UNIVERSITY OF CAPE COAST

COLLEGE OF DISTANCE EDUCATION

COURSE TITLE

INF 309D Information Systems Management

© COLLEGE OF DISTANCE EDUCATION, UNIVERSITY OF CAPE COAST

CODE PUBLICATIONS, 2019
 UNIVERSITY OF CAPE COAST
COLLEGE OF DISTANCE EDUCATION

BACHELOR OF EDUCATION
(INFORMATION TECHNOLOGY PROGRAMME)

INF 309D - INFORMATION SYSTEMS

MANAGEMENT
INFORMATION SYSTEM INFRASTRUCTURE
AND EMERGING TECHNOLOGIES UNIT 1

UNIT 1: INFORMATION SYSTEM INFRASTRUCTURE

AND EMERGING TECHNOLOGIES

Unit Outline
Session 1: Computer system concepts
Session 2: Information System (IS), components of IS and it characteristics
Session 3: IS infrastructure and architecture and IS life cycle
Session 4: Stages and technology drivers of IS infrastructure evolution.
Session 5: Fundamental resources and potential risks for IS
Session 6: Applications, benefits and limitations of managing IS infrastructure

Dear student, you are welcome to this unit. This session sets
the foundations for the rest of the materials you will study in
this module. This unit will give you insights into Information
Systems Infrastructure and Emerging Technologies
The other sessions under this unit will enable you appreciate the concept and
resources of computer systems in Information Systems. Enjoy as we take you
through the unit.

Now let’s look at the objectives for this unit.

Objectives
By the end of the session, you should be able to:
a) Understand Computer system concepts
b) Explain Information System (IS) components and their characteristics
c) Describe IS infrastructure, architecture and life cycle
d) Identify the stages and technology drivers of IS infrastructure
evolution.
e) Outline the fundamental resources of information system and potential
risks for IS
f) State Applications of IS, benefits and limitations of managing IS
infrastructure

CoDEUCC/Bachelor of Science in Information Technology 1

 INFORMATION SYSTEM INFRASTRUCTURE
UNIT 1
AND EMERGING TECHNOLOGIES
This is a blank sheet for your short notes on:
 Issues that are not clear, and
 difficult topics, if any.

2 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 1

SESSION 1: COMPUTER SYSTEM CONCEPTS

Welcome to the first session of this unit. In this session we

shall learn about the concepts of computer system. We shall
study the various components of computers, characteristics and functions of
computers and some basic applications of computer as well as data
representation in computer systems. Sit back as we take you through the
session.

Objectives
By the end of this session, you should be able to:
a) Understand the concept of computer system
b) Outline the characteristics and functions of the computers system
c) Explain the components of computer system
d) State some basic application of a computer system
e) Describe data/information representation in computer system

Now read on…

1.1 Computer Systems

Computers are electronic devices that receive user input, process it to produce
results, present those results to the users, and store those results for later use. So
what then is a computer system? A computer system can be defined as a
collection of unique items that collaborate to carry out a task. It can also be
described as an IPO (Input Process Output system), which is a collection of
electronic devices that accepts, processes, stores, outputs, and communicates
information in accordance with a specified program. This definition
distinguishes between the five functions of a network computer and the four
fundamental functions of a stand-alone computer, which are input, processing,
storage, and output. A computer system is a group of components (hardware,
software, and liveware) created with the purpose of receiving, processing,
managing, and presenting information in a useful way.

The Input Processing Output Diagram of a computer system

CoDEUCC/Bachelor of Science in Information Technology 3

 UNIT 1
SESSION 1 COMPUTER SYSTEM CONCEPTS

1.2 Characteristics and Functions of Computer Systems.

The following outlines the characteristics and function of computer systems

1.2.1 Characteristics
The characteristics of the computer system are as follows:
Speed: A computer works significantly faster and more accurately than a human.
One billion instructions can be processed by computers within a second.
Computer operations take only a few nanoseconds or microseconds to complete
assigned task.
Accuracy: Computations made by computers are mostly accurate. Data
inaccuracy or inconsistency might lead to errors.
Diligence: A computer has the constancy and accuracy to carry out countless
jobs or calculations. It doesn't experience any drowsiness or lack of focus. It is
also superior to human memory because of it deligence.
Versatility: Versatility refers to the capability of a computer to perform different
kinds of works with same accuracy and efficiency.
Reliability: A computer is reliable as it gives consistent result for similar set of
data that is, if we give same set of input any number of times, we will get the
same result.

4 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 1

Automation: Computer performs all the tasks automatically i.e., it performs

tasks without manual intervention.
Memory: A computer has internal storage for data called primary memory. Data
is also stored on removable media like CDs, pen drives, and other types of
secondary storage.

1.2.1 Functions
A computer performs the following functions:
Receiving Input: Through a variety of input devices, including a keyboard,
mouse, digital pens, etc., data is sent into a computer. Devices like a CD-ROM,
pen drive, scanner, etc. can also be used to provide input.
Processing the information: The programs' instructions are used to carry out
operations on the input data and preserving the data. The data is kept in the
primary or secondary storage location after processing.
Producing output: Through output devices like a monitor, printer, etc., the
processed information and other details are transmitted to the outside world.

1.3 Components of computer system

The following are the components of the computer system;

1.3.1 Hardware
The mechanical components that make up a computer are referred to as
hardware. The interconnected electronic components that make up computer
hardware are used to regulate the input and output of computers. CPUs,
keyboards, mouse, hard drives, and other items are examples of hardware.
Computer hardware is made up of a number of interconnected parts. Some
components are necessary, while others just have added benefits. Input, output,
central processing unit, and storage devices make up computer hardware.
The table below gives a summary of input devices, output devices, storage
devices processing devices.
Category Functions
Input Devices
Keyboard used to type in data into the computer (used to create
input)
Mouse used in pointing, signalling, and selection

CoDEUCC/Bachelor of Science in Information Technology 5

 UNIT 1
SESSION 1 COMPUTER SYSTEM CONCEPTS

Scanner used to capture hardcopy documents or images and

translating them into a digital signal that can be worked
on using a computer
Microphone used to convert sound into an electrical signal that is
readable by the computer
Joystick used to control video games
Light pen used to point to displayed objects on the screen or draw
on the screen
Digital Camera Used to record or capture still and motion images
Output Devices
Monitor used to produce visual responses to user requests; displays
information on the screen
Projector used to magnify information on the screen for the larger
audience, especially for teaching/learning and
presentation
Printer Used to produce computer-processed information on
papers and other hard copy materials.
Speaker used to retrieve sound from the computer system
Processing Devices
Processor used to process or manipulate on instructions that drive
(CPU) the computer
Memory cache a smaller and faster memory which stores copies of the
data from the most frequently used main memory
locations.
Main memory is the “working memory” of a computer, it stores data
(RAM) which the CPU is working on; its size has a significant
effect on total system performance
Storage Devices
Hard Disk A fixed storage device used to store programs and data in
the computer
Solid State Disk a fixed, non-volatile storage device that stores the data
(SSD) and programs that make up a computer. Compared to
HDD, it is speedier and more expensive.
CD/DVD Digital optical disc storage used to store programs, data
and information

6 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 1

Flash Disk A portable storage module used for storage. It has an

integrated USB interface
Memory Card An electronic data storage used to store mostly digital
data
Diskette a data-saving tiny, portable magnetic storage device.
A flash disk has recently taken its place.

1.3.2 Computer Software

Software also referred to as applications or programs. Software consists of a set
of documents, operating systems, and programs that govern and manage the
hardware elements of a computer system. A program is a set of instructions that
directs a computer to carry out specific activities. Computers translate software
instructions from a computer language into machine language before executing
them.
There are two categories of software:
System software: System software interacts directly with a computer's physical
components. It offers a platform on which an application can run. The
functionality it offers supports the users. Operating systems such as Windows,
Linux, Unix, and others serve as examples of system software.
Application software: This type of program is made to help users carry out one
or more tasks. Examples of application software include Word, Excel,
PowerPoint, Oracle, etc. among others.

1.3.3 Computer Liveware

Liveware is the user of the computer. As the name implies, liveware is simply
described as the people or slang for the people who typically work with
computers to operate systems, such as analysts, programmers, etc. The user
gives instructions for the computer system to follow.

Differences between Software and Hardware

Software Hardware
Software is a collection of It is made of the physical components
programs to bring computer of computer system.
hardware system into operation.
It includes numbers, alphabets, It consists of electronic components
alphanumeric symbols, identifiers, like ICs, diodes, registers, crystals,
keywords, etc. boards, insulators, etc.

CoDEUCC/Bachelor of Science in Information Technology 7

 UNIT 1
SESSION 1 COMPUTER SYSTEM CONCEPTS

By adding new functionality to Hardware design is based on

current programs to accommodate architectural decisions to make it
hardware, software products work
evolve. over a range of environmental
conditions and time.
It is designed and developed by The hardware can understand only
experienced programmers in high- low-
level language. level language or machine language

It will vary as per computer and its It is mostly constructed for all types of
built-in functions and programming computer systems.
language.

1.4 Basic applications of computers

Computers are used in all aspects of life. They are employed in a variety of
settings and this may include;
Home: Computers are used in homes for a variety of activities, including online
bill payment, home entertainment, home learning, access to social media,
gaming, and internet. They offer email as a means of communication. They
support offering corporate employees the option of working from home. The
student population can access online instructional support from their various
homes with the aid of computers.
Medical Field: In hospitals, computers are used to keep a database of patient
information, including their medical history, diagnoses, X-rays, and real-time
patient monitoring. Today's surgeons do remote procedures and delicate
operations using robotic surgical tools. Technologies related to virtual reality are
also applied to training. Monitoring the developing foetus inside the mother's
womb is also helpful.
Entertainment: Computers provide virtual entertainment by allowing users to
play games, watch movies online, and listen to music, among other activities.
People working in the entertainment sector can record music using artificial
instruments with the use of MIDI instruments. Computers are capable of feeding
videos to large-screen televisions and also for photo editing.
Industry: Computers are utilized in a variety of businesses for tasks including
inventory management, designing, making virtual samples of items, interior
design, video conferencing, etc. The potential of online marketing to offer
8 CoDEUCC/Bachelor of Science in Information Technology
INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 1

diverse products to hard-to-reach places like interior or rural areas has

undergone a significant revolution. Through the use of computers, stock markets
have witnessed amazing engagement from individuals at all levels.
Education: Computers are utilized in the education sector for things like online
classrooms, exams, reading e-books, and tutoring. They support greater use of
audiovisual resources in the educational sector.
Government: Computers are employed in the government to handle data, keep
database of citizens, and enable a paperless workplace. The use of computers by
the nation's defence institutions for the development of missiles, satellites,
rocket launches, etc. has been extremely advantageous.
Banking: Computers are utilized in the banking industry to conduct activities
including the withdrawal and deposit of cash from ATMs as well as to maintain
customer information. Through increased computer use, banks have
significantly decreased manual errors and costs.
Arts: In dancing, photography, arts, and culture in general, computers are widely
used. Animation can be used to demonstrate dance's fluid motion in real time.
Computers can digitize photographs.
Science and Engineering: High-performance computers are employed in
science and engineering to stimulate dynamic processes. There are several uses
for supercomputers in the field of research and development (R&D). Computers
can generate topographic imagery. Computers are used by scientists to plot and
analyze data in order to better comprehend earthquakes.

1.5 Data/Information Representation

Data is a collection of facts and statistics that are not arranged in any particular
way and do not reveal any further information about patterns, context, etc.
Data is thus defined as "unstructured facts and figures." Information is a
structured data kind, meaning it is organized, meaningful, and processed. A
computer is used to process the data and turn it into information. It is important
to note that computers don’t understand. Any information that is provided to a
computer, including words, symbols, images, audio, and video, needs first be
translated into machine language.
There are three forms of data representation on a computer and they are as
follows:
Number System
From a very young age, the concept of numbers is given to us. Everything is a
number to a computer, including alphabets, images, sounds, etc.

CoDEUCC/Bachelor of Science in Information Technology 9

 UNIT 1
SESSION 1 COMPUTER SYSTEM CONCEPTS

Number system is categorized into four types:

• Binary number system consists of only two values, either 0 or 1.
• Octal number system represents values in 8 digits.
• Decimal number system represents values in 10 digits.
• Hexadecimal number system represents values in 16 digits.

Bits and Bytes Bits

A bit is a smallest possible unit of data that a computer can recognize or use.
Computer usually uses bits in groups. Bytes - group of eight bits is called a
byte. Half a byte is called a nibble.

Text Code
Text code is format used commonly to represent alphabets, punctuation marks
and other symbols. Four most popular text code systems are:
• EBCDIC
• ASCII
• Extended ASCII
• Unicode

1.5.1 Data processing

Data processing is a process of converting raw facts or data into a meaningful
information.

Stages of Data Processing

10 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 1

Data processing consists of following 6 stages and these stages are outlined
below;

Collection: Collection of data refers to gathering of data. The data gathered

should be defined and accurate.
Preparation: Building a collection containing data from many sources in
preparation for usage in the cycle's processing step.

Input: Input refers to supply of data for processing. It can be fed into computer
through any of input devices like keyboard, scanner, mouse, etc.
Processing: The process refers to concept of an actual execution of
instructions. In this stage, raw facts or data is converted to meaningful
information.
Output and Interpretation: The user will see the output of this procedure as
text, audio, video, etc. The user receives useful information from the
interpretation of the output.
Storage: In this process, we can store data, instruction and information in
permanent memory for future reference

Summary

This session introduced us to the overview of computer systems. We discussed

some characteristic, functions and components of the computer system as well
as some data representation techniques.

Self-Assessment Questions
Exercise 1.1
a) Define computer?
b) What are the basic operations of a computer?
c) What is the main difference between hardware and software?

CoDEUCC/Bachelor of Science in Information Technology 11

 UNIT 1
SESSION 1 COMPUTER SYSTEM CONCEPTS

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

12 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 2

SESSION 2: INFORMATION SYSTEM (IS), ITS

COMPONENTS AND CHARACTERISTICS
Welcome to another interesting session. In this session, we
shall study about Information Systems (IS), it’s components
and characteristics of IS. We shall look at the definition of IS, the role of IS
and other relevant concepts in IS. Relax and enjoy the session.

Objectives
By the end of this session, you will should be able to:
a. Understand what Information Systems is
b. Explain the roles and facts about IS
c. Describe the various components of IS
d. Outline some characteristics of IS

Read on…

2.1 Definition of Information System (IS)

A system is made up of various parts (subsystems) that work together to
accomplish specific goals. A system's outputs represent the realization of its
goals. An information system is a system that processes data resources into
information products as output after accepting them as input. When people hear
the phrase "information system" for the first time, they frequently assume it
refers to some kind of program that stores information or something similar. The
name does really sound that way. An information system, however, is much
larger than that. A combination of hardware, software, and telecommunication
networks make up an information system, which is used to gather meaningful
data, particularly within an organization. Information system is used by many
firms to carry out and manage operations, engage with customers, and
outperform rivals. Information system combines hardware, software, human
labor, and processes. Information systems are frequently associated with
computer-based technology. Although computers are frequently used in
information systems to manage data and accomplish business goals, this is not a
necessity.

CoDEUCC/Bachelor of Science in Information Technology 13

 UNIT 1 INFORMATION SYSTEM (IS), ITS
SESSION 2
COMPONENTS AND CHARACTERISTICS
The information flow within a system is defined by the information system. An
information system's goal is to collect data, process that data, and then present
that information to the user in a way that is appropriate for them. To perform
input, processing, output, storage, and control functions that transform data
resources into information products, an information system relies on the
resources of people (end users and IS specialists), hardware (machines and
media), software (programs and procedures), data (data and knowledge base),
and networks (communications media and network support).

2.2 The Role and Facts of Information Systems

We shall look at the role IS plays as well as some concrete facts about IS.

2.2.1 The Role of Information Systems

Users of information systems can gather, store, organize, and distribute data
that can be useful to companies for a number of reasons. Information systems
are used by many firms to manage resources and boost productivity. In order to
compete in global markets, some people rely on information systems. There
are several uses for various information system kinds. GIS (geographic
information system), for instance, can assist researchers in tracking the
movement of sea ice, assisting in agricultural decision-making, or providing
insight into criminal activity patterns. One popular type of office automation
system that can automatically sort, prioritize, file, and respond to messages is
email software like Microsoft Outlook. Additionally, Apple's SIRI is a well-
known expert system that attempts to mimic human decision-making in
response to user voice. Information systems are becoming more and more
integrated into daily life, from online banking to internet browsing.

2.2.2 Facts of information systems

Here are some information systems-related facts.

Essential for business expansion: Computer-related processes are essential to

completing tasks in every organization. A business may require the use of
computer software, the deployment of network architecture to accomplish its
goals, or the design of apps, websites, or video games. Therefore, any business
that wants to ensure its future must have a well-designed information system.

14 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 2

Improved access and storage of data: A system like this can also be used to
store operational information, paperwork, communication logs, and history.
Information systems can be quite useful in this because manually entering data
might take a lot of time. Information systems store data in an advanced manner
that greatly simplifies the process of retrieving the data.

Improved decision making: A business's decision-making process is aided by

information systems. Making smarter judgments is made simpler with an
information system that delivers all the crucial facts. Additionally, an
information system enables efficient communication among staff. It is simpler
to distribute and access the documents with the staff because they are
organized into folders.

2.3 Components of information system

Components of the information system are as follows:

2.3.1 Computer Hardware

All tangible tools and components utilized in information processing are

CoDEUCC/Bachelor of Science in Information Technology 15

 UNIT 1 INFORMATION SYSTEM (IS), ITS
SESSION 2
COMPONENTS AND CHARACTERISTICS
included in the notion of hardware resources. It specifically encompasses all
tangible items on which data is recorded, from sheets of paper to magnetic
disks, in addition to machinery like computers and other equipment. Physical
equipment for processing, output, and input. The hardware setup is determined
by the organization's size and type. It is made up of an operating system,
processor, input and output devices, and media devices. Peripheral devices for
computers are also included.

2.3.2 Computer Software

All sets of information processing instructions are included in the concept of
software resources. In addition to the sets of operating instructions known as
programs that guide and control computer hardware, this general definition of
software also includes the sets of information processing instructions known as
procedures that are required by people. It's crucial to realize that software
resources are a part of even information systems without computers. Even, the
manual and machine-supported information systems in use today, as well as
the ancient information systems, demonstrate this. To correctly gather, process,
and distribute information to their consumers, they all need software resources
in the form of information processing instructions and procedures. The
applications/programs used to direct and coordinate the hardware elements. It
is employed in the processing and analysis of data. A collection of instructions
used for information processing is included in these applications.

2.3.3 Databases
Data are the unstructured, raw facts and figures that become information after
being processed. Software is used to manage physical storage of media and
virtual resources, as well as to organize and serve data to the user. Just as
hardware cannot function without software, so too does software require data
to function. Database management systems are used to manage data. Database
management programs are used to efficiently obtain needed data and to
maintain knowledge bases. Managers and information systems specialists have
widened the definition of data resources. They understand that data is an
important organizational resource. Consequently, you should think of data as a
resource that must be successfully managed to benefit every end user inside an
organization. The standard alphanumeric data, which is made up of numbers,
letters, and other characters to describe business transactions and other events
and entities, is one form of data. The lines and paragraphs used in written
communications that make up text data, graphic shapes and figures that make

16 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 2

up image data, and human voice and other sounds that make up audio data are
all significant types of data.

2.3.4 Network
The successful operation of all types of companies and their computer-based
information systems depends on telecommunications networks like the
Internet, intranets, and extranets. Computers, communications processors, and
other devices are connected by communication media and managed by
communications software to form telecommunications networks. The idea of
network resources highlights the importance of communications networks as a
basic resource for all information systems. Resources on the network help the
organization's information flow. Networks are made up of both software and
hardware, including operating systems, web servers, data servers, and
application servers, as well as network cards, routers, hubs, and cables.
Computers, communications processors, and other devices are connected by
communication media and managed by software to form telecommunications
networks.
Network resources include:

• Communication media, Examples include twisted pair wire, coaxial

cable, fibre-optic cable, microwave systems, and communication
satellite systems.
• Network Support: This broad category encompasses all the people,
machines, programs, and data sources that directly support a
communications network's use and operation. Examples include network
operating systems and Internet packages that control communications.

2.3.5 Human Resources

It has to do with how many people are needed to run and administer the
system. The information system's primary goal is to help the end user, who is a
person. End users use the information provided for their own purposes. The
end user may be an engineer, an accountant, a salesperson, a client, a clerk, a
manager, etc. Information systems are developed and run by people, too. They
include managerial techniques, computer operators, programmers, and other
clerical IS personnel. Information systems cannot function effectively without
human resources. The qualified individuals who influence and manipulate the
data, software, and processes in information systems are included in the human
component of those systems. Business analysts and information security

CoDEUCC/Bachelor of Science in Information Technology 17

 UNIT 1 INFORMATION SYSTEM (IS), ITS
SESSION 2
COMPONENTS AND CHARACTERISTICS
analysts are examples of people that work with information systems. The
operations and processes of an organization are improved by business analysts.
They frequently concentrate on enhancing production and efficiency or
streamlining distribution. Analysts in information security work to stop
cybersecurity threats and data breaches. Additionally, system analysts employ
information technology to assist firms in streamlining their program user
experiences.

2.4 Characteristics of Information system

Information systems have several key characteristics that define their purpose
and function. Some of this characteristics are outlined below;

a. Data-driven: Information systems are designed to collect, store, and process

data in order to support decision-making and problem-solving.
b. Automated: Information systems are designed to automate repetitive and
time-consuming tasks in order to increase efficiency and accuracy.
c. System Approach: The information system follows a System’s approach.
The system’s approach implies a holistic approach to the study of system and
its performance in the light for the objective for which it has been constituted.
d. Management Oriented: The top-down approach must be followed while
designing the IS. The top-down approach suggests that the system
development starts from the determination of management needs and overall
business objectives. The IS development plan should be derived from the
overall business plan. Management oriented characteristic of IS also implies
that the management actively directs the system development efforts.
e. Need-Based: The managers' information needs should guide the design and
evolution of IS. Strategic planning, management control, and operational
control are three separate levels at which the necessary design and
development information is found. It implies that IS should address the unique
requirements of managers at various levels of a company.
f. Exception Based: IS should be developed on the exception-based reporting
principle, which means an abnormal situation, i.e., the maximum; minimum or
expected values vary beyond tolerance limits. In such situations, there should
BE exception reporting to the decision-maker at the required level.
g. Future Oriented: Besides exception-based reporting, IS should also look at

18 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 2

the future. In other words, IS should not merely provide past or historical
information; rather it should provide information, on the basis of projections
based on which actions may be initiated.
h. Integrated: Integration is a necessary characteristic of a management
information system. Integration is significant because of its ability to produce
more meaningful information. For example, in order to develop an effective
production scheduling system, it is necessary to balance such factors as setup
costs, Workforce, Overtime rates, Production capacity, Inventory level, Capital
requirements and Customer services.
i. Long Term Planning: IS is developed over relatively long periods. Such a
system does not develop overnight. A heavy element of planning is involved.
The MIS designer must have the future objectives and needs of the company in
mind.
j. Central Database: A central database is a mortar that holds the functional
systems together. Each system requires access to the master file of data
covering inventory, personnel, vendors, customers, etc. It seems logical to
gather data once, validate it properly and place it on a central storage medium,
which can be accessed by any other subsystem
k. Supportive: Information systems are designed to support the operations,
management, and decision-making of an organization.
l. Communication: Information systems are designed to support
communication and collaboration within and between organizations.
m. Adaptable: Information systems are designed to be adaptable and flexible
to changing business needs and technology advancements.
n. Secure: Information systems are designed to protect the data and resources
they manage and access, ensuring the security and privacy of the information.
o. Networked: Information systems are designed to be connected and
integrated with other systems and networks, allowing the sharing and exchange
of information.
p. Real-time: Information systems are designed to provide real-time or near
real-time access to data and information, allowing for quick and informed
decision-making.
q. Intelligent: Many information systems are designed to incorporate some
level of artificial intelligence and machine learning to aid decision-making and
automate processes.

CoDEUCC/Bachelor of Science in Information Technology 19

 UNIT 1 INFORMATION SYSTEM (IS), ITS
SESSION 2
COMPONENTS AND CHARACTERISTICS

SUMMARY
This session made us understand what Information Systems is, explaining the
roles and facts about IS, describing the various components of IS as well as
outlining some characteristics of IS.

Self-Assessment Questions
Exercise 1.2
a) Information systems are dependent on data and information
input. The quality of the data is of major concern. Which of the
following are NOT considered traditional information quality factors?
I. Timely information
II. Valid information
III. Flexible information
IV. Complete information
V. Low resolution information
b) Which of the following is NOT a major component of any information
system?
I. applications
II. information technology
III. people
IV. the company
c) What is information system ? State the goal of an information system
d) What are the five components that make up an information system?

20 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 3

SESSION 3: INFORMATION SYSTEM INFRASTRUCTURE,

ARCHITECTURE AND LIFE CYCLE
Welcome to another session in this unit. In this session, we
shall discuss the Information Systems Infrastructure, its
Architecture and the life cycle of IS. Enjoy the session then.

Objectives
By the end of this session, you will should be able to:
a. Explain Information System’s architecture and its concepts
b. Describe the Information System’s infrastructure
c. Outline the Information System’s life cycle

Read on…

3.1 Information System (IS) Architecture

The term information system architecture (ISA) refers to the technological
framework, product technologies, system structure, business procedures, and
policies needed for an information system or enterprise. The architecture
includes an in-depth explanation of the layout, contents, and a breakdown of the
computerized system's current hardware, software, and networking capabilities.
The hardware and software required to offer the consumer a solution is both
included in this architecture. Details of long-term plans, such as replacing or
upgrading outdated hardware and software, are also included. Any
organization's information system architecture can be thought of as a design
showing how data processing systems, telecommunications networks, and data
are integrated. It provides a summarized response to the following questions:

• Where to store data?

• What data is gathered?
• How and were the data gathered?
• Which application use the data and how are they related to overall
system?
• How is the data transferred?

CoDEUCC/Bachelor of Science in Information Technology 21

 UNIT 1 IINFORMATION SYSTEM INFRASTRUCTURE
SESSION 3
ARCHITECTURE AND LIFE CYCLE (IS)
3.1.1 Information System Architecture (ISA) Model
Information System Architecture has the following basic building blocks:

1) Information System Block: The IS block provide the functions which

support business process. IS blocks are related to other blocks via IS services
and are executed in IT blocks.
2) Information Entity: Information entity data is created, read, updated, or
deleted through a variety of business processes. The information entity is used
by the IS block and is really located in the IT block.
For instance: Information about one information entity is linked to other ones.
3) IT Blocks: IT blocks helps in implementing IS block and manipulation of
information entity data.

3.1.2 Services in Information System Architecture (ISA)

ISA comprises of three different services:

1) IT Service: This includes the technological services offered by application

platforms.
2) Business Service: This is a set of operations offered by IS blocks which
support one or more business process.
3) IS Service: This is the collection of operations that an IS block provides to
other IS blocks. The description of a service’s-maintained action is what is
referred to as an operation. Therefore, operations offer a few ISA-related
details.

3.1.3 Classification of Information System Architecture (ISA)

The following is the classification of the information system architecture:

1) Client- Server Architecture

In the client-server computer model, service requesters are referred to as clients
and resource or resource providers are referred to as servers. In any software
organization, client/server architecture is a general concept that can be
implemented in several ways. For example, the interaction between a client
application program running on a workstation and a database management
system (DBMS) running on a larger computer system.

22 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 3

The application program communicates with the database management system

across a network to send requests for database access. On behalf of the
application, the DBMS will access the data, and it will respond with the results
of the search operation and a success/failure report of an update operation. A
flexible, message-based, and modular infrastructure makes up the client/server
software architecture. As contrast to centralized, mainframe, time-sharing
computing, it strives to promote usability, interoperability, flexibility, and
scalability. The client, which is the seeking machine, and the server, which is
the delivering machine, are the elements of this architecture.
Either a local area network (LAN) or a wide area network connects these to one
another (WAN).

The server performs the following functions:

• Processing of the query.

• Return the result to the client.
• Note the client query.

The client has the following responsibility:

• Decode the user's request into specific protocols to enable processing.

• Tackle the user interface.
• Presenting the result to the user.
• Wait for the server to respond.

CoDEUCC/Bachelor of Science in Information Technology 23

 UNIT 1 IINFORMATION SYSTEM INFRASTRUCTURE
SESSION 3
ARCHITECTURE AND LIFE CYCLE (IS)
• Sending the request to server.
• Convert the response into readable format.

2) Mainframe Architecture:
The Terminal in the mainframe accepts user queries but does not validate them.
The server completes this as it deals with the request. Up until the middle of
1998, this style of design was common, but today the situation is quite different.
Due to its rigidity and poor cost-to-performance ratio, such design is not
currently in use. This paradigm's extension is the idea of a smart terminal. As
smart terminals, a mainframe is combined with a number of PCs, each of which
has a keyboard, screen, and disk drive and can only process a small number of
jobs. This lessened the reliance on constant communication with the main
computer.
Mainframe architecture comprises of:
a) A terminal users input queries to which the results are displayed.
b) A server which processes data within the network.
The user submits to request for data via a terminal. The server will the process
the request and the result will be displayed on the terminal screen.

3) Distributed System:
A distributed system consists of a number of separate computers connected by
a network and running a distributed operating system. The computers can
coordinate their actions and share system resources as a result. The user gets the
impression that it is a single because of this. A facility for integrated computing.

Characteristics of Distributed System

The following are the characteristics of the distributed system:

i) Openness: The openness of distributed system is dependent on the quality of

new resource sharing services which can be added and made available to client
programs.

ii) Resource Sharing:

• Distributed system also makes information exchange easier among

users.

24 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 3

• In distributed system, it becomes easy for user to access remote

resources which can also be shared among users. For example: printers,
files, web pages etc.
• As resource and data sharing is easy, it may cause security problems
which have to be dealt efficiently.

iii) Concurrency:
The same resource could be attempted to be accessed by numerous clients at
once. For best performance, a shared resource's operations must always be
correct in a concurrent context.
iv) Transparency:
Processes and resources are distributed physically among multiple computers.
This fact remains hidden in distributed systems.
v) Scalability:
A system is said to be scalable when it remains efficient despite increase in
resources and users.

4) Web Based Architecture:

Although there are some distinctions, database architecture can be thought of as
an extension of client/server design. In a client/server architecture, the client
workstation contains the application software that is used to communicate with
the application server. However, in the web-based application the client
machines have web browsers which are network to web browser by LAN or
WAN.

CoDEUCC/Bachelor of Science in Information Technology 25

 UNIT 1 IINFORMATION SYSTEM INFRASTRUCTURE
SESSION 3
ARCHITECTURE AND LIFE CYCLE (IS)
The web was not extremely interactive in the beginning. In order to get a
response from the server, the user would submit a request using forms or URL.
When the browser supplied the HTML code, the server then delivered the search
result in HTML format. The server does not always return HTML in web-based
architecture. Instead, it provides a page with the UI logic, which then uses web
services to return to the primary server and retrieve the needed data.
The UI application that the server returns can therefore be implemented by the
browser.

Two other features of web-based functionalities are as follows:

a) Web-based system are accessible globally via browser depending on
user access rights.
b) The content/data generated is updated in real time. Internet, intranet
and extranet are the principal communication network of the web
environment.

5) Cloud Architecture:
The use of the cloud, the structure of the system, which comprises on-premises
and cloud resources, services, middleware, and software components with their
geo-location, externally visible features, and their inter-relationships, is referred
to as the architecture of a cloud solution. The appropriate architecture for the
associated application determines the protection that is required in cloud
computing. In order to assure optimal performance, organizations must
comprehend each application's requirements, and if they are currently
employing cloud computing, they must also comprehend the appropriate cloud
architecture. Cloud architecture is characterized by multiple cloud components
that communicate with one another via loosely coupled mechanisms like a
messaging queue. In terms of cloud resources, services, middleware, and
software components, elastic provisioning refers to the usage of tight or loose
coupling. Cloud computing architecture comprises of a front and a back end
which the inter connected by network like internet. The front end is viewed by
the client or the user and the back end is the cloud section.

6) Grid Architecture:
Grid architecture describes how resources are shared in a distributed
environment according to a specific grid design. This is where the resource layer
is located, which consists of network-connected computers, storage devices,
electronic data catalogs, sensors, and telescopes. It has a number of layers, each

26 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 3

of which serves a distinct purpose, with the upper layers being user-centric and
the lower layers being hardware-centric. The lowest layer connecting the
resources of the grid is called the network. The middle-ware layer provides the
technology necessary to enable the participation of various grid components,
such as servers, storage, networks, etc. As a result, it is also referred to as a
computing grid's brain.

The application layer is the top layer of a grid and includes applications for
science, engineering, business, finance, and other fields as well as portals and
toolkits for application development. Additionally, service-ware that handles
general administration tasks like managing the use and supply of grid resources
may be included. Additionally, it is the layer that grid users may view and use.

3.2 Information System Infrastructure

The foundation for computer-based business application systems in the form of
services to a variety of customers is a platform of shared technological, human,
and organizational capabilities known as information systems infrastructure.
The integrated environment of hardware, software, human resources, services,
data, knowledge, facilities, and communication makes up information system
infrastructure.

Components of Information systems infrastructure

CoDEUCC/Bachelor of Science in Information Technology 27

 UNIT 1 IINFORMATION SYSTEM INFRASTRUCTURE
SESSION 3
ARCHITECTURE AND LIFE CYCLE (IS)
3.3 Information System’s Life Cycle

A process for creating an information system, or creating models that can be

used to create an information system, is called the system development life
cycle (SDLC). A high-quality system that satisfies client needs in terms of
time, money, effectiveness, and efficiency is the goal of the SDLC. System
development is supported by a number of stages and tasks provided by the
SDLC. The SDLC process began with problem identification; the following
stage is to analyze the problem to determine whether it actually exists or not.
System analysts must perform a feasibility study after the analysis phase is
complete. The system's development begins if the issue or need moves past the
feasibility stage. The information system life cycle (ISLC) is a framework for
understanding the development, implementation, and maintenance of
information systems.
The information systems life cycle typically consists of the following phases:

Planning and analysis: In this phase, the organization identifies the need for a
new information system and conducts a feasibility study to determine the costs
and benefits of the proposed system.

System design: In this phase, the organization creates a detailed design of the
new system, including the hardware and software components and the data
structures.

Implementation and testing: In this phase, the organization procures and

installs the hardware and software components of the new system and tests the
system to ensure it meets the requirements identified in the planning and
analysis phase.

Deployment: In this phase, the new system is deployed and made available to
users. This may involve training users on the new system and migrating data
from the old system to the new system.

Maintenance and operation: In this phase, the organization provides ongoing

support for the new system, including monitoring system performance,
troubleshooting and resolving issues, and making updates and improvements
as needed.

28 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 3

Retirement: In this phase, the organization decommissions and retires the

system. This may include archiving data, disposing of hardware, and updating
documentation.

The ISLC is an iterative process with feedback loops and iteration at each
level, it is important to keep this in mind. Furthermore, it's crucial to keep in
mind that different organizations may use different versions of the ISLC.
Nevertheless, the general procedure—which entails determining the
requirement, designing, implementing, maintaining, and retiring the system—
remains the same.

SUMMARY

We discussed the Information System’s architecture and concepts in this

session. We also explained the Information System’s infrastructure as well as
the Information System’s life cycle.

CoDEUCC/Bachelor of Science in Information Technology 29

 UNIT 1 IINFORMATION SYSTEM INFRASTRUCTURE
SESSION 3
ARCHITECTURE AND LIFE CYCLE (IS)

Self-Assessment Questions
Exercise 1.3
a) Describe the client-server architecture and state the services
performed by server and clients.
b) What is distributed system?
c) State the components of information system infrastructure
d) What are the phases in information system life cycle?

30 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 4

SESSION 4: TECHNOLOGY STAGES OF IS

INFRASTRUCTURE EVOLUTION
Welcome to this session. In this session, you will be exposed
to the stages and technology drivers of information systems
infrastructure evolution. Relax and let’s learn together.

Objectives
By the end of this session, you will should be able to:
a. Identify the technology stages of Information Systems evolution
b. Distinguish between these technology stages in information systems

Read on…

4.1 Stages of Technology Drivers of Information Systems

The process of gathering data as well as its distribution and storage requires
certain components and equipment to be put together to facilitate the effective
operations within the various stages. This conglomeration of parts or
components is what has become known as the Information System
Infrastructure. The progression of Information system infrastructure has been
truly astounding. From the days of the immobility of said infrastructures to the
seamless and universal access provided today, the evolution of information
system infrastructure can be divided into several stages. It is notable that each
stage is driven by different technology drivers. Below are the various stages:

4.1.1 Mainframe Era (1960s-1970s)

The dawning of Information System (i.e., the early stages of information system)
infrastructure evolution was characterized by bulky/huge, centralized
mainframe computers. The limitations of technology at the time meant most
components needed to create this system were “super-sized”. This also meant it
was virtually impossible and impractical to move these humungous machines
from one place to the other. The scarcity of such infrastructure meant they were
expensive to obtain and maintain too. In this era, the entire software component
is installed unto the central host computer, with users having to utilize a terminal
which captures specific keystrokes to send information. Another notable liability
of this era was that there was little to no graphical user interface for the general

CoDEUCC/Bachelor of Science in Information Technology 31

 UNIT 1 TECHNOLOGY STAGES OF IS
SESSION 4
INFRASTRUCTURE EVOLUTION
public to be able to interact with this information system. Thus, only those with
high IT skills could operate said systems. Such limitation, to name a few, meant
that the mainframe era was mostly fixated on data processing. It didn’t have an
obvious impact on the management within an organization, but rather limited to
back-office applications. The main technology driver for this stage was the need
for more powerful and efficient computing power to support business
operations. Below is a figure depicting the mainframe infrastructure;

4.1.2 Client-Server Era (1980s-1990s)

The second stage of information system infrastructure evolution saw the
emergence of client-server architecture. In this era, organizations wanted IT to
have a more involving role in the day-to day- activities of the entire organization.
To achieve this, smaller and less powerful client devices were connected to
larger, more powerful servers. The price, size and technical expertise needed to
maintain mainframes if they were to be incorporated into every sector of the
organization meant that it was impractical for such an approach. Thus, these less
bulky devices (client) were brought in to request for a process or data from the
more centralize mainframe (server). This meant that the operation of client
machines was heavily reliant on the consistency and efficiency of the network
(Speed and reliability). To counter the deficiencies of a network, clients could
either be “thin” or “fat”. Thin clients had less applications installed and had to
rely more on the server for transactions and processes. Thus, they were optimal
in the case where a very robust network is running. Thin clients are cheaper too.
“Fat” clients, on the other hand had more applications installed on them and thus
relied less on the server for every single transaction. These types of clients were
necessary to counter slow networks. They are notably more expensive too. The

32 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 4

main technology driver for this stage was the need for more distributed and
decentralized computing power. The figure below show the client-server
architecture.

4.1.3 Internet Era (1990s-2000s)

The third stage of information system infrastructure evolution, known as the
internet Era can be described as an upgrade to the Client-server infrastructure.
As its name suggests, this was during the age where the internet had begun to
gain a foothold in the IT realm. The internet truly opened the gateway for global
communication and information sharing. Unlike previous eras, the internet era
broke through the barrier of geographical limitations. With this upgrade came
the need for relevant services and applications to be developed so as to ensure
the efficient usage of the internet. Notable components introduced here were the
Web, Internet Browsers, Modems, etc. In this case the application software
resides entirely on a network server and the client computer only needs a
standard browser. The browser is a ‘thin client’ unlike the ‘fat client’ of client–
server computing. The Browser became the literal gateway for millions of users
to access the server-based applications. Changes or upgrades therefore had to be
done only on the server-based applications instead of the numerous individual
client devices. Client–server architecture is supposed to be independent of
hardware, operating systems, and database systems platform, and hence it
invokes an open system view. Therefore, it enables tremendous flexibility in
designing IS infrastructure. The shift to internet being the core of the
infrastructure forced organizations to rethink their rigid structures of operations
to much more flexible systems and management protocols. The main technology
driver for this stage was the need for more global and interconnected computing
power.

CoDEUCC/Bachelor of Science in Information Technology 33

 UNIT 1 TECHNOLOGY STAGES OF IS
SESSION 4
INFRASTRUCTURE EVOLUTION
4.1.4 Cloud Era (2000s-present): The fourth and current stage of information
system infrastructure evolution is marked by the widespread use of cloud
computing, in which resources are retrieved from the internet through web-based
tools and applications, rather than a direct connection to a server. Cloud
Computing offers the opportunity to access IT resources and services with
appreciable convenience and speed. Behind this primarily, is a solution that
provides users with services that can be drawn upon on demand and invoiced as
and when used. Suppliers of cloud services, in turn, benefit as their IT resources
are used more fully and eventually achieve additional economies of scale. Cloud
Computing offers flexibility whilst simultaneously reducing costs-with the
positive side effect of sustainability. The potentials of cloud computing have just
been scratched. As more innovations are made cloud computing will continue to
grow in leaps and bounds. The main technology driver for this stage is the need
for more flexible and scalable computing power.

4.1.5 Edge and IoT Era (2010s-2020s): The latest stage of information
system infrastructure evolution is marked by the emergence of edge computing
and IoT (Internet of Things) technology, which enables data processing and
analysis closer to the source of data, rather than in centralized data centres. IoT
devices are physical systems that collect data for processing. Edge devices are
the devices that perform that processing. Often, IoT devices are resource-
constrained, meaning that they lack the computational resources required to

34 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 4

process their own data. The main technology driver for this stage is the need
for more efficient and real-time data processing, as well as the explosion of
data generated by IoT devices.

SUMMARY

This session helped us identify the technological stages of Information

Systems evolution and also enabled as distinguish between these technological
stages in information systems

Self-Assessment Questions
Exercise 1.4
a) Give a brief explanation on the stages and technology drivers
of IS infrastructure evolution.

CoDEUCC/Bachelor of Science in Information Technology 35

 UNIT 1 TECHNOLOGY STAGES OF IS
SESSION 4
INFRASTRUCTURE EVOLUTION
This is a blank sheet for short notes on:
• Issues that are not clear; and
• Difficult topics, if any

36 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 5

SESSION 5: FUNDAMENTAL RESOURCES AND

POTENTIAL RISKS FOR IS
Welcome to session 5. In this session, we will look at the
fundamental resource of Information Systems as well as the
potential risks associated with Information Systems. Sit back and enjoy the
session.

Objectives
By the end of this session, you will should be able to:
a. Explain the fundamental resources of Information Systems
b. Understand the possible potential risks for Information Systems

Read on…

5.1 Fundamental Resources of Information Systems:

The complex process of information gathering and processing, as well as storage
and distribution require a lot of moving parts to make it possible. These parts
form the bedrock for all information systems. Take out even one component and
the information system will be at risk of collapse. They are:

5.1.1 Hardware
Hardware can be defined as the physical components of an information system,
such as computers, servers, storage devices, printers, and networking equipment.
This is usually the tangible easily recognized part of the information system.
Hardware is necessary for the processing and storage of data and information.
Computer systems: which consist of central processing units containing
microprocessors, and variety of interconnected peripheral devices. Examples are
microcomputer systems, midrange computer systems, and large mainframe
computer systems.
Computer peripheral: which are devices such as a keyboard or electronic mouse
for input of data and commands, a video screen or printer for output of
information, and magnetic or optical disks for storage of data resources.

CoDEUCC/Bachelor of Science in Information Technology 37

 UNIT 1 FUNDAMENTAL RESOURCES AND
SESSION 5
POTENTIAL RISKS FOR IS
5.1.2 Software
Software refers to the programs and applications that run on hardware and
provide the functionality of an information system. They serve as the bridge
between the user and the hardware components. It is this software that actually
gives life to the hardware components. Without them, the hardware becomes
nothing but a husk. This includes the operating system, system software, and
application software and procedure.
a. System Software: such as an operating system program, which con
controls and supports the operations of a computer system.
b. Application Software: which are programs that direct processing for a
particular use of computers by end users. Examples are a sales analysis
program, a payroll program, and a word processing program.
c. Procedures: Procedures can be defined as the established steps,
methods and processes that are followed in order to utilize and maintain
an information system. This includes user guides, system administration
procedures, and disaster recovery procedures.

5.1.3 Data
Data refers to the raw facts and figures that are inputted, processed, and stored
by an information system. Data can include text, numbers, images, and other
forms of information. In modern time, data can include real time information
like weather and soil humidity. The entire Information system exists for the
purpose of gathering and making use of this data. Example: Data about sales
transactions are represented by the names, numbers, and money amounts listed
on sales forms. A sales manager, however, might not consider these to be
information. Meaningful sales information, specifying, for example, the volume
of sales by product type, sales territory, or sales people, cannot be provided until
such facts have been correctly arranged and modified.
The data resources of information systems are typically organized into:
o Database that hold processed and organized data.
o Knowledge bases that hold knowledge in variety of forms such as
facts, rules, and case examples about successful business
practices.

38 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 5

5.1.4 People
People are required for the operation of all information systems. People refer to
the users, administrators, and other individuals who interact with and are
impacted by an information system. This includes employees, customers,
partners, and other stakeholders. All information systems depend on people to
function. These people resources include end users and IS specialists.
a. End users (also called users or clients): People who use an information
system or the information it generates are considered end users. They
could be managers, customers, clerks, salespeople, engineers, or
engineers. Most of us are end users of information systems.
b. IS Specialists: Information system developers and operators are known
as IS specialists. They consist of IS managers, programmers, computer
operators, systems analysts, and other technical and administrative
support staff. In a brief, programmers create computer programs based
on the specifications of systems analysts, computer operators manage
massive computer systems, and systems analysts build information
systems based on the information needs of end users.

5.1.5 Network
Telecommunications networks like the Internet, intranets, and extranets have
become essential to the successful operations of all types of organizations and
their computer-based information systems. Telecommunications networks
consist of computers, communications processors, and other devices
interconnected by communications media and controlled by communications
software. The concept of Network resources emphasizes that communications
networks are a fundamental resource component of all information systems.
Network resources include:
a. Communication media: Examples include twisted pair wire, coaxial
cable, fiber-optic cable, microwave systems, and communication
satellite systems.
b. Network Support: This generic category includes all of the people,
hardware, software, and data resources that directly support the operation
and use of a communications network. Examples include
communications control software such as network operating systems and
Internet packages.

CoDEUCC/Bachelor of Science in Information Technology 39

 UNIT 1 FUNDAMENTAL RESOURCES AND
SESSION 5
POTENTIAL RISKS FOR IS
The diagram below shows the fundamental resources of an Information Systems.

5.2 Potential Risks for Information Systems

In as much as information systems are viewed primarily from their positive
impacts, there exist some threats or concerns posed when it comes to the
incorporation of Information Systems in daily activities.

Security: Security risks refer to the likelihood that someone will be able to gain
unauthorized access, use, disclosure, disruption, modification, or destruction of
information. Such possible risks include hacking, malware, and phishing attacks.
Privacy: Privacy risks refer to the potential for the unauthorized collection, use,
or disclosure of personal information. This includes risks such as data breaches
and identity theft.
System failures: System failure risks refer to the potential for equipment or
software failures within the information system that can result in a disruption or
halting of all operations and processes being run by the information system. This
includes risks such as hardware failures, software bugs, and power outages.

40 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 5

Natural Disasters: Natural Disaster risks refer to the potential for natural events
such as floods, hurricanes, earthquakes, etc. that can cause damage to hardware,
software, and data, and disrupt the operations of an information system.
Human error: Human error risks refer to the potential for mistakes made by
individuals, such as incorrect data input or unauthorized access that can lead to
errors or system failures. This risk only goes to prove that no matter how
advanced information systems get, they will still need the presence of a
knowledgeable human personnel to ensure desired results are produced.
Legal and Compliance: Legal and compliance risks refer to the potential for
non-compliance with laws, regulations and industry standards that can result in
fines, penalties, or legal action. With the rise of more integrated information
systems that are reliant on IT, there is an increasing likelihood that cybercrimes
will be more prevalent.
Dependence on third-party: Dependence on third-party risks refer to the
potential for interruptions in service or data loss due to the failure of a vendor or
service provider. With Cloud-computing becoming a household name and part
of information systems, big corporations like Amazon, Verizon, AT&T, among
others, are introducing more contractual services for the general populace. That
means that whatever happens to these companies has a direct or indirect effect
on all their clients.
Cybercrime: Cybercrime risks refer to the potential for criminal activities, such
as fraud, extortion, and identity theft that are conducted through the use of
information systems. There is a correlation between cybercrime and legal risks
because cybercrime is a subset of legal and compliance risks.
It is not all doom and gloom though because institutions can put in place
stringent and comprehensive security measures to curtail and counter these risks
that may arise. These measures that will help to mitigate these risks include
firewalls, encryption, and intrusion detection systems, conduct regular risk
assessments, and develop incident response and disaster recovery plans.
Corporations must do well to also ensure that all their employees are given
prerequisite training on security best practices and are aware of the potential
risks and how to avoid them.

CoDEUCC/Bachelor of Science in Information Technology 41

 UNIT 1 FUNDAMENTAL RESOURCES AND
SESSION 5
POTENTIAL RISKS FOR IS

SUMMARY

This session explains the fundamental resources of Information Systems and

also help us understand the possible potential risks for Information Systems.

Self-Assessment Questions
Exercise 1.5
a) Explain the following fundamental resources of information
systems? Procedures, People
b) State and explain any three potential risk of information system?
c) Define cybercrime and state the correlation between cybercrime and
legal risk?

42 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 6

SESSION 6: APPLICATIONS, BENEFITS AND

LIMITATIONS OF IS INFRASTRUCTURE
Welcome to the last session of this unit. This last session
will enlighten you on the various applications, the benefits
and limitations of managing information system infrastructure. Relax and
enjoy the session.

Objectives
By the end of this session, you will should be able to:
a. Identify some application of information systems
b. State some benefits of information systems
c. Outline some limitations that comes with managing information systems

Read on…

6.1 Application of Information Systems:

Information systems can be applied and incorporated into various industries and
organizations to support a wide range of business processes and activities. These
include:

Operations management: Information systems can be instrumental in the

automation and streamlining of manufacturing and logistics processes, such as
inventory management and supply chain coordination. Operations management
refers to the administrative arm of any organization. This means that all other
sectors of the organisation have to be overseen by the operations management.
With such humongous data influx in this sector, Information will be key to
organize and effectively analyse and utilize all resources.

CoDEUCC/Bachelor of Science in Information Technology 43

 UNIT 1 APPLICATIONS, BENEFITS AND
SESSION 6
LIMITATIONS OF IS INFRASTRUCTURE

Financial management: Information systems can be used to support financial

management activities, such as accounting, budgeting, and financial analysis.
Crunching the statistics of numbers that organizations produce in financial
reports can be very tiring and time-consuming without the aid of information
systems.
Marketing and Sales: Information systems can be used to support marketing
and sales activities, such as customer relationship management and e-commerce.
With Information systems providing proper records keeping and inventory
services, it will help to maximize all sales too
Human resource management: Information systems can be used to support
human resource management activities, such as employee recruitment, training,
and performance evaluation. Information systems will definitely help to keep
track of all human-related activities in real time (something that would have been
strenuous otherwise).
Decision making: Information systems can be used to support decision-making
activities, such as data analysis and business intelligence. This is because
information systems make it possible to gather information from all relevant
sources easily and then quickly process those to ascertain results needed to make
decisions that will benefit the organization as a whole.
Knowledge Management: Information systems can be used to support
knowledge management activities, such as capturing, storing, and sharing
organizational knowledge. Information systems usually have robust and large
storage sections that can even act as the library for the entire organization.
Supply Chain Management: Information systems can be used to support supply
chain management activities, such as monitoring inventory levels, tracking

44 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 6

shipments, and managing logistics. Information systems will help to reduce the
human errors that arise from manual inventory work.

6.2 Benefits of Managing Information System Infrastructure

Below are some of the “pros” of properly managing an organisation’s
information system infrastructure. Such management includes, but is not limited
to, frequent scheduled upgrades and maintenance.

Improved efficiency: Effective management of information system

infrastructure can lead to increased efficiency in business operations and
processes. This is because a properly managed information system infrastructure
will result in increased speeds of data collection, processing and distribution
within the organization’s day to day activities.
Better decision making: Having accurate and up-to-date information available
can help managers make better decisions. The ability of information systems to
collect real time data becomes a necessity in this regard.
Increased competitiveness: Organizations that effectively manage their
information system infrastructure are better equipped to compete in their
respective industries. It therefore becomes a race to see who can manage to
upgrade their information system infrastructure on a consistent basis. This is
because technology keeps growing with every passing day.
Improved communication and collaboration: Effective management of
information system infrastructure can enable better communication and
collaboration among employees, partners, and customers. In such a globally
interconnected world, quality and reliable communications is key to teamwork.
Cost savings: Effective management of information system infrastructure can
lead to cost savings in areas such as hardware and software maintenance, data
storage, and network management. This is a debated concept because proper
management cannot be done without some obvious costs too. But it is better to
spend a minimal amount to ensure that all components of the Information system
infrastructure work optimally than waiting for a breakdown to occur.

6.3 Limitations of Managing Information System Infrastructure

In as much as all institutions and individuals are encouraged to incorporate the
habit of proper and consistent management of their information system
infrastructure, it does come with some notable drawbacks.

CoDEUCC/Bachelor of Science in Information Technology 45

 UNIT 1 APPLICATIONS, BENEFITS AND
SESSION 6
LIMITATIONS OF IS INFRASTRUCTURE
High costs: The cost of implementing, maintaining and updating information
system infrastructure can be significant, especially for small and medium-sized
organizations. This is because quality and reliable information system
infrastructures are not cheap. And since there is competition for the spot of being
the best, the winner usually happens to be the institution or individual who
spends the most to ensure the best management of their entire information
system infrastructure.
Complexity: Information system infrastructure can be complex and difficult to
manage, especially for organizations with limited IT resources. With the
introduction of more ground-breaking technologies to optimize information
systems, there comes a growing need to train more individuals to be able to
effectively operate such innovations. Another reason for the complexity of
information system infrastructure management is the fact that most information
systems have a lot of moving parts that is hard to keep track of with minimum
IT personnel and resources.
Security: Information system infrastructure is vulnerable to security threats,
such as hacking and data breaches, which can be costly to prevent and recover
from. It is evident that the more complex an information system infrastructure
gets, the more avenues that are created in terms of possible security breaches.
Dependence on technology: Organizations may become overly dependent on
technology, and if the system goes down, the organization may not be able to
function. This is an unavoidable risk that all forward-thinking institutions must
be ready to brave. This is because up-to-date information system infrastructure
is key to staying relevant and competitive in the corporate world. And with the
ever-expanding world of information technologies, humanity at large is
becoming more dependent on technology so as to make full use of all the global
benefits that come with technology.
Human error: The failure of employees to properly use and maintain
information system infrastructure can lead to errors and system failures. This
limitation can be minimized by ensuring that only highly trained personnel are
given the responsibility of managing the organization’s information system
infrastructure. But it should be noted that the high demand of skilled personnel
will inadvertently lead to pressure on the few readily available to carry out task
on a tight schedule and deadline, therefore increasing the likelihood of errors.
Lack of flexibility: Information system infrastructure may not be flexible
enough to adapt to changing business needs and technological advancements.
This is because all information system structures have certain core components
and processes that make them rigid.

46 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEM INFRASTRUCTURE UNIT 1
AND EMERGING TECHNOLOGIES SESSION 6

Legal and compliance: Organizations must ensure that their information system
infrastructure adheres to legal and regulatory requirements, which can be a
complex and time-consuming task. This is also an unavoidable risk for all
organizations that are eager and willing to incorporate information system
infrastructures into their day-to-day routines.
To sum it all up, the management of an information system infrastructure is vital
and pivotal for the success of an organization. It does require a significant
investment of time, money and resources, but the benefits can overshadow the
input. As they popular adage goes, “With great power comes great
responsibility”.

SUMMARY

We were able to identify some application of information systems and state

some benefits of information systems in this session. Also, we discussed some
limitations that comes with managing information systems.

Self-Assessment Questions
Exercise 1.6
a) What is operation management?
b) State the pros of managing information system infrastructure?
c) How does security limits the management of information systems
infrastructure?

CoDEUCC/Bachelor of Science in Information Technology 47

 UNIT 1 APPLICATIONS, BENEFITS AND
SESSION 6
LIMITATIONS OF IS INFRASTRUCTURE
This is a blank sheet for short notes on:
• Issues that are not clear; and
• Difficult topics, if any

48 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE
UNIT 2

UNIT 2: INFORMATION SYSTEMS ENTERPRISE

Unit Outline
Session 1: Overview of Organizational Hierarchy and Organizational Levels
Session 2: Kinds of Information Systems
Session 3: Framework for IS
Session 4: Relationship between the different IS ESS MIS DSS TPS KWS/ OAS TPS
Session 5: Classification of IS by Functional Areas
Session 6: Benefits and Challenges of Enterprise Systems

Dear student, you are welcome to another interesting unit. In

this unit, we will learn about Information Systems enterprise.
We shall study the hierarchy and levels in an organization, the
kinds and framework of Information Systems, The relationship that exist
between various IS among others. Hope you will enjoy studying this unit.

Now let’s look at the objectives for this unit.

Objectives
By the end of the session, you should be able to:
a) Understand the Hierarchy and Levels in an Organization.
b) Explain the kinds of Information Systems
c) Describe the Framework for IS
d) Distinguish between the different IS i.e, ESS MIS DSS TPS KWS/
OAS TPS
e) Classify IS by Functional Areas
f) Outline the benefits and challenges of Enterprise Systems

CoDEUCC/Bachelor of Science in Information Technology 49

 INFORMATION SYSTEMS ENTERPRISE
UNIT 2

This is a blank sheet for your short notes on:

 Issues that are not clear, and
 difficult topics, if any.

50 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 1

SESSION 1: OVERVIEW OF ORGANIZATIONAL

HIERARCHY AND LEVELS
Welcome to the first session of this unit. We will be looking
at the structure of an organization and also study the various
hierarchy and levels of an organization. Enjoy the session then.

Objectives
By the end of this session, you should be able to:
a) Identify and describe the levels of organization
b) State and explain the various kinds of information systems

Now read on…

2.1 Organization Structure

The structure of an organization, including the levels of management and the
roles and responsibilities of each level, is referred to as the organizational
hierarchy. An organizational hierarchy often features a distinct chain of
command and a distinct division of labour. The board of directors or CEO is
often at the top level of management, followed by upper management, middle
management, and lower management. The tasks and responsibilities at each
level are distinct, and communication usually occurs from higher levels to lower
levels. The relationships between various departments and functions within the
organization are also outlined by the organizational structure. The organizational
hierarchy is set up to enable the existing entity to function and contribute to the
successful achievement of its goals and objectives.

It is simple to see some examples of organizational hierarchy in a number of

institutions. The corporate organizational hierarchy is depicted visually as a
multi-level inverted tree. The board is at the top, followed by executive officers
like the CEO, CTO, and CFO, and then the vice presidents, managers, and the
remainder of the staff. Depending on the type of organization, the organizational
hierarchy can differ, but generally speaking, it has a pyramidal structure with a
wide base of entry-level employees and a narrow peak of top-level executives.

CoDEUCC/Bachelor of Science in Information Technology 51

 OVERVIEW OF ORGANIZATIONAL
UNIT 2
SESSION 1 HIERARCHY AND LEVELS

Inside a firm, it is also common to have several branches, departments, and

teams, all of which answer to a single core hierarchy.
The main levels of management in an organization are typically:
i. Top-Level Management
ii. Middle-Level Management
iii. Low-Level Management

i. Top-Level Management
The Chief Executive and the Board of Directors make up top management. The
title of chief executive officer can range from chairman to managing director to
president to executive director to general manager. This level establishes the
overall business's objectives and the procedures to implement them (making of
policy means providing guidelines for actions and decision). The organization's
top management also has ultimate control over it.

ii. Middle-Level Management:

The heads of several departments, such as production, sales, etc., as well as
other departmental managers, are included in the middle level management.
Senior department leaders are occasionally a part of the top management group.
For the intermediate level management, the overall business objectives are
converted into departmental objectives. The departmental leaders then develop
their own plans to carry out these goals. Middle-level managers are especially
interested in how their departments are performing.

iii. Lower-Level Management:

Foremen and supervisors make up the lower-level management; they watch after
the operative workers and make sure that the work is completed correctly and
on schedule. They are therefore primarily in charge of the organization's actual
production of goods and services. This level includes employees who are
responsible for performing the tasks and functions necessary to achieve the
organization's goals.

The "hierarchy of management" is made up of these three management tiers. It

lists the hierarchy's managerial posts and ranks. It demonstrates how middle-
level management reports to the top level while lower-level management reports
to middle-level management. The majority of the organization's members are
workers, such as manual laborers, engineers, scientists, and craftspeople. As one

52 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 1

advances from lower-level to top-level management, the number of managers at

each level within the managerial ranks drops. Typically, there is only one person
at the top of the organization.

Each level of management is charged with various responsibilities and needs

various kinds of information to aid in decision-making. The establishment of the
enterprise's objectives, the creation of plans and policies for the organization,
the issuance of necessary directives for the preparation of departmental budgets,
schedules, procedures, etc., as well as the coordination of the activities of various
departments are all examples of information that top-level management typically
needs to support strategic decision-making. Executive Support Systems (ESS)
typically give this kind of information.

Middle-level management typically requires data to support operational

decision-making, such as production and sales data, run the details of the
organization, free the top managers as much as possible from their
responsibilities, cooperate in making the organization function smoothly,
comprehend the interlocking of departments in major policies, as well as to
achieve the coordination between the various parts of the organization and to
develop a team spirit. Management Information Systems (MIS) are often used
to offer this kind of information.

Information is frequently required by lower-level management to support

tactical decisions like scheduling and resource allocation. Transaction
Processing Systems (TPS) generally supply this kind of information.
Organizations have a hierarchical structure in addition to many functional
divisions like finance, marketing, and operations.
Each functional area is in charge of particular areas of the organization's
operations, and each one needs a distinct kind of information to assist it make
decisions. The information systems used by an organization are often created to
serve the various functional areas and levels of management by giving them
access to this information they require to efficiently manage their day-to-day
operations.

Organizational hierarchy in information systems describes how technology and

information systems are used and controlled within a company. The various
information system types utilized at each level of the organizational hierarchy
within an organization frequently reflect the distinct levels.

CoDEUCC/Bachelor of Science in Information Technology 53

 OVERVIEW OF ORGANIZATIONAL
UNIT 2
SESSION 1 HIERARCHY AND LEVELS

Typically, there are three main levels of organizational hierarchy in information

systems:

1. Strategic level: The organization's general strategy and direction are

addressed at this level. Executive support systems (ESS) and decision
support systems (DSS) are instances of information systems used at this
level to assist in strategic decision-making and planning.
2. Tactical level: This level is concerned with the day-to-day operations
and management of the organization. Information systems at this level
are used to support operational decision-making and management, such
as management information systems (MIS) and enterprise resource
planning (ERP) systems.
3. Operational level: Operational level is concerned with the execution of
specific tasks and processes within the organization. Information
systems at this level are used to support front-line employees and
customers, such as point-of-sale systems, customer relationship
management systems (CRM), and supply chain management systems.

In general, these various organizational hierarchies within information systems

are created to support the various management and decision-making processes
that take place at each level of the organization, from top-level strategic planning
and decision-making to bottom-level operational execution and customer
service.
The structure and various management levels of an organization are represented
by the organizational hierarchy and levels; each level has a unique set of duties
and needs a unique set of data to support its decision-making.
The information systems of an organization are made to give the various levels
of management and functional areas the right information they need to
efficiently govern the organization.

Summary
This session helped us identify and describe the levels of organization and also
state and explain the various kinds of information systems.

54 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 1

Self-Assessment Questions
Exercise 2.1
a) Explain the main levels of management in an organization?
b) In IS, what are the three main levels of organizational hierarchy, in
each level, state the kind of IS that operate there?
c) Which level of the organization is an ess specifically designed to serve?
A) operational
B) end-user
C) middle management
D) senior management
E) knowledge workers
d) A(n) ________ system collects data from various key business processes
and stores the data in a single, comprehensive data repository, usable by
other parts of the business.
A) transaction processing
B) enterprise
C) automatic reporting
D) management information
E) knowledge management

CoDEUCC/Bachelor of Science in Information Technology 55

 OVERVIEW OF ORGANIZATIONAL
UNIT 2
SESSION 1 HIERARCHY AND LEVELS

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

56 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 2

SESSION 2: KINDS OF INFORMATION SYSTEMS

Welcome to this session. In this session, we will learn about

the kinds of Information systems, their characteristics and
functionalities. Sit back and enjoy the session.

Objectives
By the end of this session, you should be able to:
a) State the functionalities of the kinds of Information Systems
b) Distinguish between the kinds of Information Systems.

Now read on…

2.1 The Main Categories of Information Systems

After covering the fundamentals of information systems, let's examine the six
main categories of information systems. Although this list is not exhaustive,
most corporations and organizations have the following six information systems,
each of which supports a distinct organizational level. To start, the transaction
processing systems (TPS) at the operational level. Next are knowledge work
systems (KWS) and office automation systems (OAS), both of which operate at
the knowledge level. Executive support systems (ESS) at the strategic level
come next, followed by management information systems (MIS) and decision
support systems (DSS) at the management level.

Let’s explore the different types of information systems more in-depth.

1. Transaction Processing System (TPS)

A type of information system called a transaction processing system (TPS) is

used to handle and manage business transactions. TPSs are made to manage a
lot of transactions in real time or very close to real time, including financial
transactions, sales, and inventory updates. They are essential to an organization's
daily operations and are frequently used by organizations to manage and track
customer, inventory, and financial data. Any action or occurrence that has an
impact on the business is referred to as a transaction, and examples include
deposits, withdrawals, shipments, customer billing, order entry, and placing
CoDEUCC/Bachelor of Science in Information Technology 57
 KINDS OF INFORMATION SYSTEMS
UNIT 2
SESSION 2

orders. Information systems known as "transaction processing systems" process

data that comes from actual business transactions. The ability of firms to conduct
daily operations is facilitated by transaction processing.

Both batching processing and online transaction processing are used to complete
the transaction. Their goals are to offer transactions so that records may be
updated and reports can be generated, or to carry out storekeeping functions.
These business transactions are supported by TPS. Online transaction processing
(OLTP) systems and batch processing systems are the two basic categories of
TPSs. Systems for online transaction processing manage transactions in real-
time. These systems are utilized often in settings where quick response times are
necessary since they are built to handle numerous concurrent users and
transactions. On the other hand, batch processing systems deal with transactions
in batches as opposed to in real-time. These systems are specialized for
processing huge amounts of data quickly and effectively, such as end-of-day
financial transactions.

Point-of-sale systems, electronic money transfer systems, and inventory

management systems are a few examples of TPSs.

2. Office Automation System (OAS)

An information system type called an Office Automation System (OAS) is used
to automate and streamline office procedures and tasks. OASs often consist of a
mix of hardware and software technologies that are intended to improve
productivity, collaboration, and communication in an office setting. Computers,
communication-related technology, and the staff members tasked with carrying
out official duties make up OAS. At every level of the organization, the OAS
supports official activities and covers office transactions. Clerical and
managerial tasks make up the official activities.

Some examples of the hardware and software tools that may be included in an
OAS are:

• Electronic mail and messaging systems for communication

• Document management systems for creating, editing, and sharing
documents

58 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 2

• Calendar and scheduling systems for managing meetings and

appointments
• Database management systems for storing and managing data
• Workflow and process management systems for automating repetitive
tasks
• Presentation and graphics software for creating visual aids
• Voice recognition and dictation software for creating documents and
emails
• Groupware, which allows multiple users to work on a single document
simultaneously from different locations.

The goal of an OAS is to improve the efficiency and effectiveness of office

operations by automating routine tasks, facilitating communication and
collaboration among employees, and providing easy access to information and
resources

3. Knowledge Work System (KWS)

A Knowledge Work System (KWS) is a type of information system that is used

to support and improve the performance of knowledge workers. Managers,
engineers, scientists, and other professionals are examples of knowledge
workers since they produce, process, and apply information in their daily work.
KWSs often include a combination of data, software, and hardware resources
that are intended to assist knowledge workers' tasks and activities.

Some examples of the types of tools that may be included in a KWS are:

• Decision support systems that provide data and analysis to help

managers make better decisions
• Expert systems that provide specialized knowledge and advice
• Group decision support systems that support collaborative decision
making among groups of knowledge workers
• Knowledge management systems that store, organize, and make
accessible the knowledge and expertise of an organization
• Collaboration tools such as instant messaging, video conferencing, and
shared workspaces
• Computer-aided design (CAD) and computer-aided manufacturing
(CAM) tools for engineers and designers

CoDEUCC/Bachelor of Science in Information Technology 59

 KINDS OF INFORMATION SYSTEMS
UNIT 2
SESSION 2

• Research and analytics tools for data analysis and visualization

• Project management tools for tracking and managing projects.

The KWS is a specialized system that expedites knowledge generation and

makes sure that the technical know-how and knowledge of the company are
properly utilized. Through the use of graphic design, communication, and
document management systems, the Knowledge Work System assists
employees in producing and disseminating new information. By making
information and expertise more accessible, offering decision help, and
encouraging collaboration and knowledge sharing, a KWS aims to give
knowledge workers the tools and resources they need to be more effective and
efficient in their work.

An organization can use a variety of knowledge management systems to

guarantee a continuous flow of new and updated knowledge into the company
and its processes. One of the knowledge management tools that makes it simpler
to incorporate new information or knowledge into operational procedures is the
knowledge work system (KWS). Additionally, KWS provides assistance and
resources for various knowledge generation methods, AI software, and group
collaboration platforms for information sharing, among other things.
Furthermore, it makes use of graphics, visualizations, etc., to disseminate new
information.

4. Management Information System (MIS)

A management information system (MIS) is a system or process that offers the
information required to successfully manage a company. An MIS often makes
use of technology, such as computer systems, to collect, store, process, and
distribute information in order to aid organizational decision-making and
control. Numerous business processes, such as planning, organizing, directing,
and controlling, can be supported by this information. An MIS can also provide
information to external stakeholders, such as customers, suppliers, and
regulators.
The system typically includes hardware, software, and data. It can also include
people, procedures, and policies. The primary goal of an MIS is to provide
managers with the information they need to make informed decisions about the

60 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 2

operation of their organization. This information can be used to plan, organize,

direct, and control the activities of the organization.

The management information system provides aid to managers by automating

different processes that were initially done manually. Business activities like
business performance tracking and analysis, making business decisions, making
a business plan, and defining workflow. It also provides feedback to the
managers by analysing the roles and responsibilities.
A management information system is considered a significant application that
helps managers immensely. Here are some of the advantages of the information
system:

• It enhances the efficiency and productivity of the company

• It provides a clear picture of the organization’s performance
• It adds value to the existing products, introduces innovation and
improves product development
• It assists in communication and planning for business processes
• It helps the organization provide a competitive advantage

The majority of administrative tasks for daily operations and performance

evaluations are handled by middle managers, who also make sure that all work
is in line with the requirements of the business. Because of this, MIS is a very
useful tool. Middle managers and supervisors can use management information
systems to plan, organize, and manage the workflow. The MIS gathers
transactional data from various Transactional Processing Systems, compiles it,
and then displays and reports it. Though MIS can have more rapid results (e.g.,
hourly, daily)., these reports can also be produced monthly, quarterly, or
annually.

5. Decision Support System (DSS)

The decision support system is a well-known information system that is utilized
in a variety of businesses. In order to give automation in decision-making or
problem-solving, a decision support system can be used since it is an information
system that analyses business data and other information relevant to the firm.
When difficulties arise while running the business, a manager employs DSS.
The decision support system is typically used to gather data on revenue, sales,
or inventory.

CoDEUCC/Bachelor of Science in Information Technology 61

 KINDS OF INFORMATION SYSTEMS
UNIT 2
SESSION 2

A decision support system (DSS) is a computer-based tool that gives decision-

makers in an organization quick access to pertinent information to enable them
to make more informed judgments. DSSs can encompass a wide range of tools
and techniques, including data visualization, data mining, and modelling, and
are intended to complement rather than replace human decision-making. They
can be employed in a variety of company sectors and departments, including
finance, marketing, and operations. It combines information, tools, and models
to help decision-making and problem-solving in both structured and
unstructured contexts. By giving decision makers a simple and structured means
to acquire and evaluate information, it is intended to help them find answers to
difficult situations.
The DSS is a management-level, interactive computer-based information system
that helps managers to make decisions. Middle managers are explicitly provided
with the data they need to make wise decisions via the decision support system.
The end user is more involved in the creation of a DSS than a MIS. DSS includes
tools and strategies to assist in acquiring relevant information and analysing the
options and alternatives. These summaries frequently take the shape of graphs
and tables.

6. Executive Support System (ESS:

With regard to executive-level decision-making, the ESS is similar to the MIS.

High-level managers, like CEOs and COOs, can use computer-based executive
support systems (ESS) to help them make decisions and solve problems. They
give people access to data and resources that may be used to analyse data,
identify trends, and weigh options. ESS normally come with capabilities for
collaboration, reporting, and data visualization. They are intended to support
executives in staying informed, making strategic choices, and overseeing the
success of their company. Top-level executives can plan and manage their
workflow and make business choices with the aid of an executive support system
(ESS).

Here are some of the unique characteristics of ESS:

• It provides great telecommunication, better computing capabilities, and

effective display options to executives.

62 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 2

• It enables them with information through static reports, graphs, and

textual information on demand.
• It helps monitor performances, track competitors’ strategies, and forecast
future trends, among others.

The stakes are larger because ESS decisions impact the entire company. They
therefore require additional understanding and discretion. Compared to the DSS,
the ESS has better computing, more communication possibilities, and more
effective display options. Executives use ESS to make effective decisions
through summarized internal data taken from DSS and MIS and external
sources. In addition, executive support systems help monitor performances,
track competitors, spot opportunities, and forecast future trends.

Summary

This session state the functionalities of the kinds of Information Systems and
distinguish between the kinds of Information Systems.

Self-Assessment Questions
Exercise 2.2
a) If daily toll booth sales is declining in a specific region of the country,
which of the following types of system would best help you understand
why?
A) ESS
B) TPS
C) MIS
D) DSS
E) CRM
b) You have been hired by a non-profit organization to lead the
implementation of a system to handle donations. The system must be
able to handle and record telephone, text, and Internet donations, provide
up-to-the-minute reports, and create highly customizable mailing lists.
In addition, event fundraisers need to be able to quickly access a donor's

CoDEUCC/Bachelor of Science in Information Technology 63

 KINDS OF INFORMATION SYSTEMS
UNIT 2
SESSION 2

information and history. Which of the following systems will best meet
these needs?
A) TPS
B) TPS with DSS capabilities
C) TPS with MIS capabilities
D) TPS with ESS capabilities
E) DSS with MIS capabilities
c) To monitor the status of internal operations and the organisation's
relations with the external environment, managers need which of the
following types of system?
A) DSS
B) KWS
C) TPS
D) MIS
E) BIS
d) A(n) ________ is typically a major source of data for other systems.
A) TPS
B) MIS
C) ESS
D) DSS
E) KMS
e) The term management information systems refer to a specific category
of information systems serving:
A) integrated data processing throughout the firm.
B) transaction process reporting.
C) employees with online access to historical records.
D) the information technology function.
E) middle management functions.
f) Which of the following types of information systems are especially
suited to situations in which the procedure for arriving at a solution may
not be fully defined in advance?
A) MIS

64 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 2

B) TPS
C) DSS
D) KMS
E) RPS
g) Which type of information system would you use to forecast the return
on investment if your firm planned to switch to a new supplier that
offered products at a lower cost?
A) ESS
B) TPS
C) MIS
D) CRM
E) DSS

CoDEUCC/Bachelor of Science in Information Technology 65

 KINDS OF INFORMATION SYSTEMS
UNIT 2
SESSION 2

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

66 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 3

SESSION 3: FRAMEWORK FOR INFORMATION

SYSTEMS
Welcome to another interesting session in this unit. We will
learn about the information systems framework and its components as well as
the different frameworks that can be used to analyze and design information
systems. Hope you enjoy this session also.

Objectives
By the end of this session, you should be able to:
a) Define information system framework.
b) Identify the components of information system framework.
c) Outline different frameworks that can be used to analyse and design
information systems.

Now read on…

3.1 What is Information System Framework?

A framework is a structural representation of a model that enables you to
determine what can be produced and when. It can be used to aid in decision-
making by providing a structured approach to considering a problem. A
framework can help in the development and evaluation of hypotheses. For
example, in software development, a framework is a reusable set of libraries or
classes that supports common functionality. It is often used to develop
applications faster and easier than starting from scratch. A framework can be
thought of as a template or scaffolding upon which a program or application can
be built.
Frameworks are usually constructed to be pluggable, allowing developers to use
them to create custom solutions tailored to their requirements. A lot of well-
known frameworks also come with a ton of example code, which helps speed up
and simplify development. For consultants, frameworks are more beneficial.
A conceptual model that outlines the various components of an information
system and how they interact with one another is known as the framework of

CoDEUCC/Bachelor of Science in Information Technology 67

 FRAMEWORK FOR INFORMATION
UNIT 2
SESSION 3 SYSTEMS

information systems. It is often used as a design and development framework

for information systems.
The components of the framework of information systems can be broadly
categorized into five main categories: hardware, software, data, people, and
process.
1. Hardware: This category includes the physical components of an
information system, such as computers, servers, and network equipment.
2. Software: This category includes the programs and applications that run
on the hardware and make the information system functional. This
includes both system software and application software.
3. Data: This category includes the information that is stored, processed,
and transmitted by the information system. This includes both structured
and unstructured data.
4. People: This category includes the individuals and organizations that
interact with the information system, including users, developers,
administrators, and stakeholders.
5. Process: This category includes the activities and procedures that are
used to manage and maintain the information system, including
planning, development, implementation, and operation.
It's important to note that these components are interrelated, and changes in one
area can have a ripple effect on the others. For example, a change in hardware
may require changes in software, data, and process.

Some common frameworks used to organize information systems include the

three-tier architecture, the Zachman framework, and the TOGAF (The Open
Group Architecture Framework) framework. These frameworks provide a way
to understand and organize the various elements of an information system and
how they relate to each other, making it easier to design, develop, and maintain
the system.

Different frameworks that can be used to analyse and design information

systems include:
• The Zachman Framework: A matrix called the Zachman Framework
for Enterprise Architecture offers a structured method for classifying and

68 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 3

organizing the components of an organization's information systems. A

6x6 matrix in the framework divides information into categories based
on the viewpoints of many stakeholders, including the owner, designer,
builder, user, operator, and regulator. A separate component of the
organization's information systems, such as data, functions, locations,
people, time, and motivations, is represented by each cell in the matrix.
The Zachman Framework is intended to assist companies in identifying
and managing the complexity of their information systems and to
guarantee that all stakeholders are aware of how the organization's
information systems support its goals and objectives.
• The Gartner Framework: The Gartner Framework is a set of guidelines
and best practices for managing and implementing IT projects and
services. It includes a number of different components, including the IT
Infrastructure Library (ITIL), the Capability Maturity Model Integration
(CMMI), and the Project Management Body of Knowledge (PMBOK).
The framework is designed to help organizations improve the efficiency
and effectiveness of their IT operations, and it is widely used by IT
• The TOGAF Framework: The TOGAF (The Open Group Architecture
Framework) is a widely used framework for enterprise architecture that
provides a comprehensive approach for designing, planning,
implementing, and governing enterprise IT architecture. The TOGAF
framework is developed and maintained by the Open Group, an
international organization that works to promote open standards and best
practices in IT.
The TOGAF framework consists of four main components:
1. The Architecture Development Method (ADM) - This is a step-by-step
approach for developing and maintaining an enterprise architecture. It
includes a set of phases, from the initial architecture vision through to
the implementation and ongoing maintenance of the architecture.
2. The Architecture Content Framework - This provides a common set of
templates and models for describing different aspects of the enterprise
architecture, such as business, data, application, and technology
architectures.
3. The TOGAF Reference Models - These include the TOGAF Architecture
Development Method, the TOGAF Foundation Architecture, and the

CoDEUCC/Bachelor of Science in Information Technology 69

 FRAMEWORK FOR INFORMATION
UNIT 2
SESSION 3 SYSTEMS

Integrated Information Infrastructure Reference Model (III-RM). These

reference models provide a common language and framework for
describing the different elements of an enterprise architecture.
4. The TOGAF Architecture Capability Framework - This provides
guidance on how to establish and maintain an architecture practice
within an organization, including guidelines for building a team, setting
up processes, and measuring performance.
In order to give a holistic approach to business architecture, the TOGAF
framework is intended to be used in conjunction with other industry standards
and best practices, such as ITIL and COBIT. It helps businesses in improving
the efficacy and efficiency of their IT operations and in coordinating their IT
strategy with their overarching business goals.
Overall, The TOGAF framework is a well-established and widely used
framework for enterprise architecture, providing a comprehensive approach to
design, plan, implement and govern enterprise architecture. It helps
organizations to align their IT strategy with their overall business goals,
improving the efficiency and effectiveness of their IT operations.

• The FEAF Framework: The U.S. Federal government created the

Federal Enterprise Architecture Framework (FEAF) as a framework to
guide the creation and administration of enterprise architecture
throughout the federal government. It provides a common approach for
outlining and analysing the systems, processes, and data used by
different agencies, as well as for aligning those systems with the overall
aims and objectives of the federal government.
The FEAF framework includes the following main components:

1. The Business Reference Model (BRM) - This provides a common

vocabulary and structure for describing the different business processes
and functions of the federal government. It includes a set of standard
business functions and processes, as well as a set of standard data
elements.
2. The Data Reference Model (DRM) - This provides a common structure
for describing the different data elements used by the federal

70 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 3

government, and for defining the relationships between those data

elements.
3. The Technical Reference Model (TRM) - This provides a common
structure for describing the different technical components and systems
used by the federal government, including hardware, software, and
network components.
4. The Performance Reference Model (PRM) - This provides a common
structure for describing the different performance measures used by the
federal government, and for defining the relationships between those
measures and the overall goals and objectives of the government.
5. The Services Reference Model (SRM) - This provides a common
structure for describing the different services provided by the federal
government, and for defining the relationships between those services
and the overall goals and objectives of the government.
The FEAF framework is also designed to be used in conjunction with other
industry standards and best practices, such as ITIL and TOGAF, to provide a
comprehensive approach to enterprise architecture for the Federal government.
It helps agencies align their IT strategy with their overall business goals, and to
improve the efficiency and effectiveness of their IT operations. The FEAF offers
a uniform method and framework for describing and analysing the systems,
processes, and data used by different federal agencies as well as for coordinating
those systems with the overall goals and objectives of the government. It aids
organizations in enhancing the effectiveness and efficiency of their IT
operations and coordinating their IT strategy with their overall business
objectives. Every framework has a different approach to structuring and
analysing an information system's constituent parts.

Summary

We discussed the information system framework and identified its components

as well as outlining the different frameworks that can be used to analyse and
design information systems in this session.

CoDEUCC/Bachelor of Science in Information Technology 71

 FRAMEWORK FOR INFORMATION
UNIT 2
SESSION 3 SYSTEMS

Self-Assessment Questions
Exercise 2.3
a) What is a framework?
b) Describe the Zachman and the TOGAF framework

72 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 4

SESSION 4: RELATIONSHIP BETWEEN THE DIFFERENT

INFORMATION SYSTEMS
You are welcome to this session. We shall study the roles of
the various types of information systems. We shall also establish the relationship
between the various types of information systems. Enjoy the session then.

Objectives
By the end of this session, you should be able to:
a) Describe the roles of the various types of information systems.
b) Establish the relationship between the types of information systems.
c) Understand the Pyramid Model for Classifying Information System

Now read on…

4.1 Information System Recap

Information systems (IS) are a collection of hardware, software, data, people,

and procedures that work together to produce information. There are several
types of information systems as discussed already. Summary of the types is
provided below:

• Executive Support Systems (ESS): These systems provide decision-

makers with the information they need to make strategic decisions. ESSs
are often used by top-level executives.
• Management Information Systems (MIS): These systems provide
managers with the information they need to make operational decisions.
MISs are often used by middle-level managers.
• Decision Support Systems (DSS): These systems provide users with the
information and tools they need to make decisions. DSSs are often used
by front-line managers and employees.
• Transaction Processing Systems (TPS): These systems process and
record transactions, such as sales orders or bank withdrawals. TPSs are
used to support day-to-day operations.

CoDEUCC/Bachelor of Science in Information Technology 73

 RELATIONSHIP BETWEEN THE
UNIT 2
SESSION 4 DIFFERENT IS

• Knowledge Work Systems (KWS) / Office Automation Systems (OAS):

These systems automate and support knowledge work, such as word
processing, email, and collaboration tools.

In general, these types of information systems are related in that they all provide
information to support decision making and operations. However, they differ in
terms of the level of decision-making they support, the types of information they
provide, and the users they are intended for.

The different information systems work together to support the different needs
of an organization, from top-level strategic decisions to day-to-day operations.
ESS and MIS provide high-level information to top and middle management
respectively, DSS provides information to support decision-making, TPS
processes business transactions and KWS provide advanced analytical
capabilities to support knowledge workers

The primary information systems and their function in an organization are listed
in the table below. It's crucial to remember that each of these systems is related
to the others and depends on them for data or for the outcomes of their own
processing. High-level information is primarily the emphasis of ESS and MIS,
advanced analytics is the focus of DSS and KWS, and transaction processing is
the focus of TPS. On the other hand, TPS is often used in conjunction with
OLAP to present the findings of the analysed data. OLAP is primarily focused
on analysing large and complicated data sets.

The table below gives a brief description of the various IS together with their
roles;

Information System Description Role

Executive Support Provide top-level management Support strategic
Systems (ESS) with strategic information decision making
Management Information Provide middle management with Support operational
Systems (MIS) operational information decision making
Decision Support Systems Provide users with information for Support decision
(DSS) decision making making

74 CoDEUCC/Bachelor of Science in Information Technology

 INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 4

Information System Description Role

Transaction Processing Support day-to-day
Systems (TPS) Process business transactions operations
Support the work of knowledge
Knowledge Work Systems workers, such as managers and Support knowledge
(KWS) professionals workers
Online Analytical Analyse large and complex data Support advanced
Processing Systems sets and present the information in analytics and
(OLAP) a meaningful way visualization

4.2 The relationship between the types of Information System

We shall establish the relationship that exist between the various types of
information systems

4.2.1 The relationship between TPS, MIS and ESS

The primary data source for other systems in an organization is the TPS. They
assist managers in tracking the status of the operations and hence support
organized decision-making because they record everyday regular transactions in
an organization. MIS typically receives and makes use of the data it receives
from TPS. Data from lower-level systems is mostly used in unstructured
decision-making, and the ESS is the principal recipient of this data.
A pictorial representation of the levels in which the different 3 major types of
Systems are used in an organization.

CoDEUCC/Bachelor of Science in Information Technology 75

 RELATIONSHIP BETWEEN THE
UNIT 2
SESSION 4 DIFFERENT IS

4.2.2 The relationship between OAS, DSS and KWS

An organization's administrative tasks can be automated and streamlined using
the OAS set of tools and technologies. Word processing, spreadsheets, and email
are a few examples.
KWS is a kind of OAS that is intended to support knowledge workers, who are
typically in charge of responsibilities like information analysis, issue solving,
and decision making. Databases, expert systems, and group decision support
systems are a few examples of KWS. By giving managers and other decision-
makers pertinent data and tools, DSS is a type of KWS that is intended to help
decision-making processes. Strategic planning systems, inventory management
systems, and financial forecasting systems are a few DSS examples.
In summary, OAS is a broader category that includes KWS and DSS, while
KWS is a subcategory of OAS that focuses on supporting knowledge workers,
DSS is a subcategory of KWS that focuses on supporting decision making.

4.2.3 Relationship between the kinds of IS based on input and output

In this table, we showing how each system take the input from the other systems,
process it and generate the output.

System Input Output

ESS Data from TPS, MIS, Comprehensive view of the organization
DSS, KWS, and OAS and its environment
MIS Data from TPS, KWS Reports and summaries to track the
and OAS performance of the organization
76 CoDEUCC/Bachelor of Science in Information Technology
INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 4

DSS Data from TPS, MIS, Models and simulations to understand the
KWS, and OAS potential impact of different decisions
TPS Data from KWS, OAS Raw data for other information systems
and external sources
KWS Data from TPS, OAS, Tools to support day-to-day operations of
and external sources an organization
OAS Data from TPS, KWS, Tools to support day-to-day operations of
and external sources an organization

As you can see from the table, all the systems are interrelated and they all rely
on each other to provide the necessary information and support to make
decisions, operate efficiently, and achieve its goals.

4.3 The Pyramid Model for Classifying Information System

The pyramid model is one of the most used schemes for categorizing various
information systems. The pyramid model organizes data according to the duties
and responsibilities found in a hierarchical structure. A hierarchical organization
can be visualized as a pyramid with three levels: operational, middle
management, and executive, or senior.

Managers residing at these three levels have different information needs and
consequently utilize information systems that satisfy their specific information
needs. Within these three levels are five types of information systems.

CoDEUCC/Bachelor of Science in Information Technology 77

 RELATIONSHIP BETWEEN THE
UNIT 2
SESSION 4 DIFFERENT IS

Operational Level: The day-to-day business operations are managed by

operations managers, who also make regular choices. At the operational level,
two different information system types are used: transaction processing
systems and process control systems.

Middle Management Level: Middle-level managers make tactical choices that

help in carrying out the organization's plan. Developing divisional strategies,
organizing workflows, establishing distribution routes, and acquiring resources
like people, materials, and money are all examples of tactical decisions.
Decision support systems and management information systems are two
different categories of information systems that middle-level managers might
employ.

Executive Level: The highest level of management is the senior executive

level, sometimes referred to as the C-suite level because it is made up of
CEOs, COOs, CIOs, CFOs, etc. The C-suite makes strategic choices that
influence and shape an organization's ability to survive in the long run.

Below is a table that differentiates the functions and audiences of ESS, MIS,
DSS, TPS, KWS, and OAS:

Information Function Audience

System
Transaction Process large volumes of routine Day-to-day
Processing transactions quickly and accurately business
Systems (TPS) operations
Management Generate reports and summaries to Managers
Information track the performance of the
Systems (MIS) organization
Decision Support Generate models and simulations to Managers and
Systems (DSS) help managers understand the analysts
potential impact of different decisions
Executive Support Provide a comprehensive view of the Top-level
Systems (ESS) organization and its environment for managers
strategic planning
Knowledge Work Automate and support a wide range of Office
Systems (KWS) office tasks such as word processing, workers
78 CoDEUCC/Bachelor of Science in Information Technology
INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 4

spreadsheet and presentation creation,

and email
Office Automation Automate and support office-related Office
Systems (OAS) tasks such as document management workers
and communication

Summary
This session described the roles of the various types of information systems and
also established the relationship between the types of information systems. We
also explained the Pyramid Model for Classifying Information System

Self-Assessment Questions
Exercise 2.4
a) Describe the different kinds of information system?
b) Explain the pyramidal model for classifying information system

CoDEUCC/Bachelor of Science in Information Technology 79

 RELATIONSHIP BETWEEN THE
UNIT 2
SESSION 4 DIFFERENT IS

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

80 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 5

SESSION 5: CLASSIFICATION OF IS BY FUNCTIONAL

AREAS
Welcome to this session. We shall enlighten ourselves on how
to classify information system based on functional areas. Also we shall look at
the categories by which the functional areas are designed. Enjoy the session.

Objectives
By the end of this session, you should be able to:
a) Classify information system based on functional area
b) Describe the categories by which the functional areas are designed.

Now read on…

5.1 Functional areas of Information System

There are several ways to classify information systems based on functional
areas. Each functional area has different requirements and responsibilities, and
the information systems within each functional area are designed to meet those
specific needs. A very common method is to classify them into the following
categories:
1. Operations Support Systems: An operational support system (OSS) is a
group of computer programs or an IT system used by communications
service providers for monitoring, controlling, analysing and managing a
computer or telephone network system. OSS software is specifically
dedicated to telecommunications service providers and mainly used for
supporting network processes to maintain network inventory, configure
network components, provision services and manage faults. In other
organizations that make use of such systems, the system is focused on the
automation of daily business activities, such as sales, production, inventory
management, etc. They provide real-time data, and they must be reliable and
efficient.
With the growth of new broadband and Voice over Internet Protocol (VoIP)
systems, OSS and network management are now applied to home networks.

CoDEUCC/Bachelor of Science in Information Technology 81

 CLASSIFICATION OF IS BY
UNIT 2
SESSION 5 FUNCTIONAL AREAS

An OSS is also known as a business support system (BSS). They typically

include systems such as Transaction Processing Systems (TPS) and
Manufacturing Resource Planning (MRP) systems.
2. Management Support Systems: Management support systems (MSS) are
computer-based information systems that provide managers with the
necessary tools to carry out their tasks more efficiently. MSS can include a
wide range of applications such as decision-making tools, performance
management systems, and executive information systems. These systems
provides the information needed by managers and executives, they provide
historical data which are flexible and accurate and can help managers to
access, process and analyse data in order to make better-informed decisions,
monitor and control organizational performance, and plan and strategize for
the future. MSS can be divided into two main categories: operational MSS
and strategic MSS. Operational MSS focus on the day-to-day operations of
an organization, while strategic MSS focus on long-term planning and
decision making. They typically include systems such as Executive Support
Systems (ESS), Management Information Systems (MIS), and Decision
Support Systems (DSS).
3. Communication and Collaboration Systems: These systems use software
and technology to enable humans to communicate and share documents in a
digital space. Companies use collaboration systems to solve work-related
problems such as chaotic communication, paper-heavy processes, or
inability to offer workers telecommuting opportunities. Examples include
email, instant messaging, videoconferencing, project management software,
and shared document platforms such as Google Docs or Microsoft Teams.
These systems can improve productivity and efficiency by allowing team
members to easily share ideas, work on projects together, and stay connected
regardless of their physical location. They provide communication and
collaboration tools, hence must be secure and reliable.
4. Business Intelligence Systems: BIS has evolved from the decision support
systems and gained strength with the technology and applications like data
warehouses, Executive Information Systems and Online Analytical
Processing (OLAP). Business Intelligence System is basically a system used
for finding patterns from existing data from operations. It is created by
procuring data and information for use in decision-making with the

82 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 5

combination of skills, processes, technologies, applications and practices

which contains background data along with the reporting tools.as well as of
a set of concepts and methods strengthened by fact-based support systems.
It is an extension of Executive.
For most companies, it is not possible to implement a proactive business
intelligence system at one go. The following techniques and methodologies
could be taken as approaches to BIS
• Improving reporting and analytical capabilities
• Using scorecards and dashboards
• Enterprise Reporting
• On-line Analytical Processing (OLAP) Analysis
• Advanced and Predictive Analysis
• Alerts and Proactive Notification
Automated generation of reports with user subscriptions and "alerts" to problems
and/or opportunities. They typically include systems such as Data Warehouses,
Online Analytical Processing (OLAP) systems, and Business Intelligence tools.
Business Intelligence Systems are focused on providing business insight, and
they must be able to handle large volumes of data and provide advanced
analytical capabilities.
5. Infrastructure Systems: These systems support the underlying technology
infrastructure of an organization. Infrastructure systems refer to the basic
physical and organizational structures and facilities (e.g. buildings, roads,
power supplies) that are necessary for the operation of a society or enterprise.
Examples include transportation systems, communication networks, water
and sewage systems, and energy systems. These systems are typically
designed to be durable and long-lasting, and are often managed and
maintained by government or public entities. They typically include systems
such as servers, storage systems, and network devices. Because these
systems are focused on providing the underlying technology infrastructure,
they must be reliable and secure, and they must be able to handle the
organization's technology needs.
6. Human Resource Systems: These systems support the management of
employees, including recruiting, training, payroll, and benefits
administration. They include systems such as human resource management
systems (HRMS) and employee self-service portals.

CoDEUCC/Bachelor of Science in Information Technology 83

 CLASSIFICATION OF IS BY
UNIT 2
SESSION 5 FUNCTIONAL AREAS

7. Marketing Systems: These systems support the management of customer

relationships, market research, and advertising. They include systems such
as customer relationship management (CRM) and marketing automation
systems.

It's worth noting that these classifications can overlap and an information system
may support multiple functional areas. The classification of information systems
based on functional areas is a way to group systems according to their main
function, such as supporting daily operations, decision making, knowledge
work, communication, business intelligence, and infrastructure. Each functional
area has different requirements and responsibilities, and the information systems
within each functional area are designed to meet those specific needs.

Summary

In this session, we classified the information system based on functional area

and described the categories by which the functional areas are designed

Self-Assessment Questions
Exercise 2.5
a) Explain any 3 ways to classify information systems based on functional
areas.

84 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 6

SESSION 6: CLASSIFICATION OF IS BY FUNCTIONAL

AREAS
Well done! You just made it to the last session of this unit. We
shall learn about the benefits and challenge associated with enterprise system.
Hope you will enjoy this session as well.

Objectives
By the end of this session, you should be able to:
a) Explain what enterprise systems are.
b) Outline the advantages of enterprise systems
c) State the challenges of enterprise systems

Now read on…

6.1 What is Enterprise System?

An enterprise system is a type of information system that is used to manage and

integrate the various business processes of an entire organization. It is a
comprehensive software package that supports and automates many of the
business processes across different functional areas, such as finance, human
resources, supply chain, and customer relationship management. Some
examples of enterprise systems include SAP, Oracle, Microsoft Dynamics, and
Infor.

The main advantage of enterprise systems is that they provide a single,

integrated view of the entire organization, allowing for the seamless flow of
information and data between different functional areas and departments. This
helps to improve communication and collaboration, reduce errors and
inconsistencies, and increase efficiency and productivity.

6.1.1 Benefits of Enterprise System

Some of the key advantages of enterprise systems include:

CoDEUCC/Bachelor of Science in Information Technology 85

 BENEFITS AND CHALLENGES OF
UNIT 2
SESSION 6 ENTERPRISE SYSTEMS

• Improved data quality and accuracy: Enterprise systems allow for the
integration of data from different sources, which can help to reduce
errors and inconsistencies.
• Increased efficiency and productivity: Enterprise systems automate
many of the business processes, which can help to reduce the amount of
time and effort required to complete tasks.
• Better decision-making: Enterprise systems provide managers and
executives with real-time data and analytics, which can help to inform
strategic and operational decisions.
• Better collaboration: Enterprise systems provide tools for collaboration
and communication among employees, which can help to improve the
flow of information and knowledge within the organization.
• Improved scalability: Enterprise systems are designed to support the
growth and expansion of organizations, and can be easily configured to
meet changing business needs.
• Cost savings: Enterprise systems can help to reduce costs by automating
manual processes, reducing errors and increasing efficiency, and by
providing a single source of truth for the organization which reduces the
need to maintain multiple systems.
• Improved data management and organization: Information enterprise
systems help to centralize and organize data, making it easier to access
and manage.
• Improved customer service: By providing access to customer data and
interactions, information enterprise systems can help companies improve
their customer service.
• Greater visibility into operations: Information enterprise systems can
provide real-time insights into business operations, helping managers to
identify and address problems more quickly.
• Better tracking of inventory and supplies: Information enterprise systems
can help companies track inventory levels and reorder supplies as
needed.
• Improved financial management: Information enterprise systems can
help companies track financial data and generate financial reports,
making it easier to manage budgets and forecast future expenses.

86 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 6

• Increased security: Information enterprise systems can help companies

to secure their data and protect against cyber-attacks.
• Better data analysis: Information enterprise systems can include
advanced analytics tools, making it easier to analyse data and gain
insights.
• Improved compliance: Information enterprise systems can help
companies to comply with regulatory requirements, such as data privacy
laws.
• Enhanced reporting: Information enterprise systems can generate
detailed reports, providing managers with the information they need to
make better decisions.

It's important to note that the implementation of an enterprise system can be

complex and time-consuming, and requires a significant investment in terms of
time, resources, and money. Additionally, it's important to carefully evaluate the
needs of the organization and select a system that is a good fit.

6.2 Challenges of Enterprise Systems

Below are some of the challenges likely to encounter or usually encounter when
using enterprise systems in an organizations or firms:
1. Integration and compatibility: Integrating new enterprise information
systems with existing systems can be a major challenge, as different
systems may use different technologies and data formats.
2. Data quality and accuracy: Ensuring the accuracy and completeness of
data entered into enterprise information systems can be difficult, as data
may be entered manually by employees or imported from other systems.
3. Security: Enterprise information systems often store sensitive business
and customer data, making them a target for cyber-attacks. Ensuring the
security of these systems can be a major challenge.
4. User adoption: Getting employees to use enterprise information systems
can be difficult, as they may be resistant to change or unfamiliar with
new technology.

CoDEUCC/Bachelor of Science in Information Technology 87

 BENEFITS AND CHALLENGES OF
UNIT 2
SESSION 6 ENTERPRISE SYSTEMS

5. Training: Enterprise systems often require significant training and

change management to ensure that employees are able to use the system
effectively. Providing training for employees on how to use enterprise
information systems can be costly and time-consuming.
6. Maintenance and support: Enterprise information systems require
ongoing maintenance and support, which can be costly and resource-
intensive.
7. Scalability: As business needs change, enterprise information systems
may need to be scaled up or down, which can be a major challenge.
8. Customization: Enterprise information systems are often highly
customizable, but customization can be difficult and time-consuming,
and may require specialized skills.
9. Data privacy and compliance: Enterprise information systems may store
sensitive personal data, making compliance with data privacy laws and
regulations a major challenge.
10. Data Quality: Ensuring the quality and consistency of data within an
enterprise system can be a significant challenge, especially when dealing
with large amounts of data from multiple sources
11. Cost: Implementing and maintaining an enterprise system can be
expensive, and it may take a long time to see a return on investment.

Summary
This session explains enterprise systems and outline the advantages and
challenges of enterprise systems.

88 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS ENTERPRISE UNIT 2
SESSION 6

Self-Assessment Questions
Exercise 2.6
a) Explain any five advantages of enterprise systems
b) Explain any four challenges of enterprise system

CoDEUCC/Bachelor of Science in Information Technology 89

 BENEFITS AND CHALLENGES OF
UNIT 2
SESSION 6 ENTERPRISE SYSTEMS

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

90 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS
UNIT 3

UNIT 3: TELECOMMUNICATION AND NETWORKS

Unit Outline
Session 1: The concept of a network
Session 2: Types of telecommunications networks
Session 3: Networking the enterprise
Session 4: Business value of telecommunications network
Session 5: Telecommunication media
Session 6: Network topologies and trends in telecommunications

Dear student, you are welcome to another interesting unit. You

are most welcome to another interesting unit. This unit will
broaden you knowledge on telecommunication and networks.
You will be able to understand some fundamentals as well as other important
concepts like topologies and trends in telecommunication and networking
enterprise among others. We hope you will enjoy this unit.

Now let’s look at the objectives for this unit.

Objectives
By the end of the session, you should be able to:
a) Understand networks and it relevance
b) Describe the various types of telecommunications networks
c) Define enterprise networking and it key components
d) Understand the business value of telecommunications network
e) Explain telecommunication media and what it entails
f) Describe network topologies and trends in telecommunications

CoDEUCC/Bachelor of Science in Information Technology 91

 TELECOMMUNICATION AND NETWORKS
UNIT 3

This is a blank sheet for your short notes on:

 Issues that are not clear, and
 difficult topics, if any.

92 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 1

SESSION 1: THE CONCEPT OF A NETWORK

Welcome to the first session of this unit. In this session, we

shall explain what a network is, it relevance and also study
other key concepts in networks. Enjoy the session.

Objectives
By the end of this session, you should be able to:
a) Explain what a network is and it relevance
b) Describe network criteria and components of networks
c) Describe the types of networks

Now read on…

3.1 What is a network?

The way we conduct business and live has altered as a result of data
communications and networking. Business choices need to be made more
swiftly than ever, and those making them need access to reliable information
right now. Why wait a week for that report from Nigeria to get in the mail when
it can be accessed almost instantly online? Computer networks and
internetworks are essential to modern business. Networking and
telecommunication have various uses outside of only personal and commercial
communication, including in political and social issues. To voice their social and
political concerns and viewpoints, people have discovered ways to interact with
others around the globe. Communities around the world are no longer isolated.

In the broadest sense, a network is any interconnected group of people or things

capable of sharing meaningful information with one another.
In a technology context, network is usually short for "computer network" or
"data network" and implies that computers are the things sharing the meaningful
information. Two or more computers connected together to share resources
(such printers and CDs), exchange files, or enable electronic communications

CoDEUCC/Bachelor of Science in Information Technology 93

 THE CONCEPT OF A NETWORK
UNIT 3
SESSION 1

end up making a network. A network's connections to its computers can be made

by cables, phone lines, radio waves, satellites, or infrared light beams.
At a conceptual level, all data networks consist of nodes, which refers to any
computer or digital device using the network and links, the physical connections
(either wired or wireless) that carry messages between nodes.

Below is a pictorial representation of a network:

3.2 Why are networks important?

Networks are important for several reasons:
• Resource sharing: Networks allow devices to share resources, such as
printers, scanners, and storage devices. This can increase efficiency and
reduce costs.
• Communication: Networks allow devices to communicate with one
another, enabling the exchange of information and data. This can include
email, instant messaging, and file sharing.
• Remote access: Networks allow users to access resources and
information from remote locations. This can include remote desktop
access, remote access to files and data, and teleconferencing.

94 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 1

• Network services: Networks provide a variety of services that make it

easier for devices to communicate and share resources. Examples
include DHCP, DNS, and NAT.
• Network security: Networks provide security measures to protect against
unauthorized access and attacks. This includes firewalls, encryption, and
antivirus software.
• Scalability: Networks can be easily expanded and modified to
accommodate new devices and users.
• Business expansion: Networking enables companies to expand and reach
new markets by connecting different offices and employees to work
seamlessly together.
• Cloud Computing: Networking provides the foundation for cloud
computing, which allows users to access information and services from
remote servers via the internet.
• Network management: Network management allows for monitoring and
controlling of the network, to ensure that it is running efficiently and
effectively.
• Innovation: Networking enables new technologies and applications to be
developed and implemented, leading to new ways of working and new
business models.

3.3 Network Criteria

A network must be able to meet a variety of requirements. The three that are
most crucial are security, reliability, and performance.

Performance: There are numerous ways to measure performance, including

transit and response times. The amount of time needed for a message to get from
one device to another is known as the transit time. The period of time between
a request and a response is known as the response time. The quantity of users,
the kind of transmission channel, the capabilities of the linked gear, and the
effectiveness of the software are some of the variables that affect how well a
network performs. Throughput and latency are two networking metrics that are

CoDEUCC/Bachelor of Science in Information Technology 95

 THE CONCEPT OF A NETWORK
UNIT 3
SESSION 1

commonly used to assess performance. More throughput and less delay are
usually required. But these two requirements frequently conflict with one
another. If we try to send more data to the network, we may increase throughput
but we increase the delay because of traffic congestion in the network.

Reliability: Along with delivery accuracy, network reliability is determined by

the frequency of failures, how quickly a link recovers from a failure, and how
resilient the network is to catastrophes.

Security: The protection of data from illegal access, the prevention of data loss
and development, and the implementation of rules and processes for data
recovery from breaches are all challenges related to network security.

3.4 The components of a network

The components of a network can include:
1. Devices: The devices on a network include computers, servers, routers,
switches, hubs, and other networking hardware.
2. Media: The media used to connect devices on a network include cables
(such as Ethernet, coaxial, and fiber-optic) and wireless technologies
(such as Wi-Fi and Bluetooth).
3. Network Interface Card (NIC): Each device on a network has a NIC,
which is a hardware component that allows the device to connect to the
network.
4. Network Operating System (NOS): A network operating system is the
software that runs on devices and provides network management,
security, and other services. Examples include Windows Server, Linux,
and Cisco IOS.
5. Protocols: Protocols are the rules and standards that govern
communication on a network. Examples include TCP/IP, HTTP, FTP,
DNS, and SMTP.
6. Services: Services are the features and functions provided by a network,
such as file sharing, email, and printing.

96 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 1

7. Security: Security measures are put in place to protect the network from
unauthorized access and attacks. This includes firewalls, encryption, and
antivirus software.

3.5 Types of Networks

There are several types of networks, each with their own unique characteristics
and uses. The main types of networks include:

A Local Area Network (LAN) is usually privately owned and connects some
hosts in a single office, building, or campus. A LAN is a network that connects
devices in a small geographic area, such as a home, office, or building. LANs
are typically used to share resources, such as printers and files, and to provide
internet access to devices on the network. Depending on the needs of an
organization, a LAN can be as simple as two PCs and a printer in someone’s
home office, or it can extend throughout a company and include audio and video
devices. Each host in a LAN has an identifier, an address that uniquely defines
the host in the LAN. A packet sent by a host to another host carries both the
source host’s and the destination host’s addresses. In the past, all hosts in a
network were connected through a common cable, which meant that a packet
sent from one host to another was received by all hosts. The intended recipient
kept the packet; the others dropped the packet. Today, most LANs use a smart
connecting switch, which is able to recognize the destination address of the
packet and guide the packet to its destination without sending it to all other hosts.
The switch alleviates the traffic in the LAN and allows more than one pair to
communicate with each other at the same time if there is no common source and
destination among them.

A Wide Area Network (WAN) is an interconnection of devices capable of

communication. A WAN is a network that connects devices over a larger
geographic area, such as a city, state, or country. WANs are typically used to
connect LANs and other networks together, allowing the sharing of resources
and information. However, there are some differences between a LAN and a
WAN. A LAN is normally limited in size, spanning an office, a building, or a
campus; a WAN has a wider geographical span, spanning a town, a state, a
country, or even the world. A LAN interconnects hosts; a WAN interconnects
connecting devices such as switches, routers, or modems. A LAN is normally

CoDEUCC/Bachelor of Science in Information Technology 97

 THE CONCEPT OF A NETWORK
UNIT 3
SESSION 1

privately owned by the organization that uses it; a WAN is normally created and
run by communication companies and leased by an organization that uses it. We
see two distinct examples of WANs today: point-to-point WANs and switched
WANs.
Metropolitan Area Network (MAN): A Metropolitan Area Network (MAN) is
a computer network that spans a metropolitan or urban area, connecting multiple
LANs (Local Area Networks) together. A MAN typically uses high-speed
connections such as fiber-optic cables or microwave links, and is often owned
and operated by a single entity, such as a government or private company. The
main purpose of a MAN is to provide a wider area of network coverage than a
LAN, while still being smaller and more contained than a WAN (Wide Area
Network). Examples of MANs include city-wide networks for public
transportation systems and networks that connect multiple corporate office
buildings within a city. A MAN is a network that connects devices within a
metropolitan area, such as a city. MANs are typically used to connect LANs and
WANs together and to provide internet access to devices on the network.

Campus Area Network (CAN): A Campus Area Network (CAN) is a computer

network that connects multiple LANs (Local Area Networks) within a specific
geographic area, such as a university campus, a corporate office complex or a
military base. A CAN typically uses wired and wireless communication
technologies to connect various buildings, departments, and other facilities
within the campus. The main purpose of a CAN is to provide a high-speed,
secure and reliable network infrastructure that connects all the devices, users and
applications within the campus. It enables the sharing of resources such as
printers, servers, and databases, and facilitates communication and collaboration
among students, faculty, and staff. A CAN is usually owned and operated by the
organization that runs the campus, such as a university or a corporation. A CAN
is a network that connects devices within a specific campus or educational
institution, such as a school or university. CANs are typically used to share
resources and provide internet access to students and staff.

Summary
This session explained what a network is and it relevance. It also described the
criteria and components of networks as well as the types of networks.

98 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 1

Self-Assessment Questions
Exercise 3.1
a) What is a network?
b) State three criteria that a network must meet
c) Differentiate a LAN from a WAN

CoDEUCC/Bachelor of Science in Information Technology 99

 THE CONCEPT OF A NETWORK
UNIT 3
SESSION 1

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

100 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 2

SESSION 2: TYPES OF TELECOMMUNICATIONS

NETWORKS
Welcome to this session. In this session, we shall look at
telecommunication networks, their types and how each of
them works. Enjoy the session.

Objectives
By the end of this session, you should be able to:
a) Understand telecommunication network
b) Distinguish between the types of the telecommunication networks

Now read on…

3.1 Telecommunication networks

Telecommunication networks are used to transmit information over long
distances, and they come in a variety of different types. These types of networks
can be classified based on their characteristics and the services they provide.

Circuit-Switched Networks: In a circuit-switched network, a dedicated

connection is established between two or more devices for the duration of the
call or transmission. This type of network is commonly used for telephone calls
and other voice communications.
Considering a circuit-switched network, a dedicated connection, called a circuit,
is always available between the two end systems; the switch can only make it
active or inactive. Figure below shows a very simple switched network that
connects four telephones to each end. We have used telephone sets instead of
computers as an end system because circuit switching was very common in
telephone networks in the past, although part of the telephone network today is
a packet-switched network. In Figure below, the four telephones at each side are
connected to a switch. The switch connects a telephone set at one side to a
telephone set at the other side. The thick line connecting two switches is a high-
capacity communication line that can handle four voice communications at the
same time; the capacity can be shared between all pairs of telephone sets. The

CoDEUCC/Bachelor of Science in Information Technology 101

 TYPES OF TELECOMMUNICATIONS
UNIT 3
SESSION 2 NETWORKS

switches used in this example have forwarding tasks but no storing capability.
Let us look at two cases. In the first case, all telephone sets are busy; four people
at one site are talking with four people at the other site; the capacity of the thick
line is fully used. In the second case, only one telephone set at one side is
connected to a telephone set at the other side; only one-fourth of the capacity of
the thick line is used. As a result, a circuit-switched network is only effective
when it is operating at full capacity; while it is operating at partial capacity, it is
ineffective the majority of the time. Because we do not want communication to
break down when all telephone sets on one side wish to connect with all
telephone sets on the other side, we must increase the capacity of the thick line
to four times that of each voice line. Examples of circuit-switched networks
include the traditional PSTN (Public Switched Telephone Network) and ISDN
(Integrated Services Digital Network).

Packet-Switched Networks: In a packet-switched network, data is broken down

into small packets and sent to its destination through a series of interconnected
devices. This type of network is commonly used for internet and data
communications. In a computer network, the communication between the two
ends is done in blocks of data called packets. In other words, instead of the
continuous communication we see between two telephone sets when they are
being used, we see the exchange of individual data packets between the two
computers. This allows us to make the switches function for both storing and
forwarding because a packet is an independent entity that can be stored and sent
later. Figure below shows a small packet-switched network that connects four
computers at one site to four computers at the other site.
A router in a packet-switched network has a queue that can store and forward
the packet. Now assume that the capacity of the thick line is only twice the
capacity of the data line connecting the computers to the routers. If only two
computers (one at each site) need to communicate with each other, there is no

102 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 2

waiting for the packets. However, if packets arrive at one router when the thick
line is already working at its full capacity, the packets should be stored and
forwarded in the order they arrived. The two simple examples show that a
packet-switched network is more efficient than a circuit switched network, but
the packets may encounter some delays. Examples of packet-switched networks
include the internet and LANs (Local Area Networks).

Cellular Networks: Cellular networks are wireless networks that use radio
waves to transmit and receive data. These networks are made up of a series of
interconnected cells, each of which is controlled by a base station. This type of
network is commonly used for mobile phone communications. Examples of
cellular networks include GSM (Global System for Mobile Communications)
and CDMA (Code Division Multiple Access). Cellular networks, also known
as cellular or mobile networks, are communication networks that use a system
of cells, each served by at least one fixed-location transceiver, known as a cell
site or base station, to cover a geographical area. Cellular networks are used
primarily for mobile phone and internet access. They consist of a network of
cell sites, each covering a small area, typically a few square kilometers, and
connected to a central network operations center. When a mobile device such
as a phone or tablet connects to the network, it is connected to the nearest cell
site, and the call or data transmission is then routed through the network to its
destination.

There are two main types of cellular networks:

1. 2G (Second Generation): These networks use circuit-switched

technology and provide voice and data services at slow speeds. They use
various technologies such as GSM and CDMA.

CoDEUCC/Bachelor of Science in Information Technology 103

 TYPES OF TELECOMMUNICATIONS
UNIT 3
SESSION 2 NETWORKS

2. 3G (Third Generation) and 4G (Fourth Generation): These networks use

packet-switched technology and provide faster data services, such as
internet access and video streaming. They use various technologies such
as CDMA2000, WCDMA and LTE.

5G (Fifth Generation) cellular networks are now being deployed, providing even
faster data rates and lower latency than 4G networks, and enabling a new set of
use cases such as IoT, autonomous vehicles and edge computing.

Cellular networks have the advantage of being widely available and providing
mobile connectivity. However, they can be expensive to set up and maintain,
and network coverage can be limited in remote or rural areas.

Satellite Networks: Satellite networks use satellites in orbit to transmit and

receive data. These networks are commonly used for long-distance
communications, such as television and radio broadcasts, and in remote areas
where other types of networks are not available. Examples of satellite networks
include GPS (Global Positioning System) and VSAT (Very Small Aperture
Terminal) networks. Satellite networks in telecommunications refer to the use
of satellites to provide communication services, such as voice, data, and video
transmission. These networks consist of a network of satellites in orbit around
the Earth, ground control stations, and earth stations or terminals that are
located at the user's premises.

There are two types of satellite networks:

1. Geostationary satellites: These satellites orbit the Earth at the same

speed as the Earth's rotation, so they appear to be in a fixed position in
the sky. They are used primarily for television and radio broadcasting,
and for providing long-distance telephone and internet services to remote
areas.
2. Low Earth orbit (LEO) satellites: These satellites orbit the Earth at a
much lower altitude than geostationary satellites, usually at around 1,200
km. They are used for satellite phone services and for providing internet
access to remote areas.

104 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 2

Satellite networks have the advantage of providing communication services to

remote and hard-to-reach areas where traditional wired or cellular networks are
not available. They are also used as a backup communication system in case of
natural disasters or other emergencies. However, they can be expensive to set up
and maintain, and the signal can be affected by weather conditions or other
interference.

Hybrid Networks: Hybrid networks combine elements of different types of

networks to provide a more comprehensive solution. For example, a hybrid
network may use a combination of circuit-switched and packet-switched
technologies to provide both voice and data communications.A hybrid network
is a combination of two or more different types of networks that are connected
together to form a single network infrastructure. The main purpose of a hybrid
network is to provide a flexible and scalable solution that can meet the diverse
communication and networking needs of an organization.

Examples of hybrid networks include:

• Combining a wired LAN (Local Area Network) with a wireless LAN

(WLAN) to provide both wired and wireless connectivity
• Combining a LAN with a WAN (Wide Area Network) to connect remote
offices and employees to the main office
• Combining a LAN with a VPN (Virtual Private Network) to provide
secure remote access to the network
• Combining a LAN with a cloud-based infrastructure to provide scalable
and on-demand computing resources

Hybrid networks can provide a number of benefits, such as increased

connectivity, improved security, and greater scalability. However, they also
introduce some challenges, such as increased complexity and management costs.

Summary
In summary, telecommunication networks come in a variety of different types,
each with its own unique characteristics and services. Understanding the
different types of networks is important for selecting the right one for your
communication needs.

CoDEUCC/Bachelor of Science in Information Technology 105

 TYPES OF TELECOMMUNICATIONS
UNIT 3
SESSION 2 NETWORKS

Self-Assessment Questions
Exercise 3.2
a) With the aid of a diagram, explain packet-switched network.
b) Give two examples of hybrid networks.

106 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 3

SESSION 3: NETWORKING THE ENTERPRISE

Welcome to this session. In this session we shall seek to

understand enterprise networks and its key components as
well as its benefits and also how it works. Sit back, relax and enjoy.

Objectives
By the end of this session, you should be able to:
a) Understand enterprise networks and its components
b) Outline the benefits of enterprise network
c) Explain how enterprise networks

Now read on…

3.1 Enterprise Network

Consider the Enterprise Network like the Internet, only local to your company.
An enterprise network facilitates communication, file sharing, system access,
and performance evaluation of an IT environment that supports business
activities.
Business networks are set up to:
• Connect a select group of approved people, systems, and applications.
• Create a safe and effective communication channel to carry out particular
corporate functions.
In this session, we will discuss business networking.

Enterprise networking is the practice of connecting the various devices and

systems within an organization, such as computers, servers, and other hardware,
in order to facilitate communication and the sharing of resources. It is a critical
component of modern business operations, as it enables employees to access the
information they need and collaborate with one another, no matter where they
are located.

CoDEUCC/Bachelor of Science in Information Technology 107

 NETWORKING THE ENTERPRISE
UNIT 3
SESSION 3

3.2 Key Components of enterprise networking

There are several key components of enterprise networking, including:
Network infrastructure: This refers to the physical devices and connections that
make up the network, such as routers, switches, and cables.
Network topology: This refers to the layout and organization of the network,
including the way devices are connected and how data flows through the
network. Common network topologies include star, bus, and mesh.
Network protocols: These are the set of rules that govern how data is transmitted
over the network. Examples include TCP/IP, which is the most widely used
protocol for the Internet, and Ethernet, which is commonly used in local area
networks (LANs).
Network security: This is the practice of protecting the network and its
associated resources from unauthorized access and attacks. Techniques such as
firewalls, intrusion detection systems, and virtual private networks (VPNs) are
commonly used to secure enterprise networks.
Network management: This refers to the process of monitoring and maintaining
the network, including troubleshooting issues, updating software and firmware,
and monitoring network performance.
Network Services: These are the services that allow the network to perform
different functionalities, like DNS, DHCP, WINS, VPN, etc.

In addition to these key components, there are also several different types of
enterprise networks, each with their own unique characteristics and use cases.
These include:
Local area networks (LANs): These networks are typically used within a single
building or campus and connect devices such as computers and servers.
Wide area networks (WANs): These networks connect LANs and other
networks over a wide geographic area, such as a city or region.
Metropolitan area networks (MANs): These networks connect LANs and other
networks within a metropolitan area, such as a city or town.

Cloud networks: These networks are hosted by a third-party provider and

provide scalable computing and storage resources over the internet. Cloud
networks in enterprise networks refer to the use of cloud-based infrastructure
and services to support the communication and data needs of an organization.
This can include using cloud-based storage and computing resources, as well as

108 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 3

cloud-based software and services for tasks such as email, collaboration, and
virtual meetings. The use of cloud networks can provide businesses with greater
scalability, flexibility, and cost savings compared to traditional on-premises IT
infrastructure.

3.3 Why Enterprise Networking?

Organizations need enterprise networks to connect multiple devices and users
within the organization, enabling them to share resources and communicate with
one another. This allows for increased productivity and collaboration, as well as
improved security and management of the network. Additionally, an enterprise
network allows for the integration of various technologies and services, such as
cloud computing and telephony, that can benefit the organization
Enterprise networking provides end users and applications with fast and
dependable connectivity. In today's network, applications are increasingly
distributed, and simplified networking and security across wired and wireless
infrastructure is a business imperative. Network administrators need enterprise
networking solutions that provide a unified view of data centers and clouds, as
well as network automation frameworks that simplify day one and day two
network operations.
Another major responsibility of enterprise network administrators is security.
Perimeter and internal firewalls are designed to protect applications and data
from outside attacks, making firewall configuration an essential part of
enterprise networking. To improve enterprise network security, security
administrators look for advanced methods to scan data packets for viruses and
malware in order to prevent infections from phishing attacks and ransomware.

3.4 Benefits of enterprise network

Every business requires a one-of-a-kind networking solution to support its
workflow, production processes, consumer demand, logistics, and so on.
Organizations can achieve the following goals with the right network:
• Collaboration increases efficiency: Employees can collaborate on shared
resources remotely or in an office, factory, or campus.
• Access to company resources can be controlled and secured by perimeter
and internal firewalls.

CoDEUCC/Bachelor of Science in Information Technology 109

 NETWORKING THE ENTERPRISE
UNIT 3
SESSION 3

• Increased output: Modern networking can dramatically improve

employee productivity, from streamlined test/dev with collaboration
tools and version control to private cloud orchestration with cloud-based
applications and an agile internal firewall.
• Cost savings: The combination of server and network virtualization
allows businesses to maximize resource efficiency across on-premises
and cloud infrastructure. Enterprise networking includes analytics,
monitoring, and security solutions that can be installed to improve
ongoing business operations.

3.5 How does enterprise networking work?

High-speed switching and routing devices mediate data transfers between
desktop computers, servers, applications, and services in enterprise networking.
A modern enterprise network is comprised of a common networking and
security platform that provides a variety of networking services for modern
applications such as switching, routing, load balancing, firewalling, wifi, and
service mesh. This converged enterprise networking approach aids in the
elimination of operational silos and allows for end-to-end network automation.

In a typical enterprise network, devices such as computers, servers, and printers

are connected to a network switch or router, which acts as a hub for connecting
devices within a LAN. The switch or router also connects the LAN to a WAN,
such as the internet, to enable communication with other networks and devices
outside of the LAN.

Firewalls, intrusion detection and prevention systems (IDPS) and Virtual Private
Network (VPN) are also commonly used in enterprise networks to secure the
network and protect against unauthorized access.

Additionally, many enterprise networks use VLANs (Virtual LANs) to segment

the network and provide additional security and control over network traffic.
This allows network administrators to set up different VLANs for different
departments or groups of users, each with their own security and access policies.

110 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 3

Enterprise networks also often use a variety of network protocols, such as

TCP/IP, to facilitate communication and data transfer between devices.

Summary
We discussed enterprise networks and its components, highlighting the benefits
of enterprise network as well. Also, this session explained how enterprise
networks.

Self-Assessment Questions
Exercise 3.3
a) Why is it necessary to network an enterprise?
b) What are the benefits of enterprise network?

CoDEUCC/Bachelor of Science in Information Technology 111

 NETWORKING THE ENTERPRISE
UNIT 3
SESSION 3

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

112 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 4

SESSION 4: BUSINESS VALUE OF

TELECOMMUNICATION NETWORKS
Welcome to another exciting session. In this session, we shall
introduce the learner into the concept of telecommunication,
some of it services and relevance and also study the business value of
telecommunication networks. Enjoy the session.

Objectives
By the end of this session, you should be able to:
a) Describe telecommunication and its advantages
b) Identify some business value of telecommunication networks

Now read on…

3.1 Telecommunications
Telecommunications and digitization are closely related and have the potential
to challenge established business models. Businesses are under pressure to
modernize their telecommunications infrastructure due to the rising demand for
connectivity. For innovative organizations to respond to shifting customer
expectations, network transformation is essential. Artificial intelligence (AI) and
machine learning are now being used by telecommunications businesses to
enhance customer service. These cutting-edge technologies enable businesses to
find leads, analyse customer data, and create better products. Some operators
assist clients in selecting TV channels by using advanced AI algorithms. Others
are equipped with state-of-the-art IoT (Internet of Things) infrastructures that
can remotely monitor data centers and identify security breaches. Telecom
services are advantageous to your company in both direct and indirect ways.
Your employees can communicate with potential customers and exchange
information in real time using high-speed internet, mobile apps, VoIP, and other
communication tools. These technologies assist with your customer service and
branding initiatives.

CoDEUCC/Bachelor of Science in Information Technology 113

 BUSINESS VALUE OF
UNIT 3
SESSION 4 TELECOMMUNICATION NETWORKS

Telecommunications is an important tool for businesses. It enables companies

to communicate effectively with customers and deliver high standards of
customer service. Telecommunications is a key element in allowing employees
to collaborate easily from wherever they are located, remote or local. Mobile
telecommunication gives companies the opportunity to introduce more flexible
working by allowing employees to work efficiently from home or other, more
remote locations. Collaboration between the departments of a business is an
important way to help a company work efficiently and smoothly in improving
performance of product development, customer relationship management, and
quality initiatives. Telecommunications allow momentum to be maintained and
important decisions to be made.

3.2 Business value of telecommunication networks

The business value of telecommunication networks can be broken down into
several key areas:

Productivity: Mobile telecommunications can help maintain communication

capability for employees working in remote locations or at home. All employees
use the same telecommunications device to access data, send and receive
messages, work on documents, or participate in multimedia conferences. This
can lead to increased productivity and efficiency, as well as improved employee
morale and job satisfaction. Telecommunications also empowers firms to reach
more customers with fewer resources and manpower. The power of
telecommunications technology is driving businesses all over the world to get
connected. The technology includes telephony and video conferencing,
broadcast and interactive television, instant messaging, email, distributed
electronic collaboration, and a range of web- and Internet-based
communications and data transmissions

Cost savings: Telecommunications networks can help organizations reduce

costs associated with travel, office space, and other expenses. For example,
video conferencing and other collaboration tools can eliminate the need for in-
person meetings, saving both time and money. It can also make shipping
operations smoother by automating the basic processes that people once
114 CoDEUCC/Bachelor of Science in Information Technology
TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 4

handled. Vast amounts of information are available to employees;

telecommunications allow more employees to access and use the information
and make decisions upon it. This helps to free up valuable time to allow for more
productivity. This technology helps coordinate and dispatch roaming employees
to sites as needed, eliminating the need for a central-based office.

Competitive advantage: Telecommunications networks can give organizations

a competitive edge by enabling them to respond quickly to changing market
conditions and adapt to new business opportunities. For example, organizations
can use telecommunication networks to connect with customers, suppliers, and
partners in real-time, providing them with valuable insights and feedback.

Improved customer service: Telecommunications networks can help

organizations improve customer service by providing customers with multiple
channels to contact and interact with the company, such as phone, email, and
chat. Organizations can also use telecommunication networks to track and
analyze customer interactions to identify areas for improvement and provide
better service over time.

Scalability: Telecommunications networks can be scaled up or down as needed,

providing organizations with the flexibility to accommodate changes in business
needs. This can be especially beneficial for organizations that experience rapid
growth or seasonal fluctuations in demand.

Business Continuity: Telecommunications networks can provide organizations

with a way to maintain their operations in case of a disaster or an unexpected
event. For example, organizations can use telecommunication networks to set
up disaster recovery and business continuity plans that allow employees to work
remotely and access critical systems and data.

Security: Telecommunications networks can help protect businesses from cyber

threats by providing secure communication channels and implementing security
measures such as firewalls, encryption, and intrusion detection systems.

New revenue streams: Telecommunications networks can enable businesses to

create new revenue streams by offering new products and services, such as
internet-based services and cloud computing

CoDEUCC/Bachelor of Science in Information Technology 115

 BUSINESS VALUE OF
UNIT 3
SESSION 4 TELECOMMUNICATION NETWORKS

Summary
In this session, we discussed telecommunication and its advantages and also
identified some business value of telecommunication networks

Self-Assessment Questions
Exercise 3.4
a) Explain any four reasons why business values telecommunication
network

116 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 5

SESSION 5: TELECOMMUNICATION MEDIA

Welcome to this session. In this session, we will explain what

Telecommunication media is and its categories. We will take
the various categories one after the other and look at what they entail. Sit back
enjoy the session then.

Objectives
By the end of this session, you should be able to:
a) Define Telecommunication media and state it categories
b) Describe guided media and it types
c) Explain unguided media and it types

Now read on…

3.1 Telecommunication media

Telecommunication media refers to the different types of physical and wireless
channels that are used to transmit information from one location to another.
The two main categories of transmission media in telecommunications are
guided and unguided. Twisted-pair cable, coaxial cable, and fiber-optic cable
are examples of guided media. Unguided medium is free space.

CoDEUCC/Bachelor of Science in Information Technology 117

 TELECOMMUNICATION MEDIA
UNIT 3
SESSION 5

3.2 Guided Media

Guided media, which are those that provide a conduit from one device to
another, include twisted-pair cable, coaxial cable, and fiber-optic cable. A signal
traveling along any of these media is directed and contained by the physical
limits of the medium. Twisted-pair and coaxial cable use metallic (copper)
conductors that accept and transport signals in the form of electric current.
Optical fiber is a cable that accepts and transports signals in the form of light.

3.2.1 Twisted-Pair Cable

A twisted pair consists of two conductors (normally copper), each with its own
plastic insulation, twisted together. One of the wires is used to carry signals to
the receiver, and the other is used only as a ground reference. The receiver uses
the difference between the two. In addition to the signal sent by the sender on
one of the wires, interference (noise) and crosstalk may affect both wires and
create unwanted signals. If the two wires are parallel, the effect of these
unwanted signals is not the same in both wires because they are at different
locations relative to the noise or crosstalk sources (e.g., one is closer and the
other is farther). This results in a difference at the receiver. By twisting the pairs,
a balance is maintained. For example, suppose in one twist, one wire is closer to
the noise source and the other is farther; in the next twist, the reverse is true.
Twisting makes it probable that both wires are equally affected by external
influences (noise or crosstalk). This means that the receiver, which calculates
the difference between the two, receives no unwanted signals. The unwanted
signals are mostly cancelled out. From the above discussion, it is clear that the
number of twists per unit of length (e.g., inch) has some effect on the quality of
the cable.

Unshielded Versus Shielded Twisted-Pair Cable

The most common twisted-pair cable used in communications is referred to as
unshielded twisted-pair (UTP). IBM has also produced a version of twisted-pair
cable for its use, called shielded twisted-pair (STP). STP cable has a metal foil
or braided mesh covering that encases each pair of insulated conductors.
Although metal casing improves the quality of cable by preventing the
penetration of noise or crosstalk, it is bulkier and more expensive. Figure below
shows the difference between UTP and STP. Our discussion focuses primarily
on UTP because STP is seldom used outside of IBM.

118 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 5

3.2.2 Coaxial cable

Coaxial cable (or coax) carries signals of higher frequency ranges than those in
twisted pair cable, in part because the two media are constructed quite
differently. Instead of having two wires, coax has a central core conductor of
solid or stranded wire (usually copper) enclosed in an insulating sheath, which
is, in turn, encased in an outer conductor of metal foil, braid, or a combination
of the two. The outer metallic wrapping serves both as a shield against noise and
as the second conductor, which completes the circuit. This outer conductor is
also enclosed in an insulating sheath, and the whole cable is protected by a
plastic cover

3.2.3 Fiber-Optic Cable

A fiber-optic cable is made of glass or plastic and transmits signals in the form
of light. They are faster and more reliable than copper wires and can transmit
signals over much longer distances, but they are also more expensive to install.
To understand optical fiber, we first need to explore several aspects of the nature
of light. Light travels in a straight line as long as it is moving through a single
uniform substance. If a ray of light traveling through one substance suddenly
enters another substance (of a different density), the ray changes direction.
Figure presented below shows how a ray of light changes direction when going
from a denser to a less dense substance. As the figure shows, if the angle of
incidence I (the angle the ray makes with the line perpendicular to the interface
between the two substances) is less than the critical angle, the ray refracts and
moves closer to the surface. If the angle of incidence is equal to the critical angle,
the light bends along the interface. If the angle is greater than the critical angle,
the ray reflects (makes a turn) and travels again in the denser substance.

CoDEUCC/Bachelor of Science in Information Technology 119

 TELECOMMUNICATION MEDIA
UNIT 3
SESSION 5

Note that the critical angle is a property of the substance, and its value differs
from one substance to another. Optical fibers use reflection to guide light
through a channel.
A glass or plastic core is surrounded by a cladding of less dense glass or plastic.
The difference in density of the two materials must be such that a beam of light
moving through the core is reflected off the cladding instead of being refracted
into it.

3.3 Unguided Media

Unguided media do not provide a physical path for the signal to travel, but
instead use the airwaves to transmit signals. Electromagnetic waves are
transported via unguided media without the use of a physical conductor.
Wireless communication is a common name for this kind of communication.
Signals are typically broadcast via open space, making them accessible to
anyone with a device that can pick them up.

Radio Waves: While there isn't a definite line that separates radio waves from
microwaves, electromagnetic waves with frequencies between 3 kHz and 1 GHz
are typically referred to as radio waves, while those with frequencies between 1
and 300 GHz are referred to as micro waves.

120 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 5

The behaviour of the waves, as opposed to their frequencies, is a better

categorization criterion. Most of the time, radio waves are omnidirectional.
Radio waves spread out in all directions when they are sent by an antenna. Thus,
it is not necessary to align the sending and receiving antennas. Any receiving
antenna can pick up the waves that a sending antenna sends. The omnidirectional
property has a disadvantage, too. The radio waves transmitted by one antenna
are susceptible to interference by another antenna that may send signals using
the same frequency or band. Radio waves, particularly those waves that
propagate in the sky mode, can travel long distances. This makes radio waves a
good candidate for long-distance broadcasting such as AM radio. Radio waves,
particularly those of low and medium frequencies, can penetrate walls.
This characteristic can be both an advantage and a disadvantage. It is an
advantage because, for example, an AM radio can receive signals inside a
building. It is a disadvantage because we cannot isolate a communication to just
inside or outside a building. The radio wave band is relatively narrow, just under
1 GHz, compared to the microwave band. When this band is divided into sub
bands, the sub bands are also narrow, leading to a low data rate for digital
communications.
Radio waves are used in a variety of applications, such as television, radio, and
cellular communication. They can transmit signals over long distances and
through walls, but they are also susceptible to interference from other radio
wave-emitting sources.

Microwaves: Electromagnetic waves having frequencies between 1 and 300

GHz are called microwaves. Microwaves are unidirectional. When an antenna
transmits microwaves, they can be narrowly focused. This means that the
sending and receiving antennas need to be aligned. The unidirectional property
has an obvious advantage. A pair of antennas can be aligned without interfering
with another pair of aligned antennas.
The following describes some characteristics of microwave propagation:
• Microwave propagation is line-of-sight. Since the towers with the
mounted antennas need to be in direct sight of each other, towers that are
far apart need to be very tall. The curvature of the earth as well as other
blocking obstacles do not allow two short towers to communicate by
using microwaves. Repeaters are often needed for long distance
communication.

CoDEUCC/Bachelor of Science in Information Technology 121

 TELECOMMUNICATION MEDIA
UNIT 3
SESSION 5

• Very high-frequency microwaves cannot penetrate walls. This

characteristic can be a disadvantage if receivers are inside buildings.
• The microwave band is relatively wide, almost 299 GHz. Therefore,
wider sub bands can be assigned, and a high data rate is possible.
• Use of certain portions of the band requires permission from authorities.
Microwaves are similar to radio waves but have a higher frequency and
can transmit signals over longer distances. They are commonly used in
satellite communication, point-to-point communication, and wireless
networks.

Infrared: Infrared is a type of unguided media that uses light to transmit signals.
It is commonly used in remote control devices and in short-range wireless
communication, such as in some wireless keyboards and mouse. Infrared waves,
with frequencies from 300 GHz to 400 THz (wavelengths from 1 mm to 770
nm), can be used for short-range communication. Infrared waves, having high
frequencies, cannot penetrate walls. This advantageous characteristic prevents
interference between one system and another; a short-range communication
system in one room cannot be affected by another system in the next room.
When we use our infrared remote control, we do not interfere with the use of the
remote by our neighbours. However, this same characteristic makes infrared
signals useless for long-range communication. In addition, we cannot use
infrared waves outside a building because the sun’s rays contain infrared waves
that can interfere with the communication.

Satellite: Satellites are used to transmit information wirelessly over long

distances. They are used for television and radio broadcasting, as well as for
internet and telephone service in remote or hard-to-reach areas.

Summary
We defined telecommunication media and stated it categories in this session. We
also explained guided media and unguided media with their respective types.

122 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 5

Self-Assessment Questions
Exercise 3.5
a) Explain the two main categories of transmission media in
telecommunication.

CoDEUCC/Bachelor of Science in Information Technology 123

 TELECOMMUNICATION MEDIA
UNIT 3
SESSION 5

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

124 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 6

SESSION 6: NETWORK TOPOLOGIES AND TRENDS IN

TELECOMMUNICATIONS
Bravo!!!... You just got to the last session of this unit. We shall
conclude the session with discussions on Network topologies
and it types as well as some technological trends in telecommunications. Relax
and enjoy the session then.

Objectives
By the end of this session, you should be able to:
a) Define Network topology and outline it types
b) Explain the various types of Network topology with the advantages and
disadvantages
c) Outline some technological trends in Telecommunication

Now read on…

3.1 Network Topology

Network topology refers to the layout and organization of the devices on a
network, and how they are connected to one another. There are several different
types of network topologies, each with their own advantages and disadvantages.
The term physical topology refers to the way in which a network is laid out
physically. Two or more devices connect to a link; two or more links form a
topology. The topology of a network is the geometric representation of the
relationship of all the links and linking devices (usually called nodes) to one
another.

3.2 Types of Network Topology

There are four basic topologies possible: mesh, star, bus, and ring.

CoDEUCC/Bachelor of Science in Information Technology 125

 NETWORK TOPOLOGIES AND TRENDS
UNIT 3
SESSION 6 IN TELECOMMUNICATIONS

3.2.1 Mesh Topology

In a mesh topology, every device has a dedicated point-to-point link to every
other device. The term dedicated means that the link carries traffic only between
the two devices it connects. To find the number of physical links in a fully
connected mesh network with n nodes, we first consider that each node must be
connected to every other node. Node 1 must be connected to n – 1 node, node 2
must be connected to n – 1 nodes, and finally node n must be connected to n – 1
nodes. We need n (n – 1) physical links. However, if each physical link allows
communication in both directions (duplex mode), we can divide the number of
links by 2. In other words, we can say that in a mesh topology, we need n (n –
1) / 2 duplex-mode links. To accommodate that many links, every device on the
network must have n – 1 input/output (I/O) ports to be connected to the other n
– 1 stations.

A mesh offers several advantages over other network topologies. First, the use
of dedicated links guarantees that each connection can carry its own data load,
thus eliminating the traffic problems that can occur when links must be shared
by multiple devices. Second, a mesh topology is robust. If one link becomes
unusable, it does not incapacitate the entire system. Third, there is the advantage
of privacy or security. When every message travels along a dedicated line, only
the intended recipient sees it. Physical boundaries prevent other users from
gaining access to messages. Finally, point-to-point links make fault
identification and fault isolation easy. Traffic can be routed to avoid links with
suspected problems. This facility enables the network manager to discover the
precise location of the fault and aids in finding its cause and solution

The main disadvantages of a mesh are related to the amount of cabling and the
number of I/O ports required. First, because every device must be connected to
every other device, installation and reconnection are difficult. Second, the sheer
bulk of the wiring can be greater than the available space (in walls, ceilings, or
floors) can accommodate. Finally, the hardware required to connect each link
(I/O ports and cable) can be prohibitively expensive. For these reasons a mesh
topology is usually implemented in a limited fashion, for example, as a backbone
connecting the main computers of a hybrid network that can include several
other topologies. One practical example of a mesh topology is the connection of
telephone regional offices in which each regional office needs to be connected
to every other regional office.

126 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 6

3.2.2 Star Topology

In a star topology, each device has a dedicated point-to-point link only to a
central controller, usually called a hub. The devices are not directly linked to
one another. Unlike a mesh topology, a star topology does not allow direct traffic
between devices. The controller acts as an exchange: If one device wants to send
data to another, it sends the data to the controller, which then relays the data to
the other connected device.

A star topology is less expensive than a mesh topology. In a star, each device
needs only one link and one I/O port to connect it to any number of others. This
factor also makes it easy to install and reconfigure. Far less cabling needs to be
housed, and additions, moves, and deletions involve only one connection:
between that device and the hub. Other advantages include robustness. If one
link fails, only that link is affected. All other links remain active. This factor also
lends itself to easy fault identification and fault isolation. As long as the hub is
working, it can be used to monitor link problems and bypass defective links.

One big disadvantage of a star topology is the dependency of the whole topology
on one single point, the hub. If the hub goes down, the whole system is dead.
Although a star requires far less cable than a mesh, each node must be linked to
a central hub. For this reason, often more cabling is required in a star than in
some other topologies (such as ring or bus).

CoDEUCC/Bachelor of Science in Information Technology 127

 NETWORK TOPOLOGIES AND TRENDS
UNIT 3
SESSION 6 IN TELECOMMUNICATIONS

3.2.3 Ring Topology

In a ring topology, each device has a dedicated point-to-point connection with
only the two devices on either side of it. A signal is passed along the ring in one
direction, from device to device, until it reaches its destination. Each device in
the ring incorporates a repeater. When a device receives a signal intended for
another device, its repeater regenerates the bits and passes them along A ring is
relatively easy to install and reconfigure. Each device is linked to only its
immediate neighbours (either physically or logically). To add or delete a device
requires changing only two connections. The only constraints are media and
traffic considerations (maximum ring length and number of devices). In
addition, fault isolation is simplified. Generally, in a ring a signal is circulating
at all times. If one device does not receive a signal within a specified period, it
can issue an alarm. The alarm alerts the network operator to the problem and its
location.
However, unidirectional traffic can be a disadvantage. In a simple ring, a break
in the ring (such as a disabled station) can disable the entire network. This
weakness can be solved by using a dual ring or a switch capable of closing off
the break. Ring topology was prevalent when IBM introduced its local-area
network, Token Ring. Today, the need for higher-speed LANs has made this
topology less popular.

128 CoDEUCC/Bachelor of Science in Information Technology

TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 6

3.2.4 Bus Topology

The preceding examples all describe point-to-point connections. A bus topology,
on the other hand, is multipoint. One long cable act as a backbone to link all the
devices in a network. Nodes are connected to the bus cable by drop lines and
taps. A drop line is a connection running between the device and the main cable.
A tap is a connector that either splices into the main cable or punctures the
sheathing of a cable to create a contact with the metallic core. As a signal travels
along the backbone, some of its energy is transformed into heat. Therefore, it
becomes weaker and weaker as it travels farther and farther. For this reason,
there is a limit on the number of taps a bus can support and on the distance
between those taps.

Advantages of a bus topology include ease of installation. Backbone cable can

be laid along the most efficient path, then connected to the nodes by drop lines
of various lengths. In this way, a bus uses less cabling than mesh or star
topologies. In a star, for example, four network devices in the same room require
four lengths of cable reaching all the way to the hub. In a bus, this redundancy
is eliminated. Only the backbone cable stretches through the entire facility. Each
drop line has to reach only as far as the nearest point on the backbone.

Disadvantages include difficult reconnection and fault isolation. A bus is usually

designed to be optimally efficient at installation. It can therefore be difficult to
add new devices. Signal reflection at the taps can cause degradation in quality.
This degradation can be controlled by limiting the number and spacing of
devices connected to a given length of cable. Adding new devices may therefore
require modification or replacement of the backbone. In addition, a fault or break
in the bus cable stops all transmission, even between devices on the same side
of the problem. The damaged area reflects signals back in the direction of origin,

CoDEUCC/Bachelor of Science in Information Technology 129

 NETWORK TOPOLOGIES AND TRENDS
UNIT 3
SESSION 6 IN TELECOMMUNICATIONS

creating noise in both directions. Bus topology was the one of the first topologies
used in the design of early local area networks.

3.3 Trends in Telecommunication

In recent years, several trends have emerged that are shaping the future of
telecommunications.

5G Technology: 5G is the fifth generation of cellular technology and it promises

to bring faster speeds, lower latency, and more reliable connections than
previous generations. This technology is expected to be a major driver of
innovation in a wide range of industries, from healthcare to transportation.

Internet of Things (IoT): The IoT refers to the growing network of connected
devices that can collect and share data. This trend is driving the development of
new applications and services that leverage the data generated by IoT devices.

Cloud-based Services: Cloud-based services are becoming increasingly popular

in the telecommunications industry, as they allow for more cost-effective and
flexible service delivery. This trend is expected to continue as more businesses
and consumers adopt cloud-based services.

Artificial Intelligence and Machine Learning: AI and machine learning are

being used to improve the efficiency and effectiveness of telecommunications
systems. For example, these technologies can be used to optimize network
performance, personalize customer experiences, and detect and prevent fraud.

Security and Reliability: With the growing number of connected devices and
services, the need for secure and reliable communications is more important than
ever. As a result, many telecommunications companies are investing in security
measures to protect their networks and customers' data.
130 CoDEUCC/Bachelor of Science in Information Technology
TELECOMMUNICATION AND NETWORKS UNIT 3
SESSION 6

Integration of Communication Technologies: Telecommunications companies

are now integrating different communication technologies, such as instant
messaging, video conferencing, and social media, to provide a better user
experience.

Increase in Remote working: With the pandemic and the shift towards remote
working, the demand for better and reliable communication systems has
increased. Telecommunications companies are now focusing on providing
solutions that cater to the remote working needs of businesses and individuals

Edge computing: Edge computing is a trend that is pushing the computing

power and storage closer to the end user, thereby reducing the latency and
improving the performance of the network. This is particularly useful in cases
where real-time data processing is needed.

Summary
Network topology refers to the layout and organization of the devices on a
network, and how they are connected to one another. The various types of
Network topology with their respective advantages and disadvantages were
discussed. Also some technological trends in Telecommunication were stated in
this session.

Self-Assessment Questions
Exercise 3.6
a) What is a network topology?
b) State the main disadvantages of a mesh topology.
c) Telecommunication is on the outgoing in recent years, list and explain
any 3 trends in telecommunication

CoDEUCC/Bachelor of Science in Information Technology 131

 NETWORK TOPOLOGIES AND TRENDS
UNIT 3
SESSION 6 IN TELECOMMUNICATIONS

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

132 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS
UNIT 4

UNIT 4: E-COMMERCE AND E-BUSINESS

Unit Outline
Session 1: E-business and E-Commerce systems
Session 2: Scope of E-business and E-commerce system
Session 3: Essential e-commerce processes and electronic payment processes
Session 4: Customer Relationship Management (CRM) and its three phases
Session 5: ERP, Benefits, Challenges and Trends
Session 6: Supply chain management (SCM), Roles, Benefits, Challenges and Trends

Dear student, welcome to another interested unit. In this unit

we shall study about E-Commerce and E-Business. We shall
look at their scope, advantages and disadvantages, essential e-
commerce processes and electronic payment processes, Customer Relationship
Management (CRM) and its three phases, ERPs, its benefits, Challenges and
Trends. We hope you will enjoy learning this unit. All the best then.

Now let’s look at the objectives for this unit.

Objectives
By the end of the session, you should be able to:
a) Explain E-business and E-Commerce systems
b) Understand the scope of E-business and E-commerce system
c) Describe the essential e-commerce and electronic payment processes
d) Explain Customer Relationship Management (CRM) and its three
phases
e) Define ERP and outline its benefits, challenges and trends.
f) Supply chain management (SCM), Roles, Benefits, Challenges and
Trends

CoDEUCC/Bachelor of Science in Information Technology 133

 TELECOMMUNICATION AND NETWORKS
UNIT 4

This is a blank sheet for your short notes on:

 Issues that are not clear, and
 difficult topics, if any.

134 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 1

SESSION 1: E-BUSINESS AND E-COMMERCE SYSTEMS

Welcome to the first session of this unit. In this session, we

shall focus on E-business and E-commerce systems discussing
their components, advantages and disadvantages as well as their components.
Understanding the difference between this two concepts is also important. Relax
and enjoy the session.

Objectives
By the end of this session, you should be able to:
a) Explain E-business, its activities, its components, its advantages and
disadvantages.
b) Describe E-commerce its activities, its advantages and disadvantages.
c) Differentiate between E-commerce and E-business.

Now read on…

4.1 E-business and E-Commerce

The ways that businesses operate have drastically changed over the past few
years. Now, the electronic style of doing business is in charge. Today, people
use a mobile phone with internet access to make purchases online from the
comfort of their homes. The way business is run now is completely different
from how it was in the previous few decades under the traditional manner. Let's
examine the ways in which new business models and methods of purchasing and
selling goods have developed.

4.2 What is E-Business?

E-business, a form of doing business where transactions, commercial operations,

and services take place online, was coined by Intel's marketing and internet team
in 1996. In this type of transaction, the buyer and seller are not required to
interact in person. The procedure is based on digital tools, and all of the
transactions take place online using online banking as the mode of payment. As

CoDEUCC/Bachelor of Science in Information Technology 135

 E-BUSINESS AND E-COMMERCE
UNIT 4
SESSION 1 SYSTEMS

a result, it is a kind of commerce that allows for the purchase and sale of products
and services using digital payments. E-business is the term for conducting all
forms of business operations online. It covers online operations including buying
and selling products, customer education, supply activities, and the purchase of
raw materials and other items. E-business utilizes the internet, intranet, and
extranet.

Examples of E-Business are e-commerce companies and its various internal

business activities, auction site, classified site, software and hardware developer
site etc.

Activities of E-Business are:

• Online store setup

• Customer education
• Buying and selling product
• Monetary business transaction
• Supply Chain Management
• E-mail marketing

4.2.1 Components of E-business

The components of e-business can include the following:

1. Digital Marketing: This refers to the use of digital channels such as

search engines, social media, email and mobile apps to promote a
business and its products or services.
2. Content Management: This is the process of creating, managing and
publishing digital content, such as text, images and videos, through a
website or mobile app.
3. Supply Chain Management: This refers to the coordination and
management of the flow of goods and services, from the supplier to the
customer. This includes logistics, inventory management, and order
fulfillment.
4. Business Intelligence: This is the collection and analysis of data to help
a business make better decisions. This includes data mining, data
analysis, and data visualization.

136 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 1

5. Collaboration and Communication Tools: These are the tools and

platforms that are used to facilitate communication and collaboration
between employees, partners, and customers, such as email, instant
messaging, and video conferencing.
6. Mobile Technology: The use of mobile devices such as smartphones and
tablets to access and interact with e-business systems and services.
7. Cloud Computing: The use of remote servers hosted on the internet to
store, manage, and process data, rather than a local server or personal
computer.

All these components work together to enable an organization to conduct

business electronically and efficiently.

4.2.2 Characteristics of E-Business

E-businesses have some unique characteristics which are as follows:

Easy setup: E-businesses can be set up easily. To participate, all one needs is a
website and a payment gateway that supports digital banking..

No geographic barriers: Due to the fact that e-businesses are conducted online
over the internet, there is a geographic barrier. Customers from anywhere can
buy anything from the business whenever they desire.

Cost efficient: Because they avoid the costs associated with choosing a physical
site for the business, e-businesses are a cost-effective way of operation.

Flexible timing of business: E-business can be carried out at any time and from
any location. There is no limit on timing as it can be operated 24 hours a day
365 days a year.

Cheap marketing: E-businesses don’t require elaborate marketing. The costs

required are only spent on digital marketing which is cheaper than traditional
modes of marketing and advertising.

No interaction between buyer and seller: No communication is necessary

between the seller and the buyer in an online transaction. Transfers and

CoDEUCC/Bachelor of Science in Information Technology 137

 E-BUSINESS AND E-COMMERCE
UNIT 4
SESSION 1 SYSTEMS

transactions can take place online. The transaction is completed electronically,

and the seller ships the order to the buyer's address.

Delivery takes extra time: As the seller may be situated far from the buyer, an
extra amount of time may be required to get the items delivered in e-businesses.

The threat of transaction: E-businesses are especially vulnerable to the

transaction danger because hackers can access banking information and digitally
steal money from accounts. Customers may be located anywhere, purchase
anything, and have the procedure take place whenever they choose.

4.2.3 Advantages of E-Businesses

Some of the most notable advantages are the following −

 Less costly: E-businesses need only a website and software which cost less
than the establishment of a traditional business. So, e-businesses are pocket
friendly.
 Easy to organize: Online businesses can be set up at home with minimum
requirements of internet, website, and a few software.
 Lack of geographic barriers: There is no barrier of geography to e-
businesses. They can sell things worldwide. Customers can be located
anywhere in the world. The only requirement is that the customers should
have internet and digital payment modes available to them.
 Government subsidies: Governments promote and help e-businesses
because they promote digitization. Digitization makes payments transparent
and this helps governments keep track of payments easily.
 Flexible timing: There is no fixed working hour for e-businesses. They can
be operated round the clock and consumers may reach the site any time from
anywhere. There is no need for anyone to stay available from the seller’s
end. The process gets done automatically without any errors.

4.2.4 Disadvantages of E-Businesses

Following are the most notable disadvantages of e-businesses −

138 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 1

 Lack of interpersonal communication: E-business do not engage in one-

on-one communication, in contrast to traditional enterprises. This could
make it difficult to evaluate a product's quality accurately. Furthermore,
because there is no human connection, it is challenging for the company to
gain the consumer's trust.
 Delivery time: In traditional business, we get the product delivered
immediately after payment. However, in the case of e-business, it takes extra
time for the product to reach the consumer.
 More risks: As hackers can easily get consumers’ banking details online, e-
businesses are considered riskier than traditional methods.

4.3 E-Commerce

Most of us have participated in e-commerce because we've all done some sort
of online shopping. Therefore, it should go without saying that ecommerce is
common. However, very few people would be aware that e-commerce has a
history that predates the birth of the internet. E-commerce has its roots in the
Electronic Data Interchange, a method that businesses used to make document
transfers easier in the 1960s. The very first transaction did not happen until 1994.
This included friends buying and selling a CD online using the retail website
NetMarket3.

Since then, the industry has undergone a tremendous lot of change, leading to
significant evolution. As businesses like Alibaba, Amazon, eBay, and Etsy grew
well-known, traditional brick-and-mortar merchants were compelled to adopt
new technologies in order to survive. These businesses established an easily
accessible virtual market place for goods and services. People's ability to shop
online is being facilitated by new technology. By downloading applications,
customers may engage with businesses via smartphones and other devices and
make transactions. The advent of free shipping, which lowers prices for
customers, has also contributed to the ecommerce sector's rise in popularity.

E-commerce refers to the buying and selling of goods and services through the
internet. It is the mode of business where transactions take place via the Internet,
and things are delivered to the consumer’s address by the seller. This can include
online retail sites, online marketplaces, and online auctions. E-business, on the
other hand, encompasses a broader range of activities including not just buying

CoDEUCC/Bachelor of Science in Information Technology 139

 E-BUSINESS AND E-COMMERCE
UNIT 4
SESSION 1 SYSTEMS

and selling but also servicing customers, collaborating with business partners,
and conducting electronic transactions within an organization. E-business often
includes e-commerce but also includes other forms of electronic
communication, such as email and instant messaging. Both e-commerce and e-
business have grown significantly in recent years with the widespread adoption
of the internet and mobile devices, making it easier for businesses and
consumers to connect and conduct transactions online.

Examples of E-Commerce are online retailers like amazon, flipkart, Myntra,

paytm mall, seller of digital goods like ebooks, online service etc.

Activities of E-Commerce are:

• Buying and selling product online

• Online ticketing
• Online Payment
• Paying different taxes
• Online accounting software
• Online customer support

4.3.1 Advantages of E-commerce

• Convenience: Ecommerce can occur 24 hours a day, seven days a week.
Although ecommerce may take a lot of work, it is still possible to generate
sales as you sleep or earn revenue while you are away from your store.
• Increased selection: Many stores offer a wider array of products online than
they carry in their brick-and-mortar counterparts. And many stores that
solely exist online may offer consumers exclusive inventory that is
unavailable elsewhere.
• Potentially lower start-up cost: Ecommerce companies may require a
warehouse or manufacturing site, but they usually don't need a physical
storefront. The cost to operate digitally is often less expensive than needing
to pay rent, insurance, building maintenance, and property taxes.

140 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 1

• International sales: As long as an ecommerce store can ship to the

customer, an ecommerce company can sell to anyone in the world and isn't
limited by physical geography.
• Easier to retarget customers: as customers browse a digital storefront, it is
easier to entice their attention towards placed advertisements, directed
marketing campaigns, or pop-ups specifically aimed at a purpose.

4.3.2 Disadvantage of E-commerce

• Security: Due to attacks by cybercriminals and hackers, online portals have
been mentioned repeatedly in the news. It is a very significant problem since,
as a result of carelessness, your account could be hacked and have all of the
money in it removed. The ugly reality is that financial information can be
hacked on e-commerce websites, and a website cannot guarantee this. To
prevent any data breaches, the website owner must take vital steps to update
the password.
• Limited customer service: if you buy a computer online, you can't just ask a
seller to show you a certain model's features in person. Additionally,
although some websites allow you to communicate online with staff, this is
not a common practice.
• Reliance on technology: If your website crashes, garners an overwhelming
amount of traffic, or must be temporarily taken down for any reason, your
business is effectively closed until the ecommerce storefront is back.

4.3.3 Types of Ecommerce systems

Business-to-Consumer (B2C): In this kind of e-commerce, companies sell

goods or services to customers directly. In this instance, the buyer purchases the
goods from the company. B2C companies include Dell, Intel, and others.
Examples include online retail stores, such as Amazon, and online marketplaces,
such as Etsy.

Consumer-to-Consumer (C2C): This type of e-commerce involves consumers

selling products or services to other consumers. The C2C business is done
between customers to customers. Examples include online marketplaces, such
as eBay and Craigslist.

CoDEUCC/Bachelor of Science in Information Technology 141

 E-BUSINESS AND E-COMMERCE
UNIT 4
SESSION 1 SYSTEMS

Business-to-Business (B2B): This type of e-commerce involves businesses

selling products or services to other businesses. That is the buying and selling of
goods and services occur between businesses. Examples include wholesale
distributors and online marketplaces for industrial goods. Usually,
manufacturers and wholesalers operate with this kind of electronic commerce.
Examples include Alibaba, Qualcomm, etc.

Mobile Commerce (m-commerce): This type of e-commerce involves the

buying and selling of goods and services through mobile devices, such as
smartphones and tablets.

Social Commerce: Social commerce is a subcategory of e-commerce that refers

to the buying and selling of goods and services through social media platforms.

Marketplace: A marketplace is a type of e-commerce platform that allows

multiple vendors to sell their products or services on the same website.

Subscription-based: Subscription-based e-commerce is a model in which

customers pay a recurring fee, usually on a monthly or annual basis, to have
access to a product or service.

Crowdfunding: Crowdfunding platforms allow individuals or businesses to

raise funds from a large number of people, typically via the Internet.

4.4 Difference between E-Commerce and E-Business

E-COMMERCE E-BUSINESS
E-Commerce refers to E-Business refers to performing all type of
performing online commercial business activities through internet.
activities, transactions over
internet.
E-Commerce is a narrow E-Business is a broad concept and it is
concept and it is considered as considered as a superset of E-Commerce.
a subset of E-Business.

142 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 1

Commercial transactions are Business transactions are carried out in e-

carried out in e-commerce. business.
In e-commerce transactions are In e-business transactions are not limited.
limited.
It includes activities like It includes activities like procurement of
buying and selling product, raw materials/goods, customer education,
making monetary transactions supply activities buying and selling product,
etc over internet. making monetary transactions etc over
internet.
It usually requires the use of It requires the use of multiple websites,
only a website. CRMs, ERPs that connect different business
processes.
It involves mandatory use of It involves the use of internet, intranet or
internet. extranet.
E-commerce is more E-business is more appropriate in Business
appropriate in Business to to Business (B2B) context.
Customer (B2C) context.
E-Commerce covers E-Business covers internal as well as
outward/external business external business process/activities
process.

Summary
This sessions enlightened us on the concepts of E-Commerce and E-Business,
their components, advantages and disadvantages. Also it is important to know
how these two are different from each other.

Self-Assessment Questions
Exercise 4.1
a) What is E-business?
b) Mention 5 components of an E-business.
c) What is E-commerce?
d) Mention and explain the types of E-commerce systems.

CoDEUCC/Bachelor of Science in Information Technology 143

 E-BUSINESS AND E-COMMERCE
UNIT 4
SESSION 1 SYSTEMS

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

144 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 2

SESSION 2: SCOPE OF E-BUSINESS AND E-COMMERCE

SYSTEMS
Welcome to another session in this unit. We shall look at the
scope of e-business and e-commerce. We shall also study what
e-business risks are and its various types. Relax and enjoy the session.

Objectives
By the end of this session, you should be able to:
a) Understand the scope of E-business
b) Explain e-business risks and its types
c) Define the scope of e-commerce and some common areas of e-commerce

Now read on…

4.1 Scope of E-business

The scope of an e-business system refers to the range of activities and processes
that it is designed to support. This can include things like online sales and
marketing, customer relationship management, supply chain management, and
more. Some e-business systems may also include features such as analytics and
reporting tools, which can help businesses gain insights into their operations and
make data-driven decisions. Overall, the scope of an e-business system will
depend on the specific needs and goals of the organization using it.

Some common areas that an e-business system may include are:

• E-business is the buying and selling of goods and services over the
internet, as well as the performance of other critical business functions.
It encompasses a broader range of activities than e-commerce.
• E-business encompasses management functions such as planning,
organising, marketing, and production that are carried out electronically.
Inventory management, product development, human resource

CoDEUCC/Bachelor of Science in Information Technology 145

 SCOPE OF E-BUSINESS AND E-
UNIT 4
SESSION 2 COMMERCE SYSTEM

management, and accounting and finance are some of the other functions
covered by e-business.
• E-business courses cover a wide range of topics and offer a variety of
options. Candidates with a diploma or certification in the relevant
discipline can pursue careers in a variety of fields.
• Online sales and marketing: this includes the ability to sell products or
services online, as well as the ability to market them through various
digital channels.
• Supply chain management: This includes the management of inventory,
logistics, and the distribution of goods.
• Customer relationship management: This includes the management of
customer interactions, such as tracking customer orders, handling
customer inquiries, and providing customer support.
• Business intelligence and analytics: This includes the ability to collect
and analyze data on business operations, such as sales and customer
behavior.
• Financial management: This includes the ability to manage financial
transactions, such as invoicing, payments, and accounting.
• Collaboration and communication: this include the ability to collaborate
and communicate with partners, suppliers, and customers.
• IT infrastructure: This includes the hardware and software systems that
support the e-business, such as servers, databases, and network
infrastructure.

4.2 What is e-business Risk?

Online transactions are exposed to a number of dangers in contrast to arm's

length transactions in physical trade. Risk is the possibility that a mishap will
cause the parties to a transaction to suffer monetary, reputational, or
psychological damages. Due to the increased likelihood of these risks in online
transactions, security and safety concerns have become the top priority in e-
business.

The risks associated with transactions, data storage and transmission, and
intellectual property and privacy can all be roughly divided into three groups.

146 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 2

4.2.1 Types of e-business Risks

1. Transaction risks:

Online transactions are subject to the following transaction risks:

• The seller denies that the order was ever placed by the customer, or the
customer denies that he ever placed the order. This is known as ‘default
on order taking/giving.’
• The intended delivery does not occur, goods are delivered to the
incorrect address, or goods other than those ordered are delivered. This
could be considered a ‘default on delivery.’
• The seller does not receive payment for the goods supplied, despite the
customer’s claim that payment was made. This is known as a “default on
payment.”

Thus, in e-business, the risk may arise for either the seller or the buyer as a result
of default in order taking/giving, delivery, and payment. Such situations can be
avoided by mandating identity and location/address verification during
registration, as well as obtaining authorization for order confirmation and
payment realisation.

For instance, the seller may check the "cookies" to ensure that the consumer
entered his information accurately in the registration form. Cookies work
similarly to caller ids in phones, which provide telemarketers access to details

CoDEUCC/Bachelor of Science in Information Technology 147

 SCOPE OF E-BUSINESS AND E-
UNIT 4
SESSION 2 COMMERCE SYSTEM

including a customer's name, address, and history of payments for past

purchases. It is usually advisable to shop at well-known shopping sites to protect
customers from unknown merchants.

2. Data storage and transmission risks:

Power is indeed conferred by knowledge. But take into account what transpires
if power is misused. There are many risks associated with data that is stored in
systems and in transit. Important data may be stolen or changed for personal
gain, adventure, or just plain pleasure.

3. Risks of threat to intellectual property and privacy:

The internet belongs to everyone. Once information is accessible online, it is no

longer considered to be in the private sphere. Then, it becomes challenging to
prevent it from being copied. Data given during online transactions may be
shared with other parties, who may then start flooding your inbox with spam,
advertising, and promotional materials. Hackers might pose as actual clients.
They might utilize legitimate consumers' credit cards that have been stolen. A
dishonest company could run a fake website, solicit consumer payments in
advance, and then not send the ordered goods.

4.3 Scope of E-commerce system

The scope of an e-commerce system typically includes the following

components:

• A website or mobile app for customers to browse and purchase products

or services
• A backend system for managing inventory, processing orders, and
handling customer data
• Payment processing capabilities for accepting various forms of payment
• Integration with shipping and logistics providers for order fulfilment
• Marketing and analytics tools for understanding customer behaviour and
optimizing sales

148 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 2

• Security measures to protect sensitive customer information and prevent

fraud
• Option for customers for tracking their orders and return or replacement
of products if necessary

It may also include additional features such as customer reviews, product

recommendations, and social media integration. The specific features and
functionality of an e-commerce system will vary depending on the needs of the
business and the platform it is built on.

4.3.1 Some common e-commerce system area

Online sales: This includes the ability to sell products or services online, such
as through an online store or marketplace.

Payment processing: This includes the ability to process payments from

customers, such as through credit card, debit card, or electronic funds transfer.

Order management: This includes the ability to manage customer orders, such
as tracking orders, handling cancellations and returns, and providing customer
support.

Inventory management: This includes the ability to manage inventory levels,

such as tracking stock levels and reordering items when necessary.

Shipping and logistics: This includes the ability to manage the logistics of
shipping orders to customers, such as generating shipping labels, tracking
packages, and providing shipping options.

Marketing and promotions: this includes the ability to market products or

services to customers, such as through email campaigns, social media
advertising, and targeted promotions.

Customer account management: This includes the ability to manage customer

accounts, such as tracking customer information, order history, and purchase
history.

CoDEUCC/Bachelor of Science in Information Technology 149

 SCOPE OF E-BUSINESS AND E-
UNIT 4
SESSION 2 COMMERCE SYSTEM

IT infrastructure: This includes the hardware and software systems that support
the e-commerce, such as servers, databases, and network infrastructure.

Summary
This sessions helped us understand the scope of E-Commerce and E-Business,
and some common areas within this domain. We also explained what E-business
risks are and the various types.

Self-Assessment Questions
Exercise 4.2
a) Mention and explain the types of E-business risks.

150 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 3

SESSION 3: ESSENTIAL E-COMMERCE PROCESSES AND

ELECTRONIC PAYMENT PROCESSES
Welcome to this session. E-commerce requires some essential
process that must be followed so you can complete a
transaction successfully. We shall study about these e-commerce processes and
electronic payment processes in this session. Enjoy the session.

Objectives
By the end of this session, you should be able to:
a) Outline E-commerce processes necessary for a successful transaction.
b) Describe electronic payment system and how they work.

Now read on…

4.1 E-commerce process

The e-commerce process includes several steps that must be completed in order
for a successful transaction to take place:

1. Product or Service Selection: The process of selecting the products or

services that a business will sell online. The customer visits the e-
commerce website and selects the products or services they wish to
purchase. This includes researching market trends, identifying customer
needs and preferences, and sourcing products or services.
2. Shopping Cart: The customer adds the selected products or services to
a virtual shopping cart and proceeds to the checkout page.
3. Payment Processing: The process of accepting and processing
payments from customers. This includes setting up a payment gateway,
implementing security measures to protect sensitive information, and
reconciling payments with financial records. Here, the customer enters
their payment information and the e-commerce system processes the

CoDEUCC/Bachelor of Science in Information Technology 151

 ESSENTIAL E-COMMERCE
UNIT 4
SESSION 3 PROCESSES AND ELECTRONIC
PAYMENT PROCESSES

transaction. This step includes verification of the customer's payment

method and authorization of the transaction.
4. Order Confirmation: The customer receives an email or other
notification confirming that their order has been received and is being
processed.
5. Order Fulfilment: The process of preparing and shipping orders to
customers. This includes picking, packing, and shipping the products,
as well as tracking the status of the order and providing customers with
updates. The e-commerce system processes the order and arranges for
the physical delivery of the products or services to the customer. This
step includes inventory management, packaging, and shipping.
6. Inventory Management: The process of managing the inventory of
products or services. This includes tracking stock levels, monitoring
sales trends, and reordering products as needed.
7. Customer Service: The process of providing assistance and support to
customers throughout their shopping experience. This includes
answering questions, addressing concerns, and resolving any issues that
may arise.
8. Marketing and Promotion: The process of promoting products or
services to potential customers. This includes creating marketing
campaigns, analysing data to target specific audiences, and measuring
the effectiveness of marketing efforts.
9. Logistics and Supply Chain: The process of managing the movement
of goods and services from the supplier to the customer. This includes
coordinating with logistics providers and suppliers, tracking inventory,
and managing distribution channels.
10. Data Analysis: The process of collecting and analysing data to make
informed business decisions. This includes tracking website traffic,
monitoring customer behaviour, and measuring the effectiveness of
marketing campaigns.
11. Cybersecurity: The process of protecting sensitive information from
cyberattacks and ensuring the integrity of the e-commerce platform.
This includes implementing encryption, secure servers, and firewalls to
keep customer data safe.

152 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 3

Some e-commerce systems also include additional steps, such as marketing

and customer relationship management, to further enhance the customer's
experience. These processes are essential for a successful e-commerce
transaction and form the foundation of any e-commerce system. Without these
processes in place, it would be difficult for businesses to sell products or
services online and manage customer interactions effectively.

4.2 E-commerce payment process

An electronic payment system is a method of making financial transactions

electronically, rather than using cash or checks. The transactions are typically
initiated by the payer, who initiates the payment through a financial institution
or a payment service provider. The payment is then processed through a
network of banks and other financial institutions, which ultimately results in
the transfer of funds from the payer's account to the payee's account. Electronic
payment systems can include credit and debit card payments, electronic funds
transfers (EFTs), direct debits, ACH payments, e-checks, digital wallets, and
cryptocurrencies. These systems provide many benefits over traditional
payment methods, such as speed, convenience, security, and the ability to track
and monitor transactions.

There are several electronic payment processes, including:

1. Credit/debit card payments: Payments made using a physical or virtual

credit or debit card.
2. Electronic funds transfer (EFT): Payments made directly from one bank
account to another through electronic means.
3. Direct debit: An electronic payment process where a customer
authorizes a merchant to directly debit their bank account for payment.
4. ACH (Automated Clearing House) payments: An electronic network for
financial transactions in the United States.
5. e-checks: An electronic version of a traditional paper check that can be
processed through the ACH network.
6. Digital wallets: Electronic devices or online service that store a
customer's payment information, such as credit card or bank account
information, and can be used to make payments without entering the
information manually each time.

CoDEUCC/Bachelor of Science in Information Technology 153

 ESSENTIAL E-COMMERCE
UNIT 4
SESSION 3 PROCESSES AND ELECTRONIC
PAYMENT PROCESSES

7. Cryptocurrency: digital or virtual currency that use cryptography for

security, it's decentralized and controlled by a blockchain.

4.2.1 How does an electronic payment system work?

Electronic payment systems work by facilitating the transfer of funds between

a payer and a payee through electronic means. The process typically involves
the following steps:

1. The payer initiates the payment: The payer initiates the payment by
providing the payee's account information, such as their bank account
number or credit card details. This information can be provided through
a website, mobile app, or point-of-sale (POS) terminal.
2. Payment authorization: The payer's financial institution or payment
service provider will authorize the payment by verifying the payer's
account information and checking that there are sufficient funds to
complete the transaction.
3. Payment processing: Once the payment is authorized, it is sent to the
payee's financial institution or payment service provider for processing.
This typically involves the transfer of funds between the payer's and
payee's accounts through a network of banks and other financial
institutions.
4. Payment confirmation: Once the payment is processed, the payee's
financial institution or payment service provider will send a
confirmation of the payment to the payee and the payer, which may
include a receipt or confirmation number.
5. Settlement: Final step, the payee and payer's financial institutions will
settle the transaction, this mean that the payer's bank will credit the
payee's bank account with the amount of the transaction.

Summary
This sessions explained essential e-commerce processes and electronic payment
processes

154 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 3

Self-Assessment Questions
Exercise 4.3
a) How does an electronic payment system work?

CoDEUCC/Bachelor of Science in Information Technology 155

 ESSENTIAL E-COMMERCE
UNIT 4
SESSION 3 PROCESSES AND ELECTRONIC
PAYMENT PROCESSES

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

156 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 4

SESSION 4: CUSTOMER RELATIONSHIP MANAGEMENT

(CRM) AND ITS PHASES
You are welcome to this session. In this session, we will look
at Customer Relationship Management (CRM). The goal of
CRM is to improve interactions with customers in order to promote client
retention and increase sales. We will study CRM phases, its components,
benefits as well as its challenges. Sit back, relax and enjoy the session.

Objectives
By the end of this session, you should be able to:
a) Describe Customer Relationship Management (CRM), its features,
components, benefits and challenges
b) Explain the three phases of Customer Relationship Management
(CRM)

Now read on…

4.1 Customer Relationship Management (CRM)

In order to manage and analyse customer interactions and data across the
customer lifecycle, businesses employ a combination of practices, strategies,
and technologies known as customer relationship management (CRM). The goal
is to improve interactions with customers in order to promote client retention
and increase sales. CRM systems gather information about customers from
various points of contact between them and the business, such as the company's
website, the company's phone line, live chat, direct mail, marketing materials,
and social media. CRM systems can also give staff workers who deal with
consumers in-depth knowledge of their personal data, purchasing history,
shopping preferences, and issues.

CRM involves using technology, such as software and databases, to organize,

automate, and synchronize sales, marketing, customer service, and technical
support processes. This allows organizations to have a single, centralized view

CoDEUCC/Bachelor of Science in Information Technology 157

 CUSTOMER RELATIONSHIP
UNIT 4
SESSION 4 MANAGEMENT (CRM) AND ITS PHASES

of each customer, which helps them better understand their needs and
preferences.

CRM systems typically include the following features:

• Contact management: This allows organizations to store and organize

information about customers and prospects, such as contact information,
purchase history, and communication history.
• Sales management: This helps organizations manage the sales process,
from lead generation to closing deals. It typically includes features such
as lead tracking, opportunity management, and forecasting.
• Marketing automation: This helps organizations automate and manage
marketing campaigns and activities, such as email marketing, social
media, and advertising.
• Customer service and support: This helps organizations manage
customer inquiries, complaints, and issues. It typically includes features
such as a knowledge base, ticketing system, and customer self-service
portals.

There are different types of CRM, including:

• Operational CRM: This focuses on automating and streamlining day-to-

day processes, such as sales and customer service.
• Analytical CRM: This focuses on using data and analytics to better
understand customers and make informed decisions.
• Collaborative CRM: This focuses on improving collaboration and
communication across different departments and teams within an
organization.

However, it's important for organizations to have a clear plan in place for
implementing and utilizing a CRM system, as well as regularly review and
update it to ensure it continues to meet the organization's needs

158 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 4

4.1.1 CRM benefits

There are several benefits to implementing a customer relationship management

(CRM) system, including:

1. Improved customer satisfaction and loyalty: By having a central view of

each customer, organizations can better understand their needs and
preferences, which can lead to more personalized and effective
interactions. This can ultimately improve customer satisfaction and
loyalty.
2. Increased sales and revenue: CRM systems can help organizations
identify potential sales opportunities, manage leads and customer
interactions more effectively, and track sales performance. This can
ultimately lead to an increase in sales and revenue.
3. Improved efficiency and productivity: CRM systems automate and
streamline many of the processes involved in managing customer
interactions, such as sales, marketing, and customer service. This can
help organizations save time and increase productivity.
4. Enhanced decision-making and strategic planning: CRM systems
provide organizations with a wealth of data and analytics about their
customers and sales performance. This can help organizations identify
patterns and trends, make informed decisions, and develop more
effective marketing and sales strategies.
5. Better communication and collaboration: Collaborative CRM allow
different departments and teams within an organization to share
customer information and communicate more effectively, which can
help improve the overall customer experience.
6. Scalability and flexibility: CRM systems are designed to be able to grow
and adapt as your business grows and evolves. This allows you to start
with a basic system and add features as your needs change, rather than
having to completely replace it.
7. Automate data entry: By using a CRM, your team will never have to
spend time recording emails, calls, meetings, and interactions because
all of this information will be automatically gathered and compiled
within the system. Additionally, a CRM enables sales representatives to
update all offers according to the stage they are in; the system will then
take care of the rest automatically (e.g., weighting, summation,
visualization), making the process as effective as possible for all parties.

CoDEUCC/Bachelor of Science in Information Technology 159

 CUSTOMER RELATIONSHIP
UNIT 4
SESSION 4 MANAGEMENT (CRM) AND ITS PHASES

8. Organize contact data: Regardless of the buyer's journey stage, CRMs

enable your team to easily keep track of every contact (and the data
associated with them). Reps will even be able to know if a contact has
visited a company’s website, downloaded content from it, or has spoken
with a member of your sales team through your website. Reps can also
record notes from phone calls or emails they have with prospects and
contacts. What's best is that, Within the CRM, all of this data is always
searchable.

It's important to note that while a CRM system can provide many benefits to an
organization, it is only effective if it is implemented and used correctly. A well-
implemented CRM system can help organizations improve their customer
relationships, increase sales and revenue, and enhance strategic planning.

4.1.2 Components of CRM

At its most basic level, CRM software compiles customer data and stores it in a
single CRM database for easier management and access by company users.
CRM systems have had a lot of extra features added to them throughout time to
increase their use. Some of these features include the ability for managers to
monitor performance and productivity based on data logged within the system,
as well as the ability to automate various workflow automation processes, such
as tasks, calendars, and alerts, depending on system capabilities. Other features
include recording various customer interactions via email, phone, social media,
or other channels.

The main components of a customer relationship management (CRM) system

include:

1. Contact management: This component allows organizations to store and

organize information about customers and prospects, such as contact
information, purchase history, and communication history. This
information is typically stored in a centralized database, which can be
accessed by different departments and teams within the organization.

160 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 4

2. Sales management: This component helps organizations manage the

sales process, from lead generation to closing deals. It typically includes
features such as lead tracking, opportunity management, and forecasting.
Sales management can be used to identify potential sales opportunities,
manage customer interactions, and track sales performance.
3. Marketing automation: This component helps organizations automate
and manage marketing campaigns and activities, such as email
marketing, social media, and advertising. Marketing automation can be
used to create and manage marketing campaigns, track their
performance, and analyse customer data.
4. Customer service and support: This component helps organizations
manage customer inquiries, complaints, and issues. It typically includes
features such as a knowledge base, ticketing system, and customer self-
service portals. Customer service and support can be used to manage
customer interactions, resolve customer issues, and track customer
satisfaction.
5. Analytics and reporting: This component provides organizations with a
wealth of data and analytics about their customers and sales
performance. It can be used to identify patterns and trends, make
informed decisions, and develop more effective marketing and sales
strategies.
6. Mobile and Social media integration: Many CRM systems now have
mobile apps and social media integration capabilities, this allows the
organization to access customer data and respond to customer inquiries,
complaints and issues from anywhere and at any time.
7. Customization: Many CRM systems are customizable, which allows
organizations to tailor the system to their specific needs and processes.
This can include custom fields, workflows, and business rules.

These components work together to provide organizations with a centralized

view of each customer, allowing them to better understand their needs and
preferences, improve customer satisfaction and loyalty, increase sales and
revenue, and enhance decision-making and strategic planning.

4.1.3 Challenges of CRM

There are several challenges that businesses may face when implementing a
customer relationship management (CRM) strategy:

CoDEUCC/Bachelor of Science in Information Technology 161

 CUSTOMER RELATIONSHIP
UNIT 4
SESSION 4 MANAGEMENT (CRM) AND ITS PHASES

1. Data Management: Customer data collection, storage, and analysis can

be very difficult. Businesses must make sure that their data is reliable,
current, and simple to access by those who require it.
2. Integration with other systems: It might be difficult to integrate a CRM
system with other platforms like e-commerce, accounting, and marketing
automation. To avoid data silos and duplicative data entry, businesses
must guarantee that their CRM system can communicate data seamlessly
with various other systems.
3. User Adoption: A CRM system can only be effective if employees are
using it. Businesses need to ensure that their employees understand the
value of the CRM system and are trained on how to use it properly.
4. Customization: Because CRM systems are intricate and extremely
adaptable, it can be difficult for firms to discover the ideal setup for their
unique requirements. To guarantee that the CRM system is configured
properly, businesses need to carefully assess their unique requirements
and collaborate with their CRM vendor..
5. Data security: CRM systems store sensitive customer information, and
businesses need to ensure that this data is protected from unauthorized
access or breaches.
6. Scalability: As a business grows, its CRM needs will also change.
Businesses need to ensure that their CRM system is scalable and can
adapt to their changing needs over time.
7. Measuring success: Since a CRM strategy often incorporates multiple
departments and might be difficult to link results to specific activities,
measuring its performance can be challenging. Businesses must set up
specific objectives and Key metrics for their CRM strategy and monitor
development over time.

162 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 4

4.2 Three phases of CRM

Customer acquisition, customer retention, and customer extension are three key
strategies used in customer relationship management (CRM) to manage
interactions with current and potential customers.

1. Customer Acquisition:
Traditionally, acquiring consumers has been the most crucial first step in
developing business links. CRM uses sophisticated software databases to gather
crucial client information at the time of first contact. Name, address, phone
number, email address, and occasionally social media profiles are all included
in a prospect's profile data. Future and ongoing communication access is made
possible by entering this data into a computer. Starting a formal relationship with
new prospects and clients also gives you the opportunity to track their behaviour
through data analysis. For now, many databases enable analytics, the automated
analysis of data through programmed tools. Salespeople can identify at any point
in time, for instance, what percentage of customers are at each stage of the
opportunity pipeline, or sales process. With the use of this knowledge, targeting
can be optimized to prevent bottlenecks and make relationship-building efforts
easier. This strategy focuses on acquiring new customers by identifying and
targeting potential customers and converting them into paying customers. This
includes activities such as lead generation, marketing campaigns, and sales
efforts. The goal is to increase the number of customers and grow the customer
base.

2. Customer Retention
The primary goal of collecting data on new clients is to raise retention rates. You
can lower your company's churn rate by using effective data analysis, regular
and systematic follow-up communications with contacts, and well-serviced
accounts. You can focus more on keeping core clients by using data analysis to
pinpoint the characteristics of prospects and customers with the highest lifetime
earning potential. This strategy focuses on keeping existing customers by
building strong relationships and providing excellent customer service. This
includes activities such as customer service, loyalty programs, and upselling.
The goal is to reduce customer churn and maintain a stable customer base.

CoDEUCC/Bachelor of Science in Information Technology 163

 CUSTOMER RELATIONSHIP
UNIT 4
SESSION 4 MANAGEMENT (CRM) AND ITS PHASES

3. Customer Extension
Activities in the CRM's client extension phase are designed to prolong
conventional customer relationships and increase revenue. A simple perspective
is that satisfying a customer during one buying experience increases the
likelihood of a follow-up visit. Over time, delivering quality solutions, following
through on commitments and addressing problems convert a buyer into a loyal
customer. You also can enhance revenue through add-on product selling and
cross-selling, which involves recommending unrelated solutions. Because of the
high costs of customer acquisition, extending relationships with customers
already captured is hugely valuable for a business. This strategy focuses on
expanding the relationship with existing customers by identifying and selling
additional products or services. This includes activities such as cross-selling,
upselling, and providing additional value-added services. The goal is to increase
the value of each customer and grow the revenue from existing customers.

These three strategies are closely related and are often used together to manage
customer interactions and drive business growth. A well-executed CRM strategy
will work on acquiring new customers, retaining existing customers and also
increasing the business from existing customers. By doing so, the company can
achieve a balance between customer acquisition and retention, and maintain a
steady growth of the customer base and revenue.

Summary
This sessions explained CRM concepts and it three phases. A well-executed
CRM strategy will work on acquiring new customers, retaining existing
customers and also increasing the business from existing customers.

Self-Assessment Questions
Exercise 4.4
a) What is Customer Relationship Management?
b) State and explain 5 challenges of CRM.
c) State and explain the three Phases of CRM.

164 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 5

SESSION 5: ENTERPRISE RESOURCE PLANNING (ERP),

BENEFITS, CHALLENGES AND TRENDS
You are welcome to another exciting session. This session will
enlighten as about Enterprise Resource Planning (ERP), its
benefits, challenges and trends. The scope of ERP is to integrate all the functions
of an organization and make them work together in a seamless and efficient
manner. Enjoy the session then.

Objectives
By the end of this session, you should be able to:

a) Explain Enterprise Resource Planning (ERP), its benefits and

disadvantages.
b) Outline the trends of Enterprise Resource Planning (ERP).

Now read on…

4.1 Enterprise Resource Planning (ERP)

Enterprise Resource Planning (ERP) is a type of software that organizations use

to manage and automate many of their business processes, such as accounting,
inventory management, human resources, and customer relationship
management. The scope of ERP is to integrate all the functions of an
organization and make them work together in a seamless and efficient manner.
A complete ERP suite also includes enterprise performance management,
software that helps plan, budget, predict, and report on an organization’s
financial results.

An ERP system typically includes modules for:

• Financial management: This includes accounting, budgeting, and

financial reporting.

CoDEUCC/Bachelor of Science in Information Technology 165

 ENTERPRISE RESOURCE PLANNING
UNIT 4
SESSION 5 (ERP), BENEFITS, CHALLENGES AND
TRENDS

• Supply chain management: This includes inventory management,

procurement, and logistics.
• Human resources management: This includes employee information,
payroll, and benefits administration.
• Manufacturing and production management: This includes product
planning, bill of materials, and production scheduling.
• Sales and marketing management: This includes customer relationship
management, sales forecasting, and marketing campaigns.
• Project management: This includes project planning, scheduling, and
resource allocation.

ERP systems also provide a centralized database, which allows different

departments and teams within an organization to access and share information.
This can help improve communication, collaboration, and decision-making
across the organization.

ERP systems are designed to be highly customizable, which means they can be
tailored to the specific needs and processes of different organizations. This
allows companies to automate and streamline their operations, making them
more efficient and productive.

In addition to these traditional ERP modules, many systems now also include
additional functionality such as customer relationship management, business
intelligence, and analytics, allowing organizations to gain a more comprehensive
view of their business.

ERP systems can be useful for organizations of all sizes, as it allows them to
integrate different departments and processes, helping them to gain efficiency,
cost savings and more accurate data to make better decisions

4.1.1 Benefits of ERP

1. Higher productivity: Streamline and automate your core business

processes to help everyone in your organization do more with fewer
resources.
166 CoDEUCC/Bachelor of Science in Information Technology
E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 5

2. Deeper insights: Eliminate information silos, gain a single source of

truth, and get fast answers to mission-critical business questions.
3. Accelerated reporting: Fast-track business and financial reporting and
easily share results. Act on insights and improve performance in real
time.
4. Lower risk: Maximize business visibility and control, ensure
compliance with regulatory requirements, and predict and prevent risk.
5. Simpler IT: By using integrated ERP applications that share a database,
you can simplify IT and give everyone an easier way to work.
6. Improved agility: With efficient operations and ready access to real-time
data, you can quickly identify and react to new opportunities.
7. Better Customer Service: A portion of the data ERP provides a central
hub for its customer information. Multiple departments can easily access
and collaborate on customer needs for faster response times and
improved delivery and order accuracy with centralized customer data.
Sales representatives can focus on building customer relationships
instead of maintaining spreadsheets and marketers can create customer-
focused campaigns.
8. Improved Collaboration: ERP systems also connect teams, improving
communication and employee engagement. With an ERP system, every
approved employee has on-demand access to operational data, allowing
them to understand all of the company’s moving parts and the role they
play. Reduced silos and real-time project updates further aid the
efficiency that leads to smoother workflows and cost savings.
Collaboration capabilities also extend outside the four walls of an
organization to connect with key trading partners and further progress
business benefits.
9. Flexibility: One thing many users like about today’s ERP systems is their
modularity. A modular makeup means that applications can be used
singularly or together as a full suite. A company can pick and choose
which applications best suit their business needs without having to
purchase what it doesn’t need. This flexibility helps businesses move
away from the clunky systems they’ve been using.

CoDEUCC/Bachelor of Science in Information Technology 167

 ENTERPRISE RESOURCE PLANNING
UNIT 4
SESSION 5 (ERP), BENEFITS, CHALLENGES AND
TRENDS

4.1.2 Disadvantages of ERP

Nothing is perfect, therefore it's important to consider the drawbacks of ERP

when you start comparing systems. Here are the most common challenges you
may encounter after implementing a new ERP system:

Complexity: Because ERP systems offer such a wide range of features and
capabilities, they are also incredibly complex, which some users find
challenging to manage. Nowadays, it's rare for businesses to believe that
adequately planning and preparing for ERP deployment is important, which
results in a waste of resources (both time and money). To become proficient in
every feature of the ERP solution, your business will need to invest a lot of time
and energy. Additionally, new hires who replace departing experienced ERP
system users must spend a significant amount of time learning the system from
scratch rather than jumping right in.

Slow Implementation: A new enterprise resource planning system's

implementation is a difficult and drawn-out process that can take up to two
years. This is one of the key reasons you need to plan the transition process
and prepare adequately in order to prevent interruptions and save yourself from
failure. After implementation, set aside time to learn the new ERP platform
because even tech specialists require time to fully comprehend the system.

Slow Data Migration: You will need to enter current data into a new format
while using an ERP system for the first time. The data migration procedure can
take a while to finish, especially if done manually, depending on your industry.
This is true of digital data as well. Verify again that no data is duplicated or
lost during the migration. Fortunately, many ERP systems can easily be
organized and uploaded because they are compatible with existing data storage
software.

Upfront Costs: There are initial costs to keep in mind when considering an
ERP system, particularly an on-premise system, such as the cost of
implementation, maintenance, training and potential third-party software add-
ins. The cost is easier to manage if you opt for a cloud-hosted ERP solution,
168 CoDEUCC/Bachelor of Science in Information Technology
E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 5

however. Cloud ERP solutions typically operate on a monthly subscription, so

you’ll be billed over time. Either way, the counter to this disadvantage is the
long-term cost savings having an ERP system provides.

Training: To get the most out of ERP software, proper training is a must.
Training should cover all of the ERP system’s features, with sessions in line
with business processes. IT staff should also be trained to manage the technical
aspects of the system. To prevent knowledge loss when trained employees
leave the company, an organization would be wise to invest the time to create
ERP training plans, manuals and other resources for new team members to
quickly become acquainted with the system.

Buy-in: Making company changes is always time-consuming and requires

back and forth between stakeholders. This is especially the case when adopting
new technology. This process usually requires getting approval and support
from the top down, which can be challenging if those you seek buy-in from
don’t understand the value of ERP. Once implemented, it may also be difficult
to get some employees on board with utilizing the system and learning how to
best use its features.

Customization: A system should be adjusted to a company's requirements in

order to fully exploit the benefits of ERP. Success depends on modifying the
system, whether it is ready-to-use or custom-made, to suit business
requirements and procedures. Every company must be willing to invest the
effort necessary to guarantee that an ERP system has all the capabilities it
requires and none that it does not. Otherwise, investing in ERP is not prudent.

4.2 Trends of ERP

Cloud ERP
In the past, many businesses relied on on-premises ERP software and were
hesitant to move their essential business functions to the cloud, but this is quickly
changing. Businesses are embracing cloud ERP to benefit from a more simple
and direct deployment, lower costs, elasticity (i.e., the capacity to only use the
resources required at any given time), new functionality, a reduced need for
internal IT resources, and the capacity to add users and functions with ease to
accommodate business growth.

CoDEUCC/Bachelor of Science in Information Technology 169

 ENTERPRISE RESOURCE PLANNING
UNIT 4
SESSION 5 (ERP), BENEFITS, CHALLENGES AND
TRENDS

Two-Tier ERP
Many businesses attempted to deploy a single ERP system that would serve the
corporate office, as well as all regional offices and subsidiaries.
However, in fact, that strategy was often expensive and difficult to adopt because
subsidiaries frequently had unique needs, didn't require the entire capability of
the corporate system, and battled with the one-size-fits-all strategy. One of the
most popular ERP trends nowadays is two-tier ERP, which is due to this. With
two-tier ERP, businesses can take advantage of their current ERP system
investments at the corporate level (tier 1) while subsidiaries and divisions use a
separate ERP solution (tier 2), which is often cloud-based. Larger companies
may continue to use their core ERP system for financials and other core
processes, while smaller business units turn to solutions that address their
specialized needs. The effectiveness of this approach depends in part on the
ability to exchange data between the tiers—some tier 2 cloud solutions include
built-in capabilities for integration with corporate ERP systems.
There are a number of benefits to this approach. It’s often less costly than
retrofitting the corporate ERP system to work for the entire business. A tier 2
solution may be simpler to implement and provide subsidiaries with more
flexibility to respond to changing business conditions. In addition, the two-tiered
approach may be better suited for organizations in high-growth mode.

Digital Transformation
Digital technology integration into all corporate processes to enhance daily
operations is referred to as "digital transformation." While raising employee
productivity, enhancing customer service, and improving communication, this
strategy can frequently increase revenue and competitiveness. Since an ERP
suite often affects the majority of a company's operations, it makes sense to start
there in order to facilitate this shift.

Personalization
ERP platforms with complex scripting languages were difficult to customize to
the specialized needs of each business. But organizations can now take
advantage of cloud ERP platforms designed for easier configuration, or what
analysts call “low-code” platforms. There’s also a growing range of ERP
solutions tailored to the needs of specific industries.

170 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 5

As companies focus on delivering more personalized, relevant experiences to

customers, they need ERP systems that can accommodate those needs with
features like highly customizable dashboards. One emerging trend is the
growing popularity of AI-based assistive and conversational user interfaces such
as chatbots, which can interpret user voice or text input and respond to questions
using customer and order information stored within the ERP.

AI-Powered Insights and Improvements

Artificial intelligence and machine learning capabilities embedded into ERP
systems work behind the scenes to help meet increased demand for
personalization and improve a broad range of business processes. While
companies could add AI functionality to some ERP systems in the past, more
vendors now offer ERP software with these capabilities built in.
AI can deliver significant benefits for businesses, including:
As organizations receive more operational and customer data than ever before,
they look to AI to give important business insights based on that knowledge.
Huge amounts of unstructured data are scanned by AI systems, which then
swiftly recognize patterns and foresee a variety of trends that would be
impossible to detect with manual number crunching alone.
AI helps to automate and improve a whole range of processes. For example,
consider a manufacturer that adopts a just-in-time inventory strategy, which
aims to deliver components at the last possible moment to minimize inventory
carrying costs. AI, in the form of machine learning, can optimize the supply
delivery and labour schedules to increase productivity and lower costs.

Mobile ERP
ERP suppliers have long provided mobile functionality, and mobile apps are
increasingly common. In order to enable employees to perform both back-end
and front-end duties wherever they are, from the warehouse floor to a retail
checkout terminal to an airport, ERP solutions are developing to offer on-the-go
access to vital business data. For geographically scattered workforces operating
in several time zones, mobile ERP can also promote collaboration.
Users who are not in front of a computer can complete tasks using mobile ERP
apps that have been created with an intuitive user interface. Employees can use
their smartphones to accomplish tasks like expense reporting, call logging, and
time tracking, as well as to check the progress of crucial workflows or approvals.
Real-time data and insights are provided by mobile ERP, which also offers

CoDEUCC/Bachelor of Science in Information Technology 171

 ENTERPRISE RESOURCE PLANNING
UNIT 4
SESSION 5 (ERP), BENEFITS, CHALLENGES AND
TRENDS

general advantages including always-on remote access, increased productivity,

quicker and more accurate data capture, and increased agility.

Summary
In this sessions we studied about ERP, its benefits, challenges and some trends
in ERP. A complete ERP suite also includes enterprise performance
management, software that helps plan, budget, predict, and report on an
organization’s financial results.

Self-Assessment Questions
Exercise 4.5
a) State five (5) benefits of ERP.
b) State three (3) disadvantage of ERP.

172 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 6

SESSION 6: SUPPLY CHAIN MANAGEMENT (SCM),

ROLES, BENEFITS, CHALLENGES AND TRENDS
Well done!!! You just got to the last session of this unit. In this
session, we shall conclude the unit by discussing Supply chain
management (SCM) concept, its role, benefits, challenges and trends. SCM is a
strategic process that involves the coordination of all activities across the entire
supply chain, including suppliers, manufacturers, distributors, and customers.
Relax and enjoy the session then.

Objectives
By the end of this session, you should be able to:
a) Describe Supply chain management (SCM), its role, benefits and
challenges.
b) Explain the Supply Chain Management (SCM) trends.

Now read on…

4.1 Supply chain management (SCM)

Supply chain management (SCM) is the process of managing the flow of goods,
services, and information from the point of origin to the point of consumption.
The goal of SCM is to improve the efficiency and effectiveness of an
organization's supply chain, which can include everything from sourcing raw
materials to delivering finished products to customers. SCM includes the
coordination and management of all the activities involved in sourcing,
procurement, conversion, and logistics management. It covers the planning and
management of all activities involved in sourcing and procurement, conversion
and all logistics management activities, including transportation, warehousing,
and distribution. SCM is a strategic process that involves the coordination of all
activities across the entire supply chain, including suppliers, manufacturers,
distributors, and customers. The focus is on improving the efficiency and
effectiveness of the supply chain as a whole, rather than just looking at the
performance of individual components.

CoDEUCC/Bachelor of Science in Information Technology 173

 ENTERPRISE RESOURCE PLANNING
UNIT 4
SESSION 6 (ERP), BENEFITS, CHALLENGES AND
TRENDS

This can include activities such as:

a) Sourcing raw materials and components from suppliers
b) Managing inventory levels
c) Planning and scheduling production
d) Coordinating logistics and transportation
e) Managing relationships with suppliers and customers
f) Monitoring and analysing performance metrics
g) Effective supply chain management can help organizations to reduce
costs, improve efficiency, increase flexibility, and respond more quickly
to changes in customer demand.

4.1.1 Roles of SCM

The roles of SCM are outlined below;

Increase Customer Service:

Managing customer service is one of the most crucial duties and responsibilities
in the supply chain. Customers should always be able to find what they want.
Whether it be a product, a fix for their problems, or responses to their inquiries.
The international supply chain management team makes sure that the platform
for customer care is available around-the-clock so that customers feel linked to
the company and want to do business with it.

Reduce Production Cost:

The first and most important thing managers have to do is to reduce the
production cost of the items. It is done by:
• Introducing machines in the industry.

• Buy the raw materials directly from the factories or the wholesale
markets.
• Reduce the number of rejected or failed items.
• Increasing the efficiency of the workforce.

174 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 6

Improve Quality of Products:

It is true that there needs to be a decrease in the cost of manufacturing the goods,
but there also needs to be an improvement in their quality. Only until the quality
of the raw materials and product manufacturing is guaranteed will buyers be
drawn in. In order to deliver the finest results across all supply chain
management businesses, they must be strong, dependable, and long-lasting.

Improve Financial Position:

The company has to improve its financial status. It has to be assured that the
customers will return to buy the products once again because they are satisfied
with the previous items. The supply chain management has to work in such a
way that
• The cash flow of the company will increase.

• The number of fixed assets will decrease.

• The profit leverage will increase.
It will make the customer believe that the company is progressing and showing
positive results.

Development of Best Marketing Strategies:

To ensure that the company's products are available in the best possible way, the
supply chain management team must create the greatest marketing strategy.
Consumers normally make purchasing decisions based on the adverts offered
across many channels.

4.1.2 Benefits of SCM

Due to the complexity of today's global supply chains, data-driven supply chain
management is essential. The monitoring of the flow of information, services,
and commodities from procurement to manufacture and delivery to the final
customer is made possible by data-driven SCM, which offers visibility from start
to end. Effective supply chain management is influenced by a variety of
elements, not just data; these include strong vendor and supplier relationships,
efficient cost control, finding the right logistical partners, and implementing
cutting-edge supply chain technologies.

CoDEUCC/Bachelor of Science in Information Technology 175

 ENTERPRISE RESOURCE PLANNING
UNIT 4
SESSION 6 (ERP), BENEFITS, CHALLENGES AND
TRENDS

Although supply chain optimization is not an easy task, effective SCM has many
advantages that boost the bottom line.
Here are eight of the most significant advantages of successful supply chain
management.

1. Cost savings: SCM can help e-commerce companies to reduce costs by

streamlining operations, improving inventory management, and
negotiating better deals with suppliers.
2. Increased efficiency: Having real-time data on the availability of raw
materials and manufacturing delays allows companies to implement
backup plans, such as sourcing materials from a backup supplier,
preventing further delays. Without real-time data, companies often don’t
have time to initiate plan B, resulting in issues such as out-of-stock
inventory or late shipments to end consumers. SCM can help e-
commerce companies to increase efficiency by automating processes,
reducing lead times, and improving coordination across the supply chain.
3. Improved customer service: SCM can help e-commerce companies to
improve customer service by providing faster delivery times, better
product availability, and more accurate tracking and reporting.
4. Better forecasting: SCM can help e-commerce companies to forecast
demand more accurately, which can improve inventory management and
reduce stockouts.
5. Increased agility: SCM can help e-commerce companies to be more
responsive to changes in customer demand, by reducing lead times,
increasing flexibility, and improving communication throughout the
supply chain.
6. Better supplier relationships: SCM can help e-commerce companies to
develop better relationships with suppliers, by improving
communication and collaboration.

176 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 6

7. Better data management: SCM can help e-commerce companies to

collect, store, and analyse data more effectively, which can improve
decision-making and performance monitoring.
8. Improved sustainability: SCM can help e-commerce companies to
improve sustainability by reducing waste, emissions, and energy
consumption across the supply chain.

4.1.3 Challenges of SCM

There are several challenges that companies may face in supply chain
management, including:

1. Lack of visibility and traceability in the supply chain.

2. Difficulty in managing and coordinating with multiple suppliers and
partners.
3. Difficulty in forecasting and managing demand.
4. Managing and reducing risks such as natural disasters, political
instability, and supply chain disruptions.
5. Difficulty in balancing cost, quality, and delivery time.
6. Incorporating sustainable and socially responsible practices.
7. Managing and integrating new technologies such as IoT, AI, and
blockchain into the supply chain.
8. Ensuring compliance with laws, regulations, and industry standards.
9. Difficulty in measuring and improving supply chain performance.
10. Managing and adapting to changes in the global market and economy

This are some of the ways to overcome the major challenges faced in Supply
Chain Management

• Automate processes: Increased automation will aid in balancing client

demand, warehousing expenses, and inventory levels. Stockouts and inventory
shortages are eliminated, administrative costs are reduced, and forecasting is
automated to assist inventory optimization.

• Partner with industry peers: The conventional ways of using Excel

spreadsheets to operate will not be effective given the complexity of the modern

CoDEUCC/Bachelor of Science in Information Technology 177

 ENTERPRISE RESOURCE PLANNING
UNIT 4
SESSION 6 (ERP), BENEFITS, CHALLENGES AND
TRENDS

supply chain. To keep the supply chain moving, it is crucial to have constant
communication with suppliers, regulators, manufacturers, financiers, and
logistical teams. These relationships will be possible and simple due to software
solutions with automated permissions, notifications, information-rich
dashboards, and real-time updates.

• Get end-to-end visibility: You need to be able to observe the entire process
from the procurement of raw materials from suppliers to delivery to clients in
order to effectively manage supply chain operations. This can be done by using
data logging to track and monitor the supply chain. The process can be
effectively controlled due to the analysis of the collected data.

4.2 Trends of SCM

Much like living organisms, Supply chains need to evolve to survive. There
are several trends in supply chain management that have emerged in recent
years. These include:

a) Increased focus on sustainability and environmental impact: Companies are

becoming more aware of the need to reduce their carbon footprint and
minimize the environmental impact of their supply chains.
b) Greater emphasis on visibility and traceability: Companies are placing more
importance on knowing where their products come from, and being able to
trace them back to their origin. This helps ensure quality, safety, and
compliance with regulations.
c) Shifting towards more flexible, on-demand supply chains: Companies are
moving away from traditional, inflexible supply chains and towards more
agile, on-demand models that can quickly respond to changing market
conditions and customer needs.
d) AI, IoT & Cloud Technology: Industry experts anticipate that businesses will
continue to invest in cutting-edge technology solutions to improve supply
chain performance, risks, and events as they build their supply chain
strategy. Advanced technologies like computing and machine learning
(AI/ML), the Internet of Things (IoT), robot process automation (RPA), and
178 CoDEUCC/Bachelor of Science in Information Technology
E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 6

augmented reality (AR) will also enable the next generation of supply chain
trends (AR). Companies will soon develop new technical solutions to enable
full-cycle supply chain management, execution, predictive analysis, and data
analysis. Patterns, errors, and proper supply chain data concerns are likely to
be quickly identified by the AI/ML, IoT, AR, and cloud platforms.
e) Advanced Analytics and Automation: These two aspects will continue to
grow, assisting businesses in minimizing disruption through digital, agile
supply chain management. Similar to developments in Big Data, algorithms,
and robotics, the application of predictive and prescriptive analytics will
have far-reaching consequences. The enhanced visibility, data-driven
decision-making, effective execution, predictability, and profitability are
what businesses will prioritize. Additionally, a greater emphasis will be
placed on governance, retraining personnel, and effective data security.
Technology developments have made it possible for businesses to automate
a variety of supply chain functions, including logistics, inventory control,
and demand forecasting. Advancements in technology are allowing
companies to automate many aspects of their supply chain operations,
including logistics, inventory management, and demand forecasting.
f) Supply Chain Agility to Play a Major Role: To create flexible networks that
can accommodate changing client demand and ever-increasing uncertainty,
supply chain agility will be vital. It will be crucial to proactively find
strategies to increase responsiveness via variable cost structures. However,
because there is no one solution that works for everyone, firms must also
support cultures that are constantly innovative. In order to meet customer
expectations, outperform the competition, and promote growth, supply
chains will become more agile over time. These supply chains will be able
to respond swiftly to changes, delays, and unforeseen events.
g) Rise of Omnichannel Fulfilment & E-commerce Systems: The factor that has
the most widespread impact on today's supply chains is the rise of e-
commerce. Worldwide, warehouses are overcrowded. The identification and
establishing of key priorities by organizations will continue to be shaped by
e-commerce and omni - channel fulfilment, which will also present new
opportunities and technological advancements for realizing a competitive
advantage while posing problems with scale and network efficiency.
h) Amplification of Cybersecurity for Data Protection: Networks need to be
protected from cyberattacks, which pose a serious threat to global supply
chain patterns both now and in the future. Cybersecurity is essential for this.
More vulnerabilities are emerging as a result of the development of data-

CoDEUCC/Bachelor of Science in Information Technology 179

 ENTERPRISE RESOURCE PLANNING
UNIT 4
SESSION 6 (ERP), BENEFITS, CHALLENGES AND
TRENDS

driven businesses and information. Supply chain partners may

unintentionally expose one another and their clients to fraud, privacy
violations, and worse because of this interconnectivity. Businesses would
have to place a strong emphasis on extending cyber security beyond their
corporate IT environments to the operational technology (OT) settings of
their factories and warehouses. Additionally, more businesses will favour
spending money on employee training, firewalls, advanced anti-hacking
technologies, and redundancy.

Summary
This last sessions explained Supply Chain Management. The focus of SCM is to
improve the efficiency and effectiveness of the supply chain as a whole, rather
than just looking at the performance of individual components.

Self-Assessment Questions
Exercise 4.6
a) Define Supply chain management (SCM)
b) What are the roles of Supply chain management (SCM).
c) State and explain three (3) benefits of SCM.

180 CoDEUCC/Bachelor of Science in Information Technology

E-COMMERCE AND E-BUSINESS UNIT 4
SESSION 6

CoDEUCC/Bachelor of Science in Information Technology 181

SOCIAL AND ETHICAL ISSUES
UNIT 5

UNIT 5: SOCIAL AND ETHICAL ISSUES

Unit Outline
Session 1: Information System and Society
Session 2: Factors that raise ethical standards and Managing Ethics
Session 3: Technological aspects of ethics
Session 4: Social Issues in Information System
Session 5: Ethical Issues of Information Age
Session 6: Legal Issues in Information systems

Dear student, you are welcome to another unit. In this unit, we

shall look at the social and ethical issues in information
systems. Information systems ethical standards refer to the
principles and values that guide the design, development, use, and management
of information systems and the information they contain. We shall consider some
factors that raise ethical standards, managing ethics, technological aspects of
ethics, social issues in information system, and ethical issues of information age
and the legal issues in Information systems. Hope you will enjoy this unit as
well.

Now let’s look at the objectives for this unit.

Objectives
By the end of the session, you should be able to:
a) Explain and correlate Information System and Society.
b) Outline the factors that raise ethical standards and how to manage
Ethics
c) Describe the technological aspects of ethics
d) Explain the Social Issues in Information System
e) Outline the Ethical Issues of Information Age
f) Understand the Legal Issues in Information systems

CoDEUCC/Bachelor of Science in Information Technology 181

 SOCIAL AND ETHICAL ISSUES
UNIT 5

This is a blank sheet for your short notes on:

 Issues that are not clear, and
 difficult topics, if any.

182 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 1

SESSION 1: INFORMATION SYSTEM AND SOCIETY

You are welcome to the first session of this unit. Information

systems are the specific systems that organizations use to
manage and process information, while IT encompasses the broader
technologies and infrastructure that are used to create, store, and manage
information in general. In this session, we shall learn about how information
systems and the society are related and also the correlation between information
technology and the impact of information systems on the society. Enjoy the
session then.

Objectives
By the end of this session, you should be able to:
a) Understand how information systems and the society are related
b) Explain how information systems and information technology are related
c) Impact of information systems in the society

Now read on…

5.1 Information Systems and the Society

The introduction of the digital age and information systems has transformed how
society communicates and shares knowledge.
Information systems is an umbrella term for systems, people, and processes
designed to create, store, manipulate, distribute and disseminate information.

In modern society, information systems play a crucial role in supporting

various activities such as decision making, communication, and operations
management. Examples of information systems include computer systems,
telecommunications networks, and database systems. The relationship between
information systems and society is complex and multifaceted. On one hand,
information systems have the potential to greatly enhance productivity,
communication, and knowledge sharing within society. On the other hand, the
widespread use of information systems also raises concerns about privacy,
security, and potential negative effects on employment. Overall, the
development and use of information systems will continue to shape and be

CoDEUCC/Bachelor of Science in Information Technology 183

 INFORMATION SYSTEM AND SOCIETY
UNIT 5
SESSION 1

shaped by society in the future.

5.2 Information System and Information Technology

Information technology (IT) and information systems (IS) are mostly considered
synonymous. Information systems are actually a subset of information
technology. Information systems are the specific systems that organizations use
to manage and process information, while IT encompasses the broader
technologies and infrastructure that are used to create, store, and manage
information in general. For anyone interested in pursuing a career in technology,
the idea that these terms might be used interchangeably can be confusing.
Despite the fact that they both include computers, IS and IT have unique
characteristics and distinct career pathways that call for different education and
training. One of the reasons why individuals might not be able to tell IS from IT
is because they presume all information systems are computer-based systems.
However, an information system might be as simple as a pencil and some paper
and a pencil. When separated, the items are merely a tool. Together, they form
a system for keeping records of information.

Information systems predate computers and can contain non-technological

systems, despite the fact that they mainly rely on computers and other
technology-based instruments. The way information is transmitted and
communicated from one place or person to another has changed as a result of
the information system. Business and social communities are now able to
interrupt, connect, and manage data among themselves due to the usage of
computers. As a result, this technology has benefited businesses by facilitating
the efficient, innovative, simple, rapid, high-quality, secure, accurate, and
reliable conveyance of information. However, the information system's
innovation in data gathering, processing, and storage techniques has also raised
a number of social and ethical issues that need to be addressed and suitable
solutions developed.
For full involvement in modern society, one must have access to information
systems via the Web. Avoiding the creation of digital divisions across countries
or regions, as well as between social and ethnic groups, is particularly desirable.
It is valued that the Web is accessible to everyone as a means of interactivity
and a repository of knowledge. In fact, a lot of individuals believe that the right

184 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 1

to free expression is a fundamental human right, and that the Internet and Web
provide the most accessible means of practicing that right.
Information systems have an impact on both life and work. Information
technologies can be utilized in the workplace to reduce time-consuming chores
and allow employees greater autonomy, or they can be carelessly used to
eliminate employment and subject the remaining labour to widespread electronic
surveillance. Customers can use the Internet for networking, entertainment, and
shopping, but they run the danger of having to deal with spam (unsolicited e-
mail), credit card data theft, and virus attacks.

The enforcement of laws is crucial since we live in an information society where

we interact with one another rather than living in isolation, but it also calls for
some unwritten etiquette, social standards, and ethics to maintain societal
harmony. Because organizations that follow ethical methods will sustain
themselves, prosper, and get consumer acceptability in the market, ethics is a
crucial issue in information systems. In addition to ethics, social and political
concerns should also be taken into account because they are all interconnected.

5.3 Impact of Information Systems on Society

Information systems have had a significant impact on society, both in terms of
the way we live and work and in terms of the way organizations and businesses
operate. Some of the main ways in which information systems have affected
society include:

Increased productivity: Information systems have enabled organizations to

automate repetitive and time-consuming tasks, increasing productivity and
efficiency.

Improved communication: Information systems have facilitated

communication and collaboration both within and between organizations,
making it easier to share information and work together.

Greater access to information: Information systems have made it easier to

access and share information, both within organizations and with the general
public.

CoDEUCC/Bachelor of Science in Information Technology 185

 INFORMATION SYSTEM AND SOCIETY
UNIT 5
SESSION 1

Economic growth: Information systems have played a significant role in driving

economic growth, both by increasing productivity and by facilitating the growth
of new industries such as e-commerce and the sharing economy.

Social impact: Information systems have also affected society in a broader

sense, by changing the way we interact with one another and by creating new
opportunities for social interaction and engagement.

Increased dependence on technology: As society becomes increasingly

dependent on information systems, there is also a growing concern about the
potential for technology-related issues such as system failures, data breaches,
and job displacement.

Cybercrime: The increased use of information systems has also led to an

increase in cybercrime, such as hacking, identity theft, and online fraud.

Privacy concerns: Information systems have led to concerns about privacy and
security, as personal information is increasingly being collected, stored, and
shared electronically.

Digital divide: The gap between those who have access to information
technology and those who do not, known as the digital divide, remains a
significant social issue.

Job displacement: With the increased automation of tasks, there is a risk of job
displacement for some roles and the creation of new roles requiring new skills.
In conclusion, information systems have had a profound impact on society,
bringing many benefits in terms of productivity, communication, and access to
information. However, there are also potential downsides and risks, such as
security and privacy concerns, the digital divide, and job displacement. It's
important for society to be aware of these implications and to work to mitigate
the negative effects while leveraging the positive impact of these systems.

Summary
This session explained how information systems and information technology are
related. Also the impact of information systems on the society was discussed.

186 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 1

Self-Assessment Questions
Exercise 5.1
a) State four (4) impact of information system on society

CoDEUCC/Bachelor of Science in Information Technology 187

 INFORMATION SYSTEM AND SOCIETY
UNIT 5
SESSION 1

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

188 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 2

SESSION 2: FACTORS THAT RAISE ETHICAL

STANDARDS AND MANAGING ETHICS
Welcome to another session in this unit. In this session, we
shall look at the factor that raise ethical standards and how to
manage them. But before then, we shall try to understand whst ethical standard
really is. Enjoy the session.

Objectives
By the end of this session, you should be able to:
a) Explain ethical standards and outline some specific ethical standards in
information systems
b) Understand the factors that raise ethical standards
c) Describe how to manage ethics in Information systems

Now read on…

5.1 Ethical Standards

Ethical standards refer to the principles and values that guide behaviour and
decision-making in a given context. In the context of information systems,
ethical standards refer to the principles and values that guide the design,
development, use, and management of information systems and the information
they contain. These standards can include principles such as privacy, security,
accuracy, and fairness.

Some of the specific ethical standards that may be relevant to information

systems include:

Privacy: Ensuring that personal information is collected, stored, and used in

ways that respect individuals' right to privacy.

Security: Ensuring that information systems and the information they contain
are protected against unauthorized access, use, or disclosure.

CoDEUCC/Bachelor of Science in Information Technology 189

 FACTORS THAT RAISE ETHICAL
UNIT 5
SESSION 2 STANDARDS AND MANAGING ETHICS

Accuracy: Ensuring that information is accurate, complete, and up-to-date.

Fairness: Ensuring that information systems and the information they contain
are used in ways that are fair and do not discriminate against certain individuals
or groups.

Transparency: Ensuring that individuals are informed about how their personal
information is being collected, stored, and used.

Responsibility: Ensuring that those who design, develop, use, and manage
information systems are held accountable for their actions.

Respect for autonomy: Ensuring that individuals have control over their
personal information and are able to make informed choices about its use.

Non-maleficence: Ensuring that information systems and the information they

contain are not used to harm individuals or society.

Beneficence: Ensuring that information systems and the information they

contain are used to benefit individuals and society.

5.2 Factors that Raise Ethical Standards in Information Systems

The two most crucial issues brought up in this regard are the increased concern
of an informed public and public disclosure. These factors will encourage
organizations to practice ethics, together with highly educated professionals and
governmental laws. The necessary regulations have been set in this regard.
Managers that act unethically ought to be fired from the company. Another
important element is that we should apply the code of conduct to solve our
problems. This is a result of people trying every method when they run into a
problem. But when there is a code of conduct in place, we are less likely to break
our resolutions.

The managers must make the necessary changes in the right organizational
setting in accordance with the need to know, consumer expectations, and global

190 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 2

warming to quickly adapt to environmental changes. The main goal is to prevent

and defend people from engaging in unethical activity. A corporation's
organizational culture used to be shaped by care, loyalty, integrity, trust, and a
habit of honoring promises. Nowadays, though, people will do anything for a
profit-making organization, regardless of the consequences.

There are several factors that can raise ethical standards in information systems:
Legal and regulatory compliance: Organizations must comply with laws and
regulations that govern the use and handling of information, such as data privacy
laws and intellectual property laws. Compliance with these laws and regulations
can help raise ethical standards in information systems. Compliance with laws
and regulations that govern the use of information systems can help ensure that
ethical standards are upheld. Using technology that respects privacy and
security,
a) Corporate culture and policies: Organizations can establish a culture of
ethical behavior by promoting and enforcing policies that promote
ethical behavior, such as codes of conduct and whistle-blower policies.
b) Education and training: Organizations can raise ethical standards by
educating and training employees on ethical issues and their
responsibilities related to information systems. Providing regular
training and education on ethical issues can help ensure that employees
and other stakeholders are aware of the ethical considerations involved
in using information systems.
c) Third-party oversight: Organizations can raise ethical standards by
engaging in third-party oversight of their information systems, such as
external audits and certifications.
d) Technology design and implementation: Ethical considerations should
be taken into account during the design and implementation of
information systems, for example, by incorporating security and privacy
features, and by avoiding the creation of systems that perpetuate bias or
discrimination.
e) Strong company policies and guidelines: Having clear policies and
guidelines in place that outline acceptable behaviour can help ensure that
employees and other stakeholders understand and adhere to ethical
standards.

CoDEUCC/Bachelor of Science in Information Technology 191

 FACTORS THAT RAISE ETHICAL
UNIT 5
SESSION 2 STANDARDS AND MANAGING ETHICS

f) Regular monitoring and audits: Monitoring and auditing information

systems can help detect and address any potential ethical violations.
g) Encouraging and rewarding ethical behaviour: Creating a culture that
encourages and rewards ethical behaviour can help ensure that
employees and other stakeholders understand the importance of adhering
to ethical standards.
h) Strong leadership: Strong leadership that sets a positive example and is
committed to promoting ethical behaviour can help ensure that ethical
standards are upheld throughout the organization.
i) Building trust with stakeholders: Building trust with stakeholders can
ensure that they feel comfortable sharing information and that they feel
confident that their data is being handled ethically.

5.3 Managing Ethics

Everyone has an ethical obligation when performing a certain task in a specific
setting. A business will be ethical if it operates with justice and truth. Strong and
fair competition, business conduct, consumer autonomy, social responsibility,
public relations, and meeting social obligations are all additional ethical
considerations.
When discussing managing ethics in a company, three theories come to mind:
• Theory of justice
• Theory based on rights
• Utilitarian theory

According to utilitarian theory, action and plan can be evaluated based on their
results or outcomes. This claim is supported by the expectation that the activities
will benefit the vast majority of people. According to the theory based on rights,
individuals in an organization have fundamental rights. It indicates that a
company should respect and take into consideration people's rights and refrain
from taking advantage of what they deserved in a humanitarian perspective. The
managers of an organization are in charge of establishing ethics to ensure their
existence, thus our everyday actions must be guided by ethical principles.

192 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 2

Managing Ethics in Information Systems

There are several ways to manage ethics in information systems, including:

a) Develop a code of conduct: Organizations can establish a code of

conduct that sets out ethical standards and expectations for employees
and other stakeholders.
b) Establish an ethics committee: Organizations can establish an ethics
committee to oversee ethical issues related to information systems and
to provide guidance and support to employees.
c) Conduct regular risk assessments: Organizations can conduct regular
risk assessments of their information systems to identify and mitigate
ethical risks, such as data breaches and privacy violations.
d) Implement security and privacy measures: Organizations can
implement security and privacy measures to protect the information they
collect, store and process, such as encryption and access controls.
e) Encourage whistle-blowing: Organizations can encourage employees to
report ethical violations or concerns through whistle-blower policies and
procedures. Creating a culture that encourages and rewards ethical
behaviour can help ensure that employees and other stakeholders
understand the importance of adhering to ethical standards. This can
include recognizing and rewarding employees for making ethical
decisions, as well as providing incentives for ethical behaviour.
f) Provide education and training: Organizations can provide education
and training to employees on ethical issues related to information
systems, such as data privacy and security. Regular training and
education on ethical issues can help ensure that employees and other
stakeholders are aware of the ethical considerations involved in using
information systems. This training should cover topics such as privacy,
security, and fair use of information.
g) Developing and enforcing ethical policies and guidelines: Having clear
policies and guidelines in place that outline acceptable behaviour can
help ensure that employees and other stakeholders understand and adhere
to ethical standards. These policies and guidelines should be developed

CoDEUCC/Bachelor of Science in Information Technology 193

 FACTORS THAT RAISE ETHICAL
UNIT 5
SESSION 2 STANDARDS AND MANAGING ETHICS

with input from all relevant stakeholders, including employees,

customers, and other parties.
h) Conducting regular monitoring and audits: Monitoring and auditing
information systems can help detect and address any potential ethical
violations. This can include regular reviews of system logs and security
protocols, as well as spot checks and audits of employees' use of
information systems.
i) Ensuring compliance with laws and regulations: Compliance with laws
and regulations that govern the use of information systems can help
ensure that ethical standards are upheld. This can include ensuring that
information systems are in compliance with data protection laws and
regulations, as well as ensuring that they meet standards for accessibility
and usability.
j) Incorporating ethics into the design and development of information
systems: Incorporating ethical considerations into the design and
development of information systems can help ensure that these systems
are developed in ways that respect privacy, security, and other ethical
standards from the outset. This can include conducting risk assessments,
user testing, and other forms of evaluation during the development
process.
k) Appointing an ethics officer or committee: Appointing an ethics officer
or committee can help ensure that ethical considerations are given
appropriate attention and that ethical issues are handled in a consistent
and effective manner. This role or committee can be responsible for
monitoring compliance with ethical policies, investigating and resolving
ethical violations, and providing guidance and training on ethical issues.

Summary
This session addressed ethical standards, factors that raise ethical standards in
IS and how to manage ethics in IS. It's important to evaluate the ethical
implications of any decision that may affect the stakeholders and to take

194 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 2

appropriate actions to mitigate any negative consequences and promote positive

ones.

Self-Assessment Questions
Exercise 5.2
a) What are the factors that raise ethical standards in information systems?

CoDEUCC/Bachelor of Science in Information Technology 195

 FACTORS THAT RAISE ETHICAL
UNIT 5
SESSION 2 STANDARDS AND MANAGING ETHICS

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

196 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 3

SESSION 3: TECHNOLOGICAL ASPECTS OF ETHICS

You are welcome to the third session of the unit. We will study
what technological ethics are; and also learn about some
reasons that makes technological ethics very relevant. We will try and
understand the ethical considerations in technology as well. Sit back, relax and
enjoy the session.

Objectives
By the end of this session, you should be able to:
a) Define technological ethics
b) State some reasons that make technological aspect of ethics very
important
c) Explain the ethical considerations in technologies

Now read on…

5.1 Technology Ethics

The technological aspect of ethics refers to the ethical considerations that arise
in the design, development, use, and management of technology. As technology
continues to advance at a rapid pace, it is increasingly important to consider the
ethical implications of new technologies and how they are used. Technology
ethics is the application of ethical principles to real-world technological issues.
Technology ethics are becoming increasingly important because new
technologies provide us greater freedom to act, which forces us to make
decisions we didn't have to make previously. With so much technical power, we
must learn to be deliberately restricted by our judgment—our ethics—instead of
being involuntarily constrained by our weakness as in the past.

For instance, advances in the fields of medicine, communications, and weapons

technology have given rise to a number of new ethical issues over the last few
decades. In the past, there was no need for brain death criteria since we had the
technological capacity to even consider the possibility that a person had already
passed away when their brain stopped functioning. However, this dilemma grew
more important with the introduction of artificial methods for sustaining

CoDEUCC/Bachelor of Science in Information Technology 197

 TECHNOLOGICAL ASPECTS OF ETHICS
UNIT 5
SESSION 3

circulation and breathing. The recent issues with fake news show how easily
things can go wrong on social media if malicious actors have access to the
general public. In a similar manner, we are still learning how to act when we
have access to so many people and so much information. Comparable to nuclear
weapons, before their invention we didn't need to ask the question of how to
prevent a nuclear war that would destroy civilization because it was simply not
possible, but after their invention we did need to ask that question and provide
an answer because we were - and still are - at risk for a global catastrophe.

5.2 The Need to Consider Technological Aspect of Ethics

The technological aspect of ethics is important for a number of reasons:
Technology is increasingly pervasive in our lives: Technology is playing an
increasingly important role in our personal and professional lives, and it is
important to consider the ethical implications of how it is used.

a) Technology has the potential to impact society in significant ways:

Technology has the potential to impact society in significant ways, both
positively and negatively. It is important to consider the ethical
implications of these impacts and to take appropriate actions to mitigate
any negative consequences and promote positive ones.
b) Technology is rapidly advancing: Technology is advancing at a rapid
pace, and new technologies are constantly emerging. It is important to
consider the ethical implications of these new technologies and to ensure
that they are used in ways that respect privacy, security, and other ethical
standards.
c) Technology can be used to perpetuate societal problems: Technology
can be used to perpetuate societal problems such as discrimination, bias,
and inequality. It is important to consider the ethical implications of how
technology is used and to take steps to ensure that it is not used to
perpetuate these problems.
d) Technology can be used to make important decisions: Technology is
increasingly being used to make important decisions in areas such as

198 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 3

healthcare, finance, and criminal justice. It is important to consider the

ethical implications of these decisions and to ensure that they are fair and
unbiased.
e) Technology can have a significant impact on privacy and security:
With the increasing amount of personal information being collected and
stored by technology companies, there is a growing concern about how
this information is used and protected. It is important to consider the
ethical implications of these issues and to take appropriate actions to
protect privacy and security.
f) Technology can be used to manipulate or deceive individuals: With the
increasing use of technology in decision-making, there is a growing
concern about the potential for technology to be used to manipulate or
deceive individuals. It is important to consider the ethical implications
of these issues and to take appropriate actions to prevent such
manipulation or deception.
g) Technology can be used to improve society: Technology can be used to
improve society by providing access to information, promoting social
justice, and increasing efficiency. It is important to consider the ethical
implications of these improvements and to ensure that they are used to
benefit individuals and society.

5.3 Ethical Considerations in Technologies

One of the key ethical considerations in technology is privacy. With the
increasing amount of personal information being collected and stored by
technology companies, there is a growing concern about how this information is
used and protected. This includes issues such as data security and data breaches,
as well as concerns about the use of personal data for targeted advertising and
other purposes.
a) Information systems collect, store, and process large amounts of personal
data, which can raise privacy concerns. Organizations must ensure that
personal data is collected, used, and shared in compliance with relevant
laws and regulations, and that appropriate security measures are in place
to protect personal data from unauthorized access and breaches.

CoDEUCC/Bachelor of Science in Information Technology 199

 TECHNOLOGICAL ASPECTS OF ETHICS
UNIT 5
SESSION 3

b) Another important ethical consideration in technology is fairness. With

the increasing use of technology in decision-making, there is a growing
concern about bias and discrimination in the algorithms and systems that
are used. This can include issues such as discrimination in hiring and
lending, as well as concerns about the use of facial recognition
technology and other forms of surveillance.
c) A third key ethical consideration in technology is transparency. With the
increasing use of technology in decision-making, there is a growing
concern about the lack of transparency in the algorithms and systems that
are used. This can include issues such as the lack of information about
how decisions are made and the lack of accountability for decisions that
are made. Organizations should be transparent about the data they
collect, how it is used and shared, and the security measures that are in
place to protect it. This allows users to make informed decisions about
the use of the systems and the sharing of their data.
d) A fourth key ethical consideration in technology is responsibility. With
the increasing use of technology in decision-making, there is a growing
concern about the lack of accountability for decisions that are made. This
can include issues such as the lack of transparency in the algorithms and
systems that are used, as well as concerns about the potential for
technology to be used to harm individuals or society.
e) A fifth key ethical consideration in technology is respect for autonomy.
With the increasing use of technology in decision-making, there is a
growing concern about the potential for technology to be used to control
individuals or groups. This can include issues such as the use of
technology to monitor or control individuals, as well as concerns about
the potential for technology to be used to manipulate or deceive
individuals.
f) A sixth key ethical consideration in technology is non-maleficence,
ensuring that technology is not used to harm individuals or society. This
includes issues such as the use of technology to spread misinformation
or propaganda, as well as concerns about the potential for technology to

200 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 3

be used to harm individuals through cyberbullying or other forms of

online harassment.
g) A seventh key ethical consideration in technology is beneficence,
ensuring that technology is used to benefit individuals and society. This
can include issues such as the use of technology to improve healthcare,
education, and other areas of society, as well as concerns about the
potential for technology to be used to promote social justice and equality.

Summary
The technological aspect of ethics is an important and rapidly evolving area that
requires ongoing attention and consideration. It is important for individuals,
organizations, and society as a whole to be aware of the ethical implications of
technology and to take appropriate actions to mitigate any negative
consequences and promote positive ones. This can include developing and
enforcing ethical policies and guidelines, providing training and education on
ethical issues, conducting regular monitoring and audits, and incorporating
ethics into the design and development of technology.

Self-Assessment Questions
Exercise 5.3
a) What is technology ethics?
b) Why do we need to consider technological aspect of ethics?

CoDEUCC/Bachelor of Science in Information Technology 201

 TECHNOLOGICAL ASPECTS OF ETHICS
UNIT 5
SESSION 3

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

202 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 4

SESSION 4: SOCIAL ISSUES IN INFORMATION SYSTEM

Welcome to another exciting session. This session teaches us

about the social issues in information systems. It enlightens us
on what social issues are and how these issues relate to information systems.
Relax and enjoy the session.

Objectives
By the end of this session, you should be able to:
a) Understand the social issues in Information systems
b) State and explain some social issues relating to information systems

Now read on…

5.1 Social Issues

Numerous social issues in the information system are brought on by unethical

behavior. The cultural and societal effects of these social issues are significant.
The fundamental reason for social unrest and immoral behavior today is the
development of technology, which has raised a number of moral and political
difficulties. The social structure has become extremely complicated as a result
of the information system since it is very difficult to safeguard conventional
norms and values from being violated by the effects of globalization and avoid
privacy invasion. Because of how social issues are conceptualized and their
underlying causes, cultural concerns are most closely related to technology.

Social issues involve topics related to culture, relationships, law, behavior

patterns, the value of cultural identity, information use, health and safety, and
accountability
a) Culture: Education, uneven wealth distribution, a workforce that is
multiethnic and multigenerational, and other related topics are widely
discussed in society. Information systems have made it challenging for
everyone to learn the latest knowledge because this education is only
available to those from privileged social classes, widening the gap in
social class. As a result, a particular educated class is truly benefiting
from technology. Information technology has also become aware of the

CoDEUCC/Bachelor of Science in Information Technology 203

 SOCIAL ISSUES IN INFORMATION
UNIT 5
SESSION 4 SYSTEM

generation gap as older people are less familiar with modern technology
and information systems. Culture can be a social issue in information
systems in a number of ways. It's important to take into account cultural
differences when designing and using information systems, to avoid
misunderstandings and conflicts, to be aware of cultural biases, to
consider language barriers and cultural views on technology to ensure
that information systems are accessible and appropriate for different
cultures and to make sure that information systems don't perpetuate
cultural stereotypes.

b) Relationships Issues: In contrast to the past, partnerships are now being

formed by more varied teams working remotely. Buyer-seller-supplier
relationships have gotten simpler, but this has also led to social problems
including a lack of trust and low moral standards. People using personal
and corporate information for their own gain or fraud purposes has been
documented in numerous cases. Relationship issues can arise in the
context of information systems when there is a lack of trust or
communication between users and stakeholders. For example, users may
feel that their privacy is being invaded by the collection and use of their
personal data, or stakeholders may feel that the system is not meeting
their needs. These issues can lead to decreased adoption and usage of the
system, as well as negative impacts on productivity and overall
organizational performance. Addressing these relationship issues
requires effective communication, transparency, and the development of
trust between all parties involved in the system.

c) Law and Order Issues: Millions and billions of people are profiled in
national and international databases for identity purposes. But several
law-and-order concerns have been caused by cybercrime practices and
the hacking of these private websites. Nowadays, it is very easy to access
someone’s information through social networking sites, but the cases of

204 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 4

ATM scamming, using fake sim cards and national identity cards have
made it very difficult for law enforcement agencies to main the peace.`

d) Cultural Behavior and Identity Issues: The development of the

information system has made it possible for globalization to proceed at
its current rate. Through online inventory management and information
exchange, this system has allowed the company to expand
internationally. This factor has had a significant impact on interpersonal
relationships, organizational recruitment, networking, and societal
presence, all of which are changing how individuals behave culturally.
Additionally, people who are sociable are more likely to have a global
identity, which is harmful to cultural identity and conventional customs.

e) Information Usage Issues: The information is created or collected for a

purpose, but inappropriate use of information can cause serious
problems. For example, in the recent controversial scandal of “Blue
Whale” game in many countries, the convicts had an e-mail address and
information about the teenagers and children who installed the game, and
it caused them to kill themselves as it was a trap from the game designers.
Therefore, using the technology and social websites or engines have
various risks attached to it. Information usage issues refer to the negative
impacts that can arise from the use of information systems in society.
These can include issues such as privacy violations, security breaches,
and the spread of misinformation. Additionally, information usage issues
can lead to social inequalities, as certain groups may not have access to
the same information or resources as others. These issues can have
significant consequences for individuals and society as a whole, and
addressing them is important for the responsible use of information
systems.

f) Health and Safety: Workers in human-centered businesses are

concerned about their health and safety at work, and they need

CoDEUCC/Bachelor of Science in Information Technology 205

 SOCIAL ISSUES IN INFORMATION
UNIT 5
SESSION 4 SYSTEM

reasonable laws and regulations to give them legal protection. The

majority of information system user’s work at various computer stations,
therefore it's important to clarify their rights and responsibilities both for
employers and employees in order to maintain workplace occupational
health and safety.

g) Accountability and Control: --The moral obligation related to

information systems demand accountability and control over the
information transfer from one point to the other. This is important to
comply with the rule and regulations. For example, information gathered
by the bank about client requires complete secrecy and Central bank of
any country has accountability and monitoring standards for commercial
banks for their evaluation and regulation purpose to avoid fraud and
secure consumer rights. Accountability and control are important social
issues in information systems because they relate to the responsible use
and management of sensitive and personal data. In the digital age,
personal information is often collected, stored, and shared by
organizations through various information systems. The ability to
control and monitor the use of this information is crucial for protecting
the privacy and security of individuals. One major concern is the lack of
accountability for data breaches and cyberattacks. Many organizations
do not have the proper controls in place to protect personal information
and may not be held accountable for any resulting harm. This lack of
accountability can lead to a lack of trust in information systems and
reluctance to share personal information with organizations.

Summary
The social structure has become extremely complicated as a result of the
information system since it is very difficult to safeguard conventional norms and
values from being violated by the effects of globalization and avoid privacy

206 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 4

invasion. This session helped us understand some social issues regarding

information system.

Self-Assessment Questions
Exercise 5.4
a) State and explain 3 social issues relating to information system.

CoDEUCC/Bachelor of Science in Information Technology 207

 SOCIAL ISSUES IN INFORMATION
UNIT 5
SESSION 4 SYSTEM

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

208 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 5

SESSION 5: ETHICAL ISSUES OF INFORMATION AGE

You are welcome to this session. In this session, we will study

about the Information age era and the most beneficial ethics in
this era. Enjoy the session then.

Objectives
By the end of this session, you should be able to:
a) Understand the information age era
b) State and explain the most beneficial ethics in this current information
age

Now read on…

5.1 Information Age Ethical Issues

More people are employed now in information collection, handling, and
distribution than in any other occupation in modern societies. The world is home
to millions of computers, and people, their computers, and the enormous variety
of information processing devices are connected by millions of miles of optical
fiber, cable, and air waves. Our period is the information age, and our
civilization is a true information society. Whether the type of society being
formed is the one we desire is the issue we must now answer. Given that we are
at the forefront of forming this new society, it is an issue that should particularly
worry those of us in the MIS community. There are many unique challenges we
face in this age of information. They stem from the nature of information itself.
Information is the means through which the minds expand and increases its
capacity to achieve its goals, often as the result of an input from another mind.
Thus, information forms the intellectual capital from which human beings craft
their lives and secure dignity.

These threats to human dignity must be addressed through the social contract
that exists among people in the information age. Despite the fact that there are
numerous and diverse ethical issues, concentrating on just four is beneficial.
These can be summarized by the acronym —PAPA

CoDEUCC/Bachelor of Science in Information Technology 209

 ETHICAL ISSUES OF INFORMATION AGE
UNIT 5
SESSION 5

a) Privacy: What information about one's self or one's associations must a

person reveal to others, under what conditions and with what
safeguards? What things can people keep to themselves and not be
forced to reveal to others?
b) Accuracy: Who is responsible for the authenticity, fidelity and
accuracy of information? Similarly, who is to be held accountable for
errors in information and how is the injured party to be made whole?
c) Property: Who owns information? What are the just and fair prices for
its exchange? Who owns the channels, especially the airways, through
which information is transmitted? How should access to this scarce
resource be allocated?
d) Accessibility: What information does a person or an organization have
a right or a privilege to obtain, under what conditions and with what
safeguards?

Privacy: Privacy is the right of individuals to control their personal information

and how it is used, shared, and stored. In the information age, privacy is a major
concern as technology allows for the collection, storage, and sharing of vast
amounts of personal information. This can include everything from social media
posts and browsing history to financial and medical records. The ethical issue is
that individuals may not be aware of or have control over the collection and use
of their personal information, which can lead to violations of their privacy rights.
This issue relates to the questions of what details ought to be disclosed. With
whom? What details should one be compelled to keep private? Information must
be sensitive and valuable enough to be kept private and not shared since the
privacy issue has raised its significance. Regarding their information, an
individual's privacy is extremely important. Numerous companies are required
by law to collect personal information for a variety of purposes. For example,
banks must collect personal information to protect customer cash and to prevent
money laundering, theft, and security. People must be aware of the
organization's intended use, the privacy protection regulations, and other
relevant information.

Accuracy: Accuracy refers to the accuracy and reliability of the information that
is shared and stored in the digital world. In the information age, information is

210 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 5

shared and stored at a rapid pace, making it difficult to verify the accuracy of
the information. This can lead to the spread of misinformation and false
information, which can have serious consequences. The ethical issue is that
individuals and organizations have a responsibility to ensure that the information
they share and store is accurate and reliable. Who will be accountable for the
information's authenticity is a question that this issue relates to. If authenticity
causes harm, who will be held accountable for the false information being spread
and the resulting loss? It is crucial to maintain the data integrity when using,
referencing, and citing it because inaccurate data in an information system will
provide same results. The data verification checks and reliability of the sources
from which the information was gathered have a role in the accuracy and validity
of the information. For instance, the study data collection process calls for data
integrity in order to generalize the results in relevant context.

Property: Property refers to the ownership and control of digital assets, such
as copyrighted material and other forms of intellectual property. In the
information age, digital assets are easily shared and copied, making it difficult
to protect and control them. This can lead to issues of piracy and copyright
infringement. The ethical issue is that individuals and organizations have a
responsibility to respect the ownership and control of digital assets and to ensure
that they are not used without permission. The third ethical concern is the
property of the information, or who is providing it and for what cost? Who
controls the means and conduits via which data is transferred? Intellectual
property of the information is a difficult issue that is related to privacy, so it is
crucial to replicate the information and keep the original copy. The institutions
use patents, copyrights, confidentiality laws, and encryption to protect their
intellectual property. For instance, a certain organization's official documents,
products, and services are protected by copyrights, and other organizations are
not permitted to utilize their formulas, goods, or documents without the
appropriate consent.

Accessibility: Accessibility refers to the ability of individuals to access and use

digital information and resources. In the information age, digital information and
resources are often only available to those with access to the internet and the
necessary technology. This can lead to issues of digital divide, where certain
groups of people are at a disadvantage because they do not have access to digital
resources. The ethical issue is that individuals and organizations have a
responsibility to ensure that digital information and resources are accessible to

CoDEUCC/Bachelor of Science in Information Technology 211

 ETHICAL ISSUES OF INFORMATION AGE
UNIT 5
SESSION 5

all, regardless of their technology or connectivity. This concern connects to the

questions of what constitutes appropriate access to information by an individual
or organization and what are the terms of such access? The availability of
information or data is the final key ethical problem. Generally speaking,
information systems should be created so that everyone has access to educational
data via databases, the internet, libraries, and other sources. Sensitive
information, such as personal information about people, exam papers, research
publications that are not meant for public consumption, and sensitive
information about national and international institutions, is not intended to be
shared on public sites without valid authorization.

Summary
The world is a home to millions of computers, and people, their computers, and
the enormous variety of information processing devices connected within
millions of miles. Information forms the intellectual capital from which human
beings craft their lives and secure dignity.

Self-Assessment Questions
Exercise 5.5
a) State and explain four (4) ethical issues of information Age.

212 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 6

SESSION 6: LEGAL ISSUES IN INFORMATION SYSTEMS

Well done, you just got to the last session of this unit. We will
learn about the legal issues in information systems in this
session and also identify some major legal issues or problems in utilizing pirated
or unlicensed software. Relax and enjoy the session.

Objectives
By the end of this session, you should be able to:
a) Explain what legal issues are
b) State and explain some major legal issues / problems in utilizing pirated
or unlicensed software.

Now read on…

5.1 Legal Issues

The Legal Issues in Information System is designed for managers and
technologists who are in charge of putting into practice and developing policies
for the protection of IT resources within governmental organizations or private
businesses. When using an information system, people defend themselves using
the original ways to avoid future problems. When we utilize unlicensed or
pirated software, we frequently run into this major problem.

5.2 Major Legal Issues / Problems

Defamation as a legal issue: On a computer information system, defamation
can take place in a variety of ways. Posts on a bulletin board system, like the one
in the Sam Slammer scenario, as well as electronic periodicals, file servers and
databases, and email can all disseminate defamatory information. Even a
scanned image can be used to distribute defamation. But what exactly is
defamation, and what obligations and hazards does it provide to a system
operator? Defamation occurs in two form, libel and slander. The difference
between these two forms of defamation is often not apparent, based on a
common-sense approach, rather it is solely a matter of form and "no respectable

CoDEUCC/Bachelor of Science in Information Technology 213

 LEGAL ISSUES IN INFORMATION
UNIT 5
SESSION 6 SYSTEMS

authority has ever attempted to justify the distinction on principle." With the rise
of new forms of technology, which confuse the distinction between libel and
slander, many courts have advocated the elimination of the distinction. Speech
on a computer information system has more of the characteristics of libel than
slander. Defamation is a legal issue that can arise in the context of information
systems when false or harmful statements are made about an individual or
organization. These statements can be made in various forms, such as through
social media, websites, or online forums. If the statements are made with the
intent to harm or with a reckless disregard for the truth, the person or
organization making the statements can be held liable for defamation. In order
to prove defamation, the person or organization that has been harmed must
typically show that the statement was false, that it was published to a third party,
and that it caused harm to their reputation. If a person or organization is found
to have defamed another, they may be required to pay damages or issue a
retraction or apology

Computer crime as a legal issue: Computer information system operators

should be aware of computer crime issue because they can one day become
victims of it. Computer crime, also known as cybercrime, is a legal issue that
refers to criminal activities that are committed using or involving a computer
or network. Examples of computer crimes include hacking, identity theft,
distribution of malware, and unauthorized access to computer systems. These
crimes can have severe consequences for both individuals and organizations,
and they are often difficult to detect and prosecute. As such, many countries
have laws in place to criminalize computer-related criminal activity and
provide a framework for investigating and punishing such crimes.
The term computer crime covers a number of offenses, such as:
i. the unauthorized accessing of a computer system;
ii. the unauthorized accessing of a computer to gain certain kinds of
information (such as defense information or financial records);
iii. accessing a computer and removing, damaging, or preventing access
to data without authorization; trafficking in stolen computer
passwords; and
iv. spreading computer viruses.

214 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 6

Privacy as a legal issue: From the beginning, providers of computer

information systems have been concerned with privacy. Computers' speed,
power, accessibility, and storage capabilities come with a great deal of
opportunity for privacy invasion. Users of services like electronic mail must be
aware of how these services operate, including how private their conversations
actually are and who might have access to their "personal" E-mail. For
computer files that are kept, the same is true.
System operators need to be aware of the limitations and regulations that are in
place to preserve users' expectations of privacy, which is equally vital. Privacy
laws are designed to protect individuals’ personal information and control how
it is used, shared, and stored. Information systems must comply with these laws
by implementing appropriate security measures to protect personal data and by
being transparent about their data collection and usage practices.

Copyright issues: Intellectual property laws protect the ownership and control
of digital assets, such as copyrighted material and other forms of intellectual
property. Copyright is a legal issue in the information age because it protects the
ownership and control of digital assets, such as written works, images, videos,
and software. It is a form of intellectual property that gives the owner the
exclusive right to reproduce, distribute, and display their work. In the
information age, digital assets can be easily shared and copied, which can lead
to issues of piracy and copyright infringement. Information systems must
comply with copyright laws by ensuring that digital assets are not used without
permission and by implementing appropriate measures to prevent piracy and
copyright infringement. This can include implementing digital rights
management (DRM) technology to control access to digital assets and using
watermarking and encryption to protect against unauthorized use. Additionally,
some information systems such as search engines and social media platforms are
responsible for hosting user-generated content. These platforms must comply
with copyright laws by ensuring that users do not upload copyrighted content
without permission and by implementing procedures to take down infringing
content.
Liability and Regulatory Compliance: Organizations that use information
systems are also subject to a wide range of laws and regulations that govern their
operations. This includes laws related to data protection, consumer protection,
and e-commerce, as well as regulations related to specific industries such as
finance, healthcare, and telecommunications. Organizations must take steps to

CoDEUCC/Bachelor of Science in Information Technology 215

 LEGAL ISSUES IN INFORMATION
UNIT 5
SESSION 6 SYSTEMS

comply with these laws and regulations, and to address any noncompliance
issues that may arise.

Summary
When using an information system, people defend themselves to avoid future
problems. When one utilizes unlicensed or pirated software, they usually run
into problems. And some of these problems were addresses in this session

Self-Assessment Questions
Exercise 5.6
a) State and explain two (2) legal issues in information systems.

216 CoDEUCC/Bachelor of Science in Information Technology

SOCIAL AND ETHICAL ISSUES UNIT 5
SESSION 6

CoDEUCC/Bachelor of Science in Information Technology 217

INFORMATION SYSTEMS SECURITY
UNIT 6

UNIT 6: INFORMATION SYSTEMS SECURITY

Unit Outline
Session 1: Overview of Information Security and it types
Session 2: Information Security triad
Session 3: Tools and technologies for safeguarding information resources
Session 4: Components of an organizational framework for security and control
Session 5: Malware and its types
Session 6: Information systems vulnerable to destruction, error, and abuse and best
Practices

Dear students, you are welcome to the last unit of this course.
In this unit, we shall discuss information systems security, it
types and the Information Security triad. We shall also study
about some tools and technologies for safeguarding information resources, the
Components of an organizational framework for security and control, Malware,
its types and how they work as well as Information system’s vulnerable to
destruction, error, and abuse and it best Practices. We hope you have a great
time studying this unit.

Now let’s look at the objectives for this unit.

Objectives
By the end of the session, you should be able to:
a) Understand Information Security and it types
b) Describe the Information Security triad
c) State and explain some Tools and technologies for safeguarding
information resources
d) Explain the Components of an organizational framework for security
and control
e) Describe Malware, its types and how they work
f) Describe Information systems vulnerable to destruction, error, and
abuse and it best Practices

CoDEUCC/Bachelor of Science in Information Technology 217

 INFORMATION SYSTEMS SECURITY
UNIT 6

This is a blank sheet for your short notes on:

 Issues that are not clear, and
 difficult topics, if any.

218 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 1

SESSION 1: OVERVIEW OF INFORMATION SECURITY AND ITS

TYPES

You are welcome to the first session of this unit. In this

session, we shall focus on understanding the information
security concepts and whether information security is necessary. We will also
learn about the types of information security. Enjoy the session then.

Objectives
By the end of this session, you should be able to:
a) Understand information security concepts
b) Explain the need for information security
c) Describe the types of information security

Now read on…

6.1 Information Security

Information is central to the conduct of business. This fact cuts across all
verticals, markets and sectors and applies regardless of whether an
organization is part of industry, academia or government. In the end, it’s only
good information security that defends and ensures an organization’s
competitive advantage, good reputation (e.g., Target and the loss of 40 million
customer credit and debit card numbers) and operational continuity (The
average time to recover from a substantial data loss is 66 days). Simply put, a
company cares about protecting its data because illegal revelation of that data
could have a fatal impact on the company. A company's products are impacted
by information security.

Information Security is not only about securing information from unauthorized

access. Information Security is basically the practice of preventing unauthorized
access, use, disclosure, disruption, modification, inspection, recording or
destruction of information. Information can be physical or electronic one.
Information can be anything like your details or we can say your profile on social
media, your data in mobile phone, your biometrics etc. Information security
(sometimes referred to as InfoSec) covers the tools and processes that

CoDEUCC/Bachelor of Science in Information Technology 219

 OVERVIEW OF INFORMATION
UNIT 6
SESSION 1 SECURITY AND ITS TYPES

organizations use to protect information. This includes setting up security

measures to prohibit unauthorized users from accessing sensitive data. Network
and infrastructure security, testing, and auditing are just a few of the many topics
covered by the expanding and changing field of information security (InfoSec).

Information security aims to protect sensitive data, including financial

information, intellectual property, and customer account information, while also
maintaining its privacy. Data loss, data manipulation, and theft of confidential
information are all effects of security events. Attacks can cause delays in
company operations, harm a company's reputation, and cost money. Businesses
must set aside money for security and make sure they are prepared to identify,
stop, and proactively avoid assaults.

At the core of Information Security is Information Assurance, which means the

act of ensuring that information is not compromised in any way when critical
issues arise. These issues are not limited to natural disasters, computer/server
malfunctions etc.

6.1.1 Information Asset

Assets that need to be protected are the foundation of security. Assets can
include people, human-made objects, or elements of the natural world. The
resources used to facilitate the management of information are included in the
assets, which are commonly referred to as information assets in the field of
information security. This is shown in Figure below.

220 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 1

6.1.2 Information Security Policy

Organizations enforcing compliance requires them to have defined policies.

Policies provide guidance, consistency, and clarity around an organization’s
operations. Similarly, information security policies exist to set a standard around
the use of the organization's information technology. An Information Security
Policy (ISP) is a set of rules that guide individuals when using IT assets.
Companies can create information security policies to ensure that employees and
other users follow security protocols and procedures. Security policies are
intended to ensure that only authorized users can access sensitive systems and
information.

Creating an effective security policy and taking steps to ensure compliance is an

important step towards preventing and mitigating security threats. To make your
policy truly effective, update it frequently based on company changes, new
threats, conclusions drawn from previous breaches, and changes to security
systems and tools. Make your information security strategy practical and
reasonable. To meet the needs and urgency of different departments within the
organization, it is necessary to deploy a system of exceptions, with an approval
process, enabling departments or individuals to deviate from the rules in specific
circumstances

Information security policy usually consist of:

CoDEUCC/Bachelor of Science in Information Technology 221

 OVERVIEW OF INFORMATION
UNIT 6
SESSION 1 SECURITY AND ITS TYPES

• Data or sets of data that the policy applies to.

• A well-defined list of people or programs having access to the said data.
• Guidelines for setting passwords or passcodes.
• Roles of employees in safeguarding of data.
• A data support and operations plan to ensure data availability

An effective security policy prevents security threats and the risk of information
disclosure. This makes the system more practical and worthy to use.

6.2 Why we need Information Security

Information and information systems assist us in storing, processing, and

distributing the necessary information to the appropriate users at the right time.
Information can be shielded from unauthorized dissemination, access, and
modification with the aid of this security measure. Information must be
safeguarded against internal and external threats since it is a valuable resource.

Weak data security can lead to key information being lost or stolen, create a poor
experience for customers and reputational harm. Data breaches, fraud, and
cyber-security attacks are all becoming more common as people become more
reliant on technology. Here are a few important reasons for organisations to
implement information security systems.

• Information Security threats are very common: Threats to

information security are increasingly common. Worms, viruses, data
extortion, intellectual property theft, identity theft, and theft of physical
equipment are among them. A common type of threat is something called
ransomware. This is when a hacker prevents access to information or
threatens to expose it until they are paid a set amount.
• The cost of a data breach: A security breach can take various forms, all
of which can be costly.
• State-sponsored hackers: Governments finance some hacker groups in
order to disrupt or meddle with other countries' affairs.
• Cyber-attacks increase during challenging times: Information
security is critical at all times, but especially during times of emergency.
222 CoDEUCC/Bachelor of Science in Information Technology
INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 1

A good example is the global epidemic. Cyberattacks are doubled.

Hospitals and pharmaceutical companies, for example, are badly
affected. Many organisations have also been harmed by the widespread
adoption of remote working, which leaves them more vulnerable to
attack by hackers. No one can predict when a crisis will strike, but any
organisation that deals with data should be prepared for the worst.
• Cyber-attacks are getting more sophisticated: Cyberattacks are
becoming more sophisticated, making information security even more
important and relevant. Hackers are getting better, but they also don't
have to put in as much effort to be effective because of the advancements
in technology. Also, they've become more organised, forming
communities and exchanging information.
• Balanced security: Information security can never be completely
secure. Not a goal, information security is a process. Any method can be
used to make a system accessible to everybody, anytime, anyplace. Such
open access, though, puts the information's security in jeopardy. On the
other side, no one would be able to access information in a fully protected
information system. Operating an information system that satisfies both
users and security experts is necessary to strike a balance; the security
level must permit appropriate access while thwarting threats.

The organization's main goal is to safeguard users' interests and to give them the
right amount of information when it's required. Additionally, in order to prevent
unauthorized access to the information, proper security must be provided. Since
information security can never be completely guaranteed, a perfect balance
between accessibility and security must be maintained. It would be harmful to
provide free access to a piece of information and it would be hard to restrict any
accessibility. So, one needs to make sure that the exact required balance is
maintained so that both the users and the security professionals are happy.

6.3 Types of Information Security

When considering information security, there are many types that you should
know. These types cover specific types of information, tools used to protect
information and domains where information needs protection.

CoDEUCC/Bachelor of Science in Information Technology 223

 OVERVIEW OF INFORMATION
UNIT 6
SESSION 1 SECURITY AND ITS TYPES

Application Security : Application security strategies protect applications and

application programming interfaces (APIs). You can use these strategies to
prevent, detect and correct bugs or other vulnerabilities in your applications. If
not secured, application and API vulnerabilities can provide a gateway to your
broader systems, putting your information at risk. Application security
characteristics contain documentation, authorization, encoding, and application
security checking. Organizations can use secure coding practices to minimize
vulnerabilities, scanner to continuously detect the new vulnerabilities and Web
Application Firewall to secure public application.

Much of application security is based on specialized tools for application

shielding, scanning and testing. These tools can help you identify vulnerabilities
in applications and surrounding components. Once found, you can correct these
vulnerabilities before applications are released or vulnerabilities are exploited.
Application security applies to both applications you are using and those you
may be developing since both need to be secured.

Infrastructure security: Infrastructure security strategies protect infrastructure

components, including networks, servers, client devices, mobile devices, and
data centers. The growing connectivity between these, and other infrastructure
components, puts information at risk without proper precautions. This risk
arises from the fact that your systems are more vulnerable because of
connectivity. Your entire infrastructure will be impacted if one component fails
or is compromised. As a result, minimizing dependencies and isolating
components while still allowing for intercommunications is a key objective of
infrastructure security. The purpose of infrastructure security covers safety
from common cybercrimes and protection from natural calamities and other
accidents. Infrastructure security also plays a vital role in reducing the risk of
damage due to malfunction.

Cloud security: Cloud security focuses on building and hosting secure

applications in cloud environments and securely consuming third-party cloud
applications. “Cloud” simply means that the application is running in a shared
environment. Cloud Security provides similar protections to application and
infrastructure security but is focused on cloud or cloud-connected components
and information. Cloud security adds extra protections and tools to focus on
the vulnerabilities that come from Internet-facing services and shared

224 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 1

environments, such as public clouds. It also tends to include a focus on

centralizing security management and tooling. This centralization enables
security teams to maintain visibility of information and information threats
across distributed resources.

Collaboration with your cloud provider or third-party services is another aspect

of cloud security. Since the infrastructure is often handled for you when using
cloud-hosted resources and applications, you are often unable to fully control
your surroundings. As a result, cloud security policies must take into account
limited control and implement safeguards to prevent unauthorized access and
vulnerabilities caused by vendors or contractors.

Cryptography: Cryptography have become increasingly important. It is simply

the science of hiding data to prevent unauthorized individuals from accessing
data or secure transmissions. Cryptography uses a practice called encryption to
secure information by obscuring the contents. When information is encrypted, it
is only accessible to users who have the correct encryption key. If users do not
have this key, the information is unintelligible. Security teams can use
encryption to protect information confidentiality and integrity throughout its
life, including in storage and during transfer. However, once a user decrypts the
data, it is vulnerable to theft, exposure, or modification. To encrypt information,
security teams use tools such as encryption algorithms or technologies like
blockchain. Encryption algorithms, like the advanced encryption standard
(AES), are more common since there is more support for these tools and less
overhead for use.

Vulnerability management: Vulnerability management is a practice meant to

reduce inherent risks in an application or system. The idea behind this practice
is to discover and patch vulnerabilities before issues are exposed or exploited.
The fewer vulnerabilities a component or system has, the more secure your
information and resources are. Vulnerability management practices rely on
testing, auditing, and scanning to detect issues. These processes are often
automated to ensure that components are evaluated to a specific standard and to
ensure vulnerabilities are uncovered as quickly as possible. Another method that
you can use is threat hunting which involves investigating systems in real-time
to identify signs of threats or to locate potential vulnerabilities.

CoDEUCC/Bachelor of Science in Information Technology 225

 OVERVIEW OF INFORMATION
UNIT 6
SESSION 1 SECURITY AND ITS TYPES

Disaster recovery: Understanding how to recover from disasters is a crucial

component of information security awareness. In order to help an organization
to recover from natural catastrophes and malicious events, information security
also involves tools and procedures. Disaster recovery plans shield your business
from loss or harm brought on by unforeseen circumstances. For instance, single
points of failure, natural calamities, or ransomware. Disaster recovery plans
often include plans for recovering data, restoring systems, and starting up
operations again. These tactics are often included in a business continuity
management (BCM) plan, which enables firms to keep running with the least
amount of downtime possible.

Endpoint Security: Endpoint security helps protect end-user endpoints such as

laptops, desktops, smartphones, and tablets against cyberattacks. Organizations
implement endpoint security to protect devices used for work purposes,
including those connected to a local network and those using cloud resources.
Endpoints connecting to corporate networks become a security vulnerability that
can potentially allow malicious actors to breach the network. An endpoint is
essentially a potential entry point that cybercriminals can and often exploit
through various techniques, like malicious software (malware) installed on an
endpoint device to obtain control of a system or exfiltrate data. An endpoint
security solution examines processes, files, and network traffic on each endpoint
for indicators of malicious activity. Once the tool detects a threat, it notifies the
relevant users and can perform automated responses.

Summary
Information Security is not only about securing information from unauthorized
access. Information Security is basically the practice of preventing unauthorized
access, use, disclosure, disruption, modification, inspection, recording or
destruction of information.

226 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 1

Self-Assessment Questions
Exercise 6.1
a) Explain information security?
b) State and explain any four (4) types of information security

CoDEUCC/Bachelor of Science in Information Technology 227

 OVERVIEW OF INFORMATION
UNIT 6
SESSION 1 SECURITY AND ITS TYPES

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

228 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 2

SESSION 2: INFORMATION SECURITY TRIAD

Welcome to another session of tis unit. In this session we shall

look at the CIA triad and its relevance. Also we will learn
about the implementation and best practices of the CIA triad. CIA stand for
Confidentiality, Integrity, and Availability. The CIA triad helps in finding
vulnerabilities and approaches for creating solutions. Relax and enjoy the
session then.

Objectives
By the end of this session, you should be able to:
a) Understand what CIA triad is and its importance
b) Explain each concept of CIA triad
c) Outline some examples, implementation and best practices of CIA triad

Now read on…

6.1 The CIA Triad

The CIA triad is a collective model that constitute the basis for security systems
development. The three letters in "CIA triad" stand for Confidentiality, Integrity,
and Availability. The CIA triad helps in finding vulnerabilities and approaches
for creating solutions. The confidentiality, integrity, and availability of
information is relevant to the operation of a business, and the CIA triad segments
these three ideas into distinct important points. It is necessary to differentiate
between these three ideas because it guide the IS security team to come up with
different strategies to address these concern.

Confidentiality, Integrity and Availability of data are the basis for ensuring
assurance on IS Security. This session gives an overview of the impact of
confidentiality, integrity and availability on data and the need for securing the
CIA. The guarantee of security in Information systems are the lifeblood of any
large business. As in years past, computer systems do not just keep records of
business transactions, but also drives the key business processes of the
enterprise. With regards to this, senior management and business managers do

CoDEUCC/Bachelor of Science in Information Technology 229

 INFORMATION SECURITY TRIAD
UNIT 6
SESSION 2

have concerns about IS. The reason why IS need to be audited is to review and
provide feedback, assurances and suggestions. Information security actually
means that the confidentiality, integrity and availability of information assets is
maintained. Ideally, meeting the standards of these three enables the security
profile of an organization to be stronger and better equipped to handle threat
incidents.

6.1.1 Importance of the CIA Triad

After understanding what the CIA is, it is necessary to comprehend why it

functions better as a triad. In a way, the CIA Triad aids in making sense of the
various security methods, programs, and services accessible. Drawing a clear
image of what is specifically needed to address the security problems helps
instead of taking a wild guess.

The three concepts exist in tension with one another when it is worked as a triad.
For example, requiring elaborate authentication, in turn, helps ensure
confidentiality, but at the same time, some people who have the right to the data
may not get access, thereby, reducing availability.

The CIA Triad can be used to more effectively decide which of the three
principles will be most beneficial for a certain type of data as well as the business
as a whole when developing information security policies.

The CIA triad provides as the fundamental framework for creating

organizational security systems and policies. Because of this, the CIA trinity is
essential to keeping your data secure and safe from evolving cyber threats. It is
determined that an organization has failed to adequately enforce one or more of
these standards when a security incident, such as information theft or a security
breach, happens. Because it strengthens security posture, enables organizations
to comply with complicated requirements, and ensures business continuity, the
CIA triad is essential to information security.

The contrary of confidentiality, integrity, and availability is disclosure,

alteration, and destruction.

• Disclosure: When an authorized group gains access to your information.

230 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 2

• Alteration: When data is altered or modified.

• Destruction: When data, systems, or applications are destroyed or
rendered inapproachable

Apart from this there are more principles that governs information security
programs. These are discussed below:

• Non repudiation – means one party cannot deny receiving a message or a

transaction nor can the other party deny sending a message or a transaction.
For example, in cryptography it is sufficient to show that message matches
the digital signature signed with sender’s private key and that sender could
have sent a message and nobody else could have altered it in transit. Data
Integrity and Authenticity are pre-requisites for Non repudiation.

• Authenticity – Authentication is a verification of identity of the subject. The

subject need to provide more information like password, pin etc. And
compare this information to pre-existing data for this subject. Once matching
end up in successful authentication, then Authorization step begins.
Authenticity involves verifying that users are who they say they are and that
each input arriving at destination is from a trusted source. This principle if
followed guarantees the valid and genuine message received from a trusted
source through a valid transmission.

6.2 THE CIA TRIAD

We will start by defining what security and controls are. Security refers to
policies, procedures, and technical measures used to prevent unauthorized
access, alteration, theft, or physical damage to information systems and Controls
are the methods, policies, and organizational procedures that organizations put
in place to ensure safety of their assets; accuracy and reliability of its records;
and operational adherence to management standards. Let me ask these questions:

• What types of threats can harm an information system and it resources?

• Why do you think there is so much attention on Internet security issues
in the press lately?

CoDEUCC/Bachelor of Science in Information Technology 231

 INFORMATION SECURITY TRIAD
UNIT 6
SESSION 2

• Has anyone one of you been a victim of a breach in computer security?

I presume some of you have encountered these problems and may have ideas on
what they actually are. And this takes us straight to our topic for today.
Information security process aims at protecting three unique characteristics of
information, namely; Confidentiality, Integrity and Availability of data and this
constitute the CIA triad.

Let’s look at what the CIA triad actually entails.

The CIA triad is a widely accepted model in information security. The model
seems to have developed over time, with its roots as old as modern computing,
pulling concepts from various sources. The CIA triad is a popular model in IS
security development which is applied in several situations to assist in
identifying problems or weaknesses and helping to establish security solutions.
The three core components of the CIA triad form the information security model
intended to guide an organization’s security procedures and policies. The CIA
Triad has to do with keeping your organization's data, networks, and devices
safe and secure.

232 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 2

6.2.1 Confidentiality

Confidentiality is a set of rules that limits access or set restrictions on the use of
certain types of information. Confidentiality restricts the disclosure of
information to unauthorized individuals or systems. It can be seen as the ability
to control or prevent access so that only authorized individuals can view
sensitive information. That is, protecting the content of an information. One of
the fundamental principles of confidentiality is "need-to-know" (NTK) or "least
privilege" meaning, access to vital information should be limited to only those
who have a specific need to see or use that information. Confidentiality is
essential for preserving the privacy of the people whose personal information a
system holds. The essence of confidentiality is to disallow access to IS system
or resources by unauthorized users. Let’s consider this example; in a university
system, not everyone has the mandate to input, edit or alter student results or
records unless the people who have been assigned that specific role. Access to
grades or student’s records are limited to those who have been authorized to do
so. Also, finance workers in an organization can be given access to spreadsheets,
bank accounts, and other information concerning the flow of money but the other
employees may not have such privileges. Another example is theft of
confidential information which include theft of employee information like credit
card information, corporate credit card information, social security number,
address, etc or theft of trade secrets and other intellectual property (IP). You may
wonder why people steal such data. People usually steal this information for
impersonation, pretending to be those they are not. They can fake the identity of
others for malicious reasons and also to tarnish one’s image. To ensure that
confidentiality policies are enforced, strict constraints have to be in place to limit
who can see what.

Confidentiality usually deals with an organization’s effort to keep their data

secret or private and this can be attained by regulating access to information to
prevent unauthorized sharing of data either intentional or accidental. In
maintaining confidentiality, it is relevant to ensure that people without the
required authorization must not be given access to important business assets.
However, it is paramount to ensure that the necessary privileges are given to
those who need to have access. An information is said to be confidential when
it includes non-public information disclosed or made available to the receiving
party, either directly or indirectly, through any means of communication or
observation. Some examples of are: Medical information, Names, dates of birth,

CoDEUCC/Bachelor of Science in Information Technology 233

 INFORMATION SECURITY TRIAD
UNIT 6
SESSION 2

addresses, contact details (of staff, clients, patients, pupils, etc), Personal bank
details and credit card information, Images of staff, pupils or clients that confirm
their identity and can be linked to additional personal information, Payroll
numbers, Company financial accounts information, Passwords and related IT
information.

Compromising Confidentiality
There are several ways confidentiality can be compromised. This may include
direct attacks which aims at gaining access to systems or information which the
attacker does not have the rights to see. Also, an attacker can make a direct
attempt to penetrate an application or database so they can take data or alter it.
These direct attacks may use techniques such as man-in-the-middle (MITM)
attacks, where an attacker positions themselves in the stream of information to
intercept data and then either steal or alter it. Some attackers also involve
themselves in other types of network spying to infiltrate people’s credentials.
Some will also try to obtain more system privileges to attain the next level of
clearance.
Conversely, we must note that not all violations of confidentiality are deliberate.
Human error or insufficient security controls may be blame as well. Let’s look
at this example, when users fail to protect their password either to a workstation
or to log in to a restricted area or share their credentials with someone else, or
allow others to see their login while they enter it. In other situations, a user may
not properly encrypt a communication, allowing an attacker to intercept their
information. A thief may also decide to steal hardware, either an entire computer
or a device used in the login process and use it to access confidential
information.
On the other hand, a breach of confidentiality entails the disclosure of private
information to a third party without the owner’s consent. This can result in Court
cases, High costs: fines and loss of trade and Tarnished reputation. A breach of
confidentiality usually occurs when
• An email containing sensitive information are sent to the wrong address.
• A document containing someone’s personal data are left in bare.
• Document containing confidential or sensitive information are thrown
into general waste instead of shredding it.
However, we must note that a breach of confidentiality can happen accidentally
to anyone.
In order to fight against confidentiality breaches, organization should

234 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 2

• Organize and label restricted data,

• Enable access control policies
• Encrypt data
• Use multi-factor authentication (MFA) systems.
• Organizations should train and acquaint employees with knowledge to
enable them recognize IS dangers and avoid them.

Protecting confidential information is important for maintaining trust and

ongoing business with clients. It prevents misuse of confidential information
(illegal or immoral use), protects reputation and ensures compliance with the
law. However, there are exceptions as to when confidential information can be
disclosed for legitimate reasons. It is very important that these exceptions are
outlined in detail in confidentiality policies together with the procedures to
follow.

6.2.2 Integrity

The CIA triad goal of integrity is to keep information accurate and consistent
unless authorized changes are to be made. With integrity, Information should be
accurate and reliable and must not be changed or tampered with by an
unauthorized party. The integrity of a data is not only when the data is
'corrected', but also the data need to be trusted, relied upon, be maintained in an
accurate state, kept safe to avoid being tampered with, and should be authentic
as well. Integrity involves preserving the consistency, accuracy, and
trustworthiness of data throughout its entire life cycle. We can say that integrity
is ensured when the information is not modified during storage, transmission
and usage. There should be the assurance that the information being accessed
has not been altered and truly represents what it is intended for. Data should not
be tampered with when in transit, and measures must be put in place to ensure
that data cannot be altered by unauthorized people. It ensures that information
remains intact and unaltered. Any changes to the information through malicious
action, natural disaster, or even a simple innocent mistake is tracked.
Integrity relates to information security because accurate and consistent
information is as a result of proper protection. The CIA triad requires
information security procedures to monitor and control authorized access, use,
and transmission of information.

CoDEUCC/Bachelor of Science in Information Technology 235

 INFORMATION SECURITY TRIAD
UNIT 6
SESSION 2

It is likely that information will change due to careless access and use, errors in
the information system, or unauthorized access and use. Access control and
encryption can be used to protect the integrity of data, however, there are other
ways to ensure data integrity, both from attacks and corruption. Some of such
ways are making the data as simple as a read-only file, using hashing or data
checksums, which allow data to be audited to ensure the data hasn’t been
compromised and by protecting it physically from outside sources.

Just as a person with integrity means whatever he or she says and can be trusted
to consistently represent the truth, so as information integrity must truly
represents its intended meaning. Information can lose its integrity through
malicious intent, such as when someone who is not authorized makes a change
to intentionally misrepresent something. Let’s consider this example, when a
hacker is hired and paid to go into a university’s system to change a student’s
grade. The originality of the grade has been tampered with and it will not show
the true reflection of the performance of the student and hence a breach in
integrity.

Compromising Integrity
Compromising integrity can be done intentionally or unintentionally.
Intentionally in the sense that, an attacker may bypass an intrusion detection
system (IDS) and changes file configurations to enable unauthorized access, or
alter the logs kept by the system to hide the attack. We must also note that
integrity can also be lost accidentally, in that there can be a surge in computer
power which might corrupt some files or an authorized person can accidentally
delete a file or enter an incorrect information while working on such data and
make a careless mistake during the input of sensitive data. Also, inadequate
security policies, protections, and procedures can cause violation of integrity in
an organization.

To protect the integrity of data, you can use hashing, encryption, digital
certificates, or digital signatures. For websites, you can employ trustworthy
certificate authorities (CAs) that verify the authenticity of your website so
visitors know they are getting the site they intended to visit.

236 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 2

6.2.3 Availability

The CIA triad goal of availability is where information is readily available when
and where it is rightly needed. The key concern in the CIA triad is that the
information should be available when authorized users need to access it.

Availability is enforced when all components of the information system are

working properly. Problems in the information system can render an IS not
accessible or not operable thereby making the information unavailable. In the
CIA triad, availability is linked to information security because effective
security measures protect system components and enforce that information is
readily available. When the confidentiality and integrity of data and availability
is not ensured, the data then becomes useless to those in the organization and the
customers they serve. This show that organization’s systems, networks, and
applications must be functioning as they should and when they should to enable
the availability of the data. Also, individuals with access to specific information
must be capable of utilizing it when they need arise, and there should not be any
hindrance to accessing the data.
Availability is really about making sure your systems are up and running so that
business can continue, even in the face of an attack.

Compromising Availability
For example, when there is a power outage and there is no mechanism in place
to help users regain access to critical systems, availability will be compromised.
Also, a natural disaster like a flood or severe rain storm may impede users from
getting to the office, which can interrupt the availability of their workstations
and other devices that provide business-critical information or applications.
Availability can also be compromised through deliberate acts of sabotage, such
as the use of denial-of-service (DoS) attacks or ransomware.
To safeguard availability, organizations can install extra networks, servers, and
applications that can be programmed to become available when the primary
system has been disrupted or broken. Availability can also be enhanced by
adopting frequent and consistent upgrade of software packages and security
systems and this will make it less likely for an application to malfunction or for
a relatively new threat to intrude the system. Backups and full disaster recovery
plans also aid in regaining availability quickly after a negative event.

CoDEUCC/Bachelor of Science in Information Technology 237

 INFORMATION SECURITY TRIAD
UNIT 6
SESSION 2

However, there is the need to note that even when there are no attacks, systems
can still fail and become unavailable, load balancing and fault tolerance can help
mitigate a system from failing.
Just as it is vital to keep unauthorized users out of an organization’s data, so it
is that data be made available to authorized users whenever they require it. And
this can be attained by ensuring systems, networks, and devices are up and
running.

Countermeasures to help guarantee availability include redundancy in servers,

internal networks, applications, hardware fault tolerance, regular software
patching, system upgrades, backups, comprehensive disaster recovery plans,
and DoS protection solutions.

6.2.4 Examples of CIA Triad

Consider an ATM where users may check bank balances and other data to get a
clearer idea of how the CIA Triad works in real life. An ATM has safeguards
that meet the triad's basic ideas:

• The two-factor authentication (debit card with the PIN code) provides
confidentiality before authorizing access to sensitive data.
• The ATM and bank software ensure data integrity by maintaining all
transfer and withdrawal records made via the ATM in the user’s bank
accounting.
• The ATM provides availability as it is for public use and is accessible
at all times.

6.3 Implementation of the CIA Triad with Best Practices

The CIA triad model can be used in several ways, including:

• Discovering the best way to enforce authorization and authentication

methods.

238 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 2

• Comprehending how to keep customer, employee, and critical business

data protected.
• Assuring any new devices added to an organization are secure without
introducing risks.

Best Practices of Confidentiality

• Data should be handled based on the organization's demanded privacy.

• Data should be encrypted.
• Maintain access control checklists and other file permissions updated.

Best Practices of Integrity

• Assure employees are familiar with compliance and regulatory

requirements to minimize human error.
• Use backup and recovery strategies and software.
• To assure integrity, use version control, access control, security control,
logs, and checksums.

Best Practices of Availability

• Utilize preventative efforts such as redundancy, failover, and RAID.

Assure systems and applications are up to date.
• Utilize network or server monitoring strategies

Summary
The CIA Triad is more effectively used to decide which of the three principles
will be most beneficial for a certain type of data as well as the business as a
whole when developing information security policies. The CIA Triad aids in
making sense of the various security methods, programs, and services
accessible.

CoDEUCC/Bachelor of Science in Information Technology 239

 INFORMATION SECURITY TRIAD
UNIT 6
SESSION 2

Self-Assessment Questions
Exercise 6.2

1. What purpose does the CIA triad serve in information security?

a) It creates layers of networks.
b) It helps to develop security measures.
c) It eliminates the need for passwords.
d) It allows you to spy on other users.
2. Another name for the information security triad is:
a) The FBI triad.
b) The ISS triad.
c) The CIA triad.
d) The IST triad.
3. Risk, as it applies to information technology, is not associated with which one
or more of the following items:
a) People
b) Practices
c) Processes
d) Principles

4. Which one of these represents the property of keeping an organization

information accurate, without error, and without unauthorized modification?
a) Availability
b) Integrity
c) Confidentiality
d) Accountability

5. Which one of the following access control services determines the capabilities
of a subject when accessing the object?
a) Accountability
b) Authorization
c) Audit
d) I&A

240 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 2

6. Give some examples of CIA Triad

7. Explain the Importance of the CIA Triad

CoDEUCC/Bachelor of Science in Information Technology 241

 INFORMATION SECURITY TRIAD
UNIT 6
SESSION 2

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

242 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 3

SESSION 3: TOOLS AND TECHNOLOGIES FOR SAFEGUARDING

INFORMATION RESOURCES

Welcome to another interesting session. In this session, we

shall study the various tools and technology for safeguarding
information resources. Organizations have various technologies for protecting
their information resources. Let’s find out what these tools and technologies
are.

Objectives
By the end of this session, you should be able to:
a) Understand the tools and technology for safeguarding information
resources
b) Identify some tools and technology for safeguarding information
resources

Now read on…

6.1 The Tools and Technologies

There are various tools and technologies which safeguard resources. Businesses
have an array of technologies for protecting their information resources. They
include tools for managing user identities, preventing unauthorized access to
systems and data, ensuring system availability, and ensuring software quality.
Detection systems are placed at the most at-risk points in a network to detect
intrusion. Passwords, biometrics and smart cards ensure that only authorized
users can access the network. Firewalls monitor outgoing and incoming traffic
and protect private networks. Antivirus software is developed to detect and
remove viruses and malware from computers and many others.

Various tools and technologies used to safeguard information resources include:

6.1.1 Identity Management and Authentication

Large and mid-sized businesses have complex IT infrastructures and a variety
of systems, each with its own user set. By giving each user a distinct digital
identity to access each system, identity management software automates the
CoDEUCC/Bachelor of Science in Information Technology 243
 TOOLS AND TECHNOLOGIES FOR SAFE-
UNIT 6
SESSION 3 GUARDING INFORMATION RESOURCES

process of keeping track of all these users and their system privileges.
Additionally, it has capabilities for user identification, identity protection, and
restriction of access to system resources.

A user needs to be authorized and authenticated before they may access a

system. Using passwords that are only known by authorised users is a common
way to establish authentication. A password is used by an end user to access a
computer system and may also be used to access particular systems and files.
But users regularly share passwords, forget them, or select weak passwords that
are simple to guess, which compromises security. Employees frequently use
shortcuts, such as selecting passwords that are simple to guess or leaving their
credentials at their workstations, when they need to change complex passwords
frequently. Passwords can potentially be obtained using social engineering or
sniffed if sent over a network.

New authentication technologies, such as tokens, smart cards, and biometric

authentication, overcome some of these problems. A token is a physical device,
similar to an identification card, that is designed to prove the identity of a single
user. Tokens are small gadgets that typically fit on key rings and display
passcodes that change frequently. A smart card is a device about the size of a
credit card that contains a chip formatted with access permission and other data.
(Smart cards are also used in electronic payment systems.) A reader device
interprets the data on the smart card and allows or denies access.

To give or reject access, biometric authentication uses systems that analyse

unique human characteristics like fingerprints, irises, and voices. The foundation
of biometric authentication is the measurement of a physical or behavioural
characteristic that distinguishes each person from another. It examines a person's
distinctive traits, such as their fingerprints, face, voice, or retinal picture, against
a profile of these traits that has been saved in order to spot any discrepancies.
Access is given if the profiles match. Many PC laptops (and some smartphones)
are equipped with fingerprint identification devices, and some models have
built-in webcams and face recognition software. These technologies are just
starting to be exploited for security purposes.

244 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 3

6.1.2 Firewalls, Intrusion Detection Systems, and Anti-malware Software

Without protection against malware and intruders, connecting to the Internet

would be very dangerous. Firewalls, intrusion detection systems, and anti-
malware software have become essential business tools.

a. Firewalls: Firewalls prevent unauthorized users from accessing private

networks. A firewall is a combination of hardware and software that
controls the flow of incoming and outgoing network traffic. It is
generally placed between the organization’s private internal networks
and distrusted external networks, such as the Internet, although firewalls
can also be used to protect one part of a company’s network from the rest
of the network. The firewall serves as a gatekeeper, checking each user's
credentials before allowing them access to the network. Incoming
traffic's, names, IP addresses, applications, and other characteristics are
identified by the firewall. This information is compared to the system
access rules that the network administrator has set up. Unauthorized
communication into and out of the network is stopped by the firewall.

In large organizations, the firewall often resides on a specially designated

computer separate from the rest of the network, so no incoming request
directly accesses private network resources. There are a number of
firewalls screening technologies, including static packet filtering,
stateful inspection, Network Address Translation, and application proxy
filtering. They are frequently used in combination to provide firewall
protection. Packet filtering examines selected fields in the headers of
data packets flowing back and forth between the trusted network and the
Internet, examining individual packets in isolation. This filtering
technology can miss many types of attacks.

Stateful inspection provides additional security by determining whether

packets are part of an ongoing dialogue between a sender and a receiver.
It sets up state tables to track information over multiple packets. Packets
are accepted or rejected based on whether they are part of an approved
conversation or attempting to establish a legitimate connection.

Application proxy filtering looks at the packets' application content.

Outside-originating data packets are blocked by a proxy server, which

CoDEUCC/Bachelor of Science in Information Technology 245

 TOOLS AND TECHNOLOGIES FOR SAFE-
UNIT 6
SESSION 3 GUARDING INFORMATION RESOURCES

also inspects them and sends a proxy to the opposite side of the firewall.
In order for an outside user to interact with an inside user of the company,
the outside user must first communicate with the proxy application,
which then communicates with the internal computer of the company.
Similar to this, a user of a computer inside the company uses the proxy
to communicate with a computer outside.

To create a good firewall, an administrator must maintain detailed

internal rules identifying the people, applications, or addresses that are
allowed or rejected. Firewalls can deter, but not completely prevent,
network penetration by outsiders and should be viewed as one element
in an overall security plan.

b. Intrusion Detection Systems: Commercial security vendors

increasingly offer intrusion detection technologies and services in
addition to firewalls to safeguard against unauthorized network access
attempts and suspicious network traffic. In order to continuously detect
and prevent intruders, intrusion detection systems have tools for
continuous monitoring located at the most vulnerable points or hot spots
of corporate networks. If the system discovers a suspicious or abnormal
event, it will trigger an alarm. Software scanning looks for patterns
indicating well-known computer attack techniques, such as weak
passwords, checks to see whether crucial files have been removed or
changed, and notifies users of possible vandalism or system
administration errors. A network's most sensitive area can be configured
to be shut down if it receives illegal traffic using the intrusion detection
tool.

c. Anti-malware Software: Every PC must have anti-malware protection

in defensive technology strategy for both individuals and businesses.
Anti-malware software guards against, finds, and eliminates malware,
such as Trojan horses, spyware, adware, and computer viruses and
worms. However, the majority of anti-malware programs only work
against malware that was already well-known at the time the program
was built. The program needs to be updated regularly in order to
function properly. Even then, certain viruses can avoid detection, thus it
is not always successful. For improved defense, organizations must

246 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 3

utilize more malware detection tools.

6.1.3 Securing Wireless Networks

Because its encryption keys are relatively simple to decipher, Wired Equivalent
Privacy (WEP), the first security standard created for Wi-Fi, is not very
effective. However, if users remember to enable it, WEP offers some level of
protection. When accessing internal company data, businesses can further
increase Wi-Fi security by combining it with virtual private network (VPN)
technology. Wi-Fi Protected Access 2, or WPA2, which replaces WEP with
improved security standards, was finalized by the Wi-Fi Alliance industry trade
group. The new standard uses significantly longer keys that are constantly
changing rather than the static encryption keys used in WEP, making them more
difficult to decipher.

6.1.4 Encryption and Public Key Infrastructure

Many companies employ encryption to safeguard the digital data they store,
physically move, or transmit online. The process of converting ordinary text or
data into cipher text, which can only be read by the sender and the intended
recipient, is known as encryption. A secret numerical code known as an
encryption key is used to encrypt data, turning plain text into cipher text. The
receiver needs to decrypt the message. Symmetric key encryption and public key
encryption are two types of encryption. In symmetric key encryption, the sender
and receiver create a single encryption key and deliver it to the recipient so they
both have access to the same key, resulting in a secure Internet connection. The
strength of the encryption key is measured by its bit length.

The problem with all symmetric encryption schemes is that the key itself must
be shared somehow among the senders and receivers, which exposes the key to
outsiders who might just be able to intercept and decrypt the key. A more secure
form of encryption called public key encryption uses two keys: one shared (or
public) and one totally private. The keys are mathematically related so that data
encrypted with one key can be decrypted using only the other key. To send and
receive messages, communicators first create separate pairs of private and public
keys. The public key is kept in a directory, and the private key must be kept

CoDEUCC/Bachelor of Science in Information Technology 247

 TOOLS AND TECHNOLOGIES FOR SAFE-
UNIT 6
SESSION 3 GUARDING INFORMATION RESOURCES

secret. The sender encrypts a message with the recipient’s public key. On
receiving the message, the recipient uses his or her private key to decrypt it.

6.1.5 Securing Transactions with Blockchain

Blockchain is becoming more popular as a different method for securing

transactions and building trust between several parties. A chain of digital
"blocks" called a blockchain is made up of transaction records. The blockchains
are continuously updated and kept in sync, and each block is related to all the
blocks that came before and after it. Changing the block that contains a single
record as well as those related to it in order to prevent detection makes it harder
to alter a single record. A blockchain transaction cannot be altered once it has
been recorded. Cryptography is used to secure the data records on a blockchain,
and all transactions are encrypted. Participants in the blockchain network each
have their own private key, which is linked to the transactions they generate and
serves as a unique digital signature. The blockchain network will be alerted right
away if a record is altered since the altered record will render the signature
invalid. Because blockchains aren’t contained in a central location, they don’t
have a single point of failure and cannot be changed from a single computer.
Blockchain is especially suitable for environments with high security
requirements and mutually unknown actors.

Summary
Tools for managing user identities, preventing unauthorized access to systems
and data, ensuring system availability, and ensuring software quality is crucial
in every organization. Detection systems are placed at most risk points in a
network to detect intrusion. Passwords, biometrics and smart cards ensure that
only authorized users can have access to a particular network. Firewalls,
Antivirus among many others are also used.

248 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 3

Self-Assessment Questions
Exercise 6.3

a. State five (5) tools and technology used to safeguard information resources

CoDEUCC/Bachelor of Science in Information Technology 249

 TOOLS AND TECHNOLOGIES FOR SAFE-
UNIT 6
SESSION 3 GUARDING INFORMATION RESOURCES

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

250 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 4

SESSION 4: COMPONENTS OF AN ORGANIZATIONAL

FRAMEWORK FOR SECURITY AND CONTROL

You are welcome to another session of this unit. In this

session, we shall look at what security framework is and also
discuss the components of organizational framework for security and controls.
Let’s now look at the content of the session.

Objectives
By the end of this session, you should be able to:
a) Describe what security framework is
b) Explain the components of an organizational framework for security and
control

Now read on…

6.1 What is a Security Framework?

Your information systems won't be reliable and secure even with the best
security tools unless you know how and where to deploy them. You'll need to
be aware of the risks facing your business and the controls that are necessary to
safeguard your information systems. Additionally, you'll need to create a
security policy and contingency plans for when your information systems fail.

Policies and procedures for developing and maintaining security controls are
specified by a security framework. Frameworks make clear the steps taken to
safeguard an organization from cybersecurity risks. They help IT security
professionals in keeping their business safe from online attacks and compliant.
It's crucial to remember that once a security framework has been put in place,
"compliance" shouldn't be crossed off your list of priorities. One of the top
security-related errors businesses commit is reviewing compliance just once and
then ignoring it.

CoDEUCC/Bachelor of Science in Information Technology 251

 COMPONENTS OF AN ORGANIZATIONAL
UNIT 6
FRAMEWORK FOR SECURITY AND CONTROL
SESSION 4

6.2 Components of an Organizational Framework

The components of an organizational framework for security and control are:

1. Information Systems Controls

Controls for information systems can be manual or automated and include both
general and application controls. The design, security, and use of computer
programs, as well as the overall security of data files across the organization's
information technology infrastructure, are governed by general controls. A mix
of hardware, software, and manual processes known as generic controls, which
are applicable to all computerized applications, create an overall control
environment. Software controls, hardware controls, physical components,
computer operations controls, data security controls, process controls for the
creation of systems, and administrative controls are all examples of general
controls.

Application controls are particular controls that are specific to each

computerized application, such as order processing or payroll. They include
manual and automated procedures that make sure that only authorized data are
accurately and completely processed by that application. There are three types
of application controls: input controls, processing controls, and output controls.
When data enters the system, input controls check it for accuracy and
completeness. For input authorization, data conversion, data modification, and
error handling, there are specific input controls. Processing controls ensure that
updated data is correct and complete. The accuracy, completeness, and proper
distribution of computer processing results are ensured by output controls. In
our Learning Tracks, you may discover more information regarding application
and general controls.

Controls for information systems shouldn't be afterthought. They must be taken

into account while designing a system and should be considered not just how the
system will function in all conditions, but also how organizations and users of
the system will behave.

252 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 4

2. Risk Assessment

Your organization has to know which assets need to be protected and how
vulnerable they are before committing resources to security and information
system controls. These questions are addressed by a risk assessment, which also
identifies the most economical combination of controls for asset protection. A
risk assessment establishes the degree of risk to the company if a particular
activity or process is not effectively controlled. Not all hazards can be
anticipated and quantified, but the majority of firms can gain some awareness of
the risks they are exposed to. Business managers should attempt to ascertain the
worth of information assets, points of vulnerability, the chance of an issue
occurring frequently, and the potential for harm. System developers will
concentrate on the control points with the greatest vulnerability and possibility
for loss after the risks have been assessed. Controls in this situation should
concentrate on reducing the risk of human error and power failures since these
are the areas with the biggest anticipated annual losses.

3. Security Policy

Your business will need to design a security policy for safeguarding the
company's assets once you've determined the primary threats to your systems.
Statements classifying information risks, setting good security goals, and
specifying the mechanisms for accomplishing these goals make up a security
policy. What informational resources are the most crucial for the company? Who
in the company creates and maintains this information? What security measures
are currently in place to safeguard the information? For each of these assets,
what level of risk is management willing to accept? For instance, is it willing to
lose client credit card data once every ten years? Or will it create a credit card
data security system that can endure the disaster that occurs only once every
hundred years? Management must estimate how much it will cost to achieve
this level of acceptable risk.

Other policies governing authorized use of the company's information resources

and which employees have access to its information assets are driven by the
security policy. The allowed uses of the company's computing resources and
equipment, including desktop and laptop computers, mobile devices, telephones,
and the Internet, are outlined in an acceptable use policy (AUP). Every user's
acceptable and undesirable behaviour is outlined in a good AUP, along with the

CoDEUCC/Bachelor of Science in Information Technology 253

 COMPONENTS OF AN ORGANIZATIONAL
UNIT 6
FRAMEWORK FOR SECURITY AND CONTROL
SESSION 4

specific penalties for noncompliance. The access guidelines presented here

apply to two groups of users. All employees that carry out clerical functions,
such as entering employee data into the system, make up one group of users. All
users that have this kind of profile can update the system, but they are unable to
access or update sensitive fields like income, medical history, or earnings
information. A different profile applies to a divisional manager, who can access
all personnel data fields for his or her division but cannot update the system,
including medical history and salary.

4. Disaster Recovery Planning and Business Continuity Planning

If you own a business, you must prepare for unforeseen circumstances that could
disrupt your information systems and hinder your ability to conduct business,
such as power outages, floods, earthquakes, or terrorist attacks. Planning for
disaster recovery creates strategies for resuming interrupted communications
and computer services. Plans for disaster recovery are generally concerned with
the technical aspects of maintaining systems, such as selecting which files to
back up and maintaining backup computer systems or disaster recovery services.

It is necessary for business managers and information technology specialists to

collaborate on both types of plans in order to identify the systems and
operational procedures that are most vital to the organization. To determine the
company's most crucial systems and the effects a system outage will have on the
business, they must undertake a business impact analysis. The maximum period
of time the company may operate without its systems must be established by
management, along with which operations must be resumed first.

5. The Role of Auditing

How can management know that the security and controls of the information
systems are effective?

Organizations must carry out comprehensive and systematic audits to provide

an answer to this question. An information systems audit looks at the controls
over specific information systems as well as the firm's broader security
environment. Using automated audit software, if necessary, the auditor should
run tests and follow a sample transaction's path through the system. The data

254 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 4

quality may be examined during the information systems audit. Technology,

processes, documentation, training, and staff are all examined during security
audits. A comprehensive audit will even simulate an attack or disaster to test
how the technology, information systems, and business staff will react. The audit
ranks and lists all control weakness, as well as assigns a probability to each one.
The impact of each threat on the economy and the organization is then evaluated.

Summary
Frameworks helps to know the steps to take to safeguard an organization from
cybersecurity risks. They help IT security professionals in keeping their business
safe from online attacks and compliant.

Self-Assessment Questions
Exercise 6.4

a. What is security framework?

b. State the components of an organizational framework for security and
control

CoDEUCC/Bachelor of Science in Information Technology 255

 COMPONENTS OF AN ORGANIZATIONAL
UNIT 6
FRAMEWORK FOR SECURITY AND CONTROL
SESSION 4

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

256 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 5

SESSION 5: MALWARE AND ITS TYPES

Welcome to this session. This session explains malware, its

types and how they work. We shall also discuss malware
detection and prevention measures. Let’s proceed to the content to know more
on malware.

Objectives
By the end of this session, you should be able to:
a) Define malware and give examples and describe how malware works.
b) Describe the types of malware
c) Explain malware detection and prevention

Now read on…

6.1 Malware

All malicious software falls under the umbrella term "malware." A program
known as malware is made to access computer systems without the user's
consent, typically for the advantage of a third party. Malware can take the form
of different program kinds, each with a unique objective or motive. Software
that is intended to infiltrate and harm a system, service, or network is known as
malware.

Malware includes computer viruses, worms, Trojan horses, ransomware,

spyware and other malicious programs. Malware can be seen as a file or code,
typically delivered over a network, that infects, explores, steals or conducts
virtually any behaviour an attacker wants. Because malware comes in so many
variants, there are numerous methods to infect computer systems. Though varied
in type and capabilities, malware usually has one of the following objectives:

• Provide remote control for an attacker to use an infected machine.

• Send spam from the infected machine to unsuspecting targets.
• Investigate the infected user’s local network.
• Steal sensitive data.

CoDEUCC/Bachelor of Science in Information Technology 257

 MALWARE AND ITS TYPES
UNIT 6
SESSION 5

How does malware work?

Whatever its form, malware always follows the same fundamental pattern: The
user downloads or installs the virus unintentionally, which then infects the
device. The majority of malware infections happen when you unintentionally
take a step that prompts the virus to be downloaded. This could involve going to
a malicious website or opening a link in an email. Other times, malware was
disseminated by hackers through peer-to-peer file-sharing platforms and free
software download bundles. One efficient technique to spread malware to a large
user base is to include a small amount of it in a well-known torrent or download.
Text messages can also infect mobile devices.

Another method involves installing malware into a USB stick or flash drive's
firmware. Your device is unlikely to detect the malware because it is loaded onto
the internal hardware of the device (rather than its file storage). For this reason,
you must never use an unknown USB drive with your computer. Once the
malware has been installed, it infects your device and begins working towards
the hackers’ goals. What separates the various types of malwares from each
other is how they go about doing this.

Malware also uses a variety of methods to spread itself to other computer

systems beyond an initial attack vector. Malware attack definitions can include:

• Email attachments containing malicious code can be opened, and

therefore executed by unsuspecting users. If those emails are forwarded,
the malware can spread even deeper into an organization, further
compromising a network.
• File servers, such as those based on common Internet file system
(SMB/CIFS) and network file system (NFS), can enable malware to
spread quickly as users’ access and download infected files.
• File-sharing software can allow malware to replicate itself onto
removable media and then on to computer systems and networks.
• Peer to peer (P2P) file sharing can introduce malware by sharing files as
seemingly harmless as music or pictures.
• Remotely exploitable vulnerabilities can enable a hacker to access
systems regardless of geographic location with little or no need for
involvement by a computer user.

258 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 5

6.2 Types of Malwares

Here are several types of malwares, including

Viruses
A Virus is a malicious executable code attached to another executable file. The
virus spreads when an infected file is passed from system to system. Viruses
can be harmless or they can modify or delete data. Opening a file can trigger a
virus. Once a program virus is active, it will infect other programs on the
computer. The virus is the oldest Malware type and one of the most common.
It is a computer program that, after infiltrating the system, replicate itself by
modifying the codes of other programs. It also has the ability to reproduce in
large numbers. A virus needs a host program to write its code on that program
and replicate. Viruses are usually spread through a word file or executable file.
These bugs normally are attached to an email. An unsuspecting victim opens
the file attached to the email and unleashes the virus on the machine. Virus is a
program that copy themselves throughout a computer or network. Malware
viruses piggyback on existing programs and can only be activated when a user
opens the program. At their worst, viruses can corrupt or delete data, use the
user’s email to spread, or erase everything on a hard disk.

Viruses are considered to be serious because they can cause a wide range of
harm to computer systems and networks. Some of the potential consequences of
a virus infection include:

1. Data Loss: Viruses can corrupt or delete important files, resulting in

permanent data loss.
2. System Failure: Viruses can cause a computer's operating system to
crash or stop working properly, making it difficult or impossible to
access important files and applications.
3. Network Spread: Viruses can spread rapidly through a network, infecting
multiple computers and servers in a short period of time.
4. Performance Degradation: Viruses can consume a lot of system
resources, causing a computer to run slowly or crash frequently.
5. Privacy and Security: Viruses can also be used to steal personal
information, login credentials, and other sensitive data.
6. Financial Loss: Some viruses may encrypt the user's files and demand a
ransom to be paid in exchange for decryption key.

CoDEUCC/Bachelor of Science in Information Technology 259

 MALWARE AND ITS TYPES
UNIT 6
SESSION 5

7. Business disruption: Viruses can disrupt the normal functioning of a

business by causing system failures and data loss, leading to productivity
loss and revenue loss.

It is important to be aware of the potential risks and to take steps to protect your
computer and network from virus infections, such as keeping your software
updated and using anti-virus software.

Worms
A worm is a malicious program that uses computer networks to spread itself. It
takes advantage of the security failures of a system to target it. Once it takes
control of a device, it will scan other systems connected to it and infect them.
Unlike viruses, worms do not need a host to grow. The worms are largely
spread through emails and message services.
Worms replicate themselves on the system, attaching themselves to different
files and looking for pathways between computers, such as computer network
that shares common file storage areas. Worms usually slow down networks.
Viruses require a host program to function, whereas worms can operate
independently.

A worm can propagate over the network very quickly after infecting a host. Self-
replicating programs known as worms and malware use security flaws to quickly
propagate over networks and machines. Typically, they are not detected until the
replication scales to the point where it consumes a large amount of system
resources or network traffic. Worms are designed with one goal in mind:
proliferation. Some worms act as delivery agents to install additional malware.
Other types are designed only to spread, without intentionally causing harm to
their host machines – but these still clog up networks with bandwidth demands.

Worms are considered to be particularly serious because they are able to spread
independently and quickly without the need for a host file. Once a worm infects
a single system, it can spread to other systems on the same network, and
potentially even to other networks via the internet.

Worms can cause a variety of problems, including:

260 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 5

• Network congestion: As worms propagate, they can create a large

amount of network traffic, slowing down or even halting network
activity.
• System crashes: Worms can overload systems, causing them to crash or
become unresponsive.
• Data loss: Worms can potentially delete or corrupt files on a victim's
computer.
• Privacy breaches: Some worms are designed to gather sensitive
information from infected computers, and send it back to the attacker.
• Damage to reputation: A worm outbreak can damage the reputation of
the affected organization.
• Financial Loss: Worms can cause a significant amount of financial loss
to companies, individuals and governments

Spyware
Spyware is an ill-disposed, unwanted computer program that stealthily spies
activities on your system and reports everything to its creator. Some Spyware
can install malicious programs and change system settings. It is one of the
most common malware infections since it easily enters the system when users
click on an intriguing pop-up or through a bundled software. Its purpose is to
steal private information from a computer system on behalf of a third party.
Spyware gathers data and transmits it to the hacker. Malware that sneaks onto
your computer without your knowledge is called spyware, and it collects your
browser activities as well as passwords and other sensitive information to send
it to the spyware's creator. Someone utilizing spyware is able to monitor every
interaction and communication on a device.

Spyware malware collects information about the usage of the infected computer
and communicates it back to the attacker. The term includes botnets, adware,
backdoor behaviour, keyloggers, data theft and net-worms. Hackers typically
use spyware such as Pegasus to monitor a person’s internet activity and harvest
personal data, including login credentials, credit card numbers or financial
information, for the purposes of fraud or identity theft.

Trojan horse
A Trojan Horse is a vehicle for hidden attackers. Another very common form
of PC malware, trojans are typically set up to appear harmless - or to serve a
purpose that a user would want. Trojans are then installed by a user, and it

CoDEUCC/Bachelor of Science in Information Technology 261

 MALWARE AND ITS TYPES
UNIT 6
SESSION 5

becomes too late to realize that this application is actually stealing personal
data, spying, or even crashing your computer. A Trojan horse is malware that
carries out malicious operations under the appearance of a desired operation
such as playing an online game. A Trojan horse varies from a virus because the
Trojan binds itself to non-executable files, such as image files, audio files. A
trojan is a malicious program that pretends to be legitimate and attracts users to
install it by misrepresenting itself as useful software for their system. Given its
ability to operate silently in the background and go unnoticed by the user, it is
among the most dangerous malware. Once it has been installed, the hackers
who are behind it have the ability to access your device without authorization
and steal your personal data. The Trojan can also put additional harmful
programs, such ransomware, on a computer. Utility software and spam email
attachments are the main ways that Trojans are spread. Trojans and malware
are disguised in what seems to be legitimate software. Malware Trojans will
carry out any action they have been designed to once they have been triggered.
Trojans do not multiply or spread through infection like viruses and worms do.

Logic Bombs
A logic bomb is a malicious program that uses a trigger to activate the malicious
code. The logic bomb remains non-functioning until that trigger event happens.
Once triggered, a logic bomb implements a malicious code that causes harm to
a computer. Cybersecurity specialists recently discovered logic bombs that
attack and destroy the hardware components in a workstation or server including
the cooling fans, hard drives, and power supplies. The logic bomb overdrives
these devices until they overheat or fail. Logic bombs are considered serious
because they can cause significant damage to an organization's operations,
financial losses and reputation, and can also have legal implications.
Additionally, it can also cause data leak and can be a potential security threat to
other companies or organization.

Ransomware
Ransomware grasps a computer system or the data it contains until the victim
makes a payment. Ransomware encrypts data in the computer with a key which
is unknown to the user. The user has to pay a ransom (price) to the criminals to
retrieve data. Once the amount is paid the victim can resume using his/her
system.

262 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 5

Ransomware is one of the most dangerous malware programs. It is mainly

because, unlike other common malicious programs, there is probably no cure for
Ransomware attacks. After infiltrating your system, Ransomware locks your
files and folders with a robust encrypting algorithm. The attacker behind it then
asks you for ransom in return for a decrypting tool or key. Mostly Ransomware
is spread through drive-by downloads or phishing.

This might be the most popular form of malware among hackers. With
ransomware, a program installs itself onto your computer, encrypts (or locks)
your files, and then demands a ransom to return the data to the user. This is a
very profitable scheme, which is why it is so popular. Ransomware is the
malware version of a kidnapper’s ransom note. It typically works by locking or
denying access to your device and your files until you pay a ransom to the
hacker. Any individuals or groups storing critical information on their devices
are at risk from the threat of ransomware.

Adware
An Adware is unwanted software designed to bombard irrelevant, untrustworthy
ads on your web browser or sometimes randomly on your screen. It usually
enters through malicious web extensions or rogue software. Another popular use
of malware, adware programs will pepper the user with unwanted
advertisements to attempt to get them to part with their money. This was very
widespread in the early 2000s, as it was a lucrative way to spread malware

Adware’s job is to create revenue for the developer by subjecting the victim to
unwanted advertisements. Common types of adware include free games or
browser toolbars. They collect personal data about the victim, then use it to
personalize the ads they display. Though most adware is legally installed, it’s
certainly no less annoying than other types of malwares. While some forms of
adware may be considered legitimate, others make unauthorized access to
computer systems and greatly disrupt users.

6.3 How to Prevent Malware

A variety of security solutions are used to detect and prevent malware. These
include firewalls, next-generation firewalls, network intrusion prevention

CoDEUCC/Bachelor of Science in Information Technology 263

 MALWARE AND ITS TYPES
UNIT 6
SESSION 5

systems (IPS), deep packet inspection (DPI) capabilities, unified threat

management systems, antivirus and anti-spam gateways, virtual private
networks, content filtering and data leak prevention systems. In order to prevent
malware, all security solutions should be tested using a wide range of malware-
based attacks to ensure they are working properly. A robust, up-to-date library
of malware signatures must be used to ensure testing is completed against the
latest attacks.

There are several steps that can be taken to prevent malware infections:

1. Keep software and operating systems up to date: Software and operating

system updates often include security patches that address known
vulnerabilities that malware can exploit.
2. Use antivirus and anti-malware software: These programs can help
detect and remove malware that has already infiltrated a system.
3. Be cautious with email attachments and links: Malware is often spread
via email attachments and links, so it's important to be cautious about
opening attachments or clicking on links from unknown senders.
4. Practice safe browsing habits: Only visit reputable websites and avoid
clicking on pop-ups or downloading software from untrusted sources.
5. Use a firewall: A firewall can help block unauthorized access to your
computer and can also help prevent malware from communicating with
command-and-control servers.
6. Implement security awareness training for employees: This will help
them to identify and avoid potential threats.
7. Use a VPN (Virtual Private Network) while connecting to public Wi-Fi
or another untrusted network.
8. Keep a backup of important data and files: This will allow you to restore
your system in the event of a malware infection.

It's important to note that no single solution will protect against all types of
malwares, so it's important to use a combination of these methods to help reduce
the risk of infection.

264 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 5

6.4 Malware Detection

People have fought the threat of malware ever since the birth of computing.
Firewalls, IPS (Intrusion Prevention Systems), and sandboxing programs are
instances of sophisticated malware analysis and detection tools. Some malware
types, like ransomware, which becomes obvious as soon as it encrypts your files,
are simpler to spot than others. Other malware, such as spyware, may stay on a
target system undetected for an adversary to continue having access to it. No
matter the sort of malware, what it does, how easily it may be detected, or who
uses it, using malware is always done with malicious intent.

There are several ways to detect malware on a computer or network, including:

1. Antivirus and anti-malware software: These programs are designed to

detect and remove malware by scanning files and system memory for
known malware signatures or patterns of behaviour.
2. Network monitoring: Network monitoring tools can be used to detect
unusual network traffic or connections that may indicate the presence of
malware.
3. Intrusion detection and prevention systems (IDPS): These systems can
detect and prevent malware by analysing network traffic for signs of
malicious activity.
4. File integrity monitoring: This is a method of detecting changes to files
on a system that may indicate the presence of malware.
5. Sandboxing: This is a technique that involves running suspicious
software in a controlled environment to see if it exhibits malicious
behaviour.
6. Behavioural analysis: It is a method that detects malware by monitoring
its behaviour on the system and comparing it with the known good
behaviour.
7. Endpoint detection and response (EDR) software: It is a security solution
that monitor and detect malicious activities on endpoint devices like
laptops, desktops and mobile devices.

Summary

CoDEUCC/Bachelor of Science in Information Technology 265

 MALWARE AND ITS TYPES
UNIT 6
SESSION 5

Malicious software (malware) is a software that is intended to infiltrate and harm

a system, service, or network is known as malware. It can take the form of
different program each with a unique objective or motive. They includes
computer viruses, worms, Trojan horses, ransomware, spyware and other
malicious programs. Malware can be seen as a file or code, typically delivered
over a network.

Self-Assessment Questions

Exercise 6.5

a. What is Malware?
b. State 4 types of malwares.

266 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 6

SESSION 6: INFORMATION SYSTEMS VULNERABLE TO

DESTRUCTION, ERROR, AND ABUSE AND BEST
PRACTICES
Well done!!!! You just got to the last session of this unit and
the last session for the course. This session will address factors
that lead to information systems vulnerability and Practices to reduce it as well
as the reasons why Information Systems are Vulnerable to Destruction, Error
and Abuse. Sit back, relax and enjoy as we take you through the final session.

Objectives
By the end of this session, you should be able to:
a) Explain information systems vulnerabilities
b) State the factors that lead to information systems vulnerability and
Practices to reduce it
c) Describe why Information Systems are Vulnerable to Destruction, Error
and Abuse

Now read on…

6.1 Information Systems Vulnerable

A vulnerability is a weakness or gap in a system's security that can be exploited

by an attacker to gain unauthorized access or cause damage. These
vulnerabilities can exist in various components of an information system such
as hardware, software, and networks. Some examples of vulnerabilities in
information systems include:

1. Unpatched software: Software applications and operating systems are

often released with vulnerabilities that can be exploited by attackers. If
these vulnerabilities are not patched in a timely manner, the system
remains vulnerable to attack.

CoDEUCC/Bachelor of Science in Information Technology 267

 INFORMATION SYSTEMS VULNERABLE
UNIT 6
TO DESTRUCTION, ERROR, AND ABUSE
SESSION 6
AND BEST PRACTICES

2. Weak passwords: Weak or easily guessable passwords can be easily

cracked by attackers, allowing them to gain unauthorized access to a
system.
3. Unsecured network ports: Network ports that are not properly secured
can be exploited by attackers to gain access to a system.
4. Inadequate access controls: If access controls are not properly
implemented, unauthorized individuals may be able to access sensitive
data or perform actions that they should not be able to.
5. SQL injection: A SQL injection is a type of attack in which an attacker
inserts malicious code into an SQL statement, allowing them to gain
unauthorized access to a database.
6. Outdated software: As software ages, new vulnerabilities are discovered
and new patches are released. If an organization is running outdated
software, they may be vulnerable to these newly discovered
vulnerabilities.
7. Unsecured web-applications: Unsecured web-applications can be
vulnerable to various types of attacks such as cross-site scripting (XSS)
and cross-site request forgery (CSRF)

It's important for organizations to regularly assess and address vulnerabilities in

their information systems to reduce the risk of unauthorized access and damage.

6.2 Factors that lead to information systems vulnerability

Systems are vulnerable because they are created by humans, and humans are
imperfect. We make mistakes, we forget things, and we sometimes act in ways
that we later regret. All of these factors can lead to vulnerabilities in systems.
Additionally, systems often become more complex over time, which can also
lead to new vulnerabilities.

Information systems can be vulnerable to destruction, error, and abuse due to a

variety of factors.

268 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 6

1. Hardware failures: Hardware components such as servers, storage

devices, and network equipment can malfunction or fail, leading to data
loss or system downtime.
2. Software bugs: Software applications and operating systems can contain
bugs that can be exploited by attackers to gain unauthorized access or
cause damage.
3. Natural disasters: Natural disasters such as floods, earthquakes, and
hurricanes can cause physical damage to information systems, leading to
data loss or system downtime.
4. Cyberattacks: Information systems can be targeted by cyber criminals
for financial gain or to cause disruption.
5. Human error: Information systems can be vulnerable to destruction,
error, and abuse due to human error such as accidental deletion of data,
misconfiguration of security settings, or falling victim to phishing scams.
6. Lack of security measures and vulnerability management: Many
organizations do not have robust security measures in place or fail to
regularly assess and update their systems, making them more vulnerable
to attack or failure.

These vulnerabilities if not properly managed can lead to unauthorized access to

sensitive data, system downtime, financial loss, and damage to an organization's
reputation.

6.3 Practices to reduce vulnerability in information system

There are several best practices that organizations can implement to reduce
vulnerabilities in their information systems:

1. Keep software up-to-date: Regularly update all software applications

and operating systems to ensure that any known vulnerabilities are
patched.
2. Use strong passwords and multi-factor authentication: Use strong,
unique passwords for all accounts and implement multi-factor
authentication to make it more difficult for attackers to gain unauthorized
access.

CoDEUCC/Bachelor of Science in Information Technology 269

 INFORMATION SYSTEMS VULNERABLE
UNIT 6
TO DESTRUCTION, ERROR, AND ABUSE
SESSION 6
AND BEST PRACTICES

3. Implement network segmentation: Divide the network into smaller

segments to limit the scope of any potential breach.
4. Conduct regular vulnerability assessments: Regularly assess the
organization's information systems to identify and address any potential
vulnerabilities.
5. Implement a firewall: Use a firewall to block unauthorized access to the
organization's network and systems.
6. Use intrusion detection/prevention systems: IDS/IPS can detect and
prevent intrusions by identifying and blocking suspicious network
traffic.
7. Implement access controls: Implement access controls to ensure that
only authorized individuals have access to sensitive information.
8. Regularly backup important data: Regularly backup important data to
ensure that it can be recovered in case of a disaster.
9. Train employees on security best practices: Regularly train employees
on security best practices and policies to reduce the risk of human error.
10. Continuously review and update policies and procedures:
Continuously review and update policies and procedures to keep up with
the evolving threat landscape.

6.4 Why Information Systems are Vulnerable to Destruction,

Error and Abuse

Information systems are susceptible to destruction for a variety of causes. One

explanation is that they are frequently intricate systems with lots of
interconnected components. Because of its complexity, it is challenging to
safeguard every component of the system, increasing the likelihood that
something may go wrong. Information systems frequently hold private or
sensitive data, which is another factor. If this information is made public, it
might hurt people, businesses, or even governments. Ultimately, crucial
infrastructure like power grids and financial institutions are frequently managed
by information systems. The disruption of these systems could have a significant
effect on society.

270 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 6

Information system data is one kind of digital data. In addition to being

susceptible to being destroyed, misused, and fraudulently obtained, digital data
is also susceptible to faults in hardware and software. Vulnerabilities sometimes
allow an attacker to create attack vectors that allow them to access the memory
of a target system. Corporate systems are particularly susceptible to hacker
attacks because of the open nature of the Internet. Examples of information
security threats include software attacks, intellectual property theft, identity
theft, data theft, equipment or information theft, sabotage, and information
extortion. Hackers are able to breach corporate networks or launch denial of
service (DoS) assaults to create serious disruptions. Unknown hackers can
leverage flaws to launch an attack by executing code on or getting access to a
target system's memory.
Debugging is the procedure used to locate and fix the existence of faults in
software. In the event of a flaw, an attacker might execute code or run arbitrary
software to get access to the system memory.

Since information systems are designed and managed by people, they are
susceptible to exploitation, error, and destruction. Information systems can also
be harmed or intentionally destroyed by those with bad intentions. One of the
biggest risks to information systems is unauthorized individuals getting access
to corporate networks, and poor network connectivity is one of the main drivers
of this problem. More unauthorized access to sensitive or private data might be
feasible along with having more bandwidth and connections, which could lead
to fraud, abuse, and misuse. In the corporate world, theft, copying, data
tampering, hardware malfunctions, and software malfunctions are more frequent
than in the individual world. In the past, unauthorized users have been accused
of erasing, printing off, and misusing corporate networks. Since the Internet is
so widely accessible, a lot of corporate computers rely on it, making them
vulnerable.

6.5 Information System Vulnerability Assessment

A vulnerability assessment is a process used to identify, classify, and prioritize

vulnerabilities in an information system. This process typically involves the use
of specialized software tools to scan systems for known vulnerabilities, and
manual techniques such as penetration testing to identify unknown
vulnerabilities. The goal of a vulnerability assessment is to identify and mitigate

CoDEUCC/Bachelor of Science in Information Technology 271

 INFORMATION SYSTEMS VULNERABLE
UNIT 6
TO DESTRUCTION, ERROR, AND ABUSE
SESSION 6
AND BEST PRACTICES

potential security threats to the system, and to ensure that the system is in
compliance with relevant security standards and regulations.

Data loss is becoming more likely as a result of enterprises' expanding usage of

electronic information systems and the threat posed by unscrupulous users,
cybercriminals, and nation-states. One of the most frequent threats is
unauthorized access to the data. Now, the most important issue is an information
system's vulnerability; a weakness in the internal controls, design,
implementation, or security processes of the system that permits unauthorized
access to sensitive data, constitutes a security breach, or contravenes the security
policy of the system. Vulnerabilities in information systems are frequently easy
to find but challenging to address. They can all be attributed to human mistake,
improper configuration, and subpar design. Vulnerability assessment is an
essential part of information system security, and it should be done frequently
to guarantee the security of the system. The creation and implementation of an
effective internal control system are essential for protecting information
systems. At times, this may be challenging or even impossible. In these
situations, a vulnerability assessment can find potential threats and eliminate
them before a security breach happens.

Summary
A vulnerability is a weakness or gap in a system's security that can be exploited
by an attacker to gain unauthorized access or cause damage. These
vulnerabilities can exist in various components of an information system such
as hardware, software, and networks. It's important for organizations to regularly
assess and address vulnerabilities in their information systems to reduce the risk
of unauthorized access and damage.

272 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS SECURITY UNIT 6
SESSION 6

Self-Assessment Questions
Exercise 6.6
a) What is information security Vulnerability?
b) State four (4) factors that can lead to information system vulnerability.

CoDEUCC/Bachelor of Science in Information Technology 273

 INFORMATION SYSTEMS VULNERABLE
UNIT 6
TO DESTRUCTION, ERROR, AND ABUSE
SESSION 6
AND BEST PRACTICES

This is a blank sheet for your short notes on:

• issues that are not clear; and
• difficulty topics, if any

274 CoDEUCC/Bachelor of Science in Information Technology

INFORMATION SYSTEMS MANAGEMENT
UNIT 1:
Session 1: Computer system concepts

1. Define computer?
Computer is a fast-operating electronic device, which automatically accepts and store input
data, process them and produces results under the direction of step-by-step program.
2. What are the basic operations of a computer?
The basic operations of the computer are

 Input,
 Process
 Storing
 Controlling and
 Output

3. What is the main difference between hardware and software?

Computer Hardware: Hardware refers to the physical components of a computer. Computer

Hardware is any part of the computer that we can touch these parts. These are the primary
electronic devices used to build up the computer. Examples of hardware in a computer are the
Processor, Memory Devices, Monitor, Printer, Keyboard, Mouse, and the Central Processing
Unit.

Computer Software: Software is a collection of instructions, procedures, and documentation

that performs different tasks on a computer system. we can say also Computer Software is a
programming code executed on a computer processor. The code can be machine-level code or
the code written for an operating system. Examples of software are Ms Word, Excel,
PowerPoint, Google Chrome, Photoshop, MySQL, etc.

Session 2: Information System (IS), components of IS and its characteristics

1. Information systems are dependent on data and information input. The quality of the data is of
major concern. Which of the following are NOT considered traditional information quality factors?

a. Timely information
b. Valid information
c. Flexible information
d. Complete information
e. Low resolution information

275
Data and Information:

Data is a set of unreadable set of knowledge that is only interpreted by a computer system and is
compressed for better storage. In contrast, information is a set of knowledge derived from data and
easily comprehended by humans.

Answer and Explanation: The correct option is e.) Low-resolution information. Low-
resolution information is a set of low-quality data that is not up to the mark and has a poor quality
of information stored in it. Low-resolution information cannot be easily comprehended because of
the vague description of the information in it. Such information cannot be termed as a good set of
knowledge because of the low resolution and inaccurate data. Several features are considered
traditional information quality factors, but low-resolution information is not one of them.

Reasons for incorrect options:

Option a.) is incorrect because it is mandatory to provide the information promptly regarding the
quality of information. Information should be delivered at a scheduled time to enhance its usability.

Option b.) is incorrect because the validity of information is necessary as it functions to prove the
information legit and error-free.

Option c.) is incorrect because information should be flexible so that required changes can be made
in it according to the demand of the organization.

Option d.) is incorrect because the completeness of the information is important as it provides an
overall knowledge regarding the issue discussed, and no information is left behind as
uninterpreted.

2. Which of the following is NOT a major component of any information system?

A) applications
B) information technology
C) people
D) the company

Answer: D

3. What is information system? State the goal of an information system

A combination of hardware, software, and telecommunication networks make up an information
system, which is used to gather meaningful data, particularly within an organization. Information
system is used by many firms to carry out and manage operations, engage with customers, and
outperform rivals. An information system's goal is to collect data, process that data, and then
present that information to the user in a way that is appropriate for them.

4. What are the five components that make up an information system?

Answer: hardware, software, data, people, process.

276
Session 3: IS infrastructure and architecture and IS life cycle
1. Describe the client-server architecture and state the services performed by server and clients.
In any software organization, client/server architecture is a general concept that can be
implemented in several ways. In the client-server computer model, service requesters are referred
to as clients and resource or resource providers are referred to as servers. For example, the
interaction between a client application program running on a workstation and a database
management system (DBMS) running on a larger computer system.

The server performs the following functions:

• Processing of the query.

• Return the result to the client.
• Note the client query.

The client has the following responsibility:

• Decode the user's request into specific protocols to enable processing.

• Tackle the user interface.
• Presenting the result to the user.
• Wait for the server to respond.
• Sending the request to server.

2. What is distributed system?

A distributed system consists of a number of separate computers connected by a network and
running a distributed operating system. The computers can coordinate their actions and share
system resources as a result. The user gets the impression that it is a single because of this. A
facility for integrated computing.

3. State the components of information system infrastructure

Hardware, Services, Software, Communication and collaboration, Human resources, Data and
knowledge, Facilities.

4. What are the phases in information system life cycle?

The information systems life cycle typically consists of the following phases:
Planning and analysis: In this phase, the organization identifies the need for a new information
system and conducts a feasibility study to determine the costs and benefits of the proposed system.
System design: In this phase, the organization creates a detailed design of the new system,
including the hardware and software components and the data structures.
Implementation and testing: In this phase, the organization procures and installs the hardware and
software components of the new system and tests the system to ensure it meets the requirements
identified in the planning and analysis phase.

277
Deployment: In this phase, the new system is deployed and made available to users. This may
involve training users on the new system and migrating data from the old system to the new system.
Maintenance and operation: In this phase, the organization provides ongoing support for the new
system, including monitoring system performance, troubleshooting and resolving issues, and
making updates and improvements as needed.
Retirement: In this phase, the organization decommissions and retires the system. This may include
archiving data, disposing of hardware, etc.

Session 4: Stages and technology drivers of IS infrastructure evolution.

1. Give a brief explanation on the stages and technology drivers of IS infrastructure evolution.
Mainframe Era (1960s-1970s): The dawning of Information System (i.e., the early stages of
information system) infrastructure evolution was characterized by bulky/huge, centralized
mainframe computers. The limitations of technology at the time meant most components needed
to create this system were “super-sized”. This also meant it was virtually impossible and
impractical to move these humungous machines from one place to the other. The main technology
driver for this stage was the need for more powerful and efficient computing power to support
business operations.
Client-Server Era (1980s-1990s): The second stage of information system infrastructure evolution
saw the emergence of client-server architecture. In this era, organizations wanted IT to have a more
involving role in the day-to day- activities of the entire organization. To achieve this, smaller and
less powerful client devices were connected to larger, more powerful servers.
Internet Era (1990s-2000s): The third stage of information system infrastructure evolution, known
as the internet Era can be described as an upgrade to the Client-server infrastructure. As its name
suggests, this was during the age where the internet had begun to gain a foothold in the IT realm.
The internet truly opened the gateway for global communication and information sharing. Unlike
previous eras, the internet era broke through the barrier of geographical limitations. The main
technology driver for this stage was the need for more global and interconnected computing power.
Cloud Era (2000s-present): The fourth and current stage of information system infrastructure
evolution is marked by the widespread use of cloud computing, in which resources are retrieved
from the internet through web-based tools and applications, rather than a direct connection to a
server.
Edge and IoT Era (2010s-2020s): The latest stage of information system infrastructure evolution
is marked by the emergence of edge computing and IoT (Internet of Things) technology, which
enables data processing and analysis closer to the source of data, rather than in centralized data
centres.

Session 5: Fundamental resources of information system and potential risks for IS

1. Explain the following fundamental resources of information systems? Procedures, People

278
Procedures: Procedures can be defined as the established steps, methods and processes that are
followed in order to utilize and maintain an information system. This includes user guides, system
administration procedures, and disaster recovery procedures.
People: People refer to the users, administrators, and other individuals who interact with and are
impacted by an information system. This includes employees, customers, partners, and other
stakeholders. All information systems depend on people to function. End users and IS experts are
included in these human resources.
2. State and explain any three potential risk of information system?
Security: Security risks refer to the likelihood that someone will be able to gain unauthorized
access, use, disclosure, disruption, modification, or destruction of information. Such possible risks
include hacking, malware, and phishing attacks.
Privacy: Privacy risks refer to the potential for the unauthorized collection, use, or disclosure of
personal information. This includes risks such as data breaches and identity theft.
System failures: System failure risks refer to the potential for equipment or software failures within
the information system that can result in a disruption or halting of all operations and processes
being run by the information system. This includes risks such as hardware failures, software bugs,
and power outages.
Natural Disasters: Natural Disaster risks refer to the potential for natural events such as floods,
hurricanes, earthquakes, etc. that can cause damage to hardware, software, and data, and disrupt
the operations of an information system.
Human error: Human error risks refer to the potential for mistakes made by individuals, such as
incorrect data input or unauthorized access that can lead to errors or system failures. This risk only
goes to prove that no matter how advanced information systems get, they will still need the
presence of a knowledgeable human personnel to ensure desired results are produced.

3. Define cybercrime and state the correlation between cybercrime and legal risk?
Cybercrime risks refer to the potential for criminal activities, such as fraud, extortion, and identity
theft that are conducted through the use of information systems. There is a correlation between
cybercrime and legal risks because cybercrime is a subset of legal and compliance risks.

Session 6: Applications of IS, benefits and limitations of managing IS infrastructure

1. What is operation management?
Operations management is the administration of business activities to accomplish goals, achieve
higher productivity, and maximize profitability. Operations management is the branch of
management that administers the complete production timeline of a service/ product from the input
stage to the finished stage, including planning, organizing, and supervising the operations,
manufacturing and production processes, and service delivery to lead to the desired outcome of
high-quality product/service that meets the demands of the customers.

279
2. State the pros of managing information system infrastructure?
Improved efficiency: Effective management of information system infrastructure can lead to
increased efficiency in business operations and processes. This is because a properly managed
information system infrastructure will result in increased speeds of data collection, processing and
distribution within the organization’s day to day activities.
Better decision making: Having accurate and up-to-date information available can help managers
make better decisions. The ability of information systems to collect real time data becomes a
necessity in this regard.
Increased competitiveness: Organizations that effectively manage their information system
infrastructure are better equipped to compete in their respective industries. It therefore becomes a
race to see who can manage to upgrade their information system infrastructure on a consistent
basis. This is because technology keeps growing with every passing day.
Improved communication and collaboration: Effective management of information system
infrastructure can enable better communication and collaboration among employees, partners, and
customers.
3. How does security limits the management of information systems infrastructure?
Answer: Information system infrastructure is vulnerable to security threats, such as hacking and
data breaches, which can be costly to prevent and recover from. It is evident that the more complex
an information system infrastructure gets, the more avenues that are created in terms of possible
security breaches.

280
UNIT 2
Session 1: Overview of Organizational Hierarchy and Organizational Levels
1. Explain the main levels of management in an organization?
i. Top-Level Management
The Chief Executive and the Board of Directors make up top management. The title of chief
executive officer can range from chairman to managing director to president to executive director
to general manager. This level establishes the overall business's objectives and the procedures to
implement them (making of policy means providing guidelines for actions and decision). The
organization's top management also has ultimate control over it.
ii. Middle-Level Management:
The heads of several departments, such as production, sales, etc., as well as other departmental
managers, are included in the middle level management. Senior department leaders are
occasionally a part of the top management group. For the intermediate level management, the
overall business objectives are converted into departmental objectives. The departmental leaders
then develop their own plans to carry out these goals. Middle-level managers are especially
interested in how their departments are performing.
iii. Lower-Level Management:
Foremen and supervisors make up the lower-level management; they watch after the operative
workers and make sure that the work is completed correctly and on schedule. They are therefore
primarily in charge of the organization's actual production of goods and services.
2. In IS, what are the three main levels of organizational hierarchy, in each level, state the kind of
IS that operate there?

a) Strategic level: The organization's general strategy and direction are addressed at this level.
Executive support systems (ESS) and decision support systems (DSS) are instances of
information systems used at this level to assist in strategic decision-making and planning.
b) Tactical level: This level is concerned with the day-to-day operations and management of the
organization. Information systems at this level are used to support operational decision-making
and management, such as management information systems (MIS) and enterprise resource
planning (ERP) systems.
c) Operational level: Operational level is concerned with the execution of specific tasks and
processes within the organization. Information systems at this level are used to support front-
line employees and customers, such as point-of-sale systems, customer relationship
management systems (CRM), and supply chain management systems.

3. Which level of the organization is an ESS specifically designed to serve?

281
A) Operational
B) End-user
C) Middle management
D) Senior management
E) Knowledge workers
ANSWER: D

4. A(n) ________ system collects data from various key business processes and stores the data in
a single, comprehensive data repository, usable by other parts of the business.
A) transaction processing
B) enterprise
C) automatic reporting
D) management information
E) knowledge management

ANSWER: B

Session 2: Kinds of Information Systems

1. If daily toll booth sales is declining in a specific region of the country, which of the following
types of system would best help you understand why?
A) ESS
B) TPS
C) MIS
D) DSS
E) CRM
ANSWER: C

1. You have been hired by a non-profit organization to lead the implementation of a system to
handle donations. The system must be able to handle and record telephone, text, and Internet
donations, provide up-to-the-minute reports, and create highly customizable mailing lists. In
addition, event fundraisers need to be able to quickly access a donor's information and history.
Which of the following systems will best meet these needs?
A) TPS
B) TPS with DSS capabilities
C) TPS with MIS capabilities
D) TPS with ESS capabilities
E) DSS with MIS capabilities
ANSWER: C

3. To monitor the status of internal operations and the organisation's relations with the external
environment, managers need which of the following types of system?
A) DSS
B) KWS

282
C) TPS
D) MIS
E) BIS
ANSWER: C

4. A(n) ________ is typically a major source of data for other systems.

A) TPS
B) MIS
C) ESS
D) DSS
E) KMS
ANSWER: A

5. The term management information systems refer to a specific category of information systems
serving:
A) integrated data processing throughout the firm.
B) transaction process reporting.
C) employees with online access to historical records.
D) the information technology function.
E) middle management functions.
ANSWER: E

6. Which of the following types of information systems are especially suited to situations in which
the procedure for arriving at a solution may not be fully defined in advance?
A) MIS
B) TPS
C) DSS
D) KMS
E) RPS
ANSWER: C

Question 7: Which type of information system would you use to forecast the return on investment
if your firm planned to switch to a new supplier that offered products at a lower cost?
A) ESS
B) TPS
C) MIS
D) CRM
E) DSS
ANSWER: E

Session 3: Framework for IS (with respect to support provided)

1. What is a framework?

283
A framework is a structural representation of a model that enables you to determine what can be
produced and when. It can be used to aid in decision-making by providing a structured approach
to considering a problem.
2. Describe the Zachman and the TOGAF framework
The Zachman Framework: A matrix called the Zachman Framework for Enterprise Architecture
offers a structured method for classifying and organizing the components of an organization's
information systems. A 6x6 matrix in the framework divides information into categories based on
the viewpoints of many stakeholders, including the owner, designer, builder, user, operator, and
regulator. A separate component of the organization's information systems, such as data,
functions, locations, people, time, and motivations, is represented by each cell in the matrix. The
Zachman Framework is intended to assist companies in identifying and managing the complexity
of their information systems and to guarantee that all stakeholders are aware of how the
organization's information systems support its goals and objectives.
The TOGAF Framework: The TOGAF (The Open Group Architecture Framework) is a widely
used framework for enterprise architecture that provides a comprehensive approach for designing,
planning, implementing, and governing enterprise IT architecture. The TOGAF framework is
developed and maintained by the Open Group, an international organization that works to promote
open standards and best practices in IT.

Session 4: Relationship between the different IS ESS MIS DSS TPS KWS/ OAS TPS
1. Describe the different kinds of information system?
Information System Description
Executive Support Provide top-level management with
Systems (ESS) strategic information
Management Information Provide middle management with
Systems (MIS) operational information
Decision Support Systems Provide users with information for decision
(DSS) making
Transaction Processing Process business transactions
Systems (TPS)
Knowledge Work Systems Support the work of knowledge workers,
(KWS) such as managers and professionals
Online Analytical Analyze large and complex data sets and
Processing Systems present the information in a meaningful
(OLAP) way

2. Explain the pyramidal model for classifying information system

Operational Level

284
The day-to-day business operations are managed by operations managers, who also make regular
choices. At the operational level, two different information system types are used: transaction
processing systems and process control systems.

Middle Management Level

Middle-level managers make tactical choices that help in carrying out the organization's plan.
Developing divisional strategies, organizing workflows, establishing distribution routes, and
acquiring resources like people, materials, and money are all examples of tactical decisions.
Decision support systems and management information systems are two different categories of
information systems that middle-level managers might employ.

Executive Level

The highest level of management is the senior executive level, sometimes referred to as the C-suite
level because it is made up of CEOs, COOs, CIOs, CFOs, etc. The C-suite makes strategic choices
that influence and shape an organization's ability to survive in the long run.

Session 5: Classification of IS by Functional Areas

1. Explain any 3 ways to classify information systems based on functional areas.
1. Operations Support Systems:
An operational support system (OSS) is a group of computer programs or an IT system used by
communications service providers for monitoring, controlling, analyzing and managing a
computer or telephone network system. OSS software is specifically dedicated to
telecommunications service providers and mainly used for supporting network processes to
maintain network inventory, configure network components, provision services and manage faults.
In other organizations that make use of such systems, the system is focused on the automation of
daily business activities, such as sales, production, inventory management, etc.
2. Communication and Collaboration Systems:
These systems use software and technology to enable humans to communicate and share
documents in a digital space. Companies use collaboration systems to solve work-related problems
such as chaotic communication, paper-heavy processes, or inability to offer workers
telecommuting opportunities. Examples include email, instant messaging, videoconferencing,
project management software, and shared document platforms such as Google Docs or Microsoft
Teams. These systems can improve productivity and efficiency by allowing team members to
easily share ideas, work on projects together, and stay connected regardless of their physical
location. They provide communication and collaboration tools, hence must be secure and reliable.
3. Business Intelligence Systems:
BIS has evolved from the decision support systems and gained strength with the technology and
applications like data warehouses, Executive Information Systems and Online Analytical
Processing (OLAP). Business Intelligence System is basically a system used for finding patterns

285
from existing data from operations. It is created by procuring data and information for use in
decision-making with the combination of skills, processes, technologies, applications and practices
which contains background data along with the reporting tools.as well as of a set of concepts and
methods strengthened by fact-based support systems. It is an extension of Executive.
4. Infrastructure Systems:
These systems support the underlying technology infrastructure of an organization. Infrastructure
systems refer to the basic physical and organizational structures and facilities (e.g. buildings, roads,
power supplies) that are necessary for the operation of a society or enterprise. Examples include
transportation systems, communication networks, water and sewage systems, and energy systems.
These systems are typically designed to be durable and long-lasting, and are often managed and
maintained by government or public entities. They typically include systems such as servers,
storage systems, and network devices. Because these systems are focused on providing the
underlying technology infrastructure, they must be reliable and secure, and they must be able to
handle the organization's technology needs.

Session 6: Benefits and Challenges of Enterprise Systems

1. Explain any five advantage of enterprise systems

• Improved data quality and accuracy: Enterprise systems allow for the integration of data
from different sources, which can help to reduce errors and inconsistencies.
• Increased efficiency and productivity: Enterprise systems automate many of the business
processes, which can help to reduce the amount of time and effort required to complete
tasks.
• Better decision-making: Enterprise systems provide managers and executives with real-
time data and analytics, which can help to inform strategic and operational decisions.
• Better collaboration: Enterprise systems provide tools for collaboration and
communication among employees, which can help to improve the flow of information and
knowledge within the organization.
• Improved scalability: Enterprise systems are designed to support the growth and expansion
of organizations, and can be easily configured to meet changing business needs.
• Cost savings: Enterprise systems can help to reduce costs by automating manual processes,
reducing errors and increasing efficiency, and by providing a single source of truth for the
organization which reduces the need to maintain multiple systems.
• Improved data management and organization: Information enterprise systems help to
centralize and organize data, making it easier to access and manage.
2. Explain any four challenges of enterprise system
1. Integration and compatibility: Integrating new enterprise information systems with existing
systems can be a major challenge, as different systems may use different technologies and data
formats.

286
2. Data quality and accuracy: Ensuring the accuracy and completeness of data entered into
enterprise information systems can be difficult, as data may be entered manually by employees
or imported from other systems.
3. Security: Enterprise information systems often store sensitive business and customer data,
making them a target for cyber-attacks. Ensuring the security of these systems can be a major
challenge.
4. User adoption: Getting employees to use enterprise information systems can be difficult, as
they may be resistant to change or unfamiliar with new technology.

UNIT 3:

Session 1: The concept of a network

1. What is a network?
Two or more computers connected together to share resources (such printers and CDs), exchange
files, or enable electronic communications end up making a network. A network's connections to
its computers can be made by cables, phone lines, radio waves, satellites, or infrared light beams.

2. State three criteria that a network must meet

Performance
There are numerous ways to measure performance, including transit and response times. The
amount of time needed for a message to get from one device to another is known as the transit
time. The period of time between a request and a response is known as the response time. The
quantity of users, the kind of transmission channel, the capabilities of the linked gear, and the
effectiveness of the software are some of the variables that affect how well a network performs.
Reliability
Along with delivery accuracy, network reliability is determined by the frequency of failures, how
quickly a link recovers from a failure, and how resilient the network is to catastrophes.
287
Security
The protection of data from illegal access, the prevention of data loss and development, and the
implementation of rules and processes for data recovery from breaches are all challenges related
to network security.
3. Differentiate a LAN from a WAN
A local area network (LAN) is usually privately owned and connects some hosts in a single office,
building, or campus. A LAN is a network that connects devices in a small geographic area, such
as a home, office, or building. LANs are typically used to share resources, such as printers and
files, and to provide internet access to devices on the network.
A wide area network (WAN) is an interconnection of devices capable of communication. A WAN
is a network that connects devices over a larger geographic area, such as a city, state, or country.
WANs are typically used to connect LANs and other networks together, allowing the sharing of
resources and information. However, there are some differences between a LAN and a WAN. A
LAN is normally limited in size, spanning an office, a building, or a campus; a WAN has a wider
geographical span, spanning a town, a state, a country, or even the world.

Session 2: Types of telecommunications networks

1. With the aid of a diagram, explain packet-switched network
Circuit-Switched Networks
In a circuit-switched network, a dedicated connection is established between two or more devices
for the duration of the call or transmission. This type of network is commonly used for telephone
calls and other voice communications.
Considering a circuit-switched network, a dedicated connection, called a circuit, is always
available between the two end systems; the switch can only make it active or inactive. Figure
below shows a very simple switched network that connects four telephones to each end. We have
used telephone sets instead of computers as an end system because circuit switching was very
common in telephone networks in the past, although part of the telephone network today is a
packet-switched network. In Figure below, the four telephones at each side are connected to a
switch. The switch connects a telephone set at one side to a telephone set at the other side. The
thick line connecting two switches is a high-capacity communication line that can handle four
voice communications at the same time; the capacity can be shared between all pairs of telephone
sets. The switches used in this example have forwarding tasks but no storing capability. Let us
look at two cases. In the first case, all telephone sets are busy; four people at one site are talking
with four people at the other site; the capacity of the thick line is fully used. In the second case,
only one telephone set at one side is connected to a telephone set at the other side; only one-fourth
of the capacity of the thick line is used. As a result, a circuit-switched network is only effective
when it is operating at full capacity; while it is operating at partial capacity, it is ineffective the
majority of the time. Because we do not want communication to break down when all telephone
sets on one side wish to connect with all telephone sets on the other side, we must increase the
capacity of the thick line to four times that of each voice line. Examples of circuit-switched

288
networks include the traditional PSTN (Public Switched Telephone Network) and ISDN
(Integrated Services Digital Network).

2. Give two examples of hybrid networks

• Combining a wired LAN (Local Area Network) with a wireless LAN (WLAN) to provide both
wired and wireless connectivity
• Combining a LAN with a WAN (Wide Area Network) to connect remote offices and
employees to the main office
• Combining a LAN with a VPN (Virtual Private Network) to provide secure remote access to
the network

Session 3: Networking the enterprise

1. Why is it necessary to network an enterprise?
Organizations need enterprise networks to connect multiple devices and users within the
organization, enabling them to share resources and communicate with one another. This allows for
increased productivity and collaboration, as well as improved security and management of the
network. Additionally, an enterprise network allows for the integration of various technologies
and services, such as cloud computing and telephony, that can benefit the organization
Enterprise networking provides end users and applications with fast and dependable connectivity.
In today's network, applications are increasingly distributed, and simplified networking and
security across wired and wireless infrastructure is a business imperative.
2. What are the benefits of enterprise network?
• Collaboration increases efficiency: Employees can collaborate on shared resources
remotely or in an office, factory, or campus.
• Access to company resources can be controlled and secured by perimeter and internal
firewalls.
• Increased output: Modern networking can dramatically improve employee productivity,
from streamlined test/dev with collaboration tools and version control to private cloud
orchestration with cloud-based applications and an agile internal firewall.

289
 • Cost savings: The combination of server and network virtualization allows businesses to
maximize resource efficiency across on-premises and cloud infrastructure. Enterprise
networking includes analytics, monitoring, and security solutions that can be installed to
improve ongoing business operations.
Session 4: Business value of telecommunications network
1. Explain any four reasons why business values telecommunication network
Competitive advantage: Telecommunications networks can give organizations a competitive edge
by enabling them to respond quickly to changing market conditions and adapt to new business
opportunities. For example, organizations can use telecommunication networks to connect with
customers, suppliers, and partners in real-time, providing them with valuable insights and
feedback.
Improved customer service: Telecommunications networks can help organizations improve
customer service by providing customers with multiple channels to contact and interact with the
company, such as phone, email, and chat. Organizations can also use telecommunication networks
to track and analyze customer interactions to identify areas for improvement and provide better
service over time.
Scalability: Telecommunications networks can be scaled up or down as needed, providing
organizations with the flexibility to accommodate changes in business needs. This can be
especially beneficial for organizations that experience rapid growth or seasonal fluctuations in
demand.
Business Continuity: Telecommunications networks can provide organizations with a way to
maintain their operations in case of a disaster or an unexpected event. For example, organizations
can use telecommunication networks to set up disaster recovery and business continuity plans that
allow employees to work remotely and access critical systems and data.
Security: Telecommunications networks can help protect businesses from cyber threats by
providing secure communication channels and implementing security measures such as firewalls,
encryption, and intrusion detection systems.

Session 5: Telecommunication media

1. Explain the two main categories of transmission media in telecommunication.
Guided Media: Guided media, which are those that provide a conduit from one device to another,
include twisted-pair cable, coaxial cable, and fiber-optic cable. A signal traveling along any of
these media is directed and contained by the physical limits of the medium.
Unguided Media: Unguided media do not provide a physical path for the signal to travel, but
instead use the airwaves to transmit signals. Electromagnetic waves are transported via unguided
media without the use of a physical conductor. Wireless communication is a common name for
this kind of communication. Signals are typically broadcast via open space, making them
accessible to anyone with a device that can pick them up.

290
Session 6: Network topologies and trends in telecommunications
1. What is a network topology?
Topology refers to the way in which a network is laid out physically. Two or more devices connect
to a link; two or more links form a topology. The topology of a network is the geometric
representation of the relationship of all the links and linking devices (usually called nodes) to one
another.
2. State the main disadvantages of a mesh topology.
The main disadvantages of a mesh are related to the amount of cabling and the number of I/O ports
required. First, because every device must be connected to every other device, installation and
reconnection are difficult. Second, the sheer bulk of the wiring can be greater than the available
space (in walls, ceilings, or floors) can accommodate. Finally, the hardware required to connect
each link (I/O ports and cable) can be prohibitively expensive.
3. Telecommunication is on the outgoing in recent years, list and explain any 3 trends in
telecommunication
5G Technology: 5G is the fifth generation of cellular technology and it promises to bring faster
speeds, lower latency, and more reliable connections than previous generations. This technology
is expected to be a major driver of innovation in a wide range of industries, from healthcare to
transportation.
Internet of Things (IoT): The IoT refers to the growing network of connected devices that can
collect and share data. This trend is driving the development of new applications and services that
leverage the data generated by IoT devices.
Cloud-based Services: Cloud-based services are becoming increasingly popular in the
telecommunications industry, as they allow for more cost-effective and flexible service delivery.
This trend is expected to continue as more businesses and consumers adopt cloud-based services.
Artificial Intelligence and Machine Learning: AI and machine learning are being used to improve
the efficiency and effectiveness of telecommunications systems. For example, these technologies
can be used to optimize network performance, personalize customer experiences, and detect and
prevent fraud.
Security and Reliability: With the growing number of connected devices and services, the need for
secure and reliable communications is more important than ever. As a result, many
telecommunications companies are investing in security measures to protect their networks and
customers' data.
Integration of Communication Technologies: Telecommunications companies are now integrating
different communication technologies, such as instant messaging, video conferencing, and social
media, to provide a better user experience.

291
UNIT 4
Session 1: E-business and E-Commerce systems
1. What is E-business?
Answer: Electronic Business (E-Business) is the administration of conducting any business using
the internet, extranet, web, and intranet. This would include buying and selling of goods or services
using commercial transactions conducted electronically along with providing customer or
technical support with the help of the internet.
2. Mention 5 components of an E-business.

a) Digital Marketing: This refers to the use of digital channels such as search engines, social
media, email and mobile apps to promote a business and its products or services.
b) Content Management: This is the process of creating, managing and publishing digital
content, such as text, images and videos, through a website or mobile app.
c) Supply Chain Management: This refers to the coordination and management of the flow of
goods and services, from the supplier to the customer. This includes logistics, inventory
management, and order fulfillment.
d) Business Intelligence: This is the collection and analysis of data to help a business make
better decisions. This includes data mining, data analysis, and data visualization.
e) Mobile Technology: The use of mobile devices such as smartphones and tablets to access
and interact with e-business systems and services.

3. What is E-commerce?
Answer: E-commerce refers to the buying and selling of goods and services through the internet.
It is the mode of business where transactions take place via the Internet, and things are delivered
to the consumer’s address by the seller.

4. Mention and explain the types of E-commerce systems.

• Business-to-Consumer (B2C): In this kind of e-commerce, companies sell goods or

services to customers directly. In this instance, the buyer purchases the goods from the
company. B2C companies include Dell, Intel, and others. Examples include online retail
stores, such as Amazon, and online marketplaces, such as Etsy.
• Consumer-to-Consumer (C2C): This type of e-commerce involves consumers selling
products or services to other consumers. The C2C business is done between customers to
customers. Examples include online marketplaces, such as eBay and Craigslist.
• Business-to-Business (B2B): This type of e-commerce involves businesses selling
products or services to other businesses. That is the buying and selling of goods and
services occur between businesses. Examples include wholesale distributors and online
marketplaces for industrial goods. Usually, manufacturers and wholesalers operate with
this kind of electronic commerce. Examples include Alibaba, Qualcomm, etc.
• Mobile Commerce (m-commerce): This type of e-commerce involves the buying and
selling of goods and services through mobile devices, such as smartphones and tablets.

292
 • Social Commerce: Social commerce is a subcategory of e-commerce that refers to the
buying and selling of goods and services through social media platforms.
• Marketplace: A marketplace is a type of e-commerce platform that allows multiple vendors
to sell their products or services on the same website.
• Subscription-based: Subscription-based e-commerce is a model in which customers pay a
recurring fee, usually on a monthly or annual basis, to have access to a product or service.
• Crowdfunding: Crowdfunding platforms allow individuals or businesses to raise funds
from a large number of people, typically via the Internet.

Session 2: Scope of E-business and E-commerce system.

1. Mention and explain the types of E-business risks.
 Transaction risks: Transaction Risk is the exposure to uncertainty factors that may impact
the expected return from a deal and transaction. It can include but is not limited to foreign
exchange risk, commodity, and time risk. It essentially encompasses all negative events
that can prevent a deal from happening.
 Data storage and transmission risks: Power is indeed conferred by knowledge. But take
into account what transpires if power is misused. There are many risks associated with
data that is stored in systems and in transit. Important data may be stolen or changed for
personal gain, adventure, or just plain pleasure.
 Risks threats to intellectual property and privacy: The internet belongs to everyone. Once
information is accessible online, it is no longer considered to be in the private sphere.
Then, it becomes challenging to prevent it from being copied. Data given during online
transactions may be shared with other parties, who may then start flooding your inbox
with spam, advertising, and promotional materials. Hackers might pose as actual clients.
They might utilize legitimate consumers' credit cards that have been stolen. A dishonest
company could run a fake website, solicit consumer payments in advance, and then not
send the ordered goods.

Session 3: Essential e-commerce processes and electronic payment processes.

1. How does an electronic payment system work?

Electronic payment systems work by facilitating the transfer of funds between a payer and a payee
through electronic means. The process typically involves the following steps:

1. The payer initiates the payment: The payer initiates the payment by providing the payee's
account information, such as their bank account number or credit card details. This
information can be provided through a website, mobile app, or point-of-sale (POS)
terminal.

293
 2. Payment authorization: The payer's financial institution or payment service provider will
authorize the payment by verifying the payer's account information and checking that
there are sufficient funds to complete the transaction.
3. Payment processing: Once the payment is authorized, it is sent to the payee's financial
institution or payment service provider for processing. This typically involves the transfer
of funds between the payer's and payee's accounts through a network of banks and other
financial institutions.
4. Payment confirmation: Once the payment is processed, the payee's financial institution or
payment service provider will send a confirmation of the payment to the payee and the
payer, which may include a receipt or confirmation number.
5. Settlement: Final step, the payee and payer's financial institutions will settle the
transaction, this mean that the payer's bank will credit the payee's bank account with the
amount of the transaction.

Session 4: Customer Relationship Management (CRM) and its three phases

1. What is Customer Relationship Management?
Customer relationship management (CRM) is the combination of practices, strategies and
technologies that companies use to manage and analyze customer interactions and data throughout
the customer lifecycle.
2. State and explain 5 challenges of CRM.
• Data Management: Customer data collection, storage, and analysis can be very difficult.
Businesses must make sure that their data is reliable, current, and simple to access by those
who require it.
• Integration with other systems: It might be difficult to integrate a CRM system with other
platforms like e-commerce, accounting, and marketing automation. To avoid data silos and
duplicative data entry, businesses must guarantee that their CRM system can communicate
data seamlessly with various other systems.
• User Adoption: A CRM system can only be effective if employees are using it. Businesses
need to ensure that their employees understand the value of the CRM system and are trained
on how to use it properly.
• Customization: Because CRM systems are intricate and extremely adaptable, it can be
difficult for firms to discover the ideal setup for their unique requirements. To guarantee
that the CRM system is configured properly, businesses need to carefully assess their
unique requirements and collaborate with their CRM vendor.
• Data security: CRM systems store sensitive customer information, and businesses need to
ensure that this data is protected from unauthorized access or breaches.
3. State and explain the three Phases of CRM.
Answer:
• customer acquisition: Traditionally, acquiring consumers has been the most crucial first step
in developing business links. CRM uses sophisticated software databases to gather crucial
client information at the time of first contact. Name, address, phone number, email address,

294
 and occasionally social media profiles are all included in a prospect's profile data. Future and
ongoing communication access is made possible by entering this data into a computer. Starting
a formal relationship with new prospects and clients also gives you the opportunity to track
their behaviors through data analysis. For now, many databases enable analytics, the automated
analysis of data through programmed tools. Salespeople can identify at any point in time, for
instance, what percentage of customers are at each stage of the opportunity pipeline, or sales
process. With the use of this knowledge, targeting can be optimized to prevent bottlenecks
and make relationship-building efforts easier. This strategy focuses on acquiring new
customers by identifying and targeting potential customers and converting them into paying
customers.
• customer retention: The primary goal of collecting data on new clients is to raise retention
rates. You can lower your company's churn rate by using effective data analysis, regular and
systematic follow-up communications with contacts, and well-serviced accounts. You can
focus more on keeping core clients by using data analysis to pinpoint the characteristics of
prospects and customers with the highest lifetime earning potential. This strategy focuses on
keeping existing customers by building strong relationships and providing excellent customer
service. This includes activities such as customer service, loyalty programs, and upselling. The
goal is to reduce customer churn and maintain a stable customer base.
• customer extension: Activities in the CRM's client extension phase are designed to prolong
conventional customer relationships and increase revenue. A simple perspective is that
satisfying a customer during one buying experience increases the likelihood of a follow-up
visit. Over time, delivering quality solutions, following through on commitments and
addressing problems convert a buyer into a loyal customer. You also can enhance revenue
through add-on product selling and cross-selling, which involves recommending unrelated
solutions. Because of the high costs of customer acquisition, extending relationships with
customers already captured is hugely valuable for a business. This strategy focuses on
expanding the relationship with existing customers by identifying and selling additional
products or services. This includes activities such as cross-selling, upselling, and providing
additional value-added services. The goal is to increase the value of each customer and grow
the revenue from existing customers.

Session 5: ERP, Benefits, Challenges and Trends.

1. State 5 benefits of ERP.
Answer:
• Higher productivity: Streamline and automate your core business processes to help
everyone in your organization do more with fewer resources.
• Deeper insights: Eliminate information silos, gain a single source of truth, and get fast
answers to mission-critical business questions.
• Accelerated reporting: Fast-track business and financial reporting and easily share results.
Act on insights and improve performance in real time.

295
 • Lower risk: Maximize business visibility and control, ensure compliance with regulatory
requirements, and predict and prevent risk.
• Simpler IT: By using integrated ERP applications that share a database, you can simplify
IT and give everyone an easier way to work.

2. State 3 disadvantage of ERP.

• Complexity: Because ERP systems offer such a wide range of features and capabilities,
they are also incredibly complex, which some users find challenging to manage.
Nowadays, it's rare for businesses to believe that adequately planning and preparing for
ERP deployment is important, which results in a waste of resources (both time and money).
To become proficient in every feature of the ERP solution, your business will need to invest
a lot of time and energy. Additionally, new hires who replace departing experienced ERP
system users must spend a significant amount of time learning the system from scratch
rather than jumping right in.
• Slow Implementation: A new enterprise resource planning system's implementation is a
difficult and drawn-out process that can take up to two years. This is one of the key reasons
you need to plan the transition process and prepare adequately in order to prevent
interruptions and save yourself from failure. After implementation, set aside time to learn
the new ERP platform because even tech specialists require time to fully comprehend the
system.
• Slow Data Migration: You will need to enter current data into a new format while using an
ERP system for the first time. The data migration procedure can take a while to finish,
especially if done manually, depending on your industry. This is true of digital data as well.
Verify again that no data is duplicated or lost during the migration. Fortunately, many ERP
systems can easily be organized and uploaded because they are compatible with existing
data storage software.

Session 6: Supply chain management (SCM), Roles, Benefits, Challenges and Trends.
1. Define SCM.
Supply chain management (SCM) is the process of managing the flow of goods, services, and
information from the point of origin to the point of consumption. The goal of SCM is to improve
the efficiency and effectiveness of an organization's supply chain, which can include everything
from sourcing raw materials to delivering finished products to customers.

2. What are the roles of Supply chain management (SCM).

Answer:
Improve Quality of Products: It is true that there needs to be a decrease in the cost of manufacturing
the goods, but there also needs to be an improvement in their quality. Only until the quality of the
raw materials and product manufacturing is guaranteed will buyers be drawn in. In order to deliver

296
the finest results across all supply chain management businesses, they must be strong, dependable,
and long-lasting.
Improve Financial Position: The company has to improve its financial status. It has to be assured
that the customers will return to buy the products once again because they are satisfied with the
previous items. The supply chain management has to work in such a way that
• The cash flow of the company will increase.
• The number of fixed assets will decrease.
• The profit leverage will increase.
It will make the customer believe that the company is progressing and showing positive results.
Development of Best Marketing Strategies: To ensure that the company's products are available in
the best possible way, the supply chain management team must create the greatest marketing
strategy. Consumers normally make purchasing decisions based on the adverts offered across
many channels.
Increase Customer Service: Managing customer service is one of the most crucial duties and
responsibilities in the supply chain. Customers should always be able to find what they want.
Whether it be a product, a fix for their problems, or responses to their inquiries. The international
supply chain management team makes sure that the platform for customer care is available around-
the-clock so that customers feel linked to the company and want to do business with it.
3. State and explain 3 benefits of SCM.
Answer:
• Cost savings: SCM can help e-commerce companies to reduce costs by streamlining
operations, improving inventory management, and negotiating better deals with suppliers.
• Increased efficiency: Having real-time data on the availability of raw materials and
manufacturing delays allows companies to implement backup plans, such as sourcing materials
from a backup supplier, preventing further delays. Without real-time data, companies often
don’t have time to initiate plan B, resulting in issue such as out-of-stock inventory or late
shipments to end consumers. SCM can help e-commerce companies to increase efficiency by
automating processes, reducing lead times, and improving coordination across the supply
chain.
• Improved customer service: SCM can help e-commerce companies to improve customer
service by providing faster delivery times, better product availability, and more accurate
tracking and reporting.

297
UNIT 5
Session 1: Information System and Security
1. State 4 impact of information system on society.
Answer:
Increased productivity: Information systems have enabled organizations to automate repetitive and
time-consuming tasks, increasing productivity and efficiency.
Improved communication: Information systems have facilitated communication and collaboration
both within and between organizations, making it easier to share information and work together.
Greater access to information: Information systems have made it easier to access and share
information, both within organizations and with the general public.
Economic growth: Information systems have played a significant role in driving economic growth,
both by increasing productivity and by facilitating the growth of new industries such as e-
commerce and the sharing economy.

Session 2: Factors that raise ethical standards and Managing Ethics.

1. What are the factors that raise ethical standards in information systems?
Legal and regulatory compliance: Organizations must comply with laws and regulations that
govern the use and handling of information, such as data privacy laws and intellectual property
laws. Compliance with these laws and regulations can help raise ethical standards in information
systems. Compliance with laws and regulations that govern the use of information systems can
help ensure that ethical standards are upheld. Using technology that respects privacy and security,
Corporate culture and policies: Organizations can establish a culture of ethical behavior by
promoting and enforcing policies that promote ethical behavior, such as codes of conduct and
whistleblower policies.
Education and training: Organizations can raise ethical standards by educating and training
employees on ethical issues and their responsibilities related to information systems. Providing
regular training and education on ethical issues can help ensure that employees and other
stakeholders are aware of the ethical considerations involved in using information systems.
Third-party oversight: Organizations can raise ethical standards by engaging in third-party
oversight of their information systems, such as external audits and certifications.

298
Technology design and implementation: Ethical considerations should be taken into account
during the design and implementation of information systems, for example, by incorporating
security and privacy features, and by avoiding the creation of systems that perpetuate bias or
discrimination.

Session 3: Technological aspects of ethics.

1. What is technology ethics?

Answer: Technology ethics is the application of ethical principles to real-world technological

issues. Technology ethics are becoming increasingly important because new technologies provide
us greater freedom to act, which forces us to make decisions we didn't have to make previously.

2. Why do we need to consider technological aspect of ethics?

• Technology is increasingly pervasive in our lives: Technology is playing an increasingly

important role in our personal and professional lives, and it is important to consider the
ethical implications of how it is used.
• Technology has the potential to impact society in significant ways: Technology has the
potential to impact society in significant ways, both positively and negatively. It is
important to consider the ethical implications of these impacts and to take appropriate
actions to mitigate any negative consequences and promote positive ones.
• Technology is rapidly advancing: Technology is advancing at a rapid pace, and new
technologies are constantly emerging. It is important to consider the ethical implications
of these new technologies and to ensure that they are used in ways that respect privacy,
security, and other ethical standards.
• Technology can be used to perpetuate societal problems: Technology can be used to
perpetuate societal problems such as discrimination, bias, and inequality. It is important to
consider the ethical implications of how technology is used and to take steps to ensure that
it is not used to perpetuate these problems.
• Technology can be used to make important decisions: Technology is increasingly being
used to make important decisions in areas such as healthcare, finance, and criminal justice.
It is important to consider the ethical implications of these decisions and to ensure that they
are fair and unbiased.

Session 4: Social Issues in Information System.

1. State and explain 3 social issues relating to information system.
Culture: Education, uneven wealth distribution, a workforce that is multiethnic and
multigenerational, and other related topics are widely discussed in society. Information systems
have made it challenging for everyone to learn the most latest knowledge because this education
is only available to those from privileged social classes, widening the gap in social class. As a

299
result, a particular educated class is truly benefiting from technology. Information technology has
also become aware of the generation gap as older people are less familiar with modern technology
and information systems. Culture can be a social issue in information systems in a number of ways.
It's important to take into account cultural differences when designing and using information
systems, to avoid misunderstandings and conflicts, to be aware of cultural biases, to consider
language barriers and cultural views on technology to ensure that information systems are
accessible and appropriate for different cultures and to make sure that information systems don't
perpetuate cultural stereotypes.
Relationships Issues: In contrast to the past, partnerships are now being formed by more varied
teams working remotely. Buyer-seller-supplier relationships have gotten simpler, but this has also
led to social problems including a lack of trust and low moral standards. People using personal and
corporate information for their own gain or fraud purposes has been documented in numerous
cases. Relationship issues can arise in the context of information systems when there is a lack of
trust or communication between users and stakeholders. For example, users may feel that their
privacy is being invaded by the collection and use of their personal data, or stakeholders may feel
that the system is not meeting their needs. These issues can lead to decreased adoption and usage
of the system, as well as negative impacts on productivity and overall organizational performance.
Addressing these relationship issues requires effective communication, transparency, and the
development of trust between all parties involved in the system.
Law and Order Issues: Millions and billions of people are profiled in national and international
databases for identity purposes. But several law-and-order concerns have been caused by
cybercrime practices and the hacking of these private websites. Nowadays, it is very easy to access
someone’s information through social networking sites, but the cases of ATM scamming, using
fake sim cards and national identity cards have made it very difficult for law enforcement agencies
to main the peace.

Session 5: Ethical Issues of Information Age

1. State and explain 4 ethical issues of information Age.

Privacy: Privacy is the right of individuals to control their personal information and how it is
used, shared, and stored. In the information age, privacy is a major concern as technology allows
for the collection, storage, and sharing of vast amounts of personal information. This can include
everything from social media posts and browsing history to financial and medical records. The
ethical issue is that individuals may not be aware of or have control over the collection and use of
their personal information, which can lead to violations of their privacy rights. This issue relates
to the questions of what details ought to be disclosed. With whom? What details should one be
compelled to keep private? Information must be sensitive and valuable enough to be kept private
and not shared since the privacy issue has raised its significance.

Accuracy: Accuracy refers to the accuracy and reliability of the information that is shared and
stored in the digital world. In the information age, information is shared and stored at a rapid pace,
making it difficult to verify the accuracy of the information. This can lead to the spread of
misinformation and false information, which can have serious consequences. The ethical issue is

300
that individuals and organizations have a responsibility to ensure that the information they share
and store is accurate and reliable.

Property: Property refers to the ownership and control of digital assets, such as copyrighted
material and other forms of intellectual property. In the information age, digital assets are easily
shared and copied, making it difficult to protect and control them. This can lead to issues of piracy
and copyright infringement. The ethical issue is that individuals and organizations have a
responsibility to respect the ownership and control of digital assets and to ensure that they are not
used without permission. The third ethical concern is the property of the information, or who is
providing it and for what cost? Who controls the means and conduits via which data is transferred?
Intellectual property of the information is a difficult issue that is related to privacy, so it is crucial
to replicate the information and keep the original copy.

Accessibility: Accessibility refers to the ability of individuals to access and use digital information
and resources. In the information age, digital information and resources are often only available to
those with access to the internet and the necessary technology. This can lead to issues of digital
divide, where certain groups of people are at a disadvantage because they do not have access to
digital resources. The ethical issue is that individuals and organizations have a responsibility to
ensure that digital information and resources are accessible to all, regardless of their technology
or connectivity. This concern connects to the questions of what constitutes appropriate access to
information by an individual or organization and what are the terms of such access? The
availability of information or data is the final key ethical problem.

Session 6: Legal Issues in Information systems

1. State and explain 2 legal issues in information systems.
Defamation as a legal issue: On a computer information system, defamation can take place in a
variety of ways. Defamation is a legal issue that can arise in the context of information systems
when false or harmful statements are made about an individual or organization. These statements
can be made in various forms, such as through social media, websites, or online forums. If the
statements are made with the intent to harm or with a reckless disregard for the truth, the person
or organization making the statements can be held liable for defamation. In order to prove
defamation, the person or organization that has been harmed must typically show that the statement
was false, that it was published to a third party, and that it caused harm to their reputation. If a
person or organization is found to have defamed another, they may be required to pay damages or
issue a retraction or apology
Computer crime as a legal issue: Computer information system operators should be aware of
computer crime issue because they can one day become victims of it. Computer crime, also known
as cybercrime, is a legal issue that refers to criminal activities that are committed using or involving
a computer or network. Examples of computer crimes include hacking, identity theft, distribution
of malware, and unauthorized access to computer systems. These crimes can have severe
consequences for both individuals and organizations, and they are often difficult to detect and
prosecute. As such, many countries have laws in place to criminalize computer-related criminal
activity and provide a framework for investigating and punishing such crimes.

301
The term computer crime covers a number of offenses, such as:
i. the unauthorized accessing of a computer system;
ii. the unauthorized accessing of a computer to gain certain kinds of information (such as
defense information or financial records);
iii. accessing a computer and removing, damaging, or preventing access to data without
authorization; trafficking in stolen computer passwords; and
iv. spreading computer viruses.

UNIT 6:
Session 1: Overview of Information Security and it types

1. Explain information security?

Information Security is basically the practice of preventing unauthorized access, use, disclosure,
disruption, modification, inspection, recording or destruction of information. Information can be
physical or electronic one. Information security aims to protect sensitive data, including financial
information, intellectual property, and customer account information, while also maintaining its
privacy. Data loss, data manipulation, and theft of confidential information are all effects of
security events. Attacks can cause delays in company operations, harm a company's reputation,
and cost money. Businesses must set aside money for security and make sure they are prepared to
identify, stop, and proactively avoid assaults.

2. State and explain any 4 types of information security

Application security: Application security strategies protect applications and application

programming interfaces (APIs). You can use these strategies to prevent, detect and correct bugs or
other vulnerabilities in your applications. If not secured, application and API vulnerabilities can
provide a gateway to your broader systems, putting your information at risk. Application security
characteristics contain documentation, authorization, encoding, and application security checking.
Infrastructure security: Infrastructure security strategies protect infrastructure components,
including networks, servers, client devices, mobile devices, and data centres. The growing
connectivity between these, and other infrastructure components, puts information at risk without
proper precautions. This risk arises from the fact that your systems are more vulnerable because
of connectivity. Your entire infrastructure will be impacted if one component fails or is
compromised. As a result, minimizing dependencies and isolating components while still allowing
for intercommunications is a key objective of infrastructure security.
Cryptography: Cryptography have become increasingly important. It is simply the science of
hiding data to prevent unauthorized individuals from accessing data or secure transmissions.
Cryptography uses a practice called encryption to secure information by obscuring the contents.

302
When information is encrypted, it is only accessible to users who have the correct encryption key.
If users do not have this key, the information is unintelligible. Security teams can use encryption
to protect information confidentiality and integrity throughout its life, including in storage and
during transfer. However, once a user decrypts the data, it is vulnerable to theft, exposure, or
modification. To encrypt information, security teams use tools such as encryption algorithms or
technologies like blockchain. Encryption algorithms, like the advanced encryption standard
(AES), are more common since there is more support for these tools and less overhead for use.

Session 2: Information Security triad

1. What purpose does the CIA triad serve in information security?
a. It creates layers of networks.
b. It helps to develop security measures.
c. It eliminates the need for passwords.
d. It allows you to spy on other users.
2. Another name for the information security triad is:
A. The FBI triad.
B. B. The ISS triad.
C. The CIA triad.
D. D. The IST triad.
3. Risk, as it applies to information technology, is not associated with which one or more of the
following items:
A. People
B. Practices
C. Processes
D. Principles
4. Which one of these represents the property of keeping an organization information accurate,
without error, and without unauthorized modification?
A. Availability
B. Integrity
C. Confidentiality
D. Accountability
5. Which one of the following access control services determines the capabilities of a subject when
accessing the object?
A. Accountability
B. Authorization

303
C. Audit
D. I&A
6. Give some examples of CIA Triad

Consider an ATM where users may check bank balances and other data to get a clearer idea of
how the CIA Triad works in real life. An ATM has safeguards that meet the triad's basic ideas:

• The two-factor authentication (debit card with the PIN code) provides confidentiality
before authorizing access to sensitive data.
• The ATM and bank software ensure data integrity by maintaining all transfer and
withdrawal records made via the ATM in the user’s bank accounting.
• The ATM provides availability as it is for public use and is accessible at all times.
•

7. Explain the Importance of the CIA Triad

The CIA Triad can be used to more effectively decide which of the three principles will be most
beneficial for a certain type of data as well as the business as a whole when developing information
security policies. The CIA triad provides as the fundamental framework for creating organizational
security systems and policies. Because of this, the CIA trinity is essential to keeping your data
secure and safe from evolving cyber threats. It is determined that an organization has failed to
adequately enforce one or more of these standards when a security incident, such as information
theft or a security breach, happens. Because it strengthens security posture, enables organizations
to comply with complicated requirements, and ensures business continuity, the CIA triad is
essential to information security.

Session 3: Tools and technologies for safeguarding information resources

1. State 5 tools and technology used to safeguard information resources.
a. Identity Management and Authentication
b. Firewalls, Intrusion Detection Systems, and Anti-malware Software
c. Securing Wireless Networks
d. Encryption and Public Key Infrastructure
e. Securing Transactions with Blockchain

Session 4: Components of an organizational framework for security and control

1. What is security framework?

304
Policies and procedures for developing and maintaining security controls are specified by a
security framework. Frameworks make clear the steps taken to safeguard an organization from
cybersecurity risks.
2. State the components of an organizational framework for security and control:
• Information Systems Controls
• Risk Assessment
• Security Policy
• Disaster Recovery Planning and Business Continuity Planning
• The Roles of Auditing

Session 5: Malware and its types.

1. What is Malware?

A program known as malware is made to access computer systems without the user's consent,
typically for the advantage of a third party. Malware can take the form of different program kinds,
each with a unique objective or motive. Software that is intended to infiltrate and harm a system,
service, or network is known as malware.

2. State 4 types of malwares.

• Virus
• Worms
• Spyware
• Trojan Horse

Session 6: Information systems vulnerable to destruction, error, and abuse and best
Practices.
1. What is information security Vulnerability?
A vulnerability is a weakness or gap in a system's security that can be exploited by an attacker to
gain unauthorized access or cause damage. These vulnerabilities can exist in various components
of an information system such as hardware, software, and networks.
2. State four (4) factors that can lead to information system vulnerability.

• Hardware failures: Hardware components such as servers, storage devices, and network
equipment can malfunction or fail, leading to data loss or system downtime.
• Software bugs: Software applications and operating systems can contain bugs that can
be exploited by attackers to gain unauthorized access or cause damage.

305
• Natural disasters: Natural disasters such as floods, earthquakes, and hurricanes can
cause physical damage to information systems, leading to data loss or system
downtime.
• Cyber-attacks: Information systems can be targeted by cyber criminals for financial
gain or to cause disruption.

306