Course Code : MCS-052

Course Title : Principles of Management and Information Systems

Assignment Number : MCA(5)/052/Assign/2014-15

Maximum Marks : 100

Weightage : 25%

Last Dates for Submission : 15th October, 2014 (For July 2014 Session)

15th April, 2015 (For January 2015 Session)

This assignment has eight questions. Answer all questions. Each question is of 10 marks. Rest 20 marks are for viva voce. You may use illustrations and diagrams to enhance the explanations. Please go through the guidelines regarding assignments given in the Programme Guide for the format of presentation. Answer to each part of the question should be confined to about 300 words.

Q.1. What are the different components of an ERP? Outline the main stages in the development of an ERP system ?


ERP is the acronym of Enterprise Resource Planning. ERP utilizes ERP software applications to improve the performance of organizations’ resource planning, management control and operational control. ERP software is multi-module application software that integrates activities across functional departments, from product planning, parts purchasing, inventory control, and product distribution, to order tracking. ERP software may include application modules for the finance, accounting and human resources aspects of a business.

• Enterprise resource planning – integrates all departments and functions throughout an

organization into a single IT system (or integrated set of IT systems) so that employees can make enterprise wide decisions by viewing enterprise wide information on all business operations

There are 2 main types of Components. Viz. Core ERP component – traditional components included in most ERP systems and they primarily focus on internal operations

Extended ERP components - extra components that meet the organizational needs not covered by the core components and primarily focus on external operations.

Core ERP component

1. Accounting and finance component – manages accounting data and financial processes within the enterprise with functions such as general ledger, accounts payable, accounts receivable, budgeting, and asset management

2. Production and materials management component – handles the various aspects of production planning and execution such as demand forecasting, production scheduling, job cost accounting, and quality control

3. Human resource component – tracks employee information including payroll, benefits,

compensation, performance assessment, and assumes compliance with the legal requirements of multiple jurisdictions and tax authorities

Extended ERP component

1. Business intelligence – describes information that people use to support their decision-making efforts

2. Customer relationship management – involves managing all aspects of a customer’s relationships with an organization to increase customer loyalty and retention and an organization’s profitability.

3. Supply chain management – involves the management of information flows between and among stages in a supply chain to maximize total supply chain effectiveness and profitability.

4. E-business – means conducting business on the Internet, not only buying and selling, but also serving customers and collaborating with business partners.

Stages of Development of ERP
ERP Maturity Model

ERP implementation is not the ‘be all’ and ‘end all’ for any growing organisation. Though technology dependent, it is a living system and passes through different stages of development and maturity.

As the business grows, ERP should be adaptable to meet the changing processes, organization structure and demand patterns. There are many challenges that a company which has set up ERP encounters in its endeavour to achieve peak performance.

The most significant results require a lot of effort after the ‘go-live.’ And this is where most companies falter. As such, any ERP system is unique, but the stages of maturity after go-live normally fall into one of the following three stages:

Stage 1: Chaos

The implemented system needs to be streamlined to ensure that all the components of the system are stabilized and work in harmony.

After go-live, the company usually turns its attention to gaining administrative and information stability. At this stage, the focus areas for attention are redefinition of user roles and responsibilities, establishment of new policies to support the ERP infrastructure, and integration and utilization of the information generated from the new ERP system. The maximum energy is however spent on handling the change in the culture brought about by an ERP implementation.

Unfortunately, once through the deadlines of implementation, organizations go back into old habits and routines. The alignment of business processes and ERP definition is lost. Manual systems and reports are created to work around perceived system constraints.

Exceptions, that are not mapped properly during implementation will hinder regular processes time and again. Workarounds that have been designed increase operations and steps in the processes, thereby rendering them inefficient.

All this, coupled with transactional complexity, business case exceptions and frustrated users often drives organizations into their first post-ERP projects. Such organizations will face a lot of problems after golive till they streamline their processes on the ERP system.

Stage 2: Stagnancy

Even after a successful implementation and streamlining of new processes, organizations still do not get the expected benefits from ERP. Such organizations are reasonably satisfied with the implementation but they had hoped for a higher ROI.

Organizations in this stage need to refine and improve the performance of the business. The improvement can be achieved in two phases:

A) Incorporate unused functionalities of the ERP system into the business process. This would help the business in one of the following ways:

• Manual activities would be eliminated and replaced with automated ERP system driven


• Activities mapped using system workarounds can be done away with, thereby reducing transaction

complexity and operation cycle time.

B) Increase the intelligence of the system with advanced planning engines, schedulers, etc. ERP could thus be used as the base foundation on which several other best-of-breed solutions can be built to provide extra business intelligence to the ERP system.

Stage 3: Growth

At this highest stage of development after go-live, organizations seek strategic support from the ERP system. This requires the system to align with the corporate vision and business strategies. The focus moves over to profit, working capital management and people growth.

ERP plays a crucial role in improving the value chain, providing for efficient capital management and optimizing customer/product mixes. The company is thus completely transformed into an entity that is responsive to client needs, has a pulse on market movements and hence can forecast and plan with a higher degree of accuracy.

This calls for a comprehensive approach to the technological, strategic and operational aspects of the ERP system wherein IT forms the backbone of the infrastructure and supports, facilitates and monitors the different resources across the organization at various levels.

Effective post-implementation

To help organizations get the maximum possible benefit from ERP in the post-implementation stage, Ernst & Young recommends a combination of optimization approaches. Leveraging our rich global experience in ERP implementation and reviews, these approaches help bring the right perspective at any stage of the post go-live environment.

ERP optimization

ERP optimization intends to provide an approach to extract maximum benefits from ERP postimplementation.

It comprises three distinct approaches:

• Streamlining of operations to help organizations that have not achieved a stable operating environment post-ERP implementation. There is a high possibility of companies slipping back at this stage if issues are not addressed in time.

A short situational analysis would be done to establish causes and help the company with solutions in stabilizing and streamlining processes.

• Operational improvement by reviewing the existing ERP with the key business drivers in mind.This helps to identify unused functionalities of the ERP application, complex mapping of transactions and neglect of ERP generated reports. The system can then be optimized to improve efficiency.

• Strategic transformation takes the CEO’s perspective of the company’s business strategy. This considers ERP as the backbone to transform organizational strategic objectives into tactical, reliable and measurable goals and monitor them on a continuous basis. Business benefits There are a lot of opportunities for companies desiring to extract maximum value and competitive advantage from the existing ERP system. The benefits to the companies would be:

• Increased efficiencies through integrated processes.

• A strong coherence between strategic objectives and tactical plans and goals.

• Strong alignment of people, processes and technology with organizational goals.

Q.2. What is the role of OLAP in decision-making? What does the term drill mean down in an executive information system?

OLAPThe term, of course, stands for ‘On-Line Analytical Processing’. But that is not only a definition; it’s not even a clear description of what OLAP means. It certainly gives no indication of why you would want to use an OLAP tool, or even what an OLAP tool actually does. And it gives you no help in deciding if a product is an OLAP tool or not.

We hit this problem as soon as we started researching The OLAP Report in late 1994 as we needed to decide which products fell into the category. Deciding what is an OLAP has not got any easier since then, as more and more vendors claim to have ‘OLAP compliant’ products, whatever that may mean (often they don’t even know). It is not possible to rely on the vendors’ own descriptions and membership of the long-defunct OLAP Council was not a reliable indicator of whether or not a company produces OLAP products. For example, several significant OLAP vendors were never members or resigned, and several members were not OLAP vendors. Membership of the instantly moribund replacement Analytical Solutions Forum was even less of a guide, as it was intended to include non-OLAP vendors.

The Codd rules also turned out to be an unsuitable way of detecting ‘OLAP compliance’, so we were forced to create our own definition. It had to be simple, memorable and product-independent, and the resulting definition is the ‘FASMI’ test. The key thing that all OLAP products have in common is multidimensionality, but that is not the only requirement for an OLAP product.

Online Analytical Processing, or OLAP is an approach to quickly provide answers to analytical queries that are multidimensional in nature. OLAP is part of the broader category business intelligence, which also encompasses relational reporting and data mining. The typical applications of OLAP are in business reporting for sales, marketing, management reporting, business process management (BPM), budgeting and forecasting, financial reporting and similar areas. The term OLAP was created as a slight modification of the traditional database term OLTP (Online Transaction Processing).

Databases configured for OLAP employ a multidimensional data model, allowing for complex analytical and ad-hoc queries with a rapid execution time. They borrow aspects of navigational databases and hierarchical databases that are speedier than their relational kin. Drill down in EIS

An Executive Information System (EIS) is a type of management information system intended to facilitate and support the information and decision making needs of senior executives by providing easy access to both internal and external information relevant to meeting the strategic goals of the organization. It is commonly considered as a specialized form of a Decision Support System (DSS).

The emphasis of EIS is on graphical displays and easy-to-use user interfaces. They offer strong reporting and drill-down capabilities. In general, EIS are enterprise-wide DSS that help top-level executives analyze, compare, and highlight trends in important variables so that they can monitor performance and identify opportunities and problems. EIS and data warehousing technologies are converging in the marketplace.

In recent years, the term EIS has lost popularity in favour of Business Intelligence (with the sub areas of reporting, analytics, and digital dashboards).

EIS enables executives to find those data according to user-defined criteria and promote information- based insight and understanding. Unlike a traditional management information system presentation, EIS can distinguish between vital and seldom-used data, and track different key critical activities for executives, both which are helpful in evaluate if the company is meeting its corporate objectives. After realizing its advantages, people have applied EIS in many areas, especially, in manufacturing, marketing,and finance areas.

Basically, manufacturing is the transformation of raw materials into finished goods for sale, or intermediate processes involving the production or finishing of semi-manufactures. It is a large branch of industry and of secondary production. Manufacturing operational control focuses on day-to-day operations, and the central idea of this process is effectiveness and efficiency. To produce meaningful

managerial and operational information for controlling manufacturing operations, the executive has to make changes in the decision processes. EIS provides the evaluation of vendors and buyers, the evaluation of purchased materials and parts, and analysis of critical purchasing areas. Therefore, the executive can oversee and review purchasing operations effectively with EIS. In addition, because production planning and control depends heavily on the plant’s data base and its communications with all manufacturing work centers, EIS also provides an approach to improve production planning and control.

The future of executive info systems will not be bound by mainframe computer systems. This trend allows executives escaping from learning different computer operating systems and substantially decreases the implementation costs for companies. Because utilizing existing software applications lies in this trend, executives will also eliminate the need to learn a new or special language for the EIS package. Future executive information systems will not only provide a system that supports senior executives, but also contain the information needs for middle managers. The future executive information systems will become diverse because of integrating potential new applications and technology into the systems, such as incorporating artificial intelligence (AI) and integrating multimedia characteristics and ISDN technology into an EIS.

In tandem with the growth of the Internet and e-business, the number of digital data sources has increased immensely. These data sources contain important transactional data and are generally interconnected via a network. This has created a pressing need for a suitable executive information system (EIS) that is capable of extracting data from internal and external data sources and providing data analysis on demand for business executives. On-demand data analysis requires an information integration approach that can manage rapid changes in data sources. Existing EISs commonly adopt data warehousing technology to consolidate data from multiple sources in a tailor-made fashion, and support predefined multidimensional data analysis. However, this architecture is neither adaptable to changes in local sources nor flexible enough for ad hoc analyses. This paper develops methods and algorithms for a new EIS architecture that takes advantage of a meta-database to achieve adaptability and flexibility. A PC-based prototype is built to prove the concept.

Q.3. Explain the advantages of outsourcing computer facilities. Also, explain its major drawbacks. In Indian context.


What is outsourcing? : Outsourcing is one operation that combines voice communication, data communication, data processing, video communication and allied technologies to enable a parent organization (Client) to entrust implementation of critical business strategies on development tactics to a partner organization (Service Provider):

Outsourcing is the delegation of a business process to an external service provider. The service provider will then be responsible for the day-to-day running and maintenance of the delegated process.

Take the IT giant Microsoft for example – the complete process of manufacturing their products is outsourced to other businesses. Fees are involved (as you would expect) that will vary depending on the service required. To optimise efficiency, it is good practise to liaise closely with the service provider on a regular basis. This will prevent issues arising due to the lack of understanding and communication between the two parties.

Advantages and Disadvantages of Outsourcing computer facilities Advantage of outsourcing:

To client:

(1) Cost saved in terms of reduced delay, overhead expenses, technology, and infrastructure.

(2) Productivity and efficiency achieved in the mainstream activities.

To Service provider:

(1) Revenue earned in dollars

(2) Jobs and employment generated

(3) International practices inducted

(4) Earnings even at the lower end of education(12th standard) surpassing those of the engineers in any other industry, provided, English language proficiency exists

(5) Client technology having multiplier effect

(6) Ancillary development happening(e.g. 10000 employees using 3000 computers per shift, thus boositng PC manufactures

(7) Boosting of the hardware industry as a whole, by upkeep of technology, cascading to other IT companies

(8) Using the cutting-edge hubs, routers, satellites, under-ocean cables and underground optical fibres: in order to bring voice,images and data from the oversea clients to service providers


To Client:

(1) Agitation against outsourcing in the parent country for loss of jobs

(2) Sharing a lot of confidential material with service provider, which could break the back of the business, if leaked:

(3) Potential loss of customers permanently, if outsourcing not competently handled

(4) Legislative impact of the country of serviceprovider(e.g. women working in night-shifts, which can be legislated against by the government), resulting in break-down of business.

To Service Provider:

(1) Insecurity in business, as theclient can shift shop any day, if not feeling comfortable

(2) High employee turnover, since most people work on stop-gap basis, but do not make their career

(3) Perception as glorified “operation” jobs of a clerical nature

(4) Compromise on traditional values (suchas, spending evening time with family) and occurrence of night shifts

(5) Frequent price negotiations, since prices widely fluctuate due to competition from the Far East (China, Phillipines and Malayasia) who offer cheaper pirces.

(6) Legal and socio-economic issues like night-shifts for,seven-day working per week etc.

Q.4. How does e-business fit into different locations within the production chain? Discuss.


Databases in e-business

Today’s businesses have spent heavily on e-business solutions and web based applications in order to promote and sell products, provide customer service, and interact with business partners on the Web.

The Process:

The Website development process begins with requirements elicitation that involves discussing and analyzing the client requirements. Upon completion of requirements elicitation, a Software Requirements Specifications document (SRS) is produced precisely outlining the system with its goals and functionality. Once finalized, the project is then divided into various milestones and the timeline drawn.

One of the very first milestones is the blueprint development which acts as a prototype for the project. The project then undergoes continuous development and enhancements to the final release of the project.

1. Decision / Planning

2. Website Development / Coding / Graphic Design

3. Testing

4. Website Launch

5. Project Completion

e-Business fit in different location without production chain:

The Internet revolution has advanced to the stage at which every enterprise must become an e-business. This is an imperative and not a choice. Hence, it is necessary to determine when and how an enterprise becomes an e-business.

What is e-business? It is a fundamental change to the way an organization conducts business. An e-business uses Internet technology to:

• Attract, satisfy, and retain the customers who buy its products and services

• Streamline supply chain, manufacturing, and procurement systems to efficiently deliver the right products and services to the customers

• Automate corporate business processes to reduce cost and improve efficiency through self-service

• Capture, analyze, and share business intelligence about customers and company operations. This enables management to make better business decisions and to continually refine business strategy.

An e-business requires a variety of Internet-enabled applications including e-commerce Web sites, portals, supply-chain management, procurement management, online marketplaces, customer relationship management, and enterprise resource planning. All these applications must be integrated with one another to make an enterprise an e-business.

Figure Integration, the Key to E‐Business Drivers of E‐Business Integration

The necessity for businesses to become “zero latency organizations” drives enterprise-wide integration of information systems and applications. For instance, in a smoothly running e-business:

• An order received at an electronic storefront is automatically visible to a customer service representative who must answer customer inquiries about its status.

• The order is automatically propagated to a supply chain application to start a planning and execution operation.

• The order information is exchanged over the Internet with a supplier or partner who provides fulfillment and delivery.

These developments drive the need for e-business integration:

• “Mergers and Acquisitions”

• “Packaged Applications”

• Business Process Re-engineering

• Virtual, Dynamic Supply Chains

• Customer Relationship Management

• Corporate Self-Service

• Business-to-Business Commerce

• Application Service Providers and Hosting

Q.5. What is the purpose of Decision Support Systems in MIS? List the characteristics of Decision Support Systems.


Purpose of DSS in MIS Decision support systems (DSS) are becoming increasingly more critical to the daily operation of organizations. Data warehousing, an integral part of this, provides an infrastructure that enables businesses to extract, cleanse, and store vast amounts of data. The basic purpose of a data warehouse is to empower the knowledge workers with information that allows them to make decisions based on a solid foundation of fact. However, only a fraction of the needed information exists on computers; the vast majority of a firm’s intellectual assets exist as knowledge in the minds of its employees. What is needed is a new generation of knowledge-enabled systems that provides the infrastructure needed to capture, cleanse, store, organize, leverage, and disseminate not only data and information but also the knowledge

of the firm. The purpose of this paper is to propose, as an extension to the data warehouse model, a knowledge warehouse (KW) architecture that will not only facilitate the capturing and coding of knowledge but also enhance the retrieval and sharing of knowledge across the organization. The knowledge warehouse proposed here suggests a different direction for DSS in the next decade. This new direction is based on an expanded purpose of DSS. That is, the purpose of DSS in knowledge improvement. This expanded purpose of DSS also suggests that the effectiveness of a DSS will, in the future, be measured based on how well it promotes and enhances knowledge, how well it improves the mental model(s) and understanding of the decision maker(s) and thereby how well it improves his/her decision making.

Because there are many approaches to decision-making and because of the wide range of domains in which decisions are made, the concept of decision support system (DSS) is very broad. A DSS can take many different forms. In general, we can say that a DSS is a computerized system for helping make decisions. A decision is a choice between alternatives based on estimates of the values of those alternatives. Supporting a decision means helping people working alone or in a group gather intelligence, generate alternatives and make choices. Supporting the choice making process involves supporting the estimation, the evaluation and/or the comparison of alternatives. In practice, references to DSS are usually references to computer applications that perform such a supporting role.

The term decision support system has been used in many different ways (Alter 1980, Power, 2002) and has been defined in various ways depending upon the author’s point of view. Finlay and others define a DSS rather broadly as “a computer-based system that aids the process of decision making.” Turban [4] defines it more specifically as “an interactive, flexible, and adaptable computer-based information system, especially developed for supporting the solution of a non-structured management problem for improved decision making. It utilizes data, provides an easy-to-use interface, and allows for the decision maker’s own insights.”

Other definitions fall between these two extremes. For Little [5], a DSS is a “model-based set of procedures for processing data and judgments to assist a manager in his decision-making.” For Keen [6], a DSS couples the intellectual resources of individuals with the capabilities of the computer to improve the quality of decisions (“DSS are computer-based support for management decision makers who are dealing with semi-structured problems”). Moore and Chang [7] define DSS as extendible systems capable of supporting ad hoc data analysis and decision modeling, oriented toward future planning, and used at irregular, unplanned intervals. For Sprague and Carlson [8], DSS are “interactive computer-based systems that help decision makers utilize data and models to solve unstructured problems.” In contrast, Keen [9] claims that it is impossible to give a precise definition including all the facets of the DSS (“there can be no definition of decision support systems, only of decision support”)”. Nevertheless, according to Power [10], the term decision support system remains a useful and inclusive term for many types of information systems that support decision making. He humorously adds that every time a computerized system is not an on-line transaction processing system (OLTP), someone will be tempted to call it a DSS. As you can see, there is no universally accepted definition of DSS.

In the early days, DSS was filled with magic – we thought that managers would be directly involved with computers to evaluate scenarios and support their decision-making! The dream lost steam and focus in about the mid 80’s. That was because “information” took over from “decisions” in the use of IT. DSS was largely reduced to spreadsheet reports and accessing and reporting historical data. Executive Information Systems (EIS) that followed DSS provided what became routine reporting systems for historical data with their routine, non-imaginative, complex, and even boring interfaces.

Data base extraction and display and spreadsheet reports were very different from the DSS focus and skills for finding and analyzing creative solutions to support decision makers. Following EIS came data warehousing, business intelligence systems, and other information management tools all of which were about reporting historical data and not about DSS for “quantitatively rehearsing the future”. Thanks to our co-founder Dr. Peter Keen who has coined the new phrase “Rehearsing the Future” in his orthcoming new book (2003). That is what DSS is for! There is no reason to gather information for managers except to rehearse the future and make decisions about that future – and do this all in the face of vast uncertainty.

The disciplines of Operations Research and Management Science provided the base of quantitative and modeling tools in the early days of DSS. There were a number of quantitative modeling tools for supporting these creative minds such as optimization, simulation, multi criteria analysis, decision trees, and statistical modeling and forecasting. Today there are many underutilized analytic and quantitative

methods and many powerful new modeling and interface tools that give value to information. OR and MS were highly multidisciplinary. Anyone from any discipline that could contribute to creative problem solving was an asset. The Secretary of the Air Force James G. Roche recently delivered a speech in support of rejuvenating Operations Research. He said “The original ops researchers understood that to

be effective, they needed teams of mathematicians, historians, military theorists, psychologists and economists, among others. They understood the natural complexity of war, to include second-order effects. War is not just a mechanical or scientific act. In practice, it is an art and science that operates in a foggy sea of strategy, politics and luck” (December 2002, OR/MS Today). Any CEO of any organization might very well use similar words.

The multidisciplinary team approach to problem solving is very much an IAADS thrust, as it was for DSS in its intellectual and practical heyday. As an example, most DSS’s involve software and the “interface is the software” – the interface determines ease of use, mesh with decision processes and the range of model-data combinations of value to decision makers. Thus, IAADS has made interface design one of its core priorities. Very soon software users will expect interaction with business software to have the same engaging and entertainment quality as TV programs and computer based games. To achieve this requires teams of designers and developers representing fine art, communications, drama, theater, business, computer science, and others. IAADS has brings together leading experts in design, art, communications, social sciences and multimedia technology to team up with experts in computer science and quantitative analysis to design and build engaging and powerful new interfaces.

The attention to understandable and useful quantitative tools is also being renewed. The accelerating movement is towards new tools for interactive visual simulation and business gaming are creating a “new breed” of quantitative tools. Obviously, the more powerful and valuable the data resources they draw on and the more engaging and interactive the interfaces they lie behind, the greater their contribution to decision makers and decision processes.

IAADS is about the next generation of DSS tools and designers for “rehearsing the future”. IAADS has initiated the rejuvenation of the original spirit of DSS with today’s technologies, methods, tools, processes, skills and needs.

Abbreviated DSS, the term refers to an interactive computerized system that gathers and presents data from a wide range of sources, typically for business purposes. DSS applications are systems and subsystems that help people make decisions based on data that is culled from a wide range of sources.

For example: a national on-line book seller wants to begin selling its products internationally but first needs to determine if that will be a wise business decision. The vendor can use a DSS to gather information from its own resources (using a tool such as OLAP) to determine if the company has the ability or potential ability to expand its business and also from external resources, such as industry data, to determine if there is indeed a demand to meet. The DSS will collect and analyze the data and then present it in a way that can be interpreted by humans. Some decision support systems come very close to acting as artificial intelligence agents.

DSS applications are not single information resources, such as a database or a program that graphically represents sales figures, but the combination of integrated resources working together.

Characteristics of DSS

1. DSS provide support for decision makers mainly semi structured and unstructured situations by bringing together human judgment and computer.

2. Support is provided for various managerial levels

3. Support is provided to individuals as well as to groups.

4. DSS provide support to several interdependent and sequential decisions.

5. It support all phases of the decision-making process.

6. DSS attempt to improve the effectiveness of decision making.

7. Decision maker has complete control over all steps of the decision making process in solving a problem.

8. A DSS usually utilizes models for analyzing decision-making situations.

Benefits of DSS

1. Improving Personal Efficiency

2. Expediting Problem Solving

3. Facilitating Interpersonal Communication

4. Promoting Learning or Training

5. Increasing Organizational Control

Q.6. Discuss the security threats to information systems? How does encryption ensure data security?


Security threats in Information System

Management’s concern with information system security ranks among the ten most important topics in information management. The traditional concerns range from threat by forced entry into computer and storage rooms to destruction fire, earthquake, and hurricane. A more recent concern is the protection of the information system from accidental or intentional threats that might cause the unauthorized modification, disclosure, or destruction of data. The consequences of these events, if realized, are degradation or disrupted service to customers. An investigative study was conducted to determine the executives’ concern for each of a list of twelve threats and to place a new and special threat, computer viruses, in perspective. The results show that these top information systems managers have moved their organizations into the electronic environment but continue to view threats from a pre-connectivity era. The threat of attacks on critical information systems and the infrastructures that depend on them will, in the foreseeable future, be almost impossible to eliminate entirely, owing to the fact that attack tools, networks and network control systems are constantly evolving. As new technologies develop, so too will new attack tools along with the sophistication of the perpetrators who use them.

CSIS focuses its investigations on threats or incidents where the integrity, confidentiality or availability of critical information infrastructure is affected. Three conditions must be present in order for CSIS to initiate an “information operations” investigation. The incident must

1. be a computer-based attack;

2. appear to be orchestrated by a foreign government, terrorist group, or politically motivated extremists; and

3. be done for the purpose of espionage, sabotage, foreign influence, or politically motivated violence (terrorism).

Encryption and Data Security

Data encryption the process of scrambling stored or transmitted information so that it is unintelligible until it is unscrambled by the intended recipient. Historically, data encryption has been used primarily to protect diplomatic and military secrets from foreign governments. It is also now used increasingly by the financial industry to protect money transfers, by merchants to protect credit-card information in electronic commerce, and by corporations to secure sensitive communications of proprietary information.

All modern cryptography is based on the use of algorithms to scramble (encrypt) the original message, called plaintext, into unintelligible babble, called ciphertext. The operation of the algorithm requires the use of a key. Until 1976 the algorithms were symmetric, that is, the key used to encrypt the plaintext was the same as the key used to decrypt the ciphertext. In 1977 the asymmetric or public key algorithm was introduced by the American mathematicians W. Diffie and M. E. Hellman. This algorithm requires two keys, an unguarded public key used to encrypt the plaintext and a guarded private key used for decryption of the ciphertext; the two keys are mathematically related but cannot be deduced from one another. The advantages of asymmetric algorithms are that compromising one of the keys is not sufficient for breaking the cipher and fewer unique keys must be generated.

In 1977 the Data Encryption Standard (DES), a symmetric algorithm, was adopted in the United States as a federal standard. DES and the International Data Encryption Algorithm (IDEA) are the two most commonly used symmetric techniques. The most common asymmetric technique is the RSA algorithm, named after Ronald Rivest, Adi Shami, and Len Adleman, who invented it while at the Massachusetts Institute of Technology in 1977. Other commonly used encryption algorithms include Pretty Good

Privacy (PGP), Secure Sockets Layer (SSL), and Secure Hypertext Transfer Protocol (S-HTTP). The National Institute of Standards and Technology (NIST) is working with industry and the cryptographic community to develop the Advanced Encryption Standard (AES), a mutually acceptable algorithm that will protect sensitive government information and will be used by industry on a voluntary basis. It’s your organization’s worst nightmare: Someone has stolen backup tapes of your database. Sure, you built a secure system, encrypted the most sensitive assets, and built a firewall around the database servers. But the thief took the easy approach: He took the backup tapes, ostensibly to restore your database on a different server, start the database on it, and then browse the data at his leisure. Protecting the database data from such theft is not just good practice; it’s a requirement for compliance with most laws, regulations, and guidelines. How can you protect your database from this vulnerability?

One solution is to encrypt the sensitive data in the database and store the encryption keys in a separate location; without the keys, any stolen data is worthless. However, you must strike a balance between two contradictory concepts: the convenience by which applications can access encryption keys, and the security required to prevent the key theft. And to comply with company and federal regulations, you need a solution immediately, without any complex coding.

With this encrypted data, if the data on the disk is stolen, it can’t be retrieved without the master key, which is in the wallet and not part of the stolen data. Even if the wallet is stolen, the master key can’t be retrieved from it without the wallet password. Hence, the thief can’t decrypt the data, even if he steals the disks or copies the data files. This satisfies the compliance requirements for many regulations and directives. And all of this is done without changing the application or writing complex encryption and key management systems.

Q.7. What is total cost of ownership (TCO)? What are the different cost factors for computation of the TCO of any system? Explain.


Total cost of ownership (TCO) is a financial estimate intended to help buyers and owners determine the direct and indirect costs of a product or system. It is a management accounting concept that can be used in full cost accounting or even ecological economics where it includes social costs.

For manufacturing, as TCO is typically compared with doing business overseas, it goes beyond the initial manufacturing cycle time and cost to make parts. TCO includes a variety of cost of doing business items, for example, ship and re-ship, and opportunity costs, while it also considers incentives developed for an alternative approach. Incentives and other variables include tax credits, common language, expedited

delivery, and customer-oriented supplier visits.

Use of concept

TCO, when incorporated in any financial benefit analysis, provides a cost basis for determining the total economic value of an investment. Examples include: return on investment,internal rate of return, economic value added, return on information technology, and rapid economic justification.

A TCO analysis includes total cost of acquisition and operating costs. A TCO analysis is used to gauge the viability of any capital investment. An enterprise may use it as a product/process comparison tool. It is also used by credit markets and financing agencies. TCO directly relates to an enterprise’s asset and/or related systems total costs across all projects and processes, thus giving a picture of the profitability over time.

What should go into the computation of the TCO of any system? We can group these costs into directand indirect costs.

• Direct costs pertain to the acquisition expenses or the cost of buying the system, and cover all of the following activities:

• Researching possible products to buy, which is essentially a labor cost but may also include materials cost, such as purchase of third-party research reports or consultant fees.

• Designing the system and all the necessary components to ensure that they work well together. Naturally, this cost component will be higher if a move to a totally different system platform is being considered.

• Sourcing the products, which means getting the best possible deal from all possible vendors through solicited bids or market research. It’s often sufficient to get a quotation from three vendors (with the cheapest one not necessarily being the best choice). With the Internet, it’s even easy to get price quotations from sources outside the country, to get a good spectrum of pricing options.

• Purchasing the product(s), which includes the selling price of the hardware, software, and other materials as negotiated with the chosen suppliers. Include all applicable taxes that might be incurred. Don’t forget to consider the costs of the systems at the end-user side; some system choices might entail a change or upgrade at that end.

• Delivering the system, which includes any shipping or transportation charges that might be incurred to get the product into its final installation location.

• Installing the system. Bear in mind that installation also incurs costs in utilities and other environmentals—not just labor costs. If the installation of the system will result in downtime for an existing system, relevant outage costs must be included. Any lost end-user productivity hours during this activity should also be factored in.

• Developing or customizing the application(s) to be used.

• Training users on the new system.

• Deploying the system, including transitioning existing business processes and complete integration with other existing computing resources and applications. Include here the costs to promote the use of the new system among end users.

• Indirect costs address the issues of maintaining availability of the system to end users and keeping the system running, which includes the following:

• Operations management, including every aspect of maintaining normal operations, such as activation and shutdown, job control, output management, and backup and recovery.

• Systems management, such as problem management, change management, performance management, and other areas.

• Maintenance of hardware and software components, including preventive maintenance, corrective maintenance, and general housekeeping.

• Ongoing license fees, especially for software and applications.

• Upgrade costs over time that may be required.

• User support, including ongoing training, help desk facilities, and problem-resolution costs. Remember to include any costs to get assistance from third-parties, such as maintenance agreements and other service subscriptions.

• Environmental factors affecting the system’s external requirements for proper operation, such as air conditioning, power supply, housing, and floor space.

• Other factors that don’t fall into any of the above categories, depending on the type of system deployed and the prevailing circumstances.

All these cost factors seem fairly obvious, but quantifying each cost is difficult or impractical in today’s world, because few organizations have an accounting practice that’s mature enough to identify and break down all these types of expenses in sufficient detail. For example, very few organizations record all employee activities by task and hours used—information you would need to answer questions like these: What support costs did you incur last month? How much time did each user spend in solving computer-related problems? How much work was lost due to downtime on desktop PCs?

Additionally, companies rarely have accurate inventory and asset information regarding their computing systems, especially in large, multi-location computing environments where PC, server, and local network purchasing decisions are often handled at the department level.

So, what’s the value of knowing a system’s TCO? Obviously, our objective is not to calculate exact figures. Rather, you need to understand what these costs could reasonably be in your organization. You must plan for these costs, even if you can only roughly estimate them. A fair amount of intelligent “guesstimation” is much better than blindly deciding on an IT solution on the basis of sticker price alone. In addition, TCO analysis provides a good basis of comparison between alternative system-deployment strategies, between platform choices, and between competing products.

Q.8. Explain the different advantages of Knowledge Management in Organisations. Also, explain different the role of business intelligence tools in different management levels.


Importance and Drawbacks of Knowledge Management in Organisations:

Knowledge management plays a vital role in the up bring of an organization. Knowledge management in an organization is the capture of knowledge in a systematic way and using it for the progress. Knowledge allows an organization to recognize, create and distribute knowledge. When each employee of an organization contributes his part of knowledge in the knowledge pool, there forms a big one that helps the organization in realizing the right path towards success.Knowledge can provide many competitive

advantages to both the employee and the organization. Application of correct knowledge at the right situation helps an organization to make prime decisions. Knowledge management is a difficult task and the process of knowledge management can be divided into many categories. They are creating a favourable environment, capturing right knowledge, refining the collected knowledge, storing it in an effective way, tagging it and circulating it. Knowledge is not measurable. Even a small piece of knowledge will be helpful if it is used in the right way. In organizations a favourable environment should be made to capture knowledge in an effective way. After capturing the knowledge, it should be refined and stored for future purpose. The refined information can be circulated within the organization to educate employees and authorities. Knowledge Management is a system that creates techniques and strategies to organize, create, enable, and represent a company. Two disadvantages of knowledge management are unpredictable performance outcomes and lack of striving for automatic information. Knowledge management is often used as a business strategy in information technology, human resources, and online companies.

Different role of business intelligence tools in different management levels:

1 Marketing:

Smart Businesses in their efforts to meet the competition have reoriented their business around the customer by improving Customer Relationship Management. In the mad rush to acquire new customers, they have realized it is equally important to retain the existing ones. Increased interaction and sophisticated analysis techniques have given businesses unprecedented access to the mind of the customer; and they are using this to develop one-to-one relation with the customer, design marketing and promotion campaigns, optimize sale front layout, and manage e-commerce operations.For improving Customer Relationship Management (CRM), the CRM strategy needs to include:

• Operational CRM: Automating interaction with the customers and sales force,

• Analytical CRM: Sophisticated analysis of the customer data generated by operational CRM and other sources like Sales Orders transactions, web site transactions, and third-party data providers.A typical business organisation has a huge customer base and often customer’s needs are fairly varying. Without the means to analyse voluminous customer data, CRM strategy is bound to be a failure, therefore, the Analytical CRM forms the core of the customer relationship strategy of a business. Marketing and sales functions are the primary beneficiaries of Analytical CRM and the main touch points from where the insights gained about the customer is absorbed in the organisation.Analytical CRM uses key business intelligence tools like data warehousing, datamining, and OLAP to present a unified view of the customer.

Following are some of the uses of Analytical CRM:

• Customer Classification: Customer classification is a vital ingredient in a business organisation’s marketing strategy. It can offer insights into how different segments respond to shifts in demographics, fashions and trends. For example it can help classify customers in the following segments:

a) Customers who respond to new promotions

b) Customers who respond to new product launches

c) Customers who respond to discounts

d) Customers who show a tendency to purchase specific products.

• Campaign / Marketing Promotion Effectiveness Analysis: Once a campaign is launched, its effectiveness can be studied across different media and in terms of costs and benefits; this greatly helps in understanding what goes into a successful marketing campaign. Campaign/ promotion effectiveness analysis can answer questions such as:

a) Which media channels have been most successful in the past for various campaigns?

b) Which geographic locations responded well to a particular campaign?

c) What were the relative costs and benefits of this campaign?

d) Which customer segments responded to the campaign?

• Customer Lifetime Value: Not all customers are equally profitable. At the same time customers who are not very profitable today may have the potential of being profitable in future. Hence, it is absolutely essential to identify customers with high lifetime value; the idea is to establish long-term relations with these customers. It is suggested that data mining tools should be used to develop customized models for calculating customer lifetime value.

1) Customer Loyalty Analysis

2) Cross Selling

3) Product Pricing

4) Target Marketing

2 Sales and Orders:

The success of a business in the future would depend on how effectively it manages multiple delivery channels like the Internet, interactive TV, catalogues, etc. A single customer is likely to interact with the retailer along multiple channels over a period of time. This calls for an integrated strategy to serve the customer well, which requires smooth flow of information across channels. To ensure smooth flow of information customer data needs to be collected from different channels in one data warehouse. Customer relationship strategy can then be built around this customer-centric data warehouse. We have already discussed how Analytical CRM can provide analyses over the centralized data warehouse. In this section we will explore how datawarehousing and data mining can improve the effectiveness of a channel.

• E-Business Analysis: The Internet has emerged as a powerful alternative channel for established sales methods. Increasing competition from businesses operating purely over the Internet has forced the businesses who had not adopted this route to quickly adopt this channel. Their success would largely depend on how they use the Net to complement their existing channels. Web logs and Information forms filled over the web are very rich sources of data thatcan provide insightful information about customer’s browsing behaviour, purchasing patterns, likes and dislikes, etc. Two main types of analysis done on the web site data are:

1) Web Log Analysis: This involves analysing the basic traffic information over the e-commerce web site. This analysis is primarily required to optimize the operations over the Internet. It typically includes following analyses:

• Site Navigation

• Referrer Analysis

• Error Analysis

• Keyword Analysis

2) Web Housing: This involves integration of web log data with data from other sources like the purchase order transactions, third party data vendors etc. Once the data is collected in a single customer centric data warehouse, often referred to as Web house, all the applications already described under CRM can be implemented. Often a business wants to design specific campaigns for users who purchase from the e-commerce web site. In this case, segmentation and profiling can be done specifically for the .ecustomers to understand their needs and browsing behaviour. It can also be used to personalize the content of the e-commerce web site for these users.

3) Channel Profitability: Data warehousing can help analyse channel profitability, and whether it makes sense for the business to continue building up expertise in the channel. The decision of continuing with a channel would also include a number of subjective factors like outlook of key enabling technologies for that channel.

4) Product Channel Affinity: Some product categories sell particularly well on certain channels. Data warehousing can help identify hidden product channel affinities and help the business design better promotion and marketing campaigns.

3 Human Resources:

Data warehousing can significantly help in aligning the HR strategy to the overall business strategy. It can present an integrated view of the workforce and help in designing retention schemes, improve productivity, and curtail costs.

Some BI applications in HR are:

• Human Resource Reports/ Analytics: Reports and analysis can be generated to support an integrated view of the workforce. Various analyses include staff movement and performance, workforce attrition by business, workforce performance by business, compensation and attrition, and other customized analyses and reports. The HR data can be integrated with benchmark figures for the industry and various reports can be generated to measure performance vis-à-vis industry benchmarks.

• Manpower Allocation: This includes allocating manpower based on the demand projections. According to the seasonal variation in demand, temporary manpower can be hired to maintain service levels. The demand levels vary within one working day also, which can be used to allocate resources accordingly.

• HR Portal: Employers need to maintain accurate employee data, which can be viewed by the employees for information relating to compensation, benefits, retirement facilities, etc. Payroll data can be integrated with data from other human resource management applications in the HR data warehouse. This data can then be circulated within the organisation through the HR portal.

• Training and Succession Planning: Accurate data about the skill sets of the workforce can be maintained in the data warehouse. This can be used to design training programs and for effective succession planning.

4 Finance and Accounts:

The role of financial reporting has undergone a paradigm shift during the last decade. It is no longer restricted to just financial statements required by the law; increasingly it is being used to help in strategic decision making. Also, many organizations have embraced a free information architecture, whereby financial information is openly available for internal use. Many analytics described till now use financial data. Many companies, across industries, have integrated financial data in their enterprise wide data warehouse or established separate Financial Data Warehouse (FDW).

Following are some of the uses of BI in finance:

• Budgetary Analysis: Data warehousing facilitates analysis of budgeted versus actual expenditure for various cost heads like promotion campaigns, energy costs, salary, etc. OLAP tools can provide drill down facility whereby the reasons for cost overruns can be analysed in more detail. It can also be used to allocate budgets for the coming financial period.

• Fixed Asset Return Analysis: This is used to analyze financial viability of the fixed assets owned or leased by the company. It would typically involve measures like profitability per sq. foot of the space, total lease cost vs. profitability, etc.

• Financial Ratio Analysis: Various financial ratios like debt-equity, liquidity ratios, etc. can be analyzed over a period of time. The ability to drill down and join inter-related reports and analyses provided by all major OLAP tool vendors can make ratio analysis much more perceptive.

• Profitability Analysis: This includes profitability of individual business, departments within the business, product categories, brands, and individual SKUs. A major component of profitability analysis is the costs incurred by departments and the cost of acquiring, storing and allocating shelf space to particular product categories, brands, or SKUs. It goes without saying that profitability analysis has an extremely universal appeal and would be required by other groups within the business organization.

Show more