chapter 1 : introduction to computer based … · chapter 1: introduction to management information...

MIST 520: MANAGEMENT INFORMATION SYSTEMS

Kamau, G.G. of 53

CHAPTER 1: INTRODUCTION TO MANAGEMENT INFORMATION SYSTEM

Introduction

The chapter introduces the concept of Management Information Systems (MIS).

Definition of key terms is presented towards building up meaning of MIS with an

organization management concept.

Introduction to management

The term management is somewhat common to us in day to today. Based on classical

view introduced by Henri Fayol (1911), the term management refers to the functions

carried out by managers which include:

1. Planning: to examine the future and draw up plans of action

2. Organize: build up the structure, material and human, of the undertaking;

3. Direct or command: maintain activity among the personnel;

4. Co-ordinate: to bind together, unify and harmonize activity and effort;

5. Control: to see that everything occurs in conformity with policy and practice

Data versus Information

Data consists of raw facts, text, graphics and figure that have not been processed and

inadequate for user’s application. Information on the other hand is the results of the

processed data that is sorted, useful and valuable for particular user. For example, in a

business receipts, delivery notes, invoices may constitute data. However, at the end of the

day once this source documents are captured and analyzed the analysis reports produced

become information. The information shall be used to carry out different functions in the

management of the organization.

Quality of information

Several characteristics make information of quality to the user. They include, information

should be:

1. Accurate

Information must be free from errors.

2. Complete

Information has to contain all the important facts as needed to perform the required

processing and what you want to know.

3. Relevant (Communicated to the right user)

Information must be related to the desired performance or useful to what you’re

trying to do.

4. Timely

Information has to be delivered at the right time.

5. Up-to-date or current

Information is useful if it reflects the current state of affairs

6. Cost effective

Cost of producing information in a firm should not exceed the benefit/profit that is

obtained from it.

7. Simple or well presented to user (Understandable to user)


Kamau, G.G. of 53

Information that has been presented should be easy to understand –format, language,

detail level, vocabulary, etc.

8. Security

Only authorized person is allowed to access the information.

9. Confidence of the source e.g. foreign currency exchange mean exchange rates from

Central Bank, Billing Rates from previous month data capture logs, etc.

10. Communicated through the right channel

Different users make audience to varied channels e.g. mass media, social media,

circulars, mobile SMS alerts, telephone calls, emails, websites, face to face, written

print outs, etc.

Understanding the systems theory

System is a collection of related components and has the interaction between them to

accomplish a common objective. System will have the following basic interacting

components;

System characteristics

1. Common purpose or goal: The overall objective(s) of the system are shared by its

components

2. Components: Parts that constitute the system

3. Inter-relationship: One component requires another in order to fulfill its functions

4. Synergy: System as a whole yields more than the sum total output of components

Components of a system

1. Input: Raw materials that enter to the system

2. Output: Results or products/by products of the system

3. Processes: Manipulative functions that convert inputs to outputs

4. Feedback and control: This is an inbuilt mechanism for continuous measurement and

review of the status to ensure the system remains on track according to set standards

of performance

5. Border / Boundary/Interface: Boundary is the line in between internal and external

environment of the system. Interface is the link of interaction between internal and

external environment of the system

6. External environment: What is outside the boundary of the system

Types of systems

Virtually all systems are part of a larger system, called a supra-system and likewise,

virtually all systems can be decomposed into smaller systems, called subsystems. A

system may also be closed or open. A closed system is isolated from its external

environment and it neither influences nor is influenced by that external environment; e.g.

a vacuum, a controlled experiment, etc. However, business systems are usually open

systems. They influence and influenced by their external environments. A system may

also be formal or informal. A formal system is official and documented with clear

standards and documents such as receipts, order notes, etc. Informal systems on the other

hand are not documented they are verbal and include telephone conversations,


Kamau, G.G. of 53

observations and mental clues. Such information is easily lost unless it is captured in a

permanent record. Other systems include deterministic versus probabilistic (stochastic),

self organizing (adaptive) versus non adaptive, etc.

Information System

This is a collection of inter-related components and has the interaction between them to

capture data, process it and produce the useful output information needed by an

individual or organization.

Functions of information system

1. Input : Facts or data from outside the system

2. Processing : Transform the data to information

3. Output : Information that need to be used outside the system

4. Storage : A place to store data for future reference

5. Communication: Transmitting and dissemination of data and information through

carrier media

Categories of Information Systems

Information system can be categorized into TWO; manual and Computer Based

Information System (CBIS). Manual or non-computerized system involves a lot of

paper work, electromechanical tools and user memorization of transactions. Manual or

non-computerized information systems are bulky in storage, laborious and error-prone.

They may also be susceptible to data insecurity and expensive in the long run, besides

being unable to support the performance of the organization effectively and efficiently.

Organizations that insist on manual systems are often out-performed by those that that

adopt CBIS. However, in certain applications and environments manual information

systems may be the only feasible choice. For example in small businesses, most of them

take time to adopt CBIS due to certain demands for CBIS such as infrastructure, ICT

skills, high initial costs, etc.

Computer based information system is an information system that uses computer

hardware and software combined with some set of procedures and human experts to

capture data, manipulate it and provide information.

Components of CBIS

1. Hardware: Hardware can be a single PC, a single main frame or networks of

computers. It also includes physical device to control the process of input and

output like keyboard, mouse and modem.

2. Software : Application program such as MS Office, Macromedia

Dreamweaver and etc.

3. People : Those who are involved with the system or using the system.

4. Data : Consists of facts, text, graphic, figure that can be recorded and that have

specific meaning.

5. Procedures : Instructions and rules to design and use information system


Kamau, G.G. of 53

Advantages of CBIS

1. Versatility: Ability to service multiple applications

2. Diligence: Computers are capable of working for many hours without fatigue other

human weaknesses such as favoritism, going on strike, absenteeism, etc.

3. Speed: Faster response in processing and access to information

4. Enhanced security: Ability to use electronic security codes

5. Vast capacity: Can store large volumes of data in very small space

6. Accuracy: Capable of processing complex problems with high precision

7. Ease of retrieval: Access to electronic data is easier than manual records

8. Cost effectiveness: Overall cost savings in manpower, storage and communication

Disadvantages of CBIS

1. High initial cost: Acquisition of hardware and software is expensive

2. High frequency of replacement/upgrading due to obsoleteness: There is need to

replace hardware and software from time to time to cope with change.

3. Need for special skills: ICT skilled staff are needed

4. Computers cannot think: Computers cannot replace human effort entire because at

times human judgment is needed to solve a problem or make decision.

5. Negative impact in society such as misuse, cyber crime, unemployment,

environmental hazards, etc.

Understanding Management Information Systems (MIS)

Management information systems are information systems that provide information to

managers at various levels of management. Within an organization management can be

divided into three managerial end-user levels; operational management (first line

managers), tactical management (middle management) and the strategic management (top

management). Each of these managerial end users have differing informational needs

dependent on the nature of decisions and the level of planning attended to. A top manager

is an upper-level executive who guides and controls the overall activities of the

organization. They are responsible for the organization’s planning and developing its

mission. They also determine the firm’s strategy and its major policies. They are

president, vice president, chief executive officer, and members of the Board. Middle

managers develop tactical plans, policies, and they coordinate and supervise the activities

of first-line managers. Titles at this level are division manager, department head, plant

manager, and operating manager. A first-line manager is a manager who coordinates and

supervises the activities of operating employees. They solve day-to-day problems.

Common titles for first-line manager include office manager, supervisor, foreman, shift

leaders, etc. Operating employees are not managers. They represent the work force of

organization.

Levels of management:


Kamau, G.G. of 53

This refers to a pyramid model of the hierarchy of command in an organization. It is a

three tier view that conceptualizes management into strategic management, tactical

management and operational management.

The middle level management or tactical management comprises of horizontally into

areas of management. The most common areas are Administration and Finance,

Marketing, Human Resources, Information Technology, Research and Development, etc.

Strategic

Management

EIS & ES

Tactical

Management

MIS & DSS

Operational

Management

(TPS)

Long term plans

Unstructured decisions

Ad hoc and exceptional reports

Summarized reports/graphical

Least frequent reports

Medium term plans

Semi structured decisions

On Demand & Scheduled reports

Fairly summarized reports

Fairly frequent reports

Short term plans (task specific)

Highly structured decisions

Scheduled reports

Very detailed reports

Very frequent reports

In view of this organization structure ISs can be categorized according to that

management pyramid;

1. Operational Management (First Line Managers) requires Information Systems

capable of capturing transactional data from day to day operations. This called a

Transaction Processing System (TPS). The system should be capable of

processing volume of data captured in organizations transactions such as sales

system, inventory system, students’ registration system. The data collected by

these systems may be deposited into the organizations Database Management

System (DBMS) to be used as raw materials for the Middle Level (tactical

managers) Management Information System (MIS). A TPS may be real time or

batch based. Real time means data collected is processed immediately for

immediate output to aid in a current transaction, e.g. Bank Cashier Terminal

Processing System. A batch processing system means data collected is collated

together so that it is processed at one go later in the day or another specified time.


Kamau, G.G. of 53

These systems are easy to automate for they support structured decisions, for

example a Bank Cashier Terminal Processing System can be replaced by an

ATM. With the power of Internet TPS systems can also be based on Internet

infrastructure. An organization can operate a private Internet based TPS where

employees can access the organization’s private Internet accessible database to

conduct transactions from different branches of the organization such as bank

branches network. This called an intranet. These systems can also be extended

further to allow customers and suppliers to for example process their orders or

track their supplies. Such as a system is called extranet. Various organizations are

also embracing IS systems to provide unique services such as e-commerce, e-

ticketing, e-banking, etc.

2. Tactical management: The data collected in the organization DBMS becomes the

raw material for producing information for middle level managers. These

databases are interrogated by an interface called Management Information System

(MIS). Generally speaking an MIS is a system for providing information for

managers. It is therefore a general term for an IS. However, specifically MIS

refers to an IS for providing information for the middle level of management. It is

therefore based on a DBMS that collects data from organization TPS to provide

special information depending on the functional management targeted. At this

level these MIS may also be called Decision Support Systems (DSS) because the

information provided to these tactical managers is meant to aid them in decision

making. A DSS is a system that provides information to aid tactical managers in

the decision making roles. The decisions supported are semi-structured. They use

partial rules automated in the computer system and partly on the manager’s

wisdom and experience. Information used in a DSS is taken from TPS and MIS,

in addition to this external information may also be incorporated. With all the

information gathered, managers can use models contained within a DSS to look at

what might happen if they do certain things. This is a bit like an IF statement that

can be changed, scenarios or goal seeking. If a change is made to the figures then

the output is increased or decreased.

3. Strategic Management: This is the top most level of management. Their use of

information system may not be frequent. However, they need information on

exceptional issues of the organization on demand or on the need to know. At

some low frequency they may also need regular reports. Such reports are highly

summarized and very graphical to allow quick view of the organization at any one

point. Executive information systems are used for this purpose. They have very

user friendly features such as a dashboard with graphics represent various

parameters of interest and allow the CEO to drill down for information and

interrogate the report for any finer details they may need. The nature of decisions

made by this management is unstructured. They have no clear rules but largely

depend on the wisdom and experience of the decision maker. For example a

decision on whether to forge a business alliance, how to raise capital, etc.

Strategic management may also use Expert Systems to be able to make decisions

in areas where they have no adequate expertise. An Expert System is a

knowledge-based computer program or artificial intelligence containing expert


Kamau, G.G. of 53

domain knowledge about objects, events, situations and courses of action, which

emulates the process of human experts in the particular domain. In other words,

expert system is a computer application that performs a task that would otherwise

be performed by a human expert. Expert systems are extensively used in the

medical field. For example, there are expert systems that can diagnose human

illness, and MYCIN is one of the popular expert systems in medical field.

However, Expert Systems can also be used at other levels of management.

CHAPTER 2: INFORMATION SYSTEMS FOR OPERATIONS,

MANAGEMENT AND STRATEGIC ADVANTAGE

Importance of Information Systems

Information systems in an organization are important to all levels of management to

enable managers perform their functions of planning, directing (commanding and

leadership), organizing, controlling and coordinating. They are important at

operational in execution of specific tasks or transaction/application in the day to day

operations of a business, such as accounting, sales, front office automation, etc.

However, an organization may identify unique application area that would make the

firm stand out among its peers or possibly to offer a service far from ordinary as

compared to competitors who are doing business as usual. Such a unique application

of IS by a firm is called strategic application and the system is therefore called a

strategic information system. A strategic information system therefore is an

information that is adopted by an organization in order to give the organization a

unique advantage that gives the firm an edge above the competitors. It is either using

IS to provide a unique service or using IS to provide better services so as to achieve a

competitive advantage or edge. For example providing online ticketing, an extranet to

allow customers to book a hotel room online, a Just In Time (JIT) system to order a

customized luxury car, etc. Ways to gain strategic advantage using IS includes;

1. Cost reduction: A firm can gain profit margin by using IS to reduce number of

staff and reduce production time for its products

2. Raise barriers to new entrants: Where an organization provides advanced system

more than competitors, new entrants may find it difficult to penetrate, e.g.

Safaricom 3G internet while competitors are on GPRS or EDGE technology

3. Establish high switching cost: Where a client has so expensive equipments from

the current supplier and the technology cannot migrate to another supplier the

customers would remain to avoid migration or switching cost; e.g. switching from

one accounting package to another provider may require flesh data entry and

expensive data conversion.

4. Creating new products or services: A company can gain strategic positioning by

using IS to provide a unique service e.g. Mobile Banking, 24-hour loan

processing, etc.

5. Differentiate products or services: An organization may attract customers by

convincing them that their product is different from their customers through

unique interaction and product features by use of IS.


Kamau, G.G. of 53

6. Enhance products or services: Even with current products the company can

enhance them such as longer business hours for customers by reducing after office

batch processing of daily transactions by use of real time transaction processing

system.

7. Establish business alliances: The business can enhance customer experience and

product provision by packaging products with other companies, e.g. a holiday

package that includes air ticket, hotel, tours and travel, etc by use of IS system

inter-linked with other service providers or service advantage smart cards.

8. Locking customers and locking out competitors: Making it impractical for

customers or suppliers to deal with competitors for example MPESA agency

requirements that your partners do not brand with competitors products

In general, beside these strategic uses of IS, MIS systems are specifically important at

various of levels of management to aid in transaction processing and to support

management decisions at various levels.

MIS characteristics

It supports transaction handling and record keeping (Transaction Processing

Systems and office automation systems).

It can be integrated with organization wide Database Management System

(DBMS) which supports centrally all major functional areas of an organization.

This will receive data collected from various operation’s Transaction Processing

Systems (TPS)

From the DBMS various managers can interrogate the MIS to obtain information

for operational, tactical, and strategic level managers with east access to timely

It supports decision –making function especially acting as a data source for the

middle level Decision Support Systems (DSS) for aiding them in their semi-

structured decisions.

MIS enables an organization to adapt to its changing needs.

It promotes security system by providing only access to authorized users.

MIS not only provides statistical and data analysis but also works on the basis on

MBO (management by objectives). MIS is successfully used for measuring

performance and making necessary change in the organizational plans and

procedures. It helps to build relevant and measurable objectives, monitor results,

and send alerts.

Function of MIS

The main functions of MIS are:

Data Processing: Gathering, storage, transmission, processing and getting output

of the data. Making the data into information is a major task.

Prediction: Prediction is based on the historical data by applying the prior

knowledge methodology by using modern mathematics, statistics or simulation.

Prior knowledge varies on the application and with different departments.

Planning: Planning reports are produced based on the enterprise restriction on the

companies and helps in planning each functional department to work reasonably.


Kamau, G.G. of 53

Control: MIS helps in monitoring the operations and inspects the plans. It consists

of differences between operation and plan with respect to data belonging to

different functional department. It controls the timely action of the plans and

analyzes the reasons for the differences between the operations and plan. Thereby

helps managers to accomplish their decision making task successfully.

Assistance: It stores the related problems and frequently used information to

apply them for relative economic benefits. Through this it can derive instant

answers of the related problem.

Advantages and Disadvantages of MIS

An MIS provides the following advantages.

1. It Facilitates planning: MIS improves the quality of plants by providing relevant

information for sound decision - making. Due to increase in the size and complexity

of organizations, managers have lost personal contact with the scene of operations.

2. In Minimizes information overload: MIS change the larger amount of data in to

summarized form and there by avoids the confusion which may arise when managers

are flooded with detailed facts.

3. MIS Encourages Decentralization: Decentralization of authority is possibly when

there is a system for monitoring operations at lower levels. MIS is successfully used

for measuring performance and making necessary change in the organizational plans

and procedures.

4. It brings Co-ordination: MIS facilities integration of specialized activities by

keeping each department aware of the problem and requirements of other

departments. It connects all decision centres in the organization.

5. It makes control easier: MIS serves as a link between managerial planning and

control. It improves the ability of management to evaluate and improve performance.

The used computers has increased the data processing and storage capabilities and

reduced the cost.

6. Facilitates data processing: MIS assembles, process, stores, retrieves, evaluates and

disseminates the information.

7. Creates strategic advantage for an organization such as cost reduction, product

differentiation, etc with end result being higher profitability

Disadvantages

The following are some of the disadvantages of MIS:

MIS is highly sensitive: MIS is very helpful in maintaining logging information of

an authorized user. This needs to monitor constantly.

Quality of outputs is governed by quality of inputs.

MIS budgeting: There is difficulty in maintaining indirect cost and overheads.

Capturing the actual cost needs to have an accrual system having true costs of

outputs which is extremely difficult. It has been difficult to establish definite

findings.

MIS is not flexible to update itself for the changes.

MIS effectiveness decreases towards the top level management. Top management

requires more information than can be supplied by from the internal data captured

by the MIS.

MIS is limited in handling qualitative data: Information accountability is based on

the qualitative factors and the factors like buyer attitude, customer satisfaction,


Kamau, G.G. of 53

political climate, etc. which some time can be cause of success or failure of a

business.

CHAPTER 3: SYSTEMS APPROACH TO PROBLEM SOLVING AND ITS

APPLICATION IN MANAGEMENT

What is systems approach?

The systems approach is a problem solving technique that stresses a systematic

process of problem solving. Problems and opportunities are viewed in a systems

context. Studying a problem and formulating a solution becomes an organized

system of interrelated activities;

1. Define a problem or opportunity in a systems context.

2. Gather data describing the problem or opportunity

3. Identify alternative solutions.

4. Evaluate each alternative solution.

5. Select the best solution.

6. Implement the selected solution.

7. Evaluate the success of the implemented solution.

These activities and steps of the systems approach can be grouped into a smaller

number of stages of problem solving:

a. Understanding a problem or opportunity (steps 1 and 2).

b. Developing a solution (steps 3 through 5).

c. Implementing a solution (steps 6 and 7).

Understanding a Problem or Opportunity

To solve a problem or pursue an opportunity requires a thorough understanding of the

situation at hand. This implies viewing the problem/opportunity in a systematic fashion

within a systems context.

1. Defining Problems and Opportunities. Problems and opportunities must be

identified when using the systems approach. Symptoms must be separated from

problems. Symptoms are merely signals of underlying problems.

a. A problem is a basic condition that causes undesirable results.

b. An opportunity is a condition that presents the potential for desirable

results.

2. Gathering Data and Information. Data and information need to be captured to

gain sufficient background into the problem or opportunity situation. In the

context of a business systems problem, information gathering may encompass the

following:

a. Interviews with employees, customers, and managers.

b. Questionnaires to appropriate end users in the organization.

c. Personal observation or involvement in business operations.

d. Examination of documents, reports, procedures manuals, and other

documentation.

e. Inspecting accounting and management reports to collect operating

statistics, cost data, and performance results.


Kamau, G.G. of 53

f. Development, manipulation, and observation of a model of the business

operations or systems affected by the problem or opportunity.

Identifying Current Organizational Systems. In the systems approach, a problem

or opportunity must be viewed in a systems context. To understand a problem or

opportunity, you must understand both the organizational systems and

environmental systems in which a problem or opportunity arises. You must have

a systemic view of the situation.

a. A Business as a System. A business faced with a problem or opportunity

needs to be viewed as an organizational system operating within a

business environment. This concept helps us isolate and better understand

how a problem or opportunity may be related to the basic system

components of a business.

b. Environmental Systems. A business is a subsystem of society and is

surrounded by other systems in the business environment. Proper

interrelationships with the economic, political, and social stakeholders

within the environment should be maintained. These stakeholders that

interact with a business need to be identified, to determine their effect on a

problem or solution.

c. Organizational Subsystems. Typically a business is subdivided into

subdivisions that compose the organizational subsystem.

i. These typically represent functional areas such as marketing,

manufacturing, and finance, but can also represent geographic

areas, product lines, distribution facilities, work groups, etc.

ii. Decomposition is the process of identifying the boundaries of

subsystems within a business and determining the relationships

between the subsystems. Those subsystems most affected by the

problem or opportunity under consideration need to be identified.

d. Relationships Between Systems. A black box approach aids systems

professionals in analyzing the relationships and interconnections between

subsystems within the firm. In other words, the processing component

remains a black box while inputs and outputs of subsystems are studied.

i. Coupling - the process of determining how tight the function of

subsystems are connected. e.g., JIT - requires a close association

between inventory control and manufacturing.

ii. Decoupling - the process of loosening the connections between

systems. e.g., E-Mail may loosen communications connections

within the organization. People can be more efficient by having

differing avenues of communication available to them.

e. Evaluating Selected Systems. To understand a problem and solve it, you

should try to determine if basic system functions are being properly

performed. This should be done within a systems context by looking at

inputs, processing, outputs, feedback, and control structures.

f. Determining Objectives, Standards, and Constraints - a systems approach

must determine firm objectives, identify standards, and recognize

constraints.


Kamau, G.G. of 53

Developing a Solution

Once you understand a problem or opportunity, you can develop an appropriate solution.

3. Designing Alternative Solutions. Jumping immediately from problem definition

to a single solution limits your options and robs you of the chance to consider the

advantages and disadvantages of several alternatives. Of course, having too many

alternatives can obscure the best solution. Alternative solutions may come from

past experience, advice of others, simulation of business operations models, and

your own intuition and ingenuity. The "doing nothing" option is also a valid

alternative.

4. Evaluating Alternative Solutions. To identify the best solution, the proposed

alternatives need to be evaluated. The goal of evaluation is to determine how well

each alternative solution helps the firm and its selected subsystems meet their

objectives.

a. Evaluation criteria - should reflect the firm's objectives and constraints.

b. Cost Benefit Analysis - Every legitimate solution will have some

advantages or benefits, and some disadvantages or costs. This process

identifies the benefits and costs associated with each alternative solution.

i. Tangible costs - quantified costs such as Hardware, Software and

Staff Salaries.

ii. Intangible Costs - difficult to quantify such as Customer goodwill,

Employee morale caused by system errors and

Installation/conversion problems.

iii. Tangible Benefits - favorable results that the firm has attained such

as Decrease in payroll and Decrease in inventory carry.

iv. Intangible Benefits - hard to estimate and include better customer

service, and better delivery of customer request(s).

5. Selecting the Best Solution. Once all alternative solutions have been evaluated,

they can be compared to each other, and the "best" (most desirable) solution can

be selected. Since the solutions are compared based on multiple criteria (some of

which may be intangible), this selection is not always a simple process.

D. Implementing a Solution

6. Implement the selected solution. Once a solution has been selected, it must be

implemented. An implementation plan may have to be developed. A project

management effort may be required to supervise the implementation of large

projects. Typically, an implementation plan specifies the activities, resources, and

timing needed for proper implementation. This may include:

a. Types and sources of hardware and software.

b. Construction of physical facilities.

c. Hiring and training of personnel.

d. Start-up and operating procedures.

e. Conversion procedures and timetables.

7. Post implementation Review (Evaluate the success of the implemented solution).

The focus of the post implementation review is to determine if the implemented


Kamau, G.G. of 53

solution has indeed helped the firm and selected subsystems meet their system

objectives. If not, the systems approach assumes you will cycle back to a

previous step and make another attempt to find a workable solution.

E. Applying the Systems Approach to Information Systems.

A variety of information systems development methodologies tailor the systems

approach to the process of developing information systems solutions to business

problems. A firm may experience difficulties in applying the systems process to

IS due to: Lack of User Acceptance due to Departmental/unit and/or emotional

conflicts, and the Rapidly changing environmental conditions.

CHAPTER 4: INFORMATION SYSTEMS DEVELOPMENT

Systems Development Life Cycle (SDLC) or sometimes just Systems Life Cycle (SLC)

an Information Systems Development process, used by a systems analyst to develop

information systems of high quality that meet or exceeds customer expectations, within

time and cost estimates, works effectively and efficiently in the current and planned

information technology infrastructure, and is cheap to maintain and cost-effective to

enhance. SDLC is a systematic approach to problem solving and is composed of several

phases, each comprised of multiple steps: systems investigation (systems planning),

systems analysis, systems design, systems implementation and post implementation

support and maintenance. Due to this sequencing of phases it is also referred to as the

waterfall model.

Systems investigations or planning are triggered by a user request. It may be initiated

by user in the user department or an external environment entity such as government,

supplier or customer or a new technology change that demands overhaul of systems, etc.

When this occurs a feasibility study should be conducted to determine the extent of the

problem – whether the problem really exists, its extent and what happen if the problem is

not tackled. The feasibility study aims to establish whether the problem should actually

be solved. One conclusion might be that the problem is too expensive to solve or it is not

worthy, or there is no adequate technical capacity to solve it. A decision may be made to

buy, lease or outsource or not to buy all together. Areas of feasibility include;

1. Financial feasibility: This aims to establish what are the financial costs for solving

the problem and what are the benefits (cost benefit analysis) of solving it.

2. Technical feasibility: Does the necessary technical capacity exist to solve the

problem, can it be hired or procured?

3. Operational feasibility: Can the system work in the organization given existing

systems?

4. Other feasibility may include social, environmental, political, etc.

Systems analysis involves establishing the requirements for solving the problem; such as

what technology will be required, what are the financial costs or budget, when to

implement or deliver the solution, etc. The completion of this exercise is marked by a

SYSTEMS REQUIREMENTS document. This document will act as the invitation for

bidders or Request for Quotations (RFQ) to suppliers. The systems analysis may be done

by a systems analyst from the IT department or by an external consultant.


Kamau, G.G. of 53

Systems design: Once the suppliers bid for supply of the system detailed in the

SYSTEMS REQUIREMENTS in the Invitation to Bid, the suppliers will detail their

proposed solutions in line with the systems requirements. This document is called

SYSTEMS SPECIFICATIONS. The systems specification document details what

systems the supplier proposes to deliver to meet the systems requirements. The

specifications should meet or exceed the systems specifications and should be within the

budget of approved by the procurement committee. As an aid to communication the

supplier may provide a prototype either a demo version of the system or schematic

drawing of the workings of the system. Once the procurement team is satisfied with the

bidder’s proposal they will draw the purchase order which will act as the contract

document for the supplier. It will outline the Terms of Reference for the contractor and

will be used to evaluate the final system that will be delivered. The system specifications

act as the BLUEPRINT for the systems design. Further design includes both the logical

and the physical design. The logical design is the development of specifications while

physical design is the building and testing of the system upon approval by the client.

Systems implementation refers to the delivery of the ordered system when the system

goes live. This is completed by a project team comprising of members from the

contractor and the client department. In order to enhance success and acceptance of the

final system, this stage beside the other stages must include representatives for the

affected user departments as well as the IT department who will be charged with

maintaining the system. For continuity the system could be implemented on phased

implementation, pilot change over direct changeover or parallel changeover. Phased

implementation may involve piecemeal implementation over a duration of time, pilot

change over may involve scaled down number of departments to ensure it works before it

is implemented full scale. Direct changeover is when the system is implemented over the

entire organization at one go. It is very risky in case the system fails but is quick and

cheap. Such changeover should be done during low season of the system usage. Parallel

changeover is when both the old and the new systems are run simultaneously until the

team is confident the users have learnt and the system is satisfactory for live running. A

team of data conversion may be required to convert data from the old system to the new

system. The new system is signed off upon confirmation that it has met the systems

requirements and that the contractor has met the specifications. System implementation

also involves user training. The system delivered should include systems documentations

which become an aid to training and future support. They include systems technical

manuals, user manuals and operational/procedure manuals. During this stage if the

contractor encounters change in specifications they must apply for change request

authorization from the procurement team of the organization.

Post Implementation Review and Support refers to the services that the users may

request after the system has gone live and the contractor has signed off. Whether the

contractor is legally bound to continue providing support services after delivery depends

on the specifications of the Warranty document and any Service Level Agreements

(SLA) established. For continuity the organization should sign for Scheduled Preventive


Kamau, G.G. of 53

Maintenance (SPM). Further to strengthen the internal capacity for support the

organization should establish a help desk or an information centre. A help desk is a team

of ICT support who have been trained on the new system whereas an information centre

is a centre that provides information to a user’s community on frequently asked

questions. It may be an office or even a web based FAQ. The supplier may also

complement support by online chats, email support and telephone support and to some

extent site visits.

Systems development tools

These explain the tools used for designing and building systems. They include system

modeling tools, prototyping tools, and CASE tools. A model is replica of a system that

illustrates how the final system looks like. It is similar to a prototype, where a prototype

is a complete system but in an abbreviated version. A prototype may be a throw away or

an incremental prototype. A throw away prototype will be discarded once the idea has

been clarified but an incremental model may continue to be developed with additional

features so as to be part of the final scaled up system. CASE tools are powerful tools for

developing detailed representation of an organization model.

CHAPTER 5: COMPUTER HARDWARE

Hardware refers to the computer’s physical equipment (input, CPU, output, and storage).

The digital computer is used to organize numbers and alphabetic data; data is represented

in bytes, which can be broken down into eight bits. A bit is a binary digit with two

options: 0 (off) and 1 (on). The other computer classification is the analog computer; it is

used as a measuring device.

1. Input Devices are used to enter raw data into the system. They include devices for

manual human input (keyboard, mouse, trackball, touch screens) and dde - source

data automation (interactive touch screens, magnetic card readers, optical

recognition, and voice recognition). Data may be stored for batch processing or

processed immediately. Data may be in a form acceptable for another machine or

usable by people.

2. Processor Unit includes primary storage and the CPU (control unit and

arithmetic/logic unit).

The control unit includes instruction registers and control circuits. The control

unit (along with the main memory) makes possible the stored program concept of

computer operations. The control unit interprets program instructions; control

circuits are activated to complete operations and results are stored. The

arithmetic/logic unit (ALU) performs all mathematical computations and logical

comparisons. Data are transferred as needed from main memory to the

arithmetic/logic unit for manipulation and then returned to main memory for

additional processing or output.

The CPU physically is a microprocessor that includes the control unit and

arithmetic/logic unit mounted on a silicon chip. A multiprocessing operation

mode is possible when a computer contains more than one microprocessor.


Kamau, G.G. of 53

3. Output Devices – Output that is printed is called a hard copy; output that can be

viewed on a monitor or heard over speakers is called a soft copy.

4. Storage Devices are divided into primary and secondary storages also called

auxiliary storage. Primary storage includes Read Only Memory (ROM) and

Random Access Memory (RAM). ROM contains the manufacturer’s firm ware

but the RAM provides the computer’s working memory. The secondary storage is

used for data that are saved for future processing. Processed data are saved using

unique file names to identify the information or program. Common devices

include magnetic disk, optical disc, DVD, USB flash drive, and magnetic tape.

5. Data Communication and Networking equipment: These are devices used for

interconnecting of computers and data communication. They include modems,

network switches, network cards, routers, bridges, LANs and WANs, Wi-Fi, etc.

B. Types of Computers

1 Today’s computer systems fall into one of the following categories:

1. Supercomputers

2. Mainframe Computers

3. Minicomputers or Midrange Computers

4. Microcomputers, or personal computers

Supercomputers:

• Most powerful computer made

• Physically they are the largest

• Process huge amounts of data

• Can house thousands of processors

• Relatively rare because of size and cost.

• Used by large corporations, universities and government agencies.

Mainframe Computers

• Used in large organizations like insurance companies, and banks where many

people need frequent access to the same data, which is usually organized into one

or more databases.

• Airlines, Government Agencies (Federal Aviation Administration and Census

Bureau) track information about large populations, individual tax records, payroll,

and more.

• Are being used more and more as specialized servers on the World Wide Web,

enabling companies to offer secure transactions with customers over the Internet.

• Many enterprises are connecting personal computers and personal computer

networks to their mainframe system. This allows access to the mainframe data

and services and also enables them to take advantage of local storage and

processing, as well as other features of the PC or network.

• Houses an enormous volume of data (literally billions of records)

• Mainframe can occupy entire rooms or even an entire floor of a high-rise

building. Special air conditioning systems are used to keep them cool and on

raised floors to accommodate all the wiring needed to connect the system.


Kamau, G.G. of 53

Minicomputers

• Abbreviated version of mainframe computers.

• The capabilities are somewhere between mainframes and PC.

• Minicomputers can handle much more input and output than personal computers

can.

• Designed for a single user, most are designed to handle multiple terminals.

• Can be used as a server for PC’s

Microcomputers, or Personal Computers

• The microcomputer is “the computer for the masses” and personal computing

• Microcomputers include the following types: Desktop models, including

workstations, notebook computers (laptops), Network Computers (netbooks),

Mini laptops and Handheld personal computers, PDAs

CHAPTER 6: COMPUTER SOFTWARE

Types of software

Computer software refers to the set of instructions that are used by the computer for its

data processing. Software can be categorized into systems software and application

software.

System software: refers to a collection of software required by the computer to perform

its own internal process. This software includes firmware, operating systems and utility

programs.

Firmware: These are native programs that are loaded to the computer at the point of

manufacture and are embedded as a part of the computer basic configuration in Read

Only Memory (ROM) chip or its variance equivalent. These programs perform Basic

Input Output Systems (BIOS) functions such as performing Power-On Self Test (POST)

or Pre-Operational Self Test when the computer is powered on. In absence of an

operating system the firmware will load and await further instructions of the system

administrator on the location of the operating system. They may also include various

system drivers and hardware equipment drivers supplied by equipment manufacturer.

Operating systems: refers to programs that support the basic functions or operations of a

computer system. Examples of operating systems include Ms Windows, UNIX, Mac Os,

Novell Netware, etc. These functions including;

i. Booting a computer (i.e. preparing a computer for use by initializing its hardware

and software resources)

ii. Providing user interface: or the human computer interface that enables interaction

of a computer user with the computer system e.g. Windows Graphical User

Interface (GUI) using Windows Icon Menu and Pointer (WIMP) interactions

iii. Managing memory of the computer: It allocates how the computer memory is

utilized during processing


Kamau, G.G. of 53

iv. Hardware and software interface: The operating system provides a platform to

load hardware drivers and help various hardware added to the computer system to

interact with the software

v. System resources management (Interrupt request handling): these include all the

resources of the computer apart from the memory management. Each resource in

the computer is assigned a unique identity code called IRQ that identifies the

priority given to that resource when it calls for attention from the processor

vi. Error handling: during processing the operating system responds to errors that

may arise such as output device missing, memory overflow, etc.

vii. Security management: The operating system includes access controls and

authentication mechanism to ensure the system maintains its integrity and data

reliability and is secure from unauthorized access

Utility programs

These are programs that expand the capacity of the computer by providing other

additional services. They include software developers’ tools such as programming

languages – compilers, debuggers, linkers, translators, and assemblers; systems tools and

accessories such as antivirus, backup and restore, media players, CD burning software,

Adobe Reader, Games, etc.

Application software

These are user programs that have been developed to deliver a specific functionality for

what a user does in his or her day to day operations. This means the application software

required by the computer depends on who the user is. Accountants need accounting

software, statisticians need statistical packages, school needs a school management

system, etc. Further application software is categorized according to nature of its

distribution. If the package is available as off-the-shelf then it is referred to as

application package, examples include Ms Office packages, QuickBooks, SPSS, etc. If

it is tailor-made by in-house development of hired or internal team of software

developers it is called be-spoke software. Application packages are cheap for they are

mass produced but may not be adequate for unique functionalities of an organization.

However, be-spoke software is expensive and many times the developers may choose to

package is to sell to other similar organizations.

Depending on the terms of sale, software may also be commercial or open-source.

Commercial software is available for sale and cannot be duplicated or altered without the

authority of the owner. Such acts of illegal reproduction are referred to as piracy.

However, open-source software is free to use and to modify. However, owners of the

software may change for some special rights on services such as installation and support.

Over the Internet a number of software can also be downloaded as freeware, shareware,

demo versions or commercial software. Freeware are absolutely free to use. Shareware

are copyrighted and shared free of charge but a donation may be expected or some

limitations may exist if you use it regularly, demo versions are commercial softwares

given as trial version to use for a period of time or with limited functionality or with a


Kamau, G.G. of 53

penalty of carrying developers banner ads. However, one is expected to purchase the

commercial version after working with the demo version.

Application Packages Used to Support End-User Computing

These refer to a number of application packages used for office automation and by

knowledge workers. They can be classified into;

i. Word processors

ii. Spreadsheets

iii. Databases

iv. Presentation graphics

v. Desktop Publishing packages

vi. Photo and Video editors

vii. Statistical packages

viii. Accounting packages, etc.

CHAPTER 7: DATA RESOURCE MANAGEMENT

Transaction Processing Systems

A transaction processing system performs routine, day-to-day operation of a business that

helps a company add value to its products and services.

It requires a large amount of input data and produces a large amount of output

without requiring sophisticated or complex processing.

Examples are, order entry, inventory control, payroll, accounts payable, accounts

receivable, and general ledger.

An automated TPS consists of all the components of a CBIS such as hardware,

software, databases, telecommunication, people, and procedures.

A transaction processing system serves the foundation of other systems, such as MIS,

DSS, and AI/ES. These systems handle less input and output, but more sophisticated

and complex processing.

Transactions Processing Methods

Transactions are commonly performed in batch or on-line.

Batch Processing

With batch processing, business transactions are accumulated over a period of time

and prepared for processing as a single unit or batch.


Kamau, G.G. of 53

There is some delay between the occurrence of an event and the processing of the

event.

Examples are, payroll processing, billing, accounts payable, and accounts receivable.

On-Line/Real-Time Processing (OLTP)

With this form of data processing, each transaction is processed immediately, without

the delay of accumulating transactions into a batch.

As soon as the input data is available, a program performs the necessary processing

and updates the records affected by the transaction.

Data in an OLTP always reflect the current status.

On-Line Entry with Delayed Processing

This type of transaction is a compromise between the batch and on-line processing.

With this type of transaction, orders or transactions are entered into the computer

system when they occur, but they are not processed immediately.

Example: A typical mail order system in which orders are accumulated and then it is

forwarded to a warehouse for shipment.

Integrated Transaction Processing System

A firm may integrate all its business activities into a single transaction processing

system. It involves inventory control, order entry, shipping, invoice processing,

accounts receivable, purchase orders, accounts payable, payroll processing, general

ledger, and budget.

Objectives of Transaction Processing Systems

Because of the importance of the transaction processing system, organizations expect

their TPSs to accomplish a number of specific objectives.

Process data generated by and about transactions

The primary objective of any TPS is to capture, process, and store transactions

and to produce a variety of documents related to routine business activities.

Processing orders, purchasing materials, controlling inventory, billing customers,

and paying suppliers, result in transactions that are processed by a TPS.

Ensure data and information integrity and accuracy

One objective of any TPS is error-free data input and processing.

Rules must be in placed and implemented in the programming to ensure data

accuracy before it is stored.

Another of a TPS is to ensure that all data and information stored in the file or

database are accurate, current, and appropriate.

Produce timely documents and reports

Transaction processing systems produce routine documents such as order slip,

shipping order, invoice, purchase order, inventory status report, inventory on-

hand report, customer list, paycheck, and so on.

These documents need to be produced in timely manner to perform routine

business transactions.

Increase labor efficiency


Kamau, G.G. of 53

Transaction processing system can substantially reduce routine clerical and other

labor requirements.

An automated scanning device in a retail store can substantially reduce the item

processing time. This not only increases checkout efficiency but also a reduction

of the manual workforce.

Help provide increased and enhanced service

TPSs can provide services faster than humans, thus increasing the number and

varieties of services it can offer to customers.

Examples are, automated university registration system, automated billing

inquiries, automated bank account transfers, and so on.

Help build and maintain customer loyalty

TPS can be used to build customer loyalty.

Examples are, ease of use of the system, easy access of customer account, timely

reporting of information, automated telephone answering and faxing, and web-

based information processing, can help satisfy customers.

Achieve competitive advantage

A competitive advantage provides a significant and long-term benefit for the

organization.

For example, UPS and FedEx systems keep track of a package at each stage of its

traversal. Customers can use a tracking number to find the latest status of the

package.

Some of the ways that companies can achieve competitive advantage are

mentioned below.

Transaction Processing Activities

All transaction processing systems performs a common set of basic data processing

activities. TPSs capture and process data that describe fundamental business transactions.

This data is used to update databases and to produce a variety of reports.


Kamau, G.G. of 53

Transaction Processing Cycle

The business data goes through a transaction processing cycle that includes: Data

Collection, Data Editing, Data Correction, Data Manipulation, Data Storage and

Document Production

Data Collection

The process of capturing and gathering all data necessary to complete transactions is

called data collection.

It can be manual such as completing a purchase order by hand. It can also be

automated via special input device such as scanners and terminals.

Data collection begins with a transaction (such as customer order) and results in the

origination of data that is input to the transaction processing system.

Data should be captured at its source and it should be recorded accurately, in a timely

fashion, with minimal manual effort, and in a manner that can be directly entered to

the computer rather than entering using keys.

Automatic data collection is termed as source data automation. An example is the

use of scanning device at the grocery store to read UPC code and hence the price of

an item. Another example is an employee badge used as a time card when going in

and out of an office building.


Kamau, G.G. of 53

Data Editing

An important step in processing data is to check for validity and completeness of

data. Controls must be placed in the data-entry form.

For example, quantity and cost must be numeric and names must be alphabetic.

Data Correction

A data that is not entered properly needs to be entered correctly.

Data correction involves reentering miskeyed or misscanned data in the data entry

point.

For example, a UPC code not found in the retail store checkout, is given a special

code to complete the transaction for an item.

Data Manipulation

The process of performing calculations and other data transformations is termed data

manipulation.

Examples are, sorting data, summarizing data, finding price of five items, calculating

employee weekly pay, and so on.

Data Storage

Involves updating one or more database tables or files with new transactions.

For example, inserting new customer information, updating customer demographics,

updating inventory transactions, creating new student registration, and so on.


Kamau, G.G. of 53

Document Production

TPSs produce important business documents such as sales receipts, order entry list,

customer list, invoices, purchase orders, inventory on-hand report, paychecks, and so

on.

Documents can be hard copy paper report or displayed on computer screen.

Traditional Transaction Processing Systems

Traditional transaction processing systems include order processing, purchasing, and

accounting. Systems that support these processing are mentioned in the table. We

describe these systems in detail in the following.

Accounts Receivable

A system that manages the cash flow of the company by keeping track of the money

paid by the customers and other companies for goods and services sold to them.

The major output of the accounts receivable system is monthly bills or statement sent

to the customers. See below.

Transactions created by accounts receivable system updates general ledger accounts.

It is also used to generate reports for “aged” accounts, for which payments are

overdue by 30, 60, or 90 days. Reminder notices are created for these accounts.

An important function of the accounting system is to identify bad credit risks. Thus

companies routinely checks customer credit before accepting a new order.

Accounts Payable

A system that manages the cash flow of the company by keeping track of the money

paid to the company on purchases and services received and produces reports such as

Accounts Receivable Aging Report.

Payroll

• Generates payroll checks and stubs, as well as W-2 statements at the end of the year

for tax purposes.

• This can be outsourced to an external company. In this case, the employee file (with

weekly hours and pay rate) is sent to the company and the company deliver the

checks.

• In addition, payroll processing produces employee journal containing various earning

factors as shown in the figure.

General Ledger

A system that produces a detailed list of business transactions designed to

automate financial reporting and data entry.

DATABASE MANAGEMENT SYSTEMS

The guiding principles of TPS systems are: to create data that is current, up-to-date,

accurate, and consistent. To achieve these goals, these systems employ Database

Management System (DBMS) software. A DBMS is a system for managing a collection

of related records. It allows the data to be stored and managed in a single file and thus

facilitates the centralized retrieval of the data. It collects, stores and manipulates data

(data input screens; Edit/Deletion of data screen) and disseminates information (executes


Kamau, G.G. of 53

queries and creates reports). The DBMS also allows the user to query the database and

retrieve the data specific to his/her needs. One of the primary advantages of DBMS is its

ability to limit and control redundant data in multiple systems. Instead of the same data

field being repeated in different files, the information appears just once. Another

advantage of DBMS is that it improves data integrity. Updates are made only once, and

all changes are made for that data element no matter where it appears.

Types of Databases

Manual System - Customer Ledger Cards; Check Book Green Ledger

File-Processing System – Majority of Transaction Processing Systems

Microcomputer DBMS - Single-User Database System

Client/Server DBMS - Multiple-Users on the same LAN

Internet DBMS - Multiple-Users from different locations using Web to share data

Distributed DBMS - Multiple-Servers sharing the data processing load (bank)

Object-Oriented DBMS - processing/data management of objects (new engineering)

What are some of the reasons for implementing a database system?

Improve Data Integrity

Elimination of duplication of data

Data sharing

Centralizing file maintenance

Ease of creating information

Improve data consistency

Improve data accessibility and responsiveness

Advantages of using a database system are:

Centralized management and control over the data . The database administrator is

the focus of the centralized control . Any application requiring a change in the

structure of a data record requires an arrangement with the DBA, who makes the

necessary modifications . Such modifications do not affect other applications or

users of the record in question .

Reduction of Redundancies : Centralized control of data by the DBA avoids

unnecessary duplication of data and effectively reduces the total amount of data

storage required . It also eliminates the extra processing necessary to trace the

required data in a large mass of data . Advantages of DBMS...

Integrity : Centralized control can also ensure that adequate checks are

incorporated in the DBMS to provide data integrity . Data integrity means that the

data contained in the database is both accurate and consistent . Therefore, data

values being entered for the storage could be checked to ensure that they fall

within a specified range and are of the correct format .

Security : Data is of vital importance to an organization and may be confidential .

Such confidential data must not be accessed by unauthorized persons . The DBA

who has the ultimate responsibility for the data in the DBMS can ensure that

proper access procedures are followed, including proper authentication schemes

for access to the DBMS and additional checks before permitting access to


Kamau, G.G. of 53

sensitive data . Different levels of security could be implemented for various

types of data and operations .

Conflict Resolution : Since the database is under the control of the DBA, he/she

should resolve the conflicting requirements of various users and applications . In

essence, the DBA chooses the best file structure and access method to get optimal

performance for the response - critical applications, while permitting less critical

applications to continue to use the database, albeit with a relatively slower

response .

Data Independence : Data independence is usually considered from two points of

view : physical data independence and logical data independence .

Physical data independence allows changes in the physical storage devices or

organization of the files to be made without requiring changes in the conceptual

view or any of the external views and hence in the application programs using the

database . Thus, the files may migrate from one type of physical media to another

or the file structure may change without any need for changes in the application

program .

What are some of the PROBLEMS with moving from a manual to a computerized

DBMS?

o Special personnel

o Cost (New Hardware/Software)

o Conversion Costs (training, duplication of systems)

o Problems with change

Manual System -

Why? Unknown business rules or data needs; very small effort

Problem? Data sharing; Accuracy of data dependent on user

File-Processing System -

Why? Linear data; used for a single purpose

Problem? Inability to create relationships with other data

Microcomputer DBMS - Single-User Database System

Why? Accounting data; relational data; improve data integrity

Problem? Time; level of effort; some business rules can't be modeled; changing

environment; New developments in third-party software

Client/Server DBMS -

Why? Multiple-Users need to share/input data

Problem? Concurrency control issues; data locking Yes/No

Internet DBMS -

Why? Users can share/input data from any terminal with Web access; no special

software needed; multi-site businesses allow customers and vendors to interface

directly

Problem? Harder to control; other people in your data; data corruptions; not all

business functions on Web; combining data for reporting

Distributed DBMS - sharing the data processing load

Why? Business cannot allow system downtime; banks, airlines


Kamau, G.G. of 53

Problem? Cost in hardware, software (requires middleware) and staff

Object-Oriented DBMS -

Why? Intensive object processing (heat-loss photos)

Problem? Difficult to use; limited supply of experts; not cost effective to move

from existing system

The other way of classifying types of databases is by their data model. A data model is

the intangible form in which data is stored. It is kind of like the structure of a database,

but data models are only a theoretical idea; they are abstract concepts that you cannot

touch. Data models are used to describe how the data is stored and retrieved in a

database. Now, we will discuss a few of the types of data models.

Flat-file Database Model or Relational Database:

The flat-file data model is generally used by the old paper-based databases. In this

system, data was stored in numerous files. However, the files were not linked, so often,

data might be repeated in more than one file. This caused everything to be quite

redundant. The original "database," flat-file databases inspired scientists to find a way to

link files so that they would not be repetitive. Example is Ms Access.

Hierarchical Database Model:

The hierarchical database model took steps to get rid of the repetitiveness of the flat-file

database model, but although it was somewhat successful, it did not completely succeed.

There is still a level of redundant data in hierarchical databases.

A hierarchical database consists of a series of databases that are grouped together to

resemble a family tree:

Each of the boxes in the diagram represents one database. The top database in the

hierarchical model is called the "parent" database. The databases under it are called

"child" databases. One "parent" can have many "children," but a "child" can only have

one "parent." The child databases are all connected to the parent database via links called

"pointers."

To get to a child database in the hierarchical database model, you must first go through

the parent database, and then through the levels above it. If you have Microsoft


Kamau, G.G. of 53

Windows, you might realize that this is how Windows Explorer works. First, you open up

a file- usually it's "My Computer." Under "My Computer," you can then choose from a

list of drives.

Notice in the diagram above how the child databases on the same level are not connected.

This presents a problem in the hierarchical database model and makes searching for data

extremely difficult. Another problem is that data cannot be entered into the child

databases until that field has been added to the parent database. This method was quite

inefficient. Thus, although the hierarchical database model reduced some repetitiveness

of data, it also presented many new problems. Hierarchical structures were widely used in

the first mainframe database management systems. However, owing to their restrictions,

they often cannot be used to relate structures that exist in the real world.

Network Database Model:

The network database model was designed to help resolve some of the hierarchical

database model's problems. For one thing, it allowed for links between the child

databases. This no only reduces the chance of redundant data, but also makes searching

for data much easier!

Another improvement of the network database model over the hierarchical model is that

while in the hierarchical model a child database can only have one parent, in the network

model, a child database can have more than one parent! However, the network database

model still had its share of problems. For one thing, it was difficult to execute and

maintain. Only database experts could successfully use these databases. It was difficult

for the general public to use network databases for real-life applications.

One type of network DBMS is a distributed database. A distributed database is a database

that is under the control of a central database management system (DBMS) in which

storage devices are not all attached to a common CPU. It may be stored in multiple

computers located in the same physical location, or may be dispersed over a network of

interconnected computers. Collections of data (e.g. in a database) can be distributed


Kamau, G.G. of 53

across multiple physical locations. A distributed database is distributed into separate

partitions/fragments. Each partition/fragment of a distributed database may be duplicated.

The other type of network database is one which is held centrally but can be accessed

simultaneously by many users remotely using a WAN or locally as part of a LAN.

CHAPTER 8: TELECOMMUNICATIONS AND NETWORKS

A network occurs when two or more computers are connected together, allowing them to

share data and peripherals. A computer which is not connected to any other computer

(not part of a network) is known as a stand-alone computer.

There are two types of networks, these are:

Local Area Networks (LANs)

Wide Area Networks (WANs)

Local Area Networks

A Local area network is when a number of computers are connected together which are

in close proximity to each other, such as in an office building, a school or a home.

Client/Server network

Each computer in the network is known as a workstation (or simply as a station),

although one station on the network will be designated as the file server. This computer

will store all the software that controls the network as well as any software and files that

can be shared by all the computers attached to the network. Generally the file server will

be a more powerful computer (faster processor, more RAM, greater backing storage

capacity) than all the other computers in the network. The stations which contact the

server for access to files or shared resources are known as clients. This network

configuration is called a client/server network.

Advantages of Local Area Networks

There are several advantages to interconnecting computers in a network. These include:

Sharing data and programs such as portable storage media and load it up in each

computer that required it.

Sharing resources. Instead such as printers attached to each computer, you can

attach the peripheral to the network and it is then linked to each station on the

network.

Management. As everything will be saved on the file server, rather than on the hard

disks of each workstation, it means that centralised back-ups of files are available. It

is also possible to manage stations remotely

Security. A username and password are needed to access the network, and different

levels of access can be provided to different users.

Flexible access. You can use any station on the network to access your user space,

you are not restricted to the use of one computer.

Electronic communication. You can use e-mail and chat systems to communicate

with other network users (either individually or simultaneously). With e-S


Kamau, G.G. of 53

mail you can send electronic attachments.

Workgroup computing. This is when many users are working on the same

document simultaneously.

INTERNET PROTOCOL (IP) ADDRESS

An Internet address or IP address is a digital code that identifies a computer (host)

location on the Internet or LAN. The current standard is IP address version 4 (IPv4),

which is a 32 bit long number represented in the form of four octets (eight-bit or one-byte

fields) separated by dots. Each octet is displayed as a decimal number in the range of 0-

255. Examples of valid IP addresses: 192.168.0.1, 205.245.172.72, 10.1.0.22, etc. An

IP address on the Internet or in a local network must be unique so network packets

destined for the host with that address can find it.

Transmission media

The transmission media is how the computers on the network are connected to one

another. In a local area network, the transmission media is owned by the organisation

that owns the LAN. As the stations are relatively close to one another the stations within

a LAN can be connected together using cables or wireless technologies.

Cables

Cabling is the most common medium through which data is transmitted between stations

and devices in a Local Area Network. Network cables include Ethernet and fibre cables.

Wireless LANs

Instead of connecting network devices with cabling, some networks are wireless. These

networks use high frequency radio waves or infrared beams to communicate between the

network devices. Each station on the network will have a wireless network interface

card or network adapter that allows them to send and receive data wirelessly.

Wireless networks are ideal for places where it is difficult or impossible to install cables.

They are also used with portable or remote workstations. Wireless networks also have

some disadvantages in that they can be susceptible to electrical interference, they are

slower than most cabled technologies and security can also be an issue.

Wireless technologies include Infrared, Bluetooth and WiFi (Wireless Fidelity)

Transmission media Twisted pair Coaxial cable Fibre optics wireless

Bandwidth 10 Mbit s-1 500 Mbit s-1 30 Gbit s-1 54 Mbit s-1

Geographical

spread

Small area – in a single building or a site linking buildings which

are in close proximity

Functions Allows sharing of data files, applications and peripherals

Can access work from any workstation on network

Different levels of access can be granted


Kamau, G.G. of 53

Can communicate using e-mail, chat etc

Wide Area Networks

A Wide area network is when a number of computers are connected together which span

a large geographic area, such as a country or continent. WANs often connect multiple

smaller networks together. Typically a WAN consists of two or more Local Area

Networks. The internet is a global network where many LANs and WANs are

interconnected.

Advantages of Wide Area Networks

Wide area networks have much of the same advantages of local area networks, however

some things like sharing peripherals are not practical (although possible) on a wide area

network.

Transmission media

Computers connected to a wide area network are often connected through existing public

networks, but they may also be connected through leased lines (permanent telephone

connection between two points). The transmission media used in wide area networks

they include microwave transmission, satellite links, radio and optical fibres.

Summary of WANs

Transmission media Fibre optics Microwave Satellite Radio

bandwidth 30 Gbit s-1 100 Mbit s-1 100 Mbit s-1 2 Mbit s-1

Geographical

spread

large area – spread throughout a country or the world

functions Allows sharing of data files, applications and peripherals

Can communicate using e-mail, chat and allows video

conferencing

E-commerce

Entertainment

INTERNET Development

The field of computer networking and today’s internet trace their beginnings back to the

early 1960s, a time when the telephone network was the world’s dominant

communication network. Computers were expensive mainframes linked to remote

terminals that were very expensive and could only be afforded by large companies.

The main factors leading to the development of computer networks are:

the falling cost of telecommunication technologies and services

shared access to expensive equipment

the geographic spread of organizations

demand for up-to-date information

The Internet and the World Wide Web S S S


Kamau, G.G. of 53

The internet is a wide area network made up of server computers distributed across the

world. It can be thought of as many smaller networks connected together. One server

will provide some unique information of its own, but it will also point to information on

other servers. These other servers point to still more servers (and possibly back to the

original server).

The internet provides three main services:

The World Wide Web, which gives access to remote databases through browsing or

searching

Electronic mail, which provides one to one (or one to many) communication and

exchange of information

File transfer, which makes it possible to send and receive large amounts of

information.

It also provides several other services including:

E-commerce

On-line banking

On-line shopping

Chat and instant

messaging

Web logs

Bulletin boards

Discussion groups

Streaming video

Video conferencing

The World Wide Web (WWW) is a collection of information held in multimedia form

on the internet. This information is stored at locations known as web sites in the form of

web pages.

Browser

A browser is a program that allows a user to read and navigate web pages. The software

also allows pages to be saved or printed. It also stores a history of recently viewed pages,

and can remember web page addresses using bookmarks. Two of the best known

browsers are Internet Explorer and Mozilla Firefox.


Kamau, G.G. of 53

Web pages

A web page is a document that usually contains information in the form of text, images

and other multimedia types

Web pages are created using a special language known as HTML (hypertext mark-up

language).

Each web page is stored on a web server and is identified by its unique location (address),

commonly known as its URL (uniform resource locator). Here is an example of a

URL:

HTTP://www.computing.com/int2/car.html

Hyperlinks

Some web pages will contain hyperlinks. Typically hyperlinks are used to connect web

pages (in the same or different sites) together. When a hyperlink is clicked, the

connected web page will be retrieved from its server and loaded into your browser.

Search engines

The internet contains millions of web pages on every subject imaginable. The best way

to find information is to use a search engine such as Google.

When you enter a search, you are really searching the database for words that match your

entry. Advanced searches can include operators such as AND or OR to help narrow the

search. The results of the search are placed on a web page that is composed of links and

brief extracts for the original web page. To visit the actual page all you have to do is

click on the hyperlink.

E-mail

Electronic mail (e-mail) is the exchange of computer stored messages by

telecommunication. E-mail messages are usually encoded in ASCII text. However you

can also send non-text files, such as graphic images and sound files as attachments.

The protocol used to retrieve the webpage. Hypertext transfer protocol (HTTP) in this instance.

The domain name which specifies which server has the page. In this case: www.computing.com

The pathname which specifies where the actual page (car.html) is stored on the server.


Kamau, G.G. of 53

Many e-mail systems are now web-based. This means that a user can access their e-mail

from any computer that has a connection to the internet. The software used to access the

e-mail may vary, but the same basic principle and functions apply. The user logs onto an

e-mail server with a username and password, before access is granted. To send an e-mail

message to someone you must first have their e-mail address. This is the location of the

server on the internet where the person’s mailbox can be found. An example is given

below.

The part before the ’@’ symbol is the local part of the address, which is usually the

username of the person on that server. The part after the ‘@’ symbol (ntlworld.com) is

the domain name, which is often the name of the host e-mail service. Together they

make up the e-mail address of the person to whom the message is being sent.

INTRANETS

1. An intranet is a network inside an organization that uses Internet technologies (such

as web browsers and servers, TCP/IP network protocols, HTML hypermedia

document publishing and databases, and so on) to provide an Internet-like

environment within the enterprise for information sharing, communications,

collaboration, and the support of business processes.

2. An intranet is protected by security measures such as passwords, encryption, and fire

walls, and thus can be accessed by authorized users throughout the Internet.

Intranet applications support communications and collaboration, web publishing,

business operations and management, and intranet management. These applications can

be integrated with existing IS resources and applications, and extended to customers,

suppliers, and business partners to create extranets.

EXTRANETS

Extranets are network links that use Internet technologies to interconnect the intranet of a

business with the intranets of its customers, suppliers, or other business partners.

Companies can:

1. Establish direct private network links between themselves, or create private secure

Internet links between them called virtual private networks.

2. Use the unsecured Internet as the extranet link between its intranet and consumers and

others, but rely on encryption of sensitive data and its own fire wall systems to provide

adequate security.

The business value of extranets is derived from several factors:

1. The web browser technology of extranets makes customer and supplier access of

intranet resources a lot easier and faster than previous business methods

2. Extranets enable a company to offer new kinds of interactive Web-enabled

services to their business partners. Thus, extranets are another way that a


Kamau, G.G. of 53

business can build and strengthen strategic relationships with its

customers and suppliers.

3. Extranets enable and improve collaboration by a business with its customers and

other business partners.

4. Extranets facilitate an online, interactive product development, marketing, and

customer- focused process that can bring better designed products to market

faster.

SOCIAL MEDIA IN BUSINESS

Social media refers to online tools and services that allow a user to create public content.

It also allows for the easy sharing of information, including existing content.Examples of

social media include skype, facebook, twitters, blogs, wikis, podcasts, social networks

and Really Simple Syndication (RSS) Feeds, etc.

Classification of Social Media Types

1. Blogs: This is a special type of website for users to easily publish personal articles

to the web. They can be used as public diaries by individuals, but have grown to

other uses such as providing general information about topics the author wishes to

discuss. A blog consists of the post provided by the blogger, date-stamped in a

chronological order, and a comments section underneath for feedback and

discussion on the post. An organisation can setup a blog to inform the public

about its products and services, or individuals within the organisation can blog on

any subject related to their products and services.

2. Micro-blogging: Micro-blogging is a new technology that has been derived from

blogging where users are allowed to publish information online about their

activities, opinions and status, with a character limit on the message being

between 140-200 characters. Users can then post or view comments through

micro-blogging tools such as Twitter, Jaiku and Pownce such that it allows a user

to create or read messages quickly and almost anywhere they wish. This faster

mode of communication is one of the main differences between micro-blogging

and blogging. A second difference is how frequently users can update such a short

message is with less thought and time. Users are therefore more likely to update

their micro-blog more frequently than their general blog. Users also use their

micro-blog to draw people’s attention to posts they have made at their main blog,

providing a link to the post.

3. Collaborative Projects: Collaborative projects allow users to create content

simultaneously using tools such as wikis in a shared repository of knowledge,

with the knowledge base growing over time as users can add, remove, and change

text-based content as need be. The users have power on the information created

rather than the information coming from a centralised source. Wikipedia is an

example of a wiki, where users can edit information on any page, with all the

content generated by users. Social bookmarking tools are another type of

collaborative project, where there is a collection of website links and media

content that is generated by groups of users.

4. Social Networking Sites: Social networking sites are tools that allow users to

create a personal profile of themselves and these personal profiles can then be

connected with friends and colleagues, where information can be shared between

each other to create a network of users, where anyone connected to the network


Kamau, G.G. of 53

can view everyone else’s profile, and therefore interact with them. Popular social

networking sites include Facebook, Twitter, MySpace, and Bebo, etc.

5. Live-casting: This is sharing live content with the intent of interacting with a live

audience. The conversations can have many users interacting, and can include

video conferencing, web conferencing, tele-presence, etc. Other forms include

live podcasting, live blogging and videocasting. Journalists are currently using

these tools to provide live content to users but also corporate users are also using

the tools for remote meetings.

6. Content Communities: Content communities consist of users sharing media such

as text, photos, videos, and presentations content between one another. The

content is uploaded by users to a specific website such as YouTube for videos,

Flickr for photos and Slideshare for presentations, and can be viewed and shared

with other users.

7. Virtual Worlds: Virtual worlds are 3D environments, where users appear as

online embodiment that interacts with other users like they would in real life.

Virtual worlds act like another second life in games where one is immersed in a

virtual state.

CHAPTER 9: E-COMMERCE

E-Commerce is the ability of a company to have a dynamic presence on the Internet

which allowed the company to conduct its business electronically, in essence having an

electronic shop. Products can be advertised, sold and paid for all electronically without

the need for it to be processed by a human being.

Due to the vastness of the internet advertising and the website can be exposed to

hundreds of people around the world for almost nil cost and with information being able

to be changed almost instantly the site can always be kept up to date with all the latest

products to match with consumers demands.

The biggest advantage of E-Commerce is the ability to provide secure shopping

transactions via the internet and coupled with almost instant verification and validation of

credit card transactions. This has caused E-Commerce sites to explode as they cost much

much less than a store front in a town and has the ability to serve many more customers.

In the broad meaning electronic commerce (E-Commerce) is a means of conducting

business using one of many electronic methods, usually involving telephones, computers

(or both).

E-Commerce is not about the technology itself, it is about doing business using the

technology.

Electronic commerce, commonly known as e-commerce or eCommerce, consists of the

buying and selling of products or services over electronic systems such as the Internet

and other computer networks. The amount of trade conducted electronically has grown

extraordinarily with wide-spread Internet usage. A wide variety of commerce is

conducted in this way, spurring and drawing on innovations in electronic funds transfer,


Kamau, G.G. of 53

supply chain management, Internet marketing, online transaction processing, electronic

data interchange (EDI), inventory management systems, and automated data collection

systems. Modern electronic commerce typically uses the World Wide Web at least at

some point in the transaction's lifecycle, although it can encompass a wider range of

technologies such as e-mail as well.

A large percentage of electronic commerce is conducted entirely electronically for virtual

items such as access to premium content on a website, but most electronic commerce

involves the transportation of physical items in some way. Online retailers are sometimes

known as e-tailers and online retail is sometimes known as e-tail. Almost all big retailers

have electronic commerce presence on the World Wide Web.

Types of E-Commerce

E-commerce is the use of Internet and the web to transact business but when we focus on

digitally enabled commercial transactions between and among organizations and

individuals involving information systems under the control of the firm it takes the form

of e-business. Nowadays, 'e' is gaining momentum and most of the things if not

everything is getting digitally enabled. Thus, it becomes very important to clearly draw

the line between different types of commerce or business integrated with the 'e' factor.

There are mainly five types of e-commerce models:

1. Business to Consumer (B2C) - As the name suggests, it is the model involving

businesses and consumers. This is the most common e-commerce segment. In this model,

online businesses sell to individual consumers. When B2C started, it had a small share in

the market but after 1995 its growth was exponential. The basic concept behind this type

is that the online retailers and marketers can sell their products to the online consumer by

using crystal clear data which is made available via various online marketing tools. E.g.

An online pharmacy giving free medical consultation and selling medicines to patients is

following B2C model.

2. Business to Business (B2B) - It is the largest form of e-commerce involving business

of trillions of dollars. In this form, the buyers and sellers are both business entities and do

not involve an individual consumer. It is like the manufacturer supplying goods to the

retailer or wholesaler. E.g. Dell sells computers and other related accessories online but it

is does not manufacture all those products. So, in order to sell those products, it first

purchases them from different businesses i.e. the manufacturers of those products.

3. Consumer to Consumer (C2C) - It facilitates the online transaction of goods or

services between two people. Though there is no visible intermediary involved but the

parties cannot carry out the transactions without the platform which is provided by the

online market maker such as eBay.


Kamau, G.G. of 53

4. Peer to Peer (P2P) - Though it is an e-commerce model but it is more than that. It is a

technology in itself which helps people to directly share computer files and computer

resources without having to go through a central web server. To use this, both sides need

to install the required software so that they can communicate on the common platform.

This type of e-commerce has quite low revenue generation as from the beginning it has

been inclined to the free usage due to which it sometimes got entangled in cyber laws.

5. M-Commerce - It refers to the use of mobile devices for conducting the transactions.

The mobile device holders can contact each other and can conduct the business. Even the

web design and development companies optimize the websites to be viewed correctly on

mobile devices.

There are other types of e-commerce business models too like Business to Employee

(B2E), Government to Business (G2B) and Government to Citizen (G2C) but in essence

they are similar to the above mentioned types. Moreover, it is not necessary that these

models are dedicatedly followed in all the online business types. It may be the case that a

business is using all the models or only one of them or some of them as per its needs.

Advantage and Disadvantage of Ecommerce

E commerce provides many new ways for businesses and consumers to communicate and

conduct business. There are a number of advantages and disadvantages of conducting

business in this manner.

Access to A Global Market: The internet allows companies to have access to a global

market rather than just the potential customers in the surrounding area of there physical

location.

Cutting Out the Middleman: Businesses can sell direct to the consumer rather than

having to sell to a supplier and then them sell it on and make more profit.

A Level Playing Field: A small business can compete and show itself as a professional

company as much as large ones as budgets for setting up a professional site are relatively

cheap to the amount of return you can get on them.

Open 24 Hours: With fully automated payment and order processing systems your site

need never be closed even if your office/warehouse is. Orders can be dispatched during

opening hours while orders can be taken 24 hours a day.

Greater Customer Satisfaction: An E-Commerce website can be a powerful tool for

building customer loyalty if it is effective enough, a well designed website puts the

customer in charge of the relationship, they can buy, browse, ask for help or track the

progress of order they have placed where they want and when they want.


Kamau, G.G. of 53

Reduced Marketing Costs: Internet advertisement being relatively cheap you can reach

many more people at a cheaper cost than using conventional advertising methods.

Better Customer Information: You can quickly and easy analyze your customers by

location and area as well as the products they buy as you will have to request a customers

name and address from them when processing a transaction.

Improved Security: Most E-Commerce suits offered by companies come with built in

security in the software and with the purchase of a dent SSL certificate and some good

server configurations you can safely know that all the details of your customers will be

safe and secure.

As a further thought, many businesses find it easier to buy and sell in U.S. dollars: it is

effectively the major currency of the Internet. In this context, global online customers can

find the concept of peculiar and unfamiliar currencies disconcerting. Some businesses

find they can achieve higher prices online and in US dollars than they would achieve

selling locally or nationally. Given that banks often charge fees for converting currencies,

this is another reason to investigate all of your (national and international) options for

accepting and making online payments.

In brief, it is useful to take a global view with regard the potential and organization of

your e-commerce activities, especially if you are targeting global customers.

A new marketing channel. The Internet provides an important new channel to sell

to consumers. Peterson et al. (1999) suggest that, as a marketing channel, the

Internet has the following characteristics:

the ability to inexpensively store vast amounts of information at different virtual

locations

the availability of powerful and inexpensive means of searching, organizing, and

disseminating such information

interactivity and the ability to provide information on demand

the ability to provide perceptual experiences that are far superior to a printed

catalogue, although not as rich as personal inspection

the capability to serve as a transaction medium

the ability to serve as a physical distribution medium for certain goods (e.g.,

software)

relatively low entry and establishment costs for sellers

no other existing marketing channel possesses all of these characteristics.


Kamau, G.G. of 53

Some disadvantages and constraints of e-commerce include the following.

Time for delivery of physical products. It is possible to visit a local music store

and walk out with a compact disc or a bookstore and leave with a book. E-

commerce is often used to buy goods that are not available locally from

businesses all over the world, meaning that physical goods need to be delivered,

which takes time and costs money. In some cases there are ways around this, for

example, with electronic files of the music or books being accessed across the

Internet, but then these are not physical goods.

Physical product, supplier & delivery uncertainty. When you walk out of a shop

with an item, it's yours. You have it; you know what it is, where it is and how it

looks. In some respects e-commerce purchases are made on trust. This is because,

firstly, not having had physical access to the product, a purchase is made on an

expectation of what that product is and its condition. Secondly, because supplying

businesses can be conducted across the world, it can be uncertain whether or not

they are legitimate businesses and are not just going to take your money. It's

pretty hard to knock on their door to complain or seek legal recourse! Thirdly,

even if the item is sent, it is easy to start wondering whether or not it will ever

arrive.

Perishable goods. Forget about ordering a single gelato ice cream from a shop in

Rome! Though specialized or refrigerated transport can be used, goods bought

and sold via the Internet tend to be durable and non-perishable: they need to

survive the trip from the supplier to the purchasing business or consumer. This

shifts the bias for perishable and/or non-durable goods back towards traditional

supply chain arrangements, or towards relatively more local e-commerce-based

purchases, sales and distribution. In contrast, durable goods can be traded from

almost anyone to almost anyone else, sparking competition for lower prices. In

some cases this leads to disintermediation in which intermediary people and

businesses are bypassed by consumers and by other businesses that are seeking to

purchase more directly from manufacturers.

Limited and selected sensory information. The Internet is an effective conduit for

visual and auditory information: seeing pictures, hearing sounds and reading text.

However it does not allow full scope for our senses: we can see pictures of the

flowers, but not smell their fragrance; we can see pictures of a hammer, but not

feel its weight or balance. Further, when we pick up and inspect something, we

choose what we look at and how we look at it. This is not the case on the Internet.


Kamau, G.G. of 53

If we were looking at buying a car on the Internet, we would see the pictures the

seller had chosen for us to see but not the things we might look for if we were

able to see it in person. And, taking into account our other senses, we can't test the

car to hear the sound of the engine as it changes gears or sense the smell and feel

of the leather seats. There are many ways in which the Internet does not convey

the richness of experiences of the world. This lack of sensory information means

that people are often much more comfortable buying via the Internet generic

goods - things that they have seen or experienced before and about which there is

little ambiguity, rather than unique or complex things.

Returning goods. Returning goods online can be an area of difficulty. The

uncertainties surrounding the initial payment and delivery of goods can be

exacerbated in this process. Will the goods get back to their source? Who pays for

the return postage? Will the refund be paid? Will I be left with nothing? How long

will it take? Contrast this with the offline experience of returning goods to a shop.

Privacy, security, payment, identity, contract. Many issues arise - privacy of

information, security of that information and payment details, whether or not

payment details (eg. credit card details) will be misused, identity theft, contract,

and, whether we have one or not, what laws and legal jurisdiction apply.

Defined services & the unexpected. E-commerce is an effective means for

managing the transaction of known and established services, that is, things that

are everyday. It is not suitable for dealing with the new or unexpected. For

example, a transport company used to dealing with simple packages being asked

if it can transport a hippopotamus, or a customer asking for a book order to be

wrapped in blue and white polka dot paper with a bow. Such requests need human

intervention to investigate and resolve.

Personal service. Although some human interaction can be facilitated via the web,

e-commerce can not provide the richness of interaction provided by personal

service. For most businesses, e-commerce methods provide the equivalent of an

information-rich counter attendant rather than a salesperson. This also means that

feedback about how people react to product and service offerings also tends to be

more granular or perhaps lost using e-commerce approaches. If your only

feedback is that people are (or are not) buying your products or services online,

this is inadequate for evaluating how to change or improve your e-commerce

strategies and/or product and service offerings. Successful business use of e-

commerce typically involves strategies for gaining and applying customer


Kamau, G.G. of 53

feedback. This helps businesses to understand, anticipate and meet changing

online customer needs and preferences, which is critical because of the

comparatively rapid rate of ongoing Internet-based change.

Size and number of transactions. E-commerce is most often conducted using

credit card facilities for payments, and as a result very small and very large

transactions tend not to be conducted online. The size of transactions is also

impacted by the economics of transporting physical goods. For example, any

benefits or conveniences of buying a box of pens online from a US-based

business tend to be eclipsed by the cost of having to pay for them to be delivered

to you in Australia. The delivery costs also mean that buying individual items

from a range of different overseas businesses is significantly more expensive than

buying all of the goods from one overseas business because the goods can be

packaged and shipped together.

Some business processes are difficult to be implemented through electronic

commerce.

Return-on-investment is difficult to apply to electronic commerce.

Businesses face cultural and legal obstacles to conducting electronic commerce.

Benefits Of Ecommerce

E Commerce is one of the most important facets of the Internet to have emerged in the

recent times. Ecommerce or electronic commerce involves carrying out business over the

Internet with the assistance of computers, which are linked to each other forming a

network. To be specific ecommerce would be buying and selling of goods and services

and transfer of funds through digital communications.

The benefits of Ecommerce:

Ecommerce allows people to carry out businesses without the barriers of time or

distance. One can log on to the Internet at any point of time, be it day or night and

purchase or sell anything one desires at a single click of the mouse.

The direct cost-of-sale for an order taken from a web site is lower than through

traditional means (retail, paper based), as there is no human interaction during the

on-line electronic purchase order process. Also, electronic selling virtually

eliminates processing errors, as well as being faster and more convenient for the

visitor.

Ecommerce is ideal for niche products. Customers for such products are usually

few. But in the vast market place i.e. the Internet, even niche products could

generate viable volumes.


Kamau, G.G. of 53

Another important benefit of Ecommerce is that it is the cheapest means of doing

business.

The day-to-day pressures of the marketplace have played their part in reducing the

opportunities for companies to invest in improving their competitive position. A

mature market, increased competitions have all reduced the amount of money

available to invest. If the selling price cannot be increased and the manufactured

cost cannot be decreased then the difference can be in the way the business is

carried out. Ecommerce has provided the solution by decimating the costs, which

are incurred.

From the buyer’s perspective also ecommerce offers a lot of tangible advantages.

1. Reduction in buyer’s sorting out time.

2. Better buyer decisions

3. Less time is spent in resolving invoice and order discrepancies.

4. Increased opportunities for buying alternative products.

The strategic benefit of making a business ‘ecommerce enabled’, is that it helps

reduce the delivery time, labor cost and the cost incurred in the following areas:

1. Document preparation

2. Error detection and correction

3. Reconciliation

4. Mail preparation

5. Telephone calling

6. Data entry

7. Overtime

8. Supervision expenses

Operational benefits of e commerce include reducing both the time and personnel

required to complete business processes, and reducing strain on other resources.

It’s because of all these advantages that one can harness the power of ecommerce

and convert a business to e-business by using powerful turnkey ecommerce

solutions made available by e-business solution providers.

CHAPTER 10: DATA SECURITY & CONTROLS IN INFORMATION

SYSTEMS:

Although data does not show on the balance sheet as an asset, many companies are totally

reliant on the information stored on their PC’s, Laptops and Networks.

http://www.ecommerceeducation.com/ecommerce_solutions.asp

http://www.ecommerceeducation.com/ecommerce_solutions.asp


Kamau, G.G. of 53

Here we look at some of the issues to consider when reviewing the security of your

computer systems, and some of the compliance issues surrounding data security and data

protection.

Data security refers to various vulnerabilities that data and systems are exposed to.

Security controls are measures needed for information systems performance and security,

the legal and ethical implications of the control of computer crime and other societal

impacts of information systems.

Threats to data

Confidentiality, integrity and availability, also known as the CIA triad or AIC triad

(availability, integrity and confidentiality), is a model designed to guide policies for

information security within an organization. The elements of the triad are considered the

three most crucial components of security.

In this context, confidentiality is a set of rules that limits access to information, integrity

is the assurance that the information is trustworthy and accurate, and availability is a

guarantee of reliable access to the information by authorized people. Availability is the

measure carried out to ensure there is no denial of service.

Confidentiality:

Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure

confidentiality are designed to prevent sensitive information from reaching the wrong

people, while making sure that the right people can in fact get it: Access must be

restricted to those authorized to view the data in question. It is common, as well, for data

to be categorized according to the amount and type of damage that could be done should

it fall into unintended hands. More or less stringent measures can then be implemented

according to those categories.

Sometimes safeguarding data confidentiality may involve special training for those privy

to such documents. Such training would typically include security risks that could

threaten this information. Training can help familiarize authorized people with risk

factors and how to guard against them. Further aspects of training can include strong

passwords and password-related best practices and information about social engineering

methods, to prevent them from bending data-handling rules with good intentions and

potentially disastrous results.

A good example of methods used to ensure confidentiality is an account number or

routing number when banking online. Data encryption is a common method of ensuring

confidentiality. User IDs and passwords constitute a standard procedure; two-factor

authentication is becoming the norm. Other options include biometric verification and

security tokens, key fobs or soft tokens. In addition, users can take precautions to


Kamau, G.G. of 53

minimize the number of places where the information appears and the number of times it

is actually transmitted to complete a required transaction. Extra measures might be taken

in the case of extremely sensitive documents, precautions such as storing only on air

gapped computers, disconnected storage devices or, for highly sensitive information, in

hard copy form only.

Integrity:

Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over

its entire life cycle. Data must not be changed in transit, and steps must be taken to ensure

that data cannot be altered by unauthorized people (for example, in a breach of

confidentiality). These measures include file permissions and user access controls.

Version control maybe used to prevent erroneous changes or accidental deletion by

authorized users becoming a problem. In addition, some means must be in place to detect

any changes in data that might occur as a result of non-human-caused events such as an

electromagnetic pulse (EMP) or server crash. Some data might include checksums, even

cryptographic checksums, for verification of integrity. Backups or redundancies must be

available to restore the affected data to its correct state.

Availability:

Availability is best ensured by rigorously maintaining all hardware, performing hardware

repairs immediately when needed and maintaining a correctly functioning operating

system environment that is free of software conflicts. It’s also important to keep current

with all necessary system upgrades. Providing adequate communication bandwidth and

preventing the occurrence of bottlenecks are equally important. Redundancy, failover,

RAID even high-availability clusters can mitigate serious consequences when hardware

issues do occur. Fast and adaptive disaster recovery is essential for the worst case

scenarios; that capacity is reliant on the existence of a comprehensive disaster recovery

plan (DRP). Safeguards against data loss or interruptions in connections must include

unpredictable events such as natural disasters and fire. To prevent data loss from such

occurrences, a backup copy may be stored in a geographically-isolated location, perhaps

even in a fireproof, waterproof safe. Extra security equipment or software such as

firewalls and proxy servers can guard against downtime and unreachable data due to

malicious actions such as denial-of-service (DoS) attacks and network intrusions.

Access security

Good access controls to the computers and the computer network minimise the risks of

data loss.

Access controls can be divided into two main areas:

Physical access – controls over who can enter the premises and who can see personal

data

Logical access – controls to ensure employees only have access to the appropriate

software and data necessary to perform their particular job.

Physical access


Kamau, G.G. of 53

As well as having appropriate physical access controls to the premises – there are other

considerations such as can people see screens from the outside, and is material containing

personal information subject to appropriate disposal procedures?

Logical access

Logical access techniques should be employed to ensure that personnel do not have more

access than is necessary to perform their role. This should be tackled at both the system

level and at applications level. At the system level, for example, some users will not

require access to the accounting software. Common authentication mechanisms are

passwords, personal identification

numbers, cryptographic tokens, biometrics, and smart cards.

At the applications level, for example, with an accounting package it may be desirable

that all users of a purchase ledger can access supplier details and post purchase invoices –

but it may be desirable that only a few of these users also have access to supplier

payment and cheque printing routines.

Passwords

Passwords are one of the measures which can be used to implement access controls.

However, to be at all effective they should:

be relatively long (i.e. 8 characters or more)

contain a mixture of alpha, numeric and other characters (such as &^”)

not be the same for all applications

be changed regularly

be removed or changed when an employee leaves.

Identification Authentication and Authorization

Identification describes a method of ensuring that a subject is the entity it claims to be.

E.g.: A user name or an account number.

Authentication is the method of proving the subjects identity. E.g.: Password,

Passphrase, PIN

Authorization is the method of controlling the access of objects by the subject. E.g.: A

user cannot delete a particular file after logging into the system

Note: There must be a three step process of Identification, Authentication and

Authorization in order for a subject to access an object

Identification Component Requirements: When issuing identification values to users or

subjects, ensure that

Each value should be unique, for user accountability

A standard naming scheme should be followed

The values should be non-descriptive of the users position or task

The values should not be shared between the users.

Authentication Factors: There are 3 general factors for authenticating a subject.

Something a person knows- E.g.: passwords, PIN- least expensive, least secure

Something a person has – E.g.: Access Card, key- expensive, secure

Something a person is- E.g.: Biometrics- most expensive, most secure

Authentication Methods


Kamau, G.G. of 53

1. Biometrics: Verifies an individuals identity by analyzing a unique

personal attribute or behavior. It is the most effective and accurate

method for verifying identification.

Types of Biometric Systems

Finger Print- are based on the ridge endings, bifurcation exhibited by the friction

edges and some minutiae of the finger

Palm Scan- are based on the creases, ridges, and grooves that are unique in each

individuals palm

Hand Geometry- are based on the shape (length, width) of a persons hand and

fingers

Retina Scan- is based on the blood vessel pattern of the retina on the backside of

the eyeball.

Iris Scan- is based on the colored portion of the eye that surrounds the pupil. The

iris has unique patterns, rifts, colors, rings, coronas and furrows.

Signature Dynamics- is based on electrical signals generated due to physical

motion of the hand during signing a document

Keyboard Dynamics- is based on electrical signals generated while the user types

in the keys (passphrase) on the keyboard.

Voice Print- based on human voice

Facial Scan- based on the different bone structures, nose ridges, eye widths,

forehead sizes and chin shapes of the face.

Handy Topography- based on the different peaks, valleys, overall shape and

curvature of the hand.

Types of Biometric Errors

Type I Error: When a biometric system rejects an authorized individual ( false

rejection rate)

Type II Error: When a biometric systems accepts imposters who should be

rejected (false acceptance rate)

Crossover Error Rate (CER): The point at which the false rejection rate equals

false acceptance rate. It is also called as Equal Error Rate (EER).

Passwords: It is the most common form of system identification and authentication

mechanism. A password is a protected string of characters that is used to authenticate an

individual. Password Management. Password should be properly guaranteed, updated,

and kept secret to provide and effective security. Passwords generators can be used to

generate passwords that are uncomplicated, pronounceable, non-dictionary words. If the

user chooses his passwords, the system should enforce certain password requirement like

insisting to use special char, no of char, case sensitivity etc. )

Techniques for Passwords Attack

Electronic monitoring- Listening to network traffic to capture information,

especially when a user is sending her password to an authentication server. The

password can be copied and reused by the attacker at another time, which is called

a replay attack.

Access the password file- Usually done on the authentication server. The

password file contains many users’ passwords and, if compromised, can be the

source of a lot of damage. This file should be protected with access control

mechanisms and encryption.

Brute force attacks Performed with tools that cycle through many possible

character, number, and symbol combinations to uncover a password.


Kamau, G.G. of 53

Dictionary attacks Files of thousands of words are used to compare to the user’s

password until a match is found.

Social engineering An attacker falsely convinces an individual that she has the

necessary authorization to access specific resources

Password checkers can be used to check the strength of the password by trying to break

into the system:

Passwords should be encrypted and hashed

Password aging should be implemented

No of logon attempts should be limited

Cognitive Passwords: Cognitive passwords are facts or opinion-based information used to

verify an individual identity (e.g.: mothers maidens name). This is best used for helpdesk

services, and occasionally used services.

One-Time or Dynamic Passwords: It is a token based system used for authentication

purposes where the service is used only once. It is used in environments that require a

higher level of security than static password provides

Types of token generators

Synchronous (e.g.: SecureID) - A synchronous token device/generator

synchronizes with the authentication service by any of the two means.

Time Based: In this method the token device and the authentication service must

hold the same time within their internal clocks. The time value on the token

device and a secret key are used to create a one time password. This password is

decrypted by the server and compares it to the value that is expected.

Counter Based: In this method the user will need to initiate the logon sequence on

the computer and push a button on the token device. This causes the token device

and the authentication service to advance to the next authentication value. This

value and a base secret are hashed and displayed to the user. The user enters this

resulting value along with a user ID to be authenticated.

Asynchronous: A token device that is using an asynchronous token-generating

method uses a challenge/response scheme to authenticate the user. In this

situation, the authentication server sends the user a challenge, a random value also

called a nonce. The user enters this random value into the token device, which

encrypts it and returns a value that the user uses as a one-time password. The user

sends this value, along with a username, to the authentication server. If the

authentication server can decrypt the value and it is the same challenge value that

was sent earlier, the user is authenticated

Example: SecureID

It is one of the most widely used time-based tokens from RSA Security

It uses a time based synchronous two-factor authentication

Cryptographic Keys

Uses private keys and Digital Signatures

Provides a higher level of security than passwords.

Passphrase: A passphrase is a sequence of characters that is longer than a password and

in some cases, takes the place of a password during an authentication process. The

application transforms the pass phrase into a virtual password and into a format required

by the application. It is more secure that passwords.


Kamau, G.G. of 53

Memory Cards: Holds information but cannot process them. More secure than

passwords but costly e.g.: Swipe cards, ATM cards

Smart Cards: Holds information and has the capability to process information and can

provide a two factor authentication (knows and has)

Categories of Smart Cards

Contact

Contactless

o Hybrid- has 2 chips and supports both contact and contactless

Combi- has a microprocessor that can communicate with both a contact as well as

a contact reader. More expensive and tamperproof than memory cards

Types of smartcard attacks

Fault generation: Introducing of computational errors into smart card with the

goal of uncovering the encryption keys that are being used and stored on cards

Side Channel Attacks: These are non-intrusive attacks and are used to uncover

sensitive information about how a component works without trying to

compromise any type of flaw or weakness. The following are some of the

examples

o Differential Power Analysis: Examining the power emission that are

released during processing

o Electromagnetic Analysis: Examining the frequency that are emitted

Timing: How long a specific process takes to complete

Software Attacks: Inputting instructions into the card that will allow for the

attacker to extract account information. The following are some of the examples

Microprobing: Uses needles to remove the outer protective material on the cards

circuits by using ultrasonic vibrations thus making it easy to tap the card ROM

chip

Identity Management: Identity Management is a broad term that encompasses the use of

different products to identify, authenticate and authorize users through automated means.

Identity management system is the management of the identity life cycle of entities

(subjects or objects) during which:

The identity is established:

a name (or number) is associated to the subject or object;

the identity is re-established: a new or additional name (or number) is connected

to the subject or object;

The identity is described:

one or more attributes which are applicable to this particular subject or object may

be assigned to the identity;

the identity is newly described: one or more attributes which are applicable to this

particular subject or object may be changed;

The identity is destroyed.

Identity Management Challenges

Identity Management Technologies

Authorization Principles

Data backup and restore

Data backup is an essential process for security and needs to be undertaken on a regular

basis. There are a number of points to consider.

Data file locations


Kamau, G.G. of 53

In a network environment some data files might be stored on the server and other data

files stored on local drives. In which case separate backups may be required for both the

server and one or more PC’s.

Backup strategy

There is likely to be a need for two parallel backup procedures; one to cover a complete

systems backup and another to cover the backing up of individual applications’ data files.

Complete systems backup

On a network some form of server backup software should be used to take a complete

copy of the network drive(s). This can normally be set to run overnight. However,

someone will need to be given responsibility for these procedures -

Key areas to consider include:

training in how to use the backup software, alter backup schedules and change backup

file criteria

The person responsible needs to be able to:

adapt the backup criteria as new applications are added

interpret backup logs and react to any errors notified

restore data from backup media

maintain a regular log of backups and where these are stored.

Finally, be aware that some backup utilities only take a mirror image of the hard disc. In

this case, the whole of the hard disc has to be restored even if there is a problem with just

one file or just one folder.

Applications backup

Many accounting and payroll packages have their own backup routines. It is a good idea

to use these (as well as full server backup) on a regular basis, and always just before

period end, or pay period end, update routines.

Local PCs

Remember that some users will have applications data files exclusively on their local

drives (such as payroll data for example) and these will all require their own regular

backup regime.

Backup media

There are about half a dozen different types of backup media available – from the

writable CD capable of storing up to 1gb, through the DVD reader/writer (5gb) up to the

mighty external hard drives (1000gb). Most server backups will use either use tape

cartridges or CD/DVD reader/writers. For more temporary forms of backup, a USB

memory stick/pen (1gb) might be considered.

Backup frequency

A cycle of backups should be retained for a period of time (probably going back at least

12 months – but see Backup retention below). Overwriting the same backup

disc/tape/cd/dvd day after day is not advised.

Backup retention

Backups should be stored in a variety of locations. Obviously, the safest place is off-site.

Physical backup media can be stored in a separate location, whilst some firms may rent

disc space on a service provider’s server, to backup files to.

Issues such as how long certain type of records, accounting records for example, need to

be kept for, should be borne in mind.

Backup media degradation/decomposition

Backup media degrades and the data decomposes over a period of time.

DVD’s are particularly sensitive to light (i.e. they are photosensitive) for example, so

ensure that they are stored in a dark environment.


Kamau, G.G. of 53

RW media is noted as being particularly prone to degradation, and should not be relied

upon for long-term storage.

Backups should be checked on a regular basis for signs of digital decomposition.

Restoring data

As with backup, there are a number of issues to consider.

Total systems restore. This can be a complex procedure in a network environment

and may require specialist network engineers to provide assistance.

Application restore. We recommended above (see Applications backup) a separate

cycle of backups to cover individual applications. If it is necessary to restore the

whole application from these backups, then the restore utility within the package

concerned needs to be used and the correct backup media loaded.

Individual data file(s) restore. These are generally less complex, but nevertheless

care is needed. If the required data files are on the server backup then the restore

utility will need to be used, the correct backup media loaded and the file or files to be

restored identified.

Virus/Spam protection

The prevalence of e-mail viruses and unsolicited spam means that software is required to

filter these items out of the system. This software will require regular updating, along

with all relevant on-going software security patches that need to be applied to the

operating and applications software. Additional network security in the form of firewall

software is also required to protect the network from unauthorised access and potential

network attacks.

A computer virus is a small but a destructive software that corrupts data and files in a

computer or crashes a network system. It is transmitted through 'contaminated' (infected)

data files, introduced into a system via disks or internet.

How to detect that your computer has a virus

2. Your antivirus product is disabled for no reason and cannot be restarted

3. A threat is discovered or Threat Detected window keeps appearing from

your installed antivirus.

4. You receive frequent alerts from your Personal firewall about an unknown

program attempting to connecting to the Internet

5. You receive suspect pop-up alerts frequently for attempted processes you

have no idea about.

6. Your attempted Internet URLs keep getting re-directed to other third

party websites.

7. Strange or unexpected toolbars appear at the top of your web browser

8. Your computer runs slower than usual

9. Your computer freezes, hangs or is unresponsive

10. There are new icons on your Desktop that you do not recognize

11. Your computer restarts by itself (but not a restart caused by Windows

Updates)

12. You see unusual error messages (for example, messages saying there are

missing or corrupt files folders)

13. You are unable to access the Control Panel, Task Manager, Registry

Editor or Command Prompt.


Kamau, G.G. of 53

14. Your files open corrupted or they are changed to shortcuts or other file

type formats.

15. Storage spaces gets filled up all over sudden

16. People receive spam email from your email address with a third-party

email program installed (for example, Microsoft Outlook, Outlook

Express/Windows Mail, Windows Live Mail and Mozilla Thunderbird)

17. Unusual screen activity

18. Failed program execution

19. Failed system bootups when booting , or login credentials changed

20. Unexpected writes to a drive.

How to safeguard your computer from viruses

1. Install a licensed antivirus program. Installing an antivirus program and keeping it

up to date can help defend your computer against viruses. Antivirus programs

scan for viruses trying to get into your email, operating system, or files. New

viruses appear daily, so set your antivirus software to install updates

automatically.

2. Don't open email attachments unless you're expecting them. Many viruses are

attached to email messages and will spread as soon as you open the email

attachment. It's best not to open any attachment unless it's something you're

expecting. For more information, see When to trust an email message.

3. Keep your computer updated. Microsoft releases security updates that can help

protect your computer. Make sure that Windows receives these updates by turning

on Windows automatic updating. For more information, see Turn automatic

updating on or off.

4. Use a firewall. Windows Firewall (or any other firewall) can help alert you to

suspicious activity if a virus or worm attempts to connect to your computer. It can

also block viruses, worms, and hackers from attempting to download potentially

harmful programs to your computer.

5. Use your browser's privacy settings. Being aware of how websites might use your

private information is important to help prevent fraud and identity theft. If you're

using Internet Explorer, you can adjust your Privacy settings or restore the default

settings whenever you want. For details, see Change Internet Explorer 9 privacy

settings.

6. Use a pop-up blocker with your browser. Pop-up windows are small browser

windows that appear on top of the website you're viewing. Although most are

created by advertisers, they can also contain malicious or unsafe code. A pop-up

blocker can prevent some or all of these windows from appearing.

7. The Pop-up Blocker feature in Internet Explorer is turned on by default. To learn

more about changing its settings or turning it on and off, see Change Internet

Explorer 9 privacy settings.

8. Turn on User Account Control (UAC). When changes are going to be made to

your computer that require administrator-level permission, UAC notifies you and

gives you the opportunity to approve the change. UAC can help keep viruses from


Kamau, G.G. of 53

making unwanted changes. To learn more about turning on UAC and adjusting

the settings, see Turn User Account Control on or off.

Employees

All employees should know and understand the firms’ security procedures and the

consequences of abusing these. You might wish to refer to our factsheet which sets out a

model internet and e-mail access policy. Staff dealing with personal data also require

training in the principles of data protection and good information handling practices

Compliance issues

Most businesses process personal data to a greater or lesser degree. If this is the case,

then notification under the Data Protection Act is required. That will then mean on-going

compliance with the principles of information handling and information security. We can

help you with this process to ensure compliance.

Control and Management Issues

Transaction processing systems are the backbone of any organization’s information

systems.

Business Resumption Planning

It is the process of anticipating and providing for disasters. A disaster can be a

flood, fire, earthquake, intentional damage, labor unrest or erasure of an important

file.

Focus on maintaining the integrity of the corporation information and keeping the

information system running until normal operations can be resumed.

Identify potential problems and prepare for the disaster.

Disaster Recovery

The implementation of the business resumption plan.

The primary tools are backups for hardware, software, databases,

telecommunication, and personnel.

Keep a backup copy of software and database to a remote location in a safe,

secure, fireproof, and temperature and humidity controlled environment.

Always train backup personnel in case employees leave the company.

Transaction Processing System Audit

Auditing a TPS system, is an attempt to answer three basic questions:

Does the system meet the business need for which it is developed?

What procedures and controls have been established?

Are the procedures and controls being properly used?

An internal audit is conducted by employees of the organization and an external audit

is conducted by an outside firm.

The auditors inspects all programs, documents, control techniques, the disaster plan,

insurance protection, fire protection, and other system management concerns such as

efficiency and effectiveness of the disk and tape library.

The audit trail allows the auditors to trace any out from the computer system back to

its source documents.