MODULE – DPB 20043 2021
to your systems is to learn how hacking is done. Of course it is beyond the
scope of this Fast Track to go into great details, but we will cover the
various techniques used by hackers to get to you via the internet.
2. Spoofing and Sniffing
Spoofing refers to deceiving computer systems or users by faking one’s
identity on the Internet. Today various methods are used to spoof.
However, still the most common method of spoofing is through e-mail. E-
mail spoofing involves sending messages from a bogus or fake e-mail
address. Most e-mail servers have security features that prevent
unauthorized users from sending messages, but, spammers often send
spam messages from their own SMTP (Simple Mail Transfer Protocol is a
TCP/IP protocol used for sending and receiving e-mail), which allows
them to use fake e-mail addresses.
Another way of spoofing is through IP spoofing which is done by faking a
computer’s IP address. In this type of spoofing it is difficult for other
systems to determine where the computer is transmitting data from.
Although software security systems have been developed that can identify
these types of attacks and block their transmissions.
Sniffing is the process of monitoring and capturing all the packets passing
through a given network using sniffing tools. It is a form of “tapping
phone wires” and get to know about the conversation. It is also
called wiretapping applied to the computer networks.
There is so much possibility that if a set of enterprise switch ports is open,
then one of their employees can sniff the whole traffic of the network.
Anyone in the same physical location can plug into the network using
Ethernet cable or connect wirelessly to that network and sniff the total
traffic.
In other words, Sniffing allows you to see all sorts of traffic, both
protected and unprotected. In the right conditions and with the right
protocols in place, an attacking party may be able to gather information
that can be used for further attacks or to cause other issues for the network
or system owner.
47 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
3. Denial of Service Attack
A Denial-of-Service (DoS) attack is an explicit attempt by attackers to
deny service to intended users of that service. It involves flooding a
computer resource with more requests than it can handle consuming its
available bandwidth which results in server overload. This causes the
resource (e.g. a web server) to crash or slow down significantly so that no
one can access it. Using this technique, the attacker can render a web site
inoperable by sending massive amounts of traffic to the targeted site. A
site may temporarily malfunction or crash completely, in any case resulting
in inability of the system to communicate adequately. DoS attacks violate
the acceptable use policies of virtually all internet service providers.
Another variation to a denial-of-service attack is known as a “Distributed
Denial of Service” (DDoS) attack wherein a number of geographically
widespread perpetrators flood the network traffic. Denial-of-Service
attacks typically target high profile web site servers belonging to banks
and credit card payment gateways. Websites of companies such as
Amazon, CNN, Yahoo, Twitter and eBay! are not spared either
4. Identity Theft
Identity theft occurs when someone steals your identity and pretends to be
you to access resources such as credit cards, bank accounts and other
benefits in your name. The imposter may also use your identity to commit
other crimes.
5. Click Fraud
Is a type of fraud that occurs on the Internet in pay-per-click (PPC) online
advertising. In this type of advertising, the owners of websites that post the
ads are paid an amount of money determined by how many visitors to the
sites click on the ads. Fraud occurs when a person, automated script or
computer program imitates a legitimate user of a web browser, clicking on
such an ad without having an actual interest in the target of the ad's link.
Click fraud is the subject of some controversy and increasing litigation due
to the advertising networks being a key beneficiary of the fraud.
48 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
6. Cyber terrorism and cyber warfare
Cyberterrorism in general can be defined as an act of terrorism committed
through the use of cyberspace or computer resources (Parker 1983). As
such, a simple propaganda piece in the Internet that there will be bomb
attacks during the holidays can be considered cyberterrorism. There are
also hacking activities directed towards individuals, families, organized by
groups within networks, tending to cause fear among people, demonstrate
power, collecting information relevant for ruining peoples' lives,
robberies, blackmailing etc.
Information Security
Is designed to protect the confidentiality, integrity and
availability of computer system data from those with malicious
intentions.
Information Systems Controls
Protection of information resources requires a well-designed set of
controls. Computer systems are controlled by a combination of general
controls and application controls.
1. General Control
General controls govern the design, security, and use of computer
programs and the security of data files in general throughout the
organization’s information technology infrastructure. On the whole,
general controls apply to all computerized applications and consist of a
49 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
combination of hardware, software, and manual procedures that create an
overall control environment.
General controls include software controls, physical hardware controls,
computer operations controls, data security controls, controls over the
systems implementation process, and administrative controls. Table 2.01
describes the functions of each type of control.
TYPE OF GENERAL DESCRIPTIONS
CONTROL
Monitor the use of system software and
Software Control prevent unauthorized access of software
programs, system software, and computer
Hardware Controls programs. System software is an
important control area because it
Computer Operation performs overall control functions for the
Controls programs that directly process data and
data files.
Data security controls Ensure that computer hardware is
physically secure and check for
equipment malfunction. Computer
equipment should be specially protected
against fires and extremes of temperature
and humidity. Organizations that are
dependent on their computers also must
make provisions for backup or continued
operation to maintain constant service.
Oversee the work of the computer
department to ensure that programmed
procedures are consistently and correctly
applied to the storage and processing of
data. They include controls over the setup
of computer processing jobs and
computer operations and backup and
recovery procedures for processing that
ends abnormally
Ensure that valuable business data files
on either disk or tape are not subject to
unauthorized access, change, or
50 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Implementation controls destruction while they are in use or in
Administrative controls storage.
Audit the systems development process
at various points to ensure that the
process is properly controlled and
managed. The systems development
audit looks for the presence of formal
reviews by users and management at
various stages of development; the level
of user involvement at each stage of
implementation; and the use of a formal
cost-benefit methodology in establishing
system feasibility. The audit should look
for the use of controls and quality
assurance techniques for program
development, conversion, and testing and
for complete and thorough system, user,
and operations documentation.
Formalize standards, rules, procedures,
and control disciplines to ensure that the
organization’s general and application
controls are properly executed and
enforced.
2. Application Control
Application controls include both automated and manual procedures that
ensure that only authorized data are completely and accurately processed
by that application. Application controls can be classified as (1) input
controls, (2) processing controls, and (3) output controls. Input controls
check data for accuracy and completeness when they enter the system.
There are specific input controls for input authorization, data conversion,
data editing, and error handling. Processing controls establish that data are
complete and accurate during updating. Run control totals, computer
matching, and programmed edit checks are used as processing controls.
Output controls ensure that the results of computer processing are accurate,
complete, and properly distributed.
51 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Table 2.02 provides more detailed examples of each type of application
control. Not all of the application controls discussed here is used in every
information system. Some systems require more of these controls than
others, depending on the importance of the data and the nature of the
application.
NAME OF TYPE OF DESCRIPTION
CONTROL APPLICATION
Control totals Totals established
CONTROL
Edit checks Input, processing beforehand for input and
Computer Input processing transactions.
matching
Input, processing These totals can range from
a simple document count to
totals for quantity fields,
such as total sales amount
(for a batch of transactions).
Computer programs count
the totals from transactions
input or processed.
Programmed routines that
can be performed to edit
input data for errors before
they are processed.
Transactions that do not
meet edit criteria are
rejected. For example, data
might be checked to make
sure they are in the right
format (for instance, a nine-
digit social security number
should not contain any
alphabetic characters).
Matches input data with
information held on master
or suspense files and notes
unmatched items for
investigation. For example,
a matching program might
52 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Run control Processing, output match employee time cards
totals Output with a payroll master file
and report missing or
Report duplicate time cards.
distribution logs Balance the total of
transactions processed with
total number of transactions
input or output
Documentation specifying
that authorized recipients
have received their reports,
checks, or other critical
documents.
Information Resources Controls
In order to ensure the confidentiality, integrity, and availability of
information, organizations can choose from a variety of tools. Each of
these tools can be utilized as part of an overall information-security policy,
are as follows:
1. Authentication
The most common way to identify someone is through their physical
appearance, but how do we identify someone sitting behind a computer
screen or at the ATM? Tools for authentication are used to ensure that the
person accessing the information is, indeed, who they present themselves
to be. Authentication can be accomplished by identifying someone through
one or more of three factors: something they know, something they have,
or something they are. For example, the most common form of
authentication today is the user ID and password. In this case, the
authentication is done by confirming something that the user knows (their
ID and password). But this form of authentication is easy to compromise
(see sidebar) and stronger forms of authentication are sometimes needed.
Identifying someone only by something they have, such as a key or a card,
can also be problematic. When that identifying token is lost or stolen, the
identity can be easily stolen. The final factor, something you are, is much
harder to compromise. This factor identifies a user through the use of a
53 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
physical characteristic, such as an eye-scan or fingerprint. Identifying
someone through their physical characteristics is called biometrics.
A more secure way to authenticate a user is to do multi-factor
authentication. By combining two or more of the factors listed above, it
becomes much more difficult for someone to misrepresent themselves. An
example of this would be the use of an RSA SecurID token. The RSA
device is something you have, and will generate a new access code every
sixty seconds. To log in to an information resource using the RSA device,
you combine something you know, a four-digit PIN, with the code
generated by the device. The only way to properly authenticate is by both
knowing the code and having the RSA device.
2. Firewalls
Another method that an organization should use to increase security on its
network is a firewall. A firewall can exist as hardware or software (or
both). A hardware firewall is a device that is connected to the network and
filters the packets based on a set of rules. A software firewall runs on the
operating system and intercepts packets as they arrive to a computer. A
firewall protects all company servers and computers by stopping packets
from outside the organization’s network that do not meet a strict set of
criteria. A firewall may also be configured to restrict the flow of packets
leaving the organization. This may be done to eliminate the possibility of
employees watching YouTube videos or using Facebook from a company
computer.
Some organizations may choose to implement multiple firewalls as part of
their network security configuration, creating one or more sections of their
network that are partially secured.
3. Intrusion Detection System
Another device that can be placed on the network for security purposes is
an intrusion detection system, or IDS. An IDS does not add any additional
security; instead, it provides the functionality to identify if the network is
being attacked. An IDS can be configured to watch for specific types of
activities and then alert security personnel if that activity occurs. An IDS
54 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
also can log various types of traffic on the network for analysis later. An
IDS is an essential part of any good security setup.
4. Antivirus & Antispyware Software
A computer virus is a program or piece of code that is loaded onto your
computer without your knowledge and runs against your wishes. All
computer viruses are man-made and they can also replicate themselves by
making a copy of themselves over and over again. Even such a simple virus
is dangerous, because it will quickly use all available memory and bring
the system to a halt. An even more dangerous type of virus is one capable
of transmitting itself across networks and bypassing security systems. To
protect your computer system from this type of malicious code, you can
install and use an antivirus program. This utility scans hard disk drives for
viruses, worms and Trojan horses and removes, fixes or isolates any threats
that are found. Most antivirus programs include an auto-update feature that
enables the program to download profiles of new viruses so that it can
check for the new viruses on your system as soon as they are discovered.
Spyware is software that covertly gathers user information through the
user's Internet connection without his or her knowledge, usually for
advertising purposes. Spyware applications are typically bundled as a
hidden component of freeware or shareware programs that can be
downloaded from the Internet; however, it should be noted that the
majority of shareware and freeware applications do not come with
spyware. Once installed, the spyware monitors user activity on the Internet
and transmits that information in the background to someone else.
Spyware can also gather information about email addresses and
even passwords and credit card numbers. Spyware is not a virus, as it does
not replicate itself once on your system, but it is somewhat similar to a
Trojan horse in that users unwittingly install the product when they choose
to install something else. Aside from the questions of ethics and privacy,
spyware steals from the user by using the computer's memory resources
and also by eating bandwidth as it sends information back to the spyware's
home base via the user's Internet connection. Because spyware is using
memory and system resources, the applications running in the background
can lead to system crashes or general system instability.
55 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
5. Unified Threat Management System
Unified Threat Management (UTM) is a term first used by IDC to describe
a category of security appliances which integrates a range
of security features into a single appliance. UTM appliances
combine firewall, gateway anti-virus, and intrusion
detection and prevention capabilities into a single platform. UTM is
designed protect users from blended threats while reducing complexity.
Unified threat management (UTM) describes a network solution that
integrates the capabilities of several security products into one all-inclusive
security console. The all-in-one solution is much easier for an organization
to manage than several different security solutions, reducing the
complexity. This is most popular among small businesses because it
provides an affordable alternative to purchasing each security solution
separately. UTMs are commonly used in branch offices, home offices,
banking, retail, and midsize companies.
56 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
LEARNING OBJECTIVES:
❖ Explain data management
❖ Describe the database approach to data
management
57 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
DATA MANAGEMENT
Definition
Data management is the practice of organizing and maintaining data
processes to meet ongoing information lifecycle needs. Emphasis on data
management began with the electronics era of data processing, but data
management methods have roots in accounting, statistics, logistical
planning and other disciplines that predate the emergence of corporate
computing in the mid-20th century.
Term of Data Management
There are three (3) terms of data management that you will learn in this
chapter:
1. Data - facts and statistics collected together for reference or
analysis. Data is information that has been translated into a form
that is efficient for movement or processing. Relative to
today's computers and transmission media, data is information
converted into binary digital form. It is acceptable for data to be
used as a singular subject or a plural subject. Raw data is a term
used to describe data in its most basic digital format.
2. Information - facts provided or learned about something or
someone. Information is any entity or form that provides the
answer to a question of some kind or resolves uncertainty. It is thus
related to data and knowledge, as data represents values attributed
to parameters, and knowledge signifies understanding of real
things or abstract concepts.
3. Knowledge - facts, information, and skills acquired through
experience or education; the theoretical or practical understanding
of a subject. Knowledge is a familiarity, awareness, or
understanding of someone or something, such
as facts, information, descriptions, or skills, which is acquired
58 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
through experience or education by perceiving, discovering,
or learning.
Figure 3.1 : The Infogineering Model
Information Policy for Data Management
In data management, policy is the main thing you need. Policy is course or
principle of action adopted or proposed by an organization or individual.
In order to manage information an organization need to have procedures
which this organization called as Information Policy. There are four (4)
information policies for data management:
1. Information Policy - Information policy is the set of all public
laws, regulations and policies that encourage, discourage, or
regulate the creation, use, storage, access, and communication and
dissemination of information. It thus encompasses any other
decision-making practice with society-wide constitutive efforts
that involve the flow of information and how it is processed.
2. Data Administration - Data administration or data resource
management is an organizational function working in the areas
59 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
of information systems and computer science that plans,
organizes, describes and controls data resources. Data resources are
usually as stored in databases under a database management
system or other software such as electronic spreadsheets. In many
smaller organizations, data administration is performed
occasionally, or is a small component of the database
administrator’s work.
3. Data Governance - Data governance (DG) is the overall
management of the availability, usability, integrity and security
of data used in an enterprise. A sound data governance program
includes a governing body or council, a defined set of procedures
and a plan to execute those procedures. Businesses benefit from
data governance because it ensures data is consistent and
trustworthy. This is critical as more organizations rely on data to
make business decisions, optimize operations, create new products
and services, and improve profitability.
4. Database Administration - Database administration refers to the
whole set of activities performed by a database administrator to
ensure that a database is always available as needed. Other closely
related tasks and roles are database security, database monitoring
and troubleshooting, and planning for future growth. Database
administration is an important function in any organization that is
dependent on one or more databases.
Data Quality for Data Management
Information should be quality in order to give right information and
accurate knowledge to others. To achieve a quality data, there are so many
things and procedure to follows. Data auditing is the process of conducting
a data audit to assess how company's data is fit for given purpose. This
involves profiling the data and assessing the impact of poor quality data on
the organization's performance and profits. To identify a quality data, a
data should have Data Quality Audit and Data Cleansing.
60 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Data Quality Audit
Data quality issues are frequently widespread and start in the source
frameworks, their applications, and operational procedures. Most of these
issues are the immediate result of inadequate warehouse administration.
Keeping in mind the end goal to combat these issues, data warehouse
architects must comprehend their source information. This understanding
can originate from data profiling. In any case, despite the fact that profiling
procedures are important, they're still exploratory. They leave it over to the
analyst to see how the data profile fits the business prerequisites. That is
the place a business principles based review can be valuable, if not critical.
The Data Quality Audit comprises of two sections. With the Data
Analyzer, the profiling instrument, a precise outline of the state of the data
is created, and an assessment is made based upon already chosen data
quality basis. The procedures are also examined, in which ideally, the DQ
model is settled by business rules. Together with the pioneers of the
specialist departments involved, solid requests on information are resolved
in an initial workshop. This data gives an idea regarding the quality
standard needed. The results of the examination towards the end of the
operations as received as a comprehensive documentation. Specific
attention is paid to possible inconsistencies between the quality of the
information itself, and the quality needed by the procedures. This
individual analysis is used as a premise for development suggestions.
Data Cleansing
Data cleansing is the process of altering data in a given storage resource to
make sure that it is accurate and correct. There are many ways to pursue
data cleansing in various software and data storage architectures; most of
them center on the careful review of data sets and the protocols associated
with any particular data storage technology. Data cleansing is also known
as data cleaning or data scrubbing.
Data cleansing is sometimes compared to data purging, where old or
useless data will be deleted from a data set. Although data cleansing can
61 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
involve deleting old, incomplete or duplicated data, data cleansing is
different from data purging in that data purging usually focuses on clearing
space for new data, whereas data cleansing focuses on maximizing the
accuracy of data in a system. The goal of data cleansing is not just to clean
up the data in a database but also to bring consistency to different sets of
data that have been merged from separate databases.
Knowledge Management
Definition :
is the systematic management of an organization's knowledge assets for the
purpose of creating value and meeting tactical & strategic requirements; it
consists of the initiatives, processes, strategies, and systems that sustain and
enhance the storage, assessment, sharing, refinement, and creation of
knowledge.
The components of knowledge management can be better described with
the help of KSAM (Knowledge System Architectural Model) under which
the following 7 elements fall: -
1. Strategy: - Any strategy should keep an eye on the opportunity or the
threat and keep pace with the organizational objectives by availing of the
opportunities and mitigating threats. For this, the organizational culture
and the external effect to the organization.
2. Actors or Participants: - For a Knowledge management system to be
successful, people have a central role to play who are from different
backgrounds and experiences. Owners, sources, targets, enablers,
boundary spanners and champions are under the ambit of actors or
participants who create, deploy or use a Knowledge base Software.
3. Managing knowledge source: - Some Knowledge Management
System, not all, hold explicit knowledge. In this regard, there must be a
source of such knowledge and the interface/relationship needs to be
managed.. Also, the authenticity, reliability and sufficiency of the
knowledge must be taken take into consideration.
62 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
4. Interface: - The user, but obvious, requires some sort of interface with
the Knowledge Management System. Such interface may be human,
structural or technological in order to deliver or facilitate the knowledge
or Knowledge management service. The delivery interface must address
the mode, facilitation, style, adaptation techniques, access control and
these must be accessible to people with physical restrictions or a disability.
5. Functionality: - The Knowledge Management Systems are developed
to support and enhance knowledge intensive processes, tasks or projects of
creation, construction, identification, capturing, acquisition, selection,
valuation, organization, linking, protection, structuring, formalization,
visualization, transfer, transformation, distribution, retention,
maintenance, refinement, revision, evolution, accessing, retrieval an,
ultimately, the application of knowledge.
6. Infrastructure: - The infrastructure in terms of a Knowledge
Management system may include facilities, equipment, repositories,
instruments, tools, templates, software, networks and hardware.
7. Continuous Improvement: - The Knowledge Management Systems
must be regularly followed up to insure that all efforts are directed towards
the achievement of the organizational objectives.
Each of the above discussed elements under the KSAM (Knowledge
System Architectural Model) must be there in the Knowledge Management
Systems in order to make it effective.
63 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Database Approach to Database Management
Term of Database Approach to Data Management
Definition of Database Approach :
Is an improvement on the shared file solution as the use of a database
management system (DBMS) provides facilities for querying, data security and
integrity, and allows simultaneous access to data by a number of different users
There are few terminology of database approach in database management
:
1. Database : A database is a collection of related data.
2. Database Management System : The term 'database management
system', often abbreviated to DBMS, refers to a software system
used to create and manage databases. The software of such systems
is complex, consisting of a number of different components, which
are described later in this chapter. The term database system is
usually an alternative term for database management system.
3. Data Warehouse : is basically a database (or group of databases)
specially designed to store, filter, retrieve, and analyze very large
collections of data.
4. Data Mining : is the process of discovering patterns in large data
sets involving methods at the intersection of machine
learning, statistics, and database systems.
Traditional Database
64 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Definition:
were designed to store relational records and handle transactions.
NoSQL databases are nonrelational. When records need to be
analyzed, it is the columns that contain the important information.
Traditional data systems, such as relational databases and data
warehouses, have been the primary way businesses and organizations have
stored and analyzed their data for the past 30 to 40 years. Although other
data stores and technologies exist, the major percentage of business data
can be found in these traditional systems. Traditional systems are designed
from the ground up to work with data that has primarily been structured
data.
Every year organizations need to store more and more detailed
information for longer periods of time. Increased regulation in areas such
as health and finance are significantly increasing storage volumes.
Expensive shared storage systems often store this data because of the
critical nature of the information. Shared storage arrays provide features
such as striping (for performance) and mirroring (for availability).
Managing the volume and cost of this data growth within these traditional
systems is usually a stress point for IT organizations. Examples of data
often stored in structured form include Enterprise Resource Planning
(ERP), Customer Resource Management (CRM), financial, retail, and
customer information.
Database Management System (DBMS)
Definition:
Is system software for creating and managing databases. The DBMS provides
users and programmers with a systematic way to create, retrieve, update and
manage data.
65 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Some other DBMS examples include:
• MySQL
• SQL Server
• Oracle
• dBASE
• FoxPro
There are TWO (2) types of DBMS, such as:
1. Relational DBMS
Definition: is a collection of programs and capabilities that enable
IT teams and others to create, update, administer and otherwise
interact with a relational database.
It is "relational" because the values within each table are related to
each other. Tables may also be related to other tables. The
relational structure makes it possible to run queries across multiple
tables at once.
Most commercial RDBMS use Structured Query Language (SQL)
to access the database, although SQL was invented after the initial
development of the relational model and is not necessary for its use.
The RDBMS typically provides data
dictionaries and metadata collections useful in data handling.
These programmatically support well-defined data structures and
relationships. Examples include Oracle Database, MySQL,
Microsoft SQL Server, and IBM DB2. Some of these programs
support non-relational databases, but they are primarily used for
relational database management.
2. Non-relational DBMS
Definition: A non-relational database is any database that does not
follow the relational model provided by traditional relational
database management systems. This category of databases also
referred to as NoSQL databases.
Examples of non-relational databases include Apache HB, IBM
Domino, and Oracle NoSQL Database. These type of databases are
66 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
managed by other DMBS programs that support NoSQL, which do
not fall into the RDBMS category.
Capabilities of DBMS
There are TWO (2) capabilities of DBMS :
1. Querying
A query is a request for data or information from a database table
or combination of tables. This data may be generated as results
returned by Structured Query Language (SQL) or as pictorials,
graphs or complex results, e.g., trend analyses from data-mining
tools.
As a fundamental component of the DBMS, the Query Processor
acts as an intermediary between users and the DBMS data engine
in order to communicate query requests. When users enter an
instruction in SQL language, the command is executed from the
high-level language instruction to a low-level language that the
underlying machine can understand and process to perform the
appropriate DBMS functionality. In addition to instruction parsing
and translation, the Query Processor also optimizes queries to
ensure fast processing and accurate results.
2. Reporting
A database report is the formatted result of database queries and
contains useful data for decision-making and analysis. Most good
business applications contain a built-in reporting tool; this is
simply a front-end interface that calls or runs back-end
database queries that are formatted for easy application usage.
The report generator extracts useful information from DBMS files
and displays it in structured format based on defined specifications.
This information may be used for further analysis, decision making
or business intelligence.
67 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Types of Database Management System ( DBMS)
There are FOUR types of database management system (DBMS) :
a. Relational database management system
A relational database management system (RDBMS) is a collection
of programs and capabilities that enable IT teams and others to
create, update, administer and otherwise interact with a relational
database. Most commercial RDBMSes use Structured Query
Language (SQL) to access the database, although SQL was
invented after the initial development of the relational model and
is not necessary for its use.
RDBMS vs. DBMS
In general, databases store sets of data that can be queried
for use in other applications. A database management system
supports the development, administration and use of database
platforms.
68 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
An RDBMS is a type of DBMS with a row-based table
structure that connects related data elements and includes functions
that maintain the security, accuracy, integrity and consistency of
the data..
Functions of relational database management systems
Elements of the relational database management system
that overarch the basic relational database are so intrinsic to
operations that it is hard to dissociate the two in practice. The most
basic RDBMS functions are related to create, read, update and
delete operations, collectively known as CRUD. They form the
foundation of a well-organized system that promotes consistent
treatment of data.
b. Hierarchical database management systems
In a hierarchical database management system (hierarchical
DBMSs) model, data is stored in a parent-children relationship
nodes. In a hierarchical database, besides actual data, records also
contain information about their groups of parent/child
relationships. In a hierarchical database model, data is organized
into a tree like structure. The data is stored in form of collection of
fields where each field contains only one value. The records are
linked to each other via links into a parent-children relationship. In
a hierarchical database model, each child record has only one
parent. A parent can have multiple children. To retrieve a field’s
data, we need to traversed through each tree until the record is
found. The hierarchical database system structure was developed
by IBM in early 1960s. While hierarchical structure is simple, it is
inflexible due to the parent-child one-to-many relationship.
Hierarchical databases are widely used to build high performance
and availability applications usually in banking and
telecommunications industries.
Advantage
69 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Hierarchical database can be accessed and updated rapidly
because in this model structure is like as a tree and the relationships
between records are defined in advance. This feature is a two-
edged.
Disadvantage
This type of database structure is that each child in the tree may
have only one parent, and relationships or linkages between
children are not permitted, even if they make sense from a logical
standpoint. Hierarchical databases are so in their design. it can
adding a new field or record requires that the entire database be
redefined.
c. Network database management system
Network database management systems (Network DBMSs)
use a network structure to create relationship between entities.
Network databases are mainly used on large digital computers.
Network databases are hierarchical databases but unlike
hierarchical databases where one node can have one parent only, a
network node can have relationship with multiple entities. A
network database looks more like a cobweb or interconnected
network of records. In network databases, children are called
members and parents are called occupier. The difference between
each child or member can have more than one parent.
70 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
The approval of the network data model is similar to a hierarchical
data model. Data in a network database is organized in many-to-
many relationships.
d. Object-oriented database management system
In this Model we have to discuss the functionality of the
object oriented Programming. It takes more than storage of
programming language objects. Object DBMS's increase the
semantics of the C++ and Java. I t provides full-featured database
programming capability, while containing native language
compatibility. It adds the database functionality to object
programming languages. This approach is the analogical of the
application and database development into a constant data model
and language environment. Applications require less code, use
more natural data modelling, and code bases are easier to maintain.
Object developers can write complete database applications with a
decent amount of additional effort. The object-oriented database
derivation is the integrity of object-oriented programming
language systems and consistent systems. The power of the object-
oriented databases comes from the cyclical treatment of both
71 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
consistent data, as found in databases, and transient data, as found
in executing programs.
Object-oriented databases use small, recyclable separated
of software called objects. The objects themselves are stored in the
object-oriented database. Each object contains of two elements:
1. Piece of data (e.g., sound, video, text, or graphics).
2. Instructions or software programs called methods, for what to
do with the data.
Disadvantage of Object-oriented databases
1. Object-oriented databases have these disadvantages.
2. Object-oriented database are more expensive to develop.
3. In the Most organizations are unwilling to abandon and convert
from those databases.
Benefits of Object-oriented databases
The benefits to object-oriented databases are compelling.
The ability to mix and match reusable objects provides incredible
multimedia capability.
72 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
LEARNING OBJECTIVES:
❖ Describe how information technologies
improves business processes
❖ Identify the people in information
systems
73 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Types of Information System (IS)
A typical organization is divided into operational, middle, and upper level.
The information requirements for users at each level differ. Towards that
end, there are number of information systems that support each level in an
organization.
This module will explore the different types of information systems, the
organizational level that uses them and the characteristics of the particular
information system.
In this module, you will learn the different classification of information.
Pyramid diagram of organizational levels and information
requirements
Understanding the various levels of an organization is essential to
understand the information required by the users who operate at their
respective levels. The following diagram illustrates the various levels of a
typical organization.
4.1: Various levels of a typical organization.
74 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Operational management level
The operational level is concerned with performing day to day business
transactions of the organization. Examples of users at this level of
management include cashiers at a point of sale, bank tellers, nurses in a
hospital, customer care staff, etc. Users at this level use make structured
decisions. This means that they have defined rules that guide them while
making decisions.
For example, if a store sells items on credit and they have a credit policy
that has some set limit on the borrowing. All the sales person needs to
decide whether to give credit to a customer or not is based on the current
credit information from the system.
Tactical Management Level
This organization level is dominated by middle-level managers, heads of
departments, supervisors, etc. The users at this level usually oversee the
activities of the users at the operational management level.
Tactical users make semi-structured decisions. The decisions are partly
based on set guidelines and judgmental calls. As an example, a tactical
manager can check the credit limit and payments history of a customer and
decide to make an exception to raise the credit limit for a particular
customer. The decision is partly structured in the sense that the tactical
manager has to use existing information to identify a payments history that
benefits the organization and an allowed increase percentage.
Strategic Management Level
This is the most senior level in an organization. The users at this level make
unstructured decisions. Senior level managers are concerned with the long-
term planning of the organization. They use information from tactical
managers and external data to guide them when making unstructured
decisions.
75 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Figure 4.2 : Pyramid of Uses in Information System
1. Transaction Processing Systems
What is a Transaction Processing System?
Transaction Processing System are operational-level systems at the
bottom of the pyramid. They are usually operated directly by shop
floor workers or front line staff, which provide the key data
required to support the management of operations. This data is
usually obtained through the automated or semi-automated
tracking of low-level activities and basic transactions.
Functions of a TPS
TPS are ultimately little more than simple data processing systems.
Functions of a TPS in terms of data processing requirements
Inputs Processing Outputs
Transactions Validation Lists
Events Sorting Detail reports
Listing Action reports
Merging Summary reports?
76 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Updating
Calculation
Some examples of TPS
o Payroll systems
o Order processing systems
o Reservation systems
o Stock control systems
o Systems for payments and funds transfers
The role of TPS
o Produce information for other systems
o Cross boundaries (internal and external)
o Used by operational personnel + supervisory levels
o Efficiency oriented
2. Management Information Systems
What is a Management Information System?
For historical reasons, many of the different types of Information
Systems found in commercial organizations are referred to as
"Management Information Systems". However, within our
pyramid model, Management Information Systems are
management-level systems that are used by middle managers to
help ensure the smooth running of the organization in the short to
medium term. The highly structured information provided by these
systems allows managers to evaluate an organization's
performance by comparing current with previous outputs.
Functions of a MIS
MIS are built on the data provided by the TPS
Functions of a MIS in terms of data processing requirements
Inputs Processing Outputs
Internal Transactions Sorting Summary reports
Internal Files Merging Action reports
Structured data Summarizing Detailed reports
77 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Some examples of MIS
o Sales management systems
o Inventory control systems
o Budgeting systems
o Management Reporting Systems (MRS)
o Personnel (HRM) systems
The role of MIS
o Based on internal information flows
o Support relatively structured decisions
o Inflexible and have little analytical capacity
o Used by lower and middle managerial levels
o Deals with the past and present rather than the future
o Efficiency oriented?
3. Decision Support Systems
What is a Decision Support System?
A Decision Support System can be seen as a knowledge based
system, used by senior managers, which facilitates the creation of
knowledge and allow its integration into the organization. These
systems are often used to analyze existing structured information
and allow managers to project the potential effects of their
decisions into the future. Such systems are usually interactive and
are used to solve ill structured problems. They offer access to
databases, analytical tools, allow "what if" simulations, and may
support the exchange of information within the organization.
Functions of a DSS
DSS manipulate and build upon the information from a MIS and/or
TPS to generate insights and new information.
Functions of a DSS in terms of data processing requirements
Inputs Processing Outputs
78 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Internal Transactions Modelling Summary reports
Internal Files Simulation Forecasts
Analysis
External Information? Summarizing Graphs / Plots
Some examples of DSS
o Group Decision Support Systems (GDSS)
o Computer Supported Co-operative work (CSCW)
o Logistics systems
o Financial Planning systems
o Spreadsheet Models?
The role of DSS
o Support ill- structured or semi-structured decisions
o Have analytical and/or modelling capacity
o Used by more senior managerial levels
o Are concerned with predicting the future
o Are effectiveness oriented?
4. Executive Information Systems / Executive Support System
What is an EIS/ESS?
Executive Information Systems are strategic-level information
systems that are found at the top of the Pyramid. They help
executives and senior managers analyze the environment in which
the organization operates, to identify long-term trends, and to plan
appropriate courses of action. The information in such systems is
often weakly structured and comes from both internal and external
sources. Executive Information System are designed to be operated
directly by executives without the need for intermediaries and
easily tailored to the preferences of the individual using them.
Functions of an EIS/ESS
EIS organizes and presents data and information from both external
data sources and internal MIS or TPS in order to support and extend
the inherent capabilities of senior executives.
79 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Functions of EIS in terms of data processing requirements
Inputs Processing Outputs
External Data Summarizing Summary reports
Internal Files Simulation Forecasts
Pre-defined models "Drilling Down"
Graphs / Plots
Some examples of EIS/ESS
Executive Information Systems tend to be highly individualized
and are often custom made for a particular client group; however,
a number of off-the-shelf EIS packages do exist and many
enterprise level systems offer a customizable EIS module.
The role of EIS/ESS
o Are concerned with ease of use
o Are concerned with predicting the future
o Are effectiveness oriented
o Are highly flexible
o Support unstructured decisions
o Use internal and external data sources
o Used only at the most senior management levels
5. Office Information Systems
An Office Information System (OIS) is a special purpose
Automated Information System (AIS) oriented to word processing,
electronic mail, and other similar office functions. An OIS is
normally comprised of one or more central processing units,
control units, storage devices, user terminals, and interfaces to
connect these components.
Types of Enterprise Application System
Enterprise Resource Planning System
In the 1990s, the need to bring the organization’s information back under
centralized control became more apparent. The enterprise resource
planning (ERP) system (sometimes just called enterprise software) was
80 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
developed to bring together an entire organization in one software
application. Simply put, an ERP system is a software application utilizing
a central database that is implemented throughout the entire organization.
Let’s take a closer look at this definition:
• “A software application”: An ERP is a software application that is
used by many of an organization’s employees.
• “utilizing a central database”: All users of the ERP edit and save their
information from the data source. What this means practically is that
there is only one customer database, there is only one calculation for
revenue, etc.
• “that is implemented throughout the entire organization”: ERP
systems include functionality that covers all of the essential
components of a business. Further, an organization can purchase
modules for its ERP system that match specific needs, such as
manufacturing or planning.
ERP systems were originally marketed to large corporations. However, as
more and more large companies began installing them, ERP vendors began
targeting mid-sized and even smaller businesses. Some of the more well-
known ERP systems include those from SAP, Oracle, and Microsoft.
In order to effectively implement an ERP system in an organization, the
organization must be ready to make a full commitment. All aspects of the
organization are affected as old systems are replaced by the ERP system.
In general, implementing an ERP system can take two to three years and
several million dollars. In most cases, the cost of the software is not the
most expensive part of the implementation: it is the cost of the consultants!
Supply Chain Management System
Many organizations must deal with the complex task of managing their
supply chains. At its simplest, a supply chain is the linkage between an
organization’s suppliers, its manufacturing facilities, and the distributors
of its products. Each link in the chain has a multiplying effect on the
complexity of the process: if there are two suppliers, one manufacturing
facility, and two distributors, for example, then there are 2 x 1 x 2 = 4 links
81 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
to handle. However, if you add two more suppliers, another manufacturing
facility, and two more distributors, then you have 4 x 2 x 4 = 32 links to
manage.
A supply chain management (SCM) system manages the interconnection
between these links, as well as the inventory of the products in their various
stages of development. A full definition of a supply chain management
system is provided by the Association for Operations Management: “The
design, planning, execution, control, and monitoring of supply chain
activities with the objective of creating net value, building a competitive
infrastructure, leveraging worldwide logistics, synchronizing supply with
demand, and measuring performance globally.” Most ERP systems include
a supply chain management module.
Customer Relationship Management System
A customer relationship management (CRM) system is a software
application designed to manage an organization’s customers. In today’s
environment, it is important to develop relationships with your customers,
and the use of a well-designed CRM can allow a business to personalize
its relationship with each of its customers. Some ERP software systems
include CRM modules. An example of a well-known CRM package is
Salesforce.
Knowledge Management System
A knowledge management system (KMS) is a system for applying and
using knowledge management principles. These include data-driven
objectives around business productivity, a competitive business model,
business intelligence analysis and more.
A knowledge management system is made up of different software
modules served by a central user interface. Some of these features can
allow for data mining on customer input and histories, along with the
82 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
provision or sharing of electronic documents. Knowledge management
systems can help with staff training and orientation, support better sales,
or help business leaders to make critical decisions.
Functional Business System
Business system is any layout of elements within organization that is
coordinated internally and which has determined structure. It also includes
set of processes and methods of performing complex operations, overall
organizational policy, the norms and rules, etc. Management of
every business system is complex process consisting in a number
of functions:
• Planning (decision making, selection of resources, formulating
of goals and objectives, etc.)
• Organizing (coordination, communication, improvement of
personnel, deployment, etc.)
• Motivating (encouraging, issuing commands, ordering,
personnel policy, inspiring, encouraging, etc.)
• Controlling (monitoring, measurement, reporting, etc.).
Functional business system should not be equated to computer base IT
management system supporting any particular management function
(sales, production, HR, R&D, logistics, etc.) The meaning of this term is
wider and (in addition to IT tools - software and hardware), includes:
people, organizational structure, documentation, goals and tasks, policies,
rules and management techniques.
83 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Figure 4.3 : Diagram of functional business system
Types of functional business system such as:
a) Accounting and Finance
b) Human Resource
c) Engineering or Product Development
d) Manufacturing
e) Marketing
f) Sales
g) Distribution
h) Customer Service
i) Information Technology
84 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
People in Information Systems
People are involved in information systems in just about every way you
can think of: people imagine information systems, people develop
information systems, people support information systems, and, perhaps
most importantly, people use information systems.
1. The Creators of Information Systems
The first group of people we are going to look at play a role in designing,
developing, and building information systems. These people are generally
very technical and have a background in programming and mathematics.
Just about everyone who works in the creation of information systems has
a minimum of a bachelor’s degree in computer science or information
systems, though that is not necessarily a requirement.
Systems Analyst
The role of the systems analyst is to straddle the divide between identifying
business needs and imagining a new or redesigned computer-based system
to fulfill those needs. This individual will work with a person, team, or
department with business requirements and identify the specific details of
a system that needs to be built. Generally, this will require the analyst to
have a good understanding of the business itself, the business processes
involved, and the ability to document them well. The analyst will identify
the different stakeholders in the system and work to involve the appropriate
individuals in the process.
Once the requirements are determined, the analyst will begin the process
of translating these requirements into an information-systems design. A
good analyst will understand what different technological solutions will
work and provide several different alternatives to the requester, based on
the company’s budgetary constraints, technology constraints, and culture.
Once the solution is selected, the analyst will create a detailed document
describing the new system. This new document will require that the analyst
understand how to speak in the technical language of systems developers.
85 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
A systems analyst generally is not the one who does the actual
development of the information system. The design document created by
the systems analyst provides the detail needed to create the system and is
handed off to a programmer (or team of programmers) to do the actual
creation of the system. In some cases, however, a systems analyst may go
ahead and create the system that he or she designed. This person is
sometimes referred to as a programmer-analyst.
In other cases, the system may be assembled from off-the-shelf
components by a person called a systems integrator. This is a specific type
of systems analyst that understands how to get different software packages
to work with each other. To become a systems analyst, you should have a
background both in the business and in systems design. Many analysts first
worked as programmers and/or had experience in the business before
becoming systems analysts.
Programmer
Programmers spend their time writing computer code in a programming
language. In the case of systems development, programmers generally
attempt to fulfill the design specifications given to them by a systems
analyst. Many different styles of programming exist: a programmer may
work alone for long stretches of time or may work in a team with other
programmers. A programmer needs to be able to understand complex
processes and also the intricacies of one or more programming languages.
Generally, a programmer is very proficient in mathematics, as
mathematical concepts underlie most programming code.
Computer Engineer
Computer engineers design the computing devices that we use every day.
There are many types of computer engineers, who work on a variety of
different types of devices and systems. Some of the more prominent
engineering jobs are as follows:
• Hardware engineer. A hardware engineer designs hardware
components, such as microprocessors. Many times, a hardware
engineer is at the cutting edge of computing technology, creating
something brand new. Other times, the hardware engineer’s job is to
86 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
engineer an existing component to work faster or use less power.
Many times, a hardware engineer’s job is to write code to create a
program that will be implemented directly on a computer chip.
• Software engineer. Software engineers do not actually design
devices; instead, they create new programming languages and
operating systems, working at the lowest levels of the hardware to
develop new kinds of software to run on the hardware.
• Systems engineer. A systems engineer takes the components
designed by other engineers and makes them all work together. For
example, to build a computer, the mother board, processor, memory,
and hard disk all have to work together. A systems engineer has
experience with many different types of hardware and software and
knows how to integrate them to create new functionality.
• Network engineer. A network engineer’s job is to understand the
networking requirements of an organization and then design a
communications system to meet those needs, using the networking
hardware and software available.
There are many different types of computer engineers, and often the job
descriptions overlap. While many may call themselves engineers based on
a company job title, there is also a professional designation of
“professional engineer,” which has specific requirements behind it. In the
US, each state has its own set of requirements for the use of this title, as do
different countries around the world. Most often, it involves a professional
licensing exam.
2. Information-Systems Operations and Administration
Another group of information-systems professionals are involved in the
day-to-day operations and administration of IT. These people must keep
the systems running and up-to-date so that the rest of the organization can
make the most effective use of these resources.
87 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Computer Operator
A computer operator is the person who keeps the large computers running.
This person’s job is to oversee the mainframe computers and data centers
in organizations. Some of their duties include keeping the operating
systems up to date, ensuring available memory and disk storage, and
overseeing the physical environment of the computer. Since mainframe
computers increasingly have been replaced with servers, storage
management systems, and other platforms, computer operators’ jobs have
grown broader and include working with these specialized systems.
Database Administrator
A database administrator (DBA) is the person who manages the databases
for an organization. This person creates and maintains databases that are
used as part of applications or the data warehouse. The DBA also consults
with systems analysts and programmers on projects that require access to
or the creation of databases.
Help-Desk/Support Analyst
Most mid-size to large organizations have their own information-
technology help desk. The help desk is the first line of support for computer
users in the company. Computer users who are having problems or need
information can contact the help desk for assistance. Many times, a help-
desk worker is a junior-level employee who does not necessarily know
how to answer all of the questions that come his or her way. In these cases,
help-desk analysts work with senior-level support analysts or have a
computer knowledgebase at their disposal to help them investigate the
problem at hand. The help desk is a great place to break into working in IT
because it exposes you to all of the different technologies within the
company. A successful help-desk analyst should have good people and
communications skills, as well as at least junior-level IT skills.
Trainer SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
88 GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
A computer trainer conducts classes to teach people specific computer
skills. For example, if a new ERP system is being installed in an
organization, one part of the implementation process is to teach all of the
users how to use the new system. A trainer may work for a software
company and be contracted to come in to conduct classes when needed; a
trainer may work for a company that offers regular training sessions; or a
trainer may be employed full time for an organization to handle all of their
computer instruction needs. To be successful as a trainer, you need to be
able to communicate technical concepts well and also have a lot of
patience!
3. Managing Information Systems
The management of information-systems functions is critical to the success
of information systems within the organization. Here are some of the jobs
associated with the management of information systems.
CIO
The CIO, or chief information officer, is the head of the information-
systems function. This person aligns the plans and operations of the
information systems with the strategic goals of the organization. This
includes tasks such as budgeting, strategic planning, and personnel
decisions for the information-systems function. The CIO must also be the
face of the IT department within the organization. This involves working
with senior leaders in all parts of the organization to ensure good
communication and planning.
Interestingly, the CIO position does not necessarily require a lot of
technical expertise. While helpful, it is more important for this person to
have good management skills and understand the business. Many
organizations do not have someone with the title of CIO; instead, the head
of the information-systems function is called vice president of information
systems or director of information systems.
Functional Manager
89 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
As an information-systems organization becomes larger, many of the
different functions are grouped together and led by a manager. These
functional managers’ report to the CIO and manage the employee’s
specific to their function. For example, in a large organization, there is a
group of systems analysts who report to a manager of the systems-analysis
function. For more insight into how this might look, see the
discussion later in the chapter of how information systems are organized.
ERP Management
Organizations using an ERP require one or more individuals to manage
these systems. These people make sure that the ERP system is completely
up to date, work to implement any changes to the ERP that are needed, and
consult with various user departments on needed reports or data extracts.
Project Managers
Information-systems projects are notorious for going over budget and
being delivered late. In many cases, a failed IT project can spell doom for
a company. A project manager is responsible for keeping projects on time
and on budget. This person works with the stakeholders of the project to
keep the team organized and communicates the status of the project to
management. A project manager does not have authority over the project
team; instead, the project manager coordinates schedules and resources in
order to maximize the project outcomes. A project manager must be a good
communicator and an extremely organized person. A project manager
should also have good people skills. Many organizations require each of
their project managers to become certified as a project management
professional (PMP).
Information-Security Officer
An information-security officer is in charge of setting information-security
policies for an organization, and then overseeing the implementation of
those policies. This person may have one or more people reporting to them
as part of the information-security team. As information has become a
critical asset, this position has become highly valued. The information-
90 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
security officer must ensure that the organization’s information remains
secure from both internal and external threats.
Types of users of information systems
Innovators. Innovators are the first individuals to adopt a new technology.
Innovators are willing to take risks, are the youngest in age, have the
highest social class, have great financial liquidity, are very social, and have
the closest contact with scientific sources and interaction with other
innovators. Risk tolerance has them adopting technologies that may
ultimately fail. Financial resources help absorb these failures (Rogers 1962
5th ed, p. 282).
Early adopters. The early adopters are those who adopt innovation after
a technology has been introduced and proven. These individuals have the
highest degree of opinion leadership among the other adopter categories,
which means that they can influence the opinions of the largest majority.
They are typically younger in age, have higher social status, more financial
liquidity, more advanced education, and are more socially aware than later
adopters. These people are more discrete in adoption choices than
innovators, and realize judicious choice of adoption will help them
maintain a central communication position (Rogers 1962 5th ed, p. 283).
Early majority. Individuals in this category adopt an innovation after a
varying degree of time. This time of adoption is significantly longer than
the innovators and early adopters. This group tends to be slower in the
adoption process, has above average social status, has contact with early
adopters, and seldom holds positions of opinion leadership in a system
(Rogers 1962 5th ed, p. 283).
Late majority. The late majority will adopt an innovation after the average
member of the society. These individuals approach an innovation with a
high degree of skepticism, have below average social status, very little
financial liquidity, are in contact with others in the late majority and the
early majority, and show very little opinion leadership.
Laggards. Individuals in this category are the last to adopt an innovation.
Unlike those in the previous categories, individuals in this category show
91 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
no opinion leadership. These individuals typically have an aversion to
change-agents and tend to be advanced in age. Laggards typically tend to
be focused on “traditions,” are likely to have the lowest social status and
the lowest financial liquidity, be oldest of all other adopters, and be in
contact with only family and close friends.
These five types of users can be translated into information-technology
adopters as well, and provide additional insight into how to implement new
information systems within an organization. For example, when rolling out
a new system, IT may want to identify the innovators and early adopters
within the organization and work with them first, then leverage their
adoption to drive the rest of the implementation.
92 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
LEARNING OBJECTIVES:
❖ Explain the overall process of developing
Information System
93 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Alternative systems building approaches
System Life cycle also known as an Alternative System Building
Approach. It is a traditional methodology that used a phased approach to
build a system, dividing systems development into formal stages and
corresponding to the stages of system development. Each stage consists of
basic activities that must be performed before next stage can begin.
Traditional System Life Cycle
The systems lifecycle is the oldest method for building information
systems and is still used today for medium or large complex systems
projects. The lifecycle methodology is a very formal approach to building
a system, dividing systems development into formal stages that must take
place in a sequential order. All the activities in each stage must be
completed before the next stage can begin. The systems lifecycle
methodology also maintains a very formal division of labor between end
users and information systems specialists. Technical specialists such as
systems analysts and programmers are responsible for much of the systems
analysis, design and implementation work; end users are limited to
providing information requirements and reviewing the technical staffs
work. The lifecycle emphasizes formal specifications and paperwork so
many documents are generated during the course of a systems project.
.
94 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Figure 5.1 : SDLC waterfall
Stage Division of labor End Product
Systems analysis Technical specialists identify the Systems
problem, gather information proposal report.
requirements, develop alternative
solutions and establish a project
management plan. Business users
provide information requirements,
establish financial or operational
constraints on the solution and select
the solution.
Systems Design Technical specialists model and Design
document design specifications and Specifications.
select the hardware and software
technologies for the solution. Business
users approve the design
specifications.
Programming Technical specialists write program Program
code specifications
and code.
95 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
MODULE – DPB 20043 2021
Testing Technical specialists develop test System
plans and conduct unit, system and performance
acceptance tests. Business users tests.
provide test data and scenarios and
validate test results.
Conversion Technical specialists prepare a User sign-off.
conversion plan and supervise
conversion. Business users evaluate
the new system and decide when the
new system can be put into production.
Production and Technical specialists evaluate the Post
Maintenance technical performance of the system implementation
and perform maintenance. Business audit.
users use the system and evaluate its
functional performance.
After the system is installed and in production users and technical
specialists will go through a formal post implementation audit that
determines how well the new system has met its original objectives and
whether any revisions or modifications are required. After the system has
been fine-tuned it will need to be maintained while it is in production to
correct errors, meet requirements or improve processing efficiency. Over
time the system may require so much maintenance to remain efficient and
meet user’s objectives that it will come to the end of its useful life span.
Once the systems lifecycle comes to an end a completely new system is
called for and the lifecycle may begin again.
The systems lifecycle is still used for building large complex systems that
require a rigorous and formal requirements analysis, predefined
specifications and tight controls over the systems building process. The
systems lifecycle approach is costly, time consuming and inflexible.
Volumes of new documents must be generated and steps repeated if
requirements and specifications need to be revised. Because of the time
and cost to repeat the sequence of lifecycle activities, the methodology
encourage freezing of specifications early in the development process
discouraging change. The lifecycle approach is also not suitable for many
desktop systems which tend to be less structured and more individualized.
96 SARATULL NOR NATASHA BINTI SAFRI & FATINSYUHANA BINTI ABDUL
GHANI| POLITEKNIK MERSING, JOHOR
The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
eBook for Commerce Department, PMJ
Discover the best professional documents and content resources in AnyFlip Document Base.
Search