E-COMMERCE AND MANAGEMENT

INFORMATION SYSTEMS

EMA 5752

Dr. Maria Goyayi

Email: [email protected]
 Learning Outcomes
 Describe the need for electronic transactions in
government and business
 Identify the impact of electronic transactions on
governance, business and society
 Assess various technologies available for electronic
transactions
• Design and implement electronic transactions in
government and business
 Assessment

•Coursework 50%
•Test 1
•Term paper
•Group Assignment
•Examination 50%
Topic 1: Concepts of Management
Information Systems (MIS)
• Information Systems and Management Strategy,
Understanding keywords (Management, Information, and
System)
Principles and elements of MIS
The relationship between organizational structure and MIS
Information requirements for MIS
Different types of MIS
Evolution of MIS
Role of MIS in an Organisation
• Managing Information Systems
Keywords - MIS
• What is Management?
Planning, control, and administration of an organization.
• Management is generally hierarchical:
Top managers handle planning;
Mid – career managers control;
And, junior managers administer.
• What is Information?
Processed data to support management functions
Processing – record, summarize, store, and retrieve.
Present in the required reporting format
 Data, Information and Knowledge
Data - fact or an event statement unrelated to a thing.
• Hard facts - mathematical symbols, text image, sound, or video used to identify,
describe, or represent something.
• Bears no meaning beyond its existence (in itself).
Information - a set of classified and interpreted data used in decision
making
• Combined data with meaning/context;
• Embodies the understanding of a relationship as the relationship between cause
and effect
• Data that has meaning through relational connection
Knowledge - information combined with experience, context, and
interpretation.
• constitutes an additional semantic level derived from information via a process
 Data vs Information
Data Information
• Raw facts representing • Organized and arranged in
events standard formats.
• Arranged to ease understanding
and use.
• Rendered/Processed to support
decision making.
 The Knowledge Organization
Organizational structures are rapidly changing.
From hierarchical to flattened structures.
From centralized to decentralized management.
From rigid to flexible arrangements.
Consequently;
Intra and inter firm businesses easier.
Location and size no longer matters.
Costumer preferences is venerated.
Organizations and the managers continue learning.
Competencies increasingly important.
Flow of information to all stakeholders is important.
The Knowledge Organization
• Intangible assets become key measures of wealth:
Securities, proprietary knowledge, brand, etc.;
Innovation, Intellectual capital, unique business
model;
Credit cards, goodwill, cultural advantages
• Sound IT competencies have become key success factor.
• Qualitative information (Rich information) has become
vital for organisations’ success.
What is an Information System (IS)?
• Systems:
An aggregated “whole” where components abstract or real interact with at
least one other component.
Components work towards a standard goal
Elements and the relationships between determines how the system
works
Four basic components of a system
Inputs - collecting and capturing data
Process mechanisms - transformation of inputs into outputs
Output - producing useful information
Feedback mechanisms - information from the system used to modify
inputs or treatments as needed (Feedbacks supports evaluation at the
input stage.)
What is an Information System (IS)?
• A system that comprises people, machines, and/or methods
organized to collect, process, transmit, and disseminate data that
represent information. (Reeva, van de Wetering & Firth, 2008)
• A coherent and organized combination of information resources
(data, procedures, people, and information technology) in order to
support organizational operations, management, and decision
making.(Esteves, Lagartinho & da Anunciação (2013)
• A set of physical, logical, human and procedural elements which,
through appropriate rules and goals, aimed the production and
availability of information. (Anunciação & Nunes (2016)
 What is an Information System (IS)?
• Computer or non-computer systems designed and built to meet the
information needs of users of the system. (D'Ambra, Wilson & Akter,
2015)
• A dataset which provides information about objects and its attributes
in a given context is called as information system. (Sharma & Kaur,
2021).
• Therefore, IS is a
A unified data and knowledge (soft) infrastructure.
Collect/retrieve, process, store, and dispense information.
Supports decision making and control.
 Information System (IS)
• IS - set of interrelated components that collect,
manipulate, store and disseminate information and
provide a feedback mechanism to achieve a goal
• IS are structured around four essential elements as
proposed by Harold Leavitt in 1960
• Task
• Person
• Structure
 Uses of IS in the Organization
1. Facilitates analysis of problems;
2. Provides deep insight into complex subjects;
3. Supports creation of new products.
4. An IS focuses on the organization and its environment.
5. IS captures all the stakeholders - customers, suppliers,
etc.
6. Regulatory agencies also interact in the IS of firms.
7. Technically, IS are IT-based information systems.
 Components of IS
• Input, processing, and output, and a feedback system
Input - captures or collects raw data
Processing - converts raw input into a meaningful
form.
Output - transfers the processed information the
users.
• The feedback is output returned by the users.
• Feedbacks supports evaluation at the input stage.
 Business information value chain
• For a firm, IS supports the business information value
chain.
• IS adds value by providing problem-solving knowledge.
• The key domains of IS:
• Organizational;
• Management;
• Technological.
• But IS has to fit into the organization’s culture.
• IS cannot replace creativity of the manager
Decision making and IS
Decision making is one of essential management
tasks; forms a big part of management
Decision making occurs at all levels in an organisation
Effective decision making is informed decision making
Managers get informed via information systems, oral
communication, and possibly in other ways
Decision is about making a choice
Decision making and IS.. Cont’
Managerial tasks includes planning, organizing,
staffing, delegating or directing, coordinating or
controlling, reporting, and budgeting
These task are
• An direct application of decisions making (e.g planning, delegating
or directing)
• A result in decisions (e.g hiring new employees, staffing
tasks, organizing work)
Decision making and IS.. Cont’
Decision making involves evaluating the choices/options
available and select the best or a good enough option
IS provides decision makers with information regards the
available alternatives (options)
Any decision is made for a purpose
Decisions can apply
everyday operations
a close future
a more distant future (strategic goals setting)
Decision Making Process

Source: https://kalyan-city.blogspot.com/2011/06/steps-in-decision-making-process-of.html
Decision Making Process
Every decision has a start point (a problem), the end
point (a decision), and some activities in between these,
thus a process.
Once made, a decision may need monitoring for its
effects and of adjustment
Decision process is data-intensive - requires reports,
business documents, analyses, and direct
communication
Typology of Information systems

Source: Zemmouchi-Ghomari, L. (2021). Basic Concepts of Information Systems. In

Contemporary Issues in Information Systems-a Global Perspective. IntechOpen.
Transaction processing system (TPS)
• A computer system that performs and records routine day-
to-day operations necessary for managing affairs
• Primary purpose – to answer routine questions and monitor
transactions flow through the organization
• Operates at operational level
• Tasks, resources, and objectives are predefined and highly
structured.
Management Information System (MIS)
• Supports middle level managers with oversight, control,
decision making, and administrative activities.
• Role - to summarize and report on essential business operations
using data provided by transaction processing systems.
• Primary transaction data gets synthesized, aggregated and
presented in reports format.
• It is an integrated user-machine system for providing
information to support operations, management and decision
making functions in an organization
Decision Support Systems (DSS)
• Supports tactical decision-making
• Used for unusual and rapidly evolving issues, for which there
are no fully predefined procedures
What would impact production schedules if we were to double sales for
December?
What would the level of Return on investment be if the plant schedule were
delayed by more than six months?
• Uses internal information system (TPS and MIS) and
leverages external sources, such as stock quotes or
competitor product prices
Decision Support Systems (DSS) … cont
Features of DSS
• DSS diagnoses problems and proposes possible system re-design.
• Undertakes sensitivity analysis on aspects of the problem.
• DSS supports but does not by itself generate decisions.
Attributes of Decision Support System
• Flexibility – supports easy and speedy decisions.
• Simplicity – uses simplified models of decision making.
• Database: The decision supports the database.
.
 Types of Decision Support
System
• Status inquiry systems - The decisions and solution is
unique relation
• Data analysis systems – processes vary as the
problem.
• Information analysis systems – engages basically in
data analysis.
• Accounting systems – process financial data for control
and decision.
Deterministic Systems
• Deterministic systems are DSSs structured as business models.
a. Behavioral models
Used to understand relationship among variables.
Supports understanding of behavioral relationships.
E.g., a regression model.
b. Management science models
Management systems turned to DSS models. E.g., budgetary
systems, cost accounting systems;
Inventory models, and production management models.
Deterministic Systems.. cont
C. Operations Research (OR) Models
OR models are mathematical models.
OR models address optimization problems
E.g., profit optimization and cost reduction.
Maximizes an objective subject to constraints.
Optimizing inventory allocation and management.
Deterministic Systems.. cont
d. Artificial Intelligence (AI) System
AI is Intelligence supported by knowledge and reasoning.
AI stored in databases for future use.
• AI system falls into three basic categories:
Expert systems - knowledge based;
Natural Language (Native languages) Systems;
And, Perception System (vision, speech, touch);
• AI is a software technique applied to the nonnumeric data.
• The data is presented in symbols, statements, and patterns.
• AI uses the following for problem solving:
symbolic processing,
social and scientific reasoning,
Conceptual modeling.
Executive Support System (ESS)
• Operates at top management level
• Addresses exceptional decisions requiring judgment, assessment, and
a holistic view of the business situation because there is no procedure
to be followed.
• Filters, synthesize and track critical data both from.
• Integrate data from the external environment and integrates
aggregate data from MIS and DSS
• Include business intelligence analysis tools to identify key trends and
forecasts.
Source: https://paginas.fe.up.pt/~acbrito/laudon/ch2/chpt2-1main.htm
 MIS and the Role of DSS
1. The DSS could be an internal part of the MIS
2. DSS can be embedded or kept out of the
MIS:
3. DSS embedded in MIS for internally sourced
information.
4. DSS kept out of MIS when information is
sourced internally and externally.
 IS type and the decision making process

Source: www.umanitoba.ca
What is MIS
• MIS is an integrated user-machine system for providing information to
support operations, management and decision making functions in an
organization.
• MIS supports Management with information for:
Operations
Administration
Decision making
• The foundation of MIS is databases.
• Today’s MIS is a computerized processing system.
• MIS differ from other ISs because:
MIS is used to analyze information
MIS also facilitates strategic and operational activities.
Objectives of MIS
• MIS processes data to support the management functions.
• MIS manages information system (IS) productively:
• Competitive advantage created from using information maximally:
Capturing Data – collects the relevant data.
Processing Data – transforms data into information.
Information Storage – store the information securely.
 Information Retrieval – easy retrieval by authorized users.
Information Propagation – nonstop access and updating.
Pillars of MIS
1) Long-term planning perspective.
2) Respect of an organization’s dynamics and structure.
3) Comprehensiveness and interconnectivity.
4) Hierarchical and wholly participatory
5) Supports all levels of management decisions:
strategic, operational and tactical.
6) Highlights problems and exceptional situations.
7) Driven by Information technology (IT).
8) Computer-based - Hardware, software, and telecom
Primary Components of MIS
• The five primary components of MIS are:
1. Hardware
2. Software
3. Data (information for decision making),
4. Procedures (design, development and documentation),
5. People (individuals, groups, or organizations).
• Raw facts representing events.
• Data is organized in standard formats or databases which makes it
easy to understanding and use.
• MIS is founded on databases.
Evolution of MIS
• At first, MIS treated data and reported at regular intervals.
• Later, data was distinguished from information;
o data being a raw material and,
o information the finished product.
• MIS had to present information in formats that:
o create impact on its user;
o And, provokes a decision or an investigation.
• The concept of exception reporting makes MIS more impactful
• Data is rendered accessible to authorized parties.
• But processed further to suit the needs of different users.
• Data is one, but viewed in different ways.
Evolution of MIS
• The Concept of End-User Computing
End users work with multiple databases.
This decentralized the MIS.
End users became independent of computer professionals.
Then the MIS became a decision making system.
• The Modern Concept of MIS
Handles the databases,
Provides computing facilities to the end user,
gives decision making tools to the users,
And connects firms to organizations.
• MIS is concerned with how to use information.
Evolution of MIS
• The Modern Concept of MIS.. Cont’
Information is generated through data analysis.
Data analyses relies on many academic disciplines.
o Management, Psychology, Human Behavior, Engineering etc.
Thus making MIS more effective and useful.
MIS is founded on the systems theory.
Offers solutions input - output flow challenges.
Using theories of communication.
An input – Process – Output systems without noise.
Ensures flow of information from a source to a destination.
A blend of Management, Information and IT System.
 History of MIS
• MIS growth aligns with growth of computing technology:
1. Mainframe and minicomputer computing;
2. Personal computers;
3. Client/server networks;
4. Enterprise computing;
5. And, Cloud computing.
• Phase 1 - Mainframe and minicomputer computing
Ruled by IBM and their mainframe computers.
Mainframe computers were quite large.
Required teams to run them.
 History of MIS… cont
• Phase 2: Personal Computers
Personal computers (PCs) became popular in 1965.
Microprocessors replaced mainframes and minicomputers.
This accelerated the decentralizing computing power.
Large data centers were replaced with smaller offices.
By late 1970s PCs make computing cheaper.
Low cost computers became mass market commodities.
More individuals were computing with PCs.
History of MIS…. cont
• Phase 3: Client/Server
Computers were linked to servers.
Servers share information via a common network access.
Data sets became accessible to many simultaneously.
• Phase 4: Enterprise Computing
High speed networks became popular.
Firms could integrate all aspects of the activities.
MIS linking all aspects of a firm’s activities was created.
Using computers became an important skill for all persons.
History of MIS…. cont
• Phase 5: Cloud Computing
This (the latest) employs networking technology extensively.
Applications and data storage are delivered to users.
This is independent of configuration, location or hardware.
High speed cell phone and Wi-Fi networks are also delivered.
Managers use the MIS remotely via any networked device.
This has increased the possibility of having multiple jobs.
Physical view of MIS
• MIS has sub-systems for:
Data collection;
Transaction processing and validating;
Processing;
Analyzes and storing of information in databases.
• The subsystem can be at the micro or macro-levels.
• MIS is dynamic and subject to change.
Changes occur from internal management process.
Changes emanate also from the external environment.
Role of MIS in an Organisation
• MIS in an organization is akin to the heart in the body.
Support to sub-systems - MIS works through a variety of
systems, such as;
Query Systems,
Analysis Systems,
Modeling Systems,
And, Decision supporting systems.
Role of MIS in an Organisation … cont
Support for Long term (Strategic) Planning - MIS helps
long term planning in several ways, including;
Strategic Planning and Management Control,
Operational Control and Transaction Processing.
Support for Transaction Processing
• Answers queries on the data relating to transactions;
• Helps the junior management personnel by;
Role of MIS in an Organisation … cont
• Support for Short Term Planning
• Helps the mid career managers in the following;
short them planning,
target setting and
and, controlling the business functions.
• Helps the top managers in the following;
goal setting,
strategic planning and
evolving the business plans
and, the business plan implementation.
 Role of MIS in Public Sector Organizations
• Public Sector IS (PIS) need to cover eight main areas of
responsibility
1. information systems planning;
2. organizational structures and staffing;
3. data management;
4. computing and data management architecture;
5. information systems development;
6. information technology acquisition;
7. training, and technical support.
Role of MIS in Public Sector Organisations..
cont
• Centralized Vs. Decentralized PISs
• A centralized PIS may be efficient, but difficult to
manage.
• A decentralized PIS spreads the tasks, but may be
wasteful.
• A mix of central and local action is considered most
effective.
MIS and Public Sector Accountability
• The broad set of accountabilities in public sectors
include:
Managerial accountability;
Political accountability;
And, Financial accountability
Types of Information
• There are four main types of information, namely;
Descriptive information,
diagnostic information,
predictive information, and
prescriptive information.
Implementation of MIS/PIS
• Sound MIS Implementation Requirements
The system satisfies the information needs of the
user.
The system offers the required services to the
users.
The demands of users are respected.
Improves decision making capability.
Factors for successful MIS
1. Expediency/Appropriateness
2. Appropriate technology
3. Productivity
4. Adaptability
5. Operational feasibility
6. Goal oriented
7. Human sensitive
8. User friendly
9. Need oriented
Why MIS Fail
1. Poor conception
2. Incompleteness
3. Poor quality control
4. Poor administration and usage
 TOPIC 2

INTRODUCTION TO E-
COMMERCE AND E-
GOVERNANCE
Dr. Maria Goyayi
Email: [email protected]
E-Commerce - Introduction
• Organizations have now been striving to applying
technologies based on the Internet, World Wide Web
and wireless communications to transform their
businesses for over 15 years since the creation of the
first web site
• Deploying these technologies has offered many
opportunities for innovative e-businesses to be
created based on new approaches to business
Year Company Category of innovation and business model founded

1994 Amazon Retailer

1995 eBay. Online auction
1996 1996 Hotmail Web-based e-mail, Viral marketing (using e-mail signatures to
(hotmail.com) promote service),Purchased by Microsoft in 1997
1998 1998 GoTo.com Pay-per-click search marketing.
(goto.com)
1998 1998 Google Search engine.
(google.com)
1999 Blogger (blogger.com Blog publishing platform Purchased by
Google in 2003
1999 1999 Alibaba B2B marketplace with $1.7 billion IPO on Hong Kong stock
(alibaba.com). exchange in 2007

2008 2008 Facebook most-visited social media website with Live Feeds
Electronic data interchange – Rise of e-business
• In the 1960s businesses realized that
• many of the documents exchanged among businesses
contained standard information
• By sending the information electronically in a standard
format, the businesses could save money on printing, mailing,
and re-entry of data.
• Electronic transfer of data also introduces fewer errors than
manual transfer and saves time.
 Technology and Commerce
• Commerce is based on the specialization of skills.
• Commerce is a negotiated exchange of valuable objects or services
between at least two parties and includes all activities that each of the
parties undertakes the complete the transaction.
• Two different perspectives of commerce:
i. The buyer’s viewpoint
ii. The seller’s viewpoint
• Both perspectives will illustrate that commerce involves a number of
distinct activities, called business processes.
The buyer’s Perspective
1.Identify a specific need
2.Search for products or services that will satisfy the
specific need
3.Select a vendor
4.Negotiate a purchase transaction including delivery
logistics, inspection, testing, and acceptance
5.Make payment
6.Perform/obtain maintenance if necessary
 The sellers’ perspective
1.Conduct market research to identify customer needs
2.Create a product or service to meet those needs
3.Advertise and promote the product or service
4.Negotiate a sales transaction including delivery
logistics, inspection, testing, and acceptance
5.Ship goods and invoice the customer
6.Receive and process customer payments
7.Provide after sales support and maintenance
 Business Process
• Business processes are the activities involved
in conducting commerce.
• Examples include:
Transferring funds
Placing orders
Sending invoices
Shipping goods to customers
What is e-commerce?
• The use of electronic data transmission to implement or
enhance any business activity
• The exchange or buying and selling of goods and service by
using electronic means
• All electronically mediated information exchanges between
an organization and its external stakeholders (Kalakota and
Whinston, 1997)
• Moreover, e-commerce is not just about buying and selling as
it is also about electronically communicating, collaborating
and discovering information (Turban et al, 2004)
Perspectives of e-commerce:

1. A communications perspective
2. A business process perspective
3. A service perspective
4. An online perspective
Models of e-commerce
1.Business to Consumer (B2C)
2.Business to Business (B2B)
3.Consumer to Consumer (C2C)
4.Consumer to Business (C2B)
Electronic business (e-business)
• All electronically mediated information exchanges, both
within an organization and with external stakeholders
supporting the range of business processes.
• E-business is the facilitation of business through the
use of the internet and online technology.
• E-business, similarly to e-commerce, also comes in a
variety of forms that make it relevant for companies in
a variety of industries.
Electronic business (e-business).. cont
• The use of electronic networks for business (usually
with web technology
• IBM defined it as the transformation of key business
through the use of Internet technologies (Chaffey and
Smith, 2008)
• Refers to a broader definition of e-commerce, not just
the buying and selling of goods and services, but also
servicing customers, collaborating with business
partners, and conducting electronic transactions
within an organisation.
Types of e-business models
1.Pure Play – an e-business model where all efforts
and resources are invested in one line of business.
2.Bricks and Clicks – an e-business model that
operates and generates sales both online and
offline.
 Relationship between e-commerce and e-
business

Source :
https://www.springer.com/de/book/9783658083267
The impact of e-commerce
• Access to global markets
• Saves Operational cost of doing business
• Greater choice
• Saves time
• Lower prices
• Availability of information
• Convenience
• Instantaneous Purchase
• Online Advertising
• Enables firms to develop a deep understanding of consumer behaviour
Challenges of e-commerce
1. High start-up cost
2. Increases competition
3. Security concerns
4. Lacks the human touch
5. Product quality
6. Cultural obstacles
7. Legal issues
Information Systems
Security Control
 Information Systems Security Control
 Information systems security control is comprised of the
processes and practices of technologies designed to protect
computing resources (networks, computers, programs and
data) from unwanted, and most importantly, deliberate
intrusions.
 In essence these are processes that attempts to ensure
confidentiality, integrity, and availability of information.
The Information Security Triad
• Confidentiality - Restrict access to information
to only those who are allowed to see it;
everyone else should be disallowed from
learning anything about its contents.
• Integrity - the assurance that the information
being accessed has not been altered and truly
represents what is intended. Integrity can be
lost through malicious activities or even
unintentionally.
• Availability means that information can be
accessed and modified by anyone authorized to
do so in an appropriate timeframe.
 Information Security Threats
• Threat can be anything that can take advantage of a IS vulnerability to
breach security and negatively alter, erase information to harm object
or objects of interest.
• An attack is a definite action against the vulnerable IS breaching its
security therefore either changing or erasing information as a result
harming the organisation or a person
• Information Security threats can be many like Software attacks, theft of
intellectual property, identity theft, theft of equipment or information,
sabotage, and information extortion.
• Software attacks means attack by Viruses, Worms, Trojan Horses etc.
Many users believe that malware, virus, worms, bots are all same
things. But they are not same, only similarity is that they all are
malicious software that behaves differently.
 Information Security Threats
• Malware - a combination of 2 terms- Malicious and Software;
catch-all term for any type of malicious software, regardless
of how it works, its intent, or how it's distributed.
• Malware can be divided in 2 categories:
Infection Methods – Virus, worms, Trojan and Bots
Malware Actions – Adware, spyware, ransomware, scareware,
rootkits and zombies
• A virus is a specific type of malware that self-replicates by
inserting its code into other programs.
 Information Security Threats
• Other threats include:-
Theft of intellectual property
Identity theft
Theft of equipment and information
Sabotage
Information extortion
 Tools for information Security
1. Authentication – a process of identifying a user if the are who they claim to
be.
• Authentication can be accomplished by identifying someone through one or
more of three factors:
Something they know - user ID and password (is easy to compromise and stronger forms
of authentication are sometimes needed)
Something they have - a key or a card, a token (Problematic when that identifying token
is lost or stolen, the identity can be easily stolen).
Something they are - use of a physical characteristic, i.e biometrics such as an eye-scan or
fingerprint (much harder to compromise)
• A more secure way to authenticate a user is to do multi-factor
authentication.
• By combining two or more of the factors, it becomes much more difficult for
someone to misrepresent themselves
 Tools for information Security… cont
2. Access control – ensuring authenticated users can only access
the information resources that are appropriate.
• Access control determines which users are authorized to read,
modify, add, and/or delete information.
• Several different access control models exist. Example
The access control list (ACL) - a list of users who have the
ability to take specific actions on each information resource can
be created.
Role-based access control (RBAC) - Access rights to an
information resource are assigned to the roles and not directly
to user; Users are assigned to roles.
 Tools for information Security… cont
3. Encryption - is a process of encoding data upon its transmission or
storage so that only authorized individuals can access it.
• Encoding is accomplished by a computer program, which encodes the
plain text that needs to be transmitted; then the recipient receives
the cipher text and decodes it (decryption).
• To achieve this the sender and receiver need to agree on the method of
encoding so that both parties can communicate properly.
• Symmetric key encryption – is when parties share the encryption key,
enabling them to encode and decode each other’s messages which is
problematic because the key is available in two different places
• Public key encryption – where parties use two keys: a public key and
a private key.
 Tools for information Security… cont
4. Backups - Another essential tool for information security is a
comprehensive backup plan for the entire organization to ensure business
continuity.
• Not only should the data on the corporate servers be backed up, but
individual computers used throughout the organization should also be
backed up.
• A good backup plan should consist of several components.
A full understanding of the organizational information resources.
Regular backups of all data.
Offsite storage of backup data sets.
Test of data restoration.
• Organisations should also evaluate the effect of information systems
downtime
 Tools for information Security… cont
• Additional concepts related to backup include the following:
Universal Power Supply (UPS). A UPS is a device that
provides battery backup to critical components of the system,
allowing them to stay online longer and/or allowing the IT
staff to shut them down using proper procedures in order to
prevent the data loss that might occur from a power failure.
Alternate, or “hot” sites. Some organizations choose to have
an alternate site where an exact replica of their critical data is
always kept up to date. When the primary site goes down, the
alternate site is immediately brought online so that little or no
downtime is experienced.
 Tools for information Security… cont
5. Firewalls – A concept of protecting the organisations
network i.e all company servers and computers by stopping
packets from outside the organization’s network that do not
meet a strict set of criteria.
• A firewall can exist as a hardware or software (or both).
A hardware firewall is a device that is connected to the network
and filters the packets based on a set of rules.
A software firewall runs on the operating system and intercepts
packets as they arrive to a computer
• A firewall may also be configured to restrict the flow of
packets leaving the organization.
Virtual Private Networks (VPN)
• VPN is a point-to-point connection between a
client and server, or a site-to-site connection
between two servers.
• Connecting using a VPN the device gains access
to the network at the other end of the VPN and
is provided with an IP address on the remote
network, even though it is not physically there.
• A VPN allows a user who is outside of a
corporate network to take a detour around the
firewall and access the internal network from
the outside.
• Through a combination of software and security
measures, this lets an organization allow limited
access to its networks while at the same time
ensuring overall security.
 Tools for information Security… cont
6. Physical Security - is the protection of the actual hardware
and networking components that store and transmit
information resources.
Measures include: -
• Locked doors
• Physical intrusion detection
• Secured equipment
• Environmental monitoring
• Employee training
 Tools for information Security… cont
7. Security Policies – A form of administrative control tool for
implementing an overall security plan.
OR
A formal, brief, and high-level statement or plan that embraces an
organization’s general beliefs, goals, objectives, and acceptable
procedures for the overall organisational information systems security.
• A good information-security policy
Lays out the guidelines for employee use of the information resources of
the company and provides the company recourse in the case that an
employee violates a policy
Addresses any governmental or industry regulations that apply to the
organization.
 Mobile Security
• The concept of BYOD (“Bring Your Own Device”) is a constant debate agenda
in information security forums.
• Organisations need to decide on
Whether to allow mobile devices in the workplace at all.
Should employees be allowed to bring their own devices and use them as part
of their employment activities? Or should we provide the devices to our
employees?
Should employees be allowed to save data on their personal devices?
• Creating a BYOD policy allows employees to integrate themselves more fully
into their job and can bring higher employee satisfaction and productivity.
• A mobile device policy that addresses the following issues: use of the
camera, use of voice recording, application purchases, encryption at rest, Wi-
Fi autoconnect settings, bluetooth settings, VPN use, password settings, lost
or stolen device reporting, and backup
 Usability
• When looking to secure information resources, organizations must
balance the need for security with users’ need to effectively access and
use these resources.
• If a system’s security measures make it difficult to use, then users will
find ways around the security, which may make the system more
vulnerable than it would have been without the security measures!
• Take, for example, password policies; If the organization requires an
extremely long password with several special characters, an employee
may resort to writing it down and putting it in a drawer since it will be
impossible to memorize.
End