or modifies
them to gain an advantage.

• Fabrication—creates fake, or synthetic, communications, typically

with the aim of achieving denial of service (DoS). This prevents users
from accessing systems or performing normal operations.
Passive Attack
In a passive attack, an attacker monitors, monitors a system and illicitly
copies information without altering it. They then use this information to
disrupt networks or compromise target systems.
The attackers do not make any change to the communication or the target
systems. This makes it more difficult to detect. However, encryption can
help prevent passive attacks because it obfuscates the data, making it more
difficult for attackers to make use of it.

Active Attacks Passive Attacks

Modify messages, Do not make any change to

communications or data data or systems

Poses a threat to the Poses a threat to the

availability and integrity confidentiality of sensitive
of sensitive data data.

May result in damage to Does not directly cause

organizational systems. damage to organizational
systems.

Victims typically know Victims typically do not

about the attack know about the attack.

Main security focus is on Main security focus is on

detection and mitigation. prevention.
136
136
9.3 CONTROLLING SECURITY THREATS AND Information Security
and Threats
VULNERABILITIES

In today’s world, data and protecting that data are critical

considerations for businesses. Customers want to ensure that their
information is secure with you, and if you can’t keep it safe, you will
lose their business. Many clients with sensitive information demand
that you have a rigid data security infrastructure in place before doing
business with you. Information Security Policy in an organisation is an
important first step towards controlling IT security threats and
vulnerabilities
An Information Security Policy (ISP) is a set of rules that guide
individuals when using IT assets. Companies can create information
security policies to ensure that employees and other users follow security
protocols and procedures. Security policies are intended to ensure that
only authorized users can access sensitive systems and information.
Creating an effective security policy and taking steps to ensure compliance
is an important step towards preventing and mitigating security threats. To
make your policy truly effective, update it frequently based on company
changes, new threats, conclusions drawn from previous breaches, and
changes to security systems and tools.
Make your information security strategy practical and reasonable. To meet
the needs and urgency of different departments within the organization, it is
necessary to deploy a system of exceptions, with an approval process,
enabling departments or individuals to deviate from the rules in specific
circumstances.
Certain techniques to combat such threats: -

• Team members to be aware of the current trends:- Ensure your

team members are staying informed of current trends
in cybersecurity so they can quickly identify new threats. They should
subscribe to blogs (like Wired) and podcasts (like Techgenix Extreme
IT) that cover these issues, and join professional associations so they
can benefit from breaking news feeds, conferences, and webinars.

• Regular threat assessment to be performed to determine the best

approaches to protecting a system against a specific threat, along with
assessing different types of threats.

• To conduct penetration testing by modeling real-world threats in

order to discover vulnerabilities.

• Implementing a risk assessment framework, it is critical to

prioritize the most important breaches that need to be addressed.
Although frequency may differ in each organization, this level of
assessment must be done on a regular, recurring basis.
137
Management Information • Include a total stakeholder perspective. Stakeholders include the
System
business owners as well as employees, customers, and even vendors.
All of these players have the potential to negatively impact the
organization (potential threats) but at the same time they can be assets
in helping to mitigate risk.

• Designate a central group of employees who are responsible for risk

management and determine the appropriate funding level for this
activity.

• Implement appropriate policies and related controls and ensure

that the appropriate end users are informed of any and all changes.

• Monitor and evaluate policy and control effectiveness. The sources

of risk are ever-changing, which means your team must be prepared
to make any necessary adjustments to the framework. This can also
involve incorporating new monitoring tools and techniques.

• Data Protection Law has to be enacted by the government to protect

data privacy.

• Update operating systems When a vulnerability is found in

software, the manufacturer will work out how to fix the vulnerability
and provide an updated version of the software. Keeping your systems
up to date will protect against recently identified vulnerabilities.

• Whitelist applications Whitelisting means that a computer is

configured to only run the software that the organization explicitly
permits. This is quite a hard control to manage, but it makes it very
difficult for a cyber attacker.

• Harden the computer’s defense Make sure that all configurable

settings in the operating system and applications are configured for
security. Another recommendation is to regularly de-install parts of
the operating system and applications that will never be used.

• Limit administrative access One of the easiest cybersecurity

controls that’s recommended by every framework is to limit the
number of people within the organization who have administrative
access to systems. Reducing the number of accounts that have such
access means there are fewer accounts for an attacker to target.

• Implement multi-factor authentication Require a user to provide

something else in addition to a username and a password to log in.
This could be something unique only to the user—such as a
fingerprint—or a physical product that the user has, such as a
smartcard or a mobile device.

• Create safe back-ups If an attacker gains access to a system and

either tampers with, erases or encrypts data with the intent of securing
a ransom from the organization, a backup helps the organization
restore the data and recover its operations without paying the ransom.
138
138
• Antivirus. Every system should be protected through an Antivirus Information Security
and Threats
program. Antivirus software is designed to detect, remove and prevent
malware infections on a device or network. Though specifically
created to eliminate viruses, antivirus software can also aid against
spyware, adware and other malicious software. Basic antivirus
programs scan files for the presence of malicious software, allow
users to schedule automatic scans and remove any malicious software.

• Spyware. Any software installed on a device without the end user's

permission is classified as spyware, even if it is downloaded for a
harmless purpose. Adware, Trojans and keystroke loggers are
all examples of spyware. Without antispyware tools, spyware can be
difficult to detect. To prevent spyware, network administrators should
require remote workers to access resources over a network through
a virtual private network that includes a security scan component.

• Users can take preventative measures by reading terms and conditions

before installing software, avoiding pop-up ads, and only
downloading software from trusted sources.

9.4 MANAGING SECURITY THREATS IN E-BUSINESS

Introduction
Through widespread adoption of computer resources in everyday life,
the nature of business has changed. That is, traditional documents and
communication methods in business have been replaced by electronic data
and more efficient communication. From the combination of traditional
businesses and computer technology, various issues have become apparent.
Positive effects include the decreasing use of limited natural resources (such
as paper), efficient and cost-effective methods of communication, and fast
accurate calculations in financial reports. Negative effects are more related
to internet usage: the Internet is an open environment from which everyone
may benefit; in particular, attackers may use this opportunity to gain access
to sensitive data and sabotage infrastructure. Companies may be potential
targets for attackers because of secret or useful data which exists within
their systems. For instance, a database of an online shopping website
includes usernames, passwords, card numbers and transactions which are
suitable targets for cybercriminals and so possible theft of wealth and
identity. The dynamic nature of risks to ebusiness environments makes
identification of threats and vulnerabilities more difficult. Although the
purpose of every kind of cyberattack is not the theft of money, sabotage is
another threat and this causes possible loss of reputation and money for the
target. Threats are divided into the classes of ‘external’ and ‘internal’, and
are defined thus: External threats: those threats located outside of
companies, such as hacker groups and organised cybercriminals. Internal
threats: those types of threats which should be dealt from inside of
companies. Former employees and current employees might also be a
potential enemy or vulnerability for an e-business. Former employees can
act as an insider to reveal sensitive information about the company, such as
open ports in the network or other vulnerabilities. In addition, current 139
Management Information employees are not always trustworthy: such employees may be lured by
System
social engineering techniques or phishing emails requesting sensitive
information.
Popularity of E-Commerce has brought threat to it. E-commerce
refers to all the commercial transactions- buying and selling of goods
online. Many innovations such as mobile business, internet marketing,
online transaction processing, the transfers of electronic funds, electronic
data interchange (EDI), stock management, chain supply administration
systems and automated data collection systems can be implemented for the
purpose of e-commerce.
The danger of e-commerce comes from using the internet for unfair
purposes in order to steal money and the infringement of protection. E-
commerce risks of different kinds occur. Many of them are accidental, some
of them attributable to human errors. Electronic payments, e-cash, data
misuse, credit/debit card fraud, etc., are the most common security threats.
Below are the list of threats in E-business:-
1. Financial frauds
Ever since the first online businesses entered the world of the internet,
financial fraudsters have been giving businesses a headache. There
are various kinds of financial frauds prevalent in the e-commerce
industry, but we are going to discuss the two most common of them.
a. Credit Card Fraud
It happens when a cybercriminal uses stolen credit card data to
buy products on your e-commerce store. Usually, in such cases,
the shipping and billing addresses vary. You can detect and curb
such activities on your store by installing an AVS – Address
Verification System.
Another form of credit card fraud is when the fraudster steals
your personal details and identity to enable them to get a new
credit card.
b. Fake Return & Refund Fraud
The bad players perform unauthorized transactions and clear the
trail, causing businesses great losses. Some hackers also engage
in refund frauds, where they file fake requests for returns.
2. Phishing
Several e-commerce shops have received reports of their customers
receiving messages or emails from hackers masquerading to be the
legitimate store owners. Such fraudsters present fake copies of your
website pages or another reputable website to trick the users into
believing them. For example, see this image below. A seemingly
harmless and authentic email from PayPal asking to provide details.

140
140
3. Spamming Information Security
and Threats
Some bad players can send infected links via email or social media
inboxes. They can also leave these links in their comments or
messages on blog posts and contact forms. Once you click on such
links, they will direct you to their spam websites, where you may end
up being a victim.
4. DoS & DDoS Attacks
Making the website unavailable through DDOS attack is very
common in e-commerce.Many e-commerce websites have incurred
losses due to disruptions in their website and overall sales because
of DDoS (Distributed Denial of Service) attacks. What happens is that
your servers receive a deluge of requests from many untraceable IP
addresses causing it to crash and making unavailable to your store
visitors.
5. Malware
Hackers may design a malicious software and install on your IT and
computer systems without your knowledge. These malicious
programs include spyware, viruses, trojan, and ransomware.
The systems of your customers, admins, and other users might have
Trojan Horses downloaded on them. These programs can easily swipe
any sensitive data that might be present on the infected systems and
may also infect your website.
6. Exploitation of Known Vulnerabilities
Attackers are on the lookout for certain vulnerabilities that might be
existing in your e-commerce store.Often an e-commerce store is
vulnerable to SQL injection (SQLi) and Cross-site Scripting (XSS).
Some of these vulnerabilities include:
a. SQL Injection
It is a malicious technique where a hacker attacks your query
submission forms to be able to access your backend database.
They corrupt your database with an infectious code, collect
data, and later wipe out the trail.
b. Cross-Site Scripting (XSS)
The attackers can plant a malicious JavaScript snippet on your
e-commerce store to target your online visitors and customers.
Such codes can access your customers’ cookies and compute.
You can implement the Content Security Policy (CSP) to
prevent such attacks.
7. Bots
Some attackers develop special bots that can scrape your website to
get information about inventory and prices. Such hackers, usually
your competitors, can then use the data to lower or modify the prices
in their websites in an attempt to lower your sales and revenue. 141
Management Information 8. Brute force
System
The online environment also has players who can use brute force to
attack your admin panel and crack your password. These fraudulent
programs connect to your website and try out thousands of
combinations in an attempt to obtain you site’s passwords. Always
ensure to use strong, complex passwords that are hard to guess.
Additionally, always change your passwords frequently.
9. Man in The Middle (MITM)
A hacker may listen in on the communication taking place between
your e-commerce store and a user. Walgreens Pharmacy
Store experienced such an incident. If the user is connected to a
vulnerable Wi-Fi or network, such attackers can take advantage of
that.
10. E-Skimming
E-skimming involves infecting a website’s checkout pages with
malicious software. The intention is to steal the clients’ personal and
payment details. The method is to connect an ATM card reader with
a data skimming tool. The information is copied from the magnetic
strip to the computer when the customer swipes his card in the ATM
card reader. The specifics of the card number, name, number, CVV,
expiry of the card, and other information are therefore made available
to offenders.
11. The Risk of Payment Conflicts
An automated computer machine handles payments in electronic
payment systems, not by individuals. When it manages large sums of
payments regularly with many clients, the program is vulnerable to
errors. When each pay period ends, it is important to review our
payroll to ensure everything is meaningful regularly. When this is not
accomplished, payment disputes may result in technological
breakdowns and anomalies.
12. The Risk of Tax Evasion
Internal Revenue Service legislation requires every corporation to
disclose its financial transactions and to provide documents to ensure
tax compliance. Electronic systems are troublesome because they
don’t offer this paradigm clean. This is quite difficult for the Internal
Revenue Service to raise revenue. Payments obtained or made via
electronic payment systems are available to the company. The IRS
does not know whether or not it tells the truth that tax evasion is easy.
13. Eavesdropping
This is an illegal way to listen to private network contact. It does not
interfere with the normal operations of the targeting program so that
142
142
 the sender and the receiver do not know that their communication is Information Security
and Threats
being monitored.
14. Spam
Where emails are known as a strong medium for higher sales, it also
remains one of the highly used mediums for spamming. Nonetheless,
comments on your blog or contact forms are also an open invitation
for online spammers where they leave infected links to harm you.
They often send them via social media inbox and wait for you to click
on such messages. Moreover, spamming not only affects your
website’s security, but it also damages your website speed too.
15. Virus, Worms and Trojan Horses are the other risk in E-Commerce.
E-BUSINESS SECURITY SOLUTIONS
E-commerce security solutions that can ease your life includes the
following: -
1. HTTPS and SSL certificates
HTTPS protocols not only keep your users’ sensitive data secure but
also boost your website rankings on Google search page. They do so
by securing data transfer between the servers and the users’ devices.
Therefore, they prevent any interception.
2. Anti-malware and Anti-virus software
An Anti-Malware is a software program that detects, removes, and
prevents infectious software (malware) from infecting the computer
and IT systems. Since malware is the umbrella term for all kinds of
infections including worms, viruses, Trojans, etc getting an efficient
Anti-Malware would protect your system from all.
3. Securing the Admin Panel and Server
Always use complex passwords that are difficult to figure out and
make it a habit of changing them frequently. It is also good to restrict
user access and define user roles. Every user should perform only up
to their roles on the admin panel. Furthermore, make the panel to send
you notifications whenever a foreign IP tries to access it.
4. Securing Payment Gateway
Avoid storing the credit card information of your clients on your
database. Instead, let a third party such as PayPal and Stripe handle
the payment transactions away from your website. This ensures better
safety for your customers’ personal and financial data.
5. Deploying Firewall
Effective firewalls keep away fishy networks, XSS, SQL injection,
and other cyber-attacks that are continuing to hit headlines. They also
143
Management Information help in regulating traffic to and from your online store, to ensure
System
passage of only trusted traffic.
6. Educating Your Staff and Clients
Ensure your employees and customers get the latest knowledge
concerning handling user data and how to engage with your website
securely. Provide them with restricted access to system.
7. Additional security implementations

• Always scan your websites and other online resources for

malware

• Back up your data. Most e-commerce stores also use multi-layer

security to boost their data protection.

• Update your systems frequently and employ effective e-

commerce security plugins.

• Always go with the dedicated security platform that is quite

secure from frequent cyber-attacks.
8. Secure Your Servers and Admin Panels
Most ecommerce platforms come with default passwords that are
ridiculously easy to guess. And if you don’t change them, you are
exposing yourself to preventable hacks. Use complex password(s) and
usernames and change them frequently. One can go one step further
and make the panel notify you every time an unknown IP attempts to
log in. These simple steps can significantly improve your web store’s
security.
9. Payment Gateway Security
While it may make processing payments more convenient, having
credit card numbers stored on your database is a liability. It’s nothing
less than an open invitation for hackers where you put your brand’s
reputation and your customer’s sensitive information on the line.
In order to save your business from this terrible fate, you should never
store credit card information on your servers and ensure your payment
gateways security is not at risk. Additionally, you can use third-party
payment processing systems to carry out the process off-site.
Popular ecommerce payment processing options include PayPal,
Stripe, Skrill, and Wordplay. When it comes to ecommerce
recommendations, you must obtain a Payment Card Industry Data
Security Standard (PCI DSS) accreditation.
10. Use Firewalls
Another effective ecommerce recommendation is to use firewall
software and plugins that are pocket-friendly yet effective. They keep
untrusted networks at bay and regulate traffic that enters and leaves
144
144
 your site. It offers selective permeability and only allows trusted Information Security
and Threats
traffic in. They also protect against cyber threats such as SQL
injections and cross-site scripting.
11. Employ Multi-Layer Security
You can fortify your security by using various layers of security. You
can use a wide-spread Content Delivery Network or CDN to protect
your site against DDoS attacks and malevolent incoming traffic. They
do so by utilizing machine learning to filter out the malicious traffic
from regular traffic.
You can also use two-factor authentication to squeeze in an additional
layer of security. Two-factor authorization requires a standard
username and password combination as well as an extra code that is
sent as an email to the user or as an SMS to their provided phone
number. This ensures that only the user can access the service even if
their username and password are at risk.
12. Ecommerce Security Plugins
Security plugins are a simple way to enforce security protection on
your website. They provide protection against bad bots, SQLi, XSS,
code injections and hundreds of other severe attacks. One of the most
secure, easy to implement, feature rich security plugin is Astra. It
helps automatically secure your site and virtually patch software by
preventing malicious requests from ever reaching your website.
13. Backup Your Data
Data loss due to hardware malfunction or cyber-attacks is not
uncommon. And if you don’t backup your data regularly, you are at
the risk of losing it for good. You should do it yourself and not trust
anyone else to do it for you. Employ automatic backup service so that
even if you forget to do it manually, all your data will be backed up
automatically. Create redundant backup and store it at different places
to avoid loss during physical contingency if any like fire, earthquake
etc. Today cloud backups are popular.
14. Stay Updated
The importance of regularly updating WordPress core, security tools,
and plugins and other platform used can be stressful, however, install
security updates and patches as soon as they release because hackers
can use bots that identify which websites use outdated software and
obtain unauthorised access into the system.
15. To opt for a Solid Ecommerce Platform
It is important that you choose a secure ecommerce platform that
regularly updates itself and offers top-notch security. Ecommerce
platform tools safeguard you against common threats and frequently
provide you with updates. PrestaShop, Magento and WooCommerce
are some popular choices.

145
Management Information 16. Keep an Eye out for Malicious Activity
System
To be alert is very important. One should keep an eye on the
suspicious activity. This can save you a lot of trouble – not to mention
revenue – since you can potentially catch a fraudulent transaction
before it can take place. You can utilize special monitoring software
that tracks the activity in real time and notifies you of any
questionable transaction. For instance, a scammer using different
cards to place multiple orders, or orders where the person using the
card isn’t its holder.
17. Perform a security audit
The way we do a routine health check-up, a regular examination of
the website is similarly very important. Companies should prioritize
going through their security protocols on a weekly or monthly basis.
This will allow them to identify any fault in the hosting before it’s too
late.
Additional e-commerce security measures
● Tell your clients to use resources that are familiar to them, click
on saved links, use the official internet banking app and check
out where they get their messages from.
● Make scanning your website from malware your constant
routine.
● Increase your data protection by using multi-layer security and
backing up your data.
● Use efficient plugins for e-commerce security and update your
systems often.

146
146
ways through which information can be kept away from being misused
9.5 MEASURES OF INFORMATION SECURITY Information Security
and Threats

There are different types of security measures in information systems

when it comes to your data. It helps you secure your valuable and sensitive
data. The types of security measures in information systems are as follow:
-
Data Backup
A data backup process is the most critical type of data security measure. It
is done by copying or archiving data files. As a result, you can retrieve data
in case of a data loss event. Data backup can be done in secondary storage
devices or cloud. Ensure there are redundant backup kept at different places
to take care of physical threat situation like fire, earthquake, floods, riots
etc.

Firewalls
A firewall is a network security tool that is designed to monitors incoming
and outgoing network traffic. Moreover, it’s a like a gate between you and
the internet. As a result, you can create a secure defence from an untrusted
external network.
Data Encryption
Through encryption software, you can encrypt or decrypt data stream during
transmission and storage. Moreover, it allows the encryption of the content
of a data object, file, and network packet or application. Furthermore, there
are different varieties of encryption methods such as:

• AES

• SHA 1

• MD5
Use Strong Passwords
Use of strong passwords is recommended.
Use Antivirus Software
Antivirus software is an essential program. It helps protect the following
areas:

• computing devices

• data files

• and other important files

147
Management Information Secure Your Computer
System
Computer security protects you from theft, hackers, and unauthorized
access.
To update operating system and security patches
Cybersecurity experts recommend updating your operating system
regularly. When installing the latest security patches and drivers, enables
you to secure your data. Moreover, it will guarantee that your computer is
up-to-date and liberated from viruses and other cyber threats.
Digital Signature
A digital signature serves as a validation method for incoming messages
and documents. This helps you to authenticate the contents of electronic
documents. Thus, ensuring data security.
Moreover, it utilizes encryption techniques and promises that the contents
of a message have not been modified in transit.
Educate Your Employees
This is another key type of security measure. Because of this, you will
spread awareness to every employee within the organization. So, you should
conduct an awareness workshop and training program on data security.
Careful Use of Email and Website
One thing about data security relates to confirmation. Yes, you need to
confirm things first. For example, if you think your incoming email is
suspicious then don’t click on that email. Moreover, the email can also
contain a link in some cases. If so, you might be directed to another
vulnerable website. Keep an eye on such suspicious events. Like we should
no sign any document without reading similarly we should not confirm
anything without reading and understanding.

9.6 INFORMATION SECURITY MANAGEMENT

What is an Informational Asset?

Every organisation has an information asset irrespective of the fact whether
they collect identifying or personal information from customers or not. All
organizations possess information that they would not want shared or
publicized.
Information security management is about protecting both the digital and
physical asset from unauthorized access or theft.
Some of the critical information assets of the organisation are as follows: -
Strategic Documentation - Businesses and IT organizations develop and
document long-term strategic and short-term tactical objectives that
148
148
establish their goals and vision for the future. These valuable internal Information Security
and Threats
documents contain secrets and insight that competitors may want to access.
Products/Service Information - Critical information about products and
services, including those offered by the business and by IT, should be
protected through information security management. This includes the
source code for in-house developed application, as well as any data or
informational products that are sold to customers. If your business sells a
digital product, you will need information security to ensure that hackers
cannot steal your product and distribute it without your consent or
knowledge.
Intellectual Property/Patents - If your company generates intellectual
property, including developing software, you may require information
security controls to protect it. Your competitors may want to steal your
source code and use it to reverse engineer a product to compete with yours.
Some countries do not enforce copyright or intellectual property laws, so
you may have no recourse if this is allowed to happen.
Proprietary Knowledge/Trade Secrets - Every organization generates
proprietary knowledge throughout the course of doing business. For IT
organizations, that knowledge may be stored in an internal knowledge base
that is accessible to IT operators and support staff. Trade secrets are the
unique insights and understanding that give your business a competitive
advantage. If you wouldn't share them openly with your competition, you
should secure trade secrets and proprietary knowledge using information
security management controls.
Ongoing Project Documentation - Ongoing project documentation
consists of the documented details of products or services that are in the
process of being launched. If your competitors find out what you're up to,
they may attempt to release a competing product or feature more quickly
than anticipated and could even benchmark it against your new product in
an effort to lock you out of the marketplace.
Employee Data - Human resource departments collect and retain data
about your employees, including performance reviews, employment
history, salaries and other information. These records could contain
confidential information that a cyber attacker might use to blackmail your
employees. A competitor organization could use this data to identify targets
before attempting to poach your employees.
All of these examples are listed in addition to confidentially submitted
customer data, where a failure to protect the data against theft would
constitute a breach of trust, and in some cases, a lack of conformity with
information security standards or legislation.
Three Objectives of Information Security Management
Information security at the organizational level is centred around the CIA
triad of Confidentiality, Integrity, and Availability. Information security

149
Management Information controls are put in place to ensure the confidentiality, integrity and
System
availability of protected information.
Confidentiality – It is about preserving the confidentiality/privacy of
information means ensuring that only authorized persons can access or
modify the data. Information security management teams may classify or
categorize data based on the perceived risk and anticipated impact that
would result of the data was compromised. Additional privacy controls can
be implemented for higher-risk data.

Integrity – It is about preventing the alteration of data by an unauthorised

user. Information security management deals with data integrity by
implementing controls that ensure the consistency and accuracy of stored
data throughout its entire life cycle. For data to be considered secure, the IT
organization must ensure that it is properly stored and cannot be modified
or deleted without the appropriate permissions. Measures such as version
control, user access controls and check-sums can be implemented to help
maintain data integrity.

Availability – This principle is about making the data accessible to the

authorised users whenever required. Information security management
deals with data availability by implementing processes and procedures that
ensure important information is available to authorized users when needed.
Typical activities include hardware maintenance and repairs, installing
patches and upgrades, and implementing incident response and disaster
recovery processes to prevent data loss in the event of a cyber-attack.

Information Security Management Standards and Compliance

For some organizations, information security management is more than a

requirement for protecting sensitive internal documents and customer
information. Depending on your industry vertical, information security
management might be a legal requirement to safeguard sensitive
information that you collect from customers.

Organizations that collect personalized medical or health care records in the

United States are required to follow the privacy and security guidelines of
the Health Insurance Portability and Accountability Act (HIPAA).
Organizations that process credit card payments are responsible for
compliance with the Payment Card Industry Data Security Standard
(PCI DDS). Organizations that collect personalized information from
customers in Europe are covered by the European General Data
Protection Regulation (GDPR) and could face thousands or millions of
dollars in fines for non-compliance.

The International Standards Organization 27001 (ISO/IEC 27001)

standard “specifies the requirements for establishing, implementing,
maintaining, and continuous improvement for an information security
management system.” The flexible framework is structured so that
organizations of all sizes can implement it. Like the NIST framework for
150
150
federal agencies, ISO/IEC 27001 is a best practice framework to guide the Information Security
and Threats
development of an ISMS. The standard is updated regularly and includes
114 security measures organized in 14 control clauses.

These clauses are listed below:

• Clause 5: Information Security Policies

• Clause 6: Organization of Information Security
• Clause 7: Human Resource Security
• Clause 8: Asset Management
• Clause 9: Access Control
• Clause 10: Cryptography
• Clause 11: Physical and Environmental Security
• Clause 12: Operations Security
• Clause 13: Communication Security
• Clause 14: System Acquisition, Development, and Maintenance
• Clause 15: Supplier Relationships
• Clause 16: Information Security Incident Management
• Clause 17: Information Security Aspects of Business Continuity
Management
• Clause 18: Compliance
Below is the list of Regulation Act for Information Security: -

Company
The Act What it Regulates
Affected

This framework
was created to
provide a
customizable guide
This is a
on how to manage
voluntary
and reduce
framework
NIST cybersecurity
that can be
(National related risk by
implemented
Institute of combining existing
by any
Standards and standards,
organization
Technology) guidelines, and best
that wants to
practices. It also
reduce their
helps foster
overall risk.
communication
between internal
and external
stakeholders by
151
Management Information
System
creating a common
risk language
between different
industries.

Companies
CIS Controls Protect your that are
(Center for organization assets looking to
Internet and data from strengthen
Security known cyber-attack security in the
Controls) vectors. internet of
things (IoT).

These
This family of
regulations
standards provide
are broad and
security
can fit a wide
ISO 27000 requirements
range of
Family (Interna around the
businesses.
tional maintenance of
All businesses
Organization information
can use this
for security
family of
Standardization management
regulations for
) systems (ISMS)
assessment of
through the
their
implementation of
cybersecurity
security controls.
practices.

These
regulations
are broad and
can fit a wide
ISO 31000
range of
Family (Interna This set of
businesses.
tional regulations governs
All businesses
Organization principles of
can use this
for implementation and
family of
Standardization risk management.
regulations for
)
assessment of
their
cybersecurity
practices.

152
152
 Information Security
and Threats
This act is a two
part bill. Title I
Any
protects the
organization
healthcare of
that handles
people who are
healthcare
transitioning
data. That
HIPAA (Health between jobs or are
includes, but
Insurance laid off. Title II is
is not limited
Portability and meant to simplify
to, doctor’s
Accountability the healthcare
offices,
Act) process by shifting
hospitals,
/ HITECH Omni to electronic data. It
insurance
bus Rule also protects the
companies, bu
privacy of
siness
individual patients.
associates,
This was further
and
expanded through
employers.
the HITECH /
Omnibus Rule.

A set of 12
PCI-DSS
regulations Companies
(Payment Card
designed to reduce handling
Industry Data
fraud and protect credit card
Security
customer credit information.
Standard)
card information.

Any company
doing
business in
This regulates the
the European
GDPR data protection and
Union or
(General Data privacy of citizens
handling the
Protection Act) of the European
data of a
Union.
citizen of the
European
Union.

Any business,
Privacy rights and
CCPA including any
consumer
(California for-profit
protection for the
entity,
153
Management Information
System
Consumer residents of that does
Privacy Act) California. business in
California and
collects
consumers’
personal data.

The security,
availability,
AICPA
processing
(American Service
integrity, and
Institute of organizations
privacy of systems
Certified Public that process
processing user
Accountants) S user data.
data and the
OC2
confidentiality of
these systems.

This act requires

U.S. public
companies to
company
maintain financial
SOX boards,
records for up to
(Sarbanes- management,
seven years. It was
Oxley Act) and public
implemented to
accounting
prevent another
firms.
Enron scandal.

Organizations
that are
responsible
This framework for business
was developed to processes
COBIT related to
help organizations
(Control technology
manage
Objectives for and quality
information and
Information control of
technology
and Related information.
governance by
Technologies) This includes,
linking business
and IT goals. but is not
limited to,
areas such as
audit and
assurance,
154
154
 Information Security
and Threats
compliance,
IT operations,
governance,
and security
and risk
management.

This act
This act allowed defines
insurance “financial
companies, institutions”
commercial banks, as:
and investment “…companies
GLBA banks to be within that offer
(Gramm- the same company. financial
Leach-Bliley As for security, it products or
Act) mandates that services to
companies secure individuals,
the private like loans,
information of financial or
clients and investment
customers. advice, or
insurance.”

This act recognizes

information
security as a matter
FISMA
of national security. All Federal
(Federal
Thus, it mandates agencies fall
Information
that all federal under the
Security
agencies develop a range of this
Modernization
method of bill.
Act of 2014)
protecting their
information
systems.

FedRAMP Cloud services Executive

(Federal Risk across the Federal departments
and Government. and agencies.
Authorization

155
Management Information
System
Management
Program)

Any post-
secondary
institution
FERPA including, but
Section 3.1 of the
(The Family not limited to,
act is concerned
Educational academies,
with protecting
Rights and colleges,
student educational
Privacy Act of seminaries,
records.
1974) technical
schools, and
vocational
schools.

Controls the sale of

Anyone who
defense articles and
ITAR produces or
defense services
(International sells defense
(providing critical
Traffic in Arms items and
military or
Regulations) defense
intelligence
services.
capability).

The online
COPPA
collection of Any Person or
(Children’s
personal entity under
Online Privacy
information about U.S.
Protection
children under 13 jurisdiction.
Rule)
years of age.

NERC CIP
Standards Improve the All bulk
(NERC Critical security of North power system
Infrastructure America’s power owners and
Protection system. operators.
Standards)


156
156