Q1. Explain the importance of the information system to society.

Ans:

Information systems are a set of interconnected elements working together to collect,

process, store, and distribute information to help coordination, visualization in an
organization, analysis, and decision-making.

The Information system can be defined as a collection of software, hardware, and

telecommunication networks that people develop and use to gather, create, and
distribute useful data, mainly in organizational settings.

In other words, an information system means a collection of interrelated components

which work together to gather, process, store, and break down the information to help
decision making.

Modern technology can significantly boost your company's performance and productivity.
Information systems are no exception.
➢ Organizations worldwide rely on them to research and develop new ways to generate
revenue, engage customers and streamline time-consuming tasks.
➢ With an information system, businesses can save time and money while making smarter
decisions.
➢ A company's internal departments, such as marketing and sales, can communicate better
and share information more easily.
➢ Since this technology is automated and uses complex algorithms, it reduces human error.
Furthermore, employees can focus on the core aspects of a business rather than spending
hours collecting data, filling out paperwork and doing manual analysis.
➢ Thanks to modern information systems, team members can access massive amounts of data
from one platform.
➢ For example, they can gather and process information from different sources, such as
vendors, customers, warehouses and sales agents, with a few mouse clicks.

Q2.Explain with a neat diagram the types of information system.

Ans:
Information systems are collections of multiple information resources (e.g., software,
hardware, computer system connections, the system housing, system users, and
computer system information) to gather, process, store, and disseminate
information.Tools such as laptops, databases, networks, and smartphones are
examples of information systems. Typical businesses and organizations have the
following six, each system supporting a different organizational level.

● Transaction Processing System (TPS)

Transaction processing is essential to helping businesses perform daily operations.

Transactions are defined as any activity or event that affects the company, and include
things like deposits, withdrawals, shipping, billing customers, order entry, and placing
orders. TPS supports these business transactions.

● Office Automation System (OAS)

OAS consists of computers, communication-related technology, and the personnel

assigned to perform the official tasks. The OAS covers office transactions and supports
official activity at every level in the organization. The official activities are subdivided
into managerial and clerical activities.

Office automation systems include the following applications:

● Email: The email application also covers file attachments such as audio, video,
and documents.
● Voice Mail: This application records and stores phone messages into the
system’s memory and can be retrieved anytime.
● Word Processing: Word processing covers the creation of documents,
including memos, reports, letters, and anything else that’s printable
electronically. The created text can be copied, edited, and stored via word
processing commands, and checked for grammar and spelling, line and word
counting, and headers and footers.
● Knowledge Work System (KWS)

The KWS is a specialized system that expedites knowledge creation and ensures that
the business's technical skills and knowledge are correctly applied. The Knowledge
Work System aids workers in creating and disseminating new information using
graphics, communication, and document management tools. Here are some examples
of KWS:

● Computer-Aided Design Systems (CAD): CAD systems automate design

creation and revision via computers and graphics software, especially in the
manufacturing and tooling processes.
● Financial Workstations: These systems pull and combine data from many
different internal and external sources, covering research reports, market data,
and management data. Financial workstations can rapidly analyze huge
amounts of financial data and trading situations.
● Management Information System (MIS)

Middle managers handle much of the administrative chores for day-to-day routines and
performance monitoring, ensuring that all the work is aligned with the organization's
needs. That's why MIS is such a valuable tool. Management Information Systems are
specially designed to help middle managers and supervisors make decisions, plan, and
control the workflow. The MIS pulls transactional data from various Transactional
Processing Systems, compiles the information, and presents it in reports and displays.

Additionally, these reports can be produced monthly, quarterly, or annually, although MIS
can have more immediate reports (e.g., hourly, daily).

● Decision Support System (DSS)

The DSS is a management-level, interactive computer-based information system that

helps managers to make decisions. The Decision Support System specifically gives
middle managers the information necessary to make informed, intelligent decisions.

Decision Support Systems use different decision models to analyze or summarize large
pieces of data into an easy-to-use form that makes it easier for managers to compare
and analyze information. Often, these summaries come in the form of charts and tables.

● Executive Support System (ESS)

 ● The ESS is like the MIS but for executive-level decision-making. The decisions
involve company-wide matters, so the stakes are higher. Consequently, they
demand more insight and judgment.

The ESS provides greater telecommunication, better computing capabilities, and more
efficient display options than the DSS. Executives use ESS to make effective decisions
through summarized internal data taken from DSS and MIS and external sources. In
addition, executive support systems help monitor performances, track competitors, spot
opportunities, and forecast future trends.

Q3.Explain the characteristics of MIS with eg.

1. System approach:
MIS follows the system approach, which implies a step by step approach to the
study of a system and its performance in the light of the objective for which it has
been constituted. It means taking an inclusive view at sub-systems to operate
within an organization.
2. Management-oriented:
The management-oriented characteristic of MIS implies that top-down approach
needs to be followed for designing MIS. A top-down method says the initiation of
system development determines management requirements as well as business
 goals. MIS implies the management dynamically to the system development
towards the completion of management decisions.
3. As per requirements:
The design and development of MIS should be as per the information required by
the managers. The required design and development information is at different
levels, viz., strategic planning, management control and operational control. It
means MIS should cater to the specific needs of managers in the hierarchy of an
organization.
4. Future-oriented:
The design and development of MIS should also be a future purpose so that the
system is not restricted to provide only the past information.
5. Integrated:
A complete MIS is a combination of its multiple sub-components to provide the
relevant information to take out a useful decision. An integrated system, which
blends information from several operational areas, is a necessary characteristic
of MIS.
6. Common data flows:
This concept supports numerous basic views of system analysis such as
avoiding duplication, combining similar functions and simplifying operations. The
expansion of common data flow is a cost-effectively and logical concept.
7. Long-term planning:
MIS should always develop as a long term planning because it involves logical
planning to get success in an organization. While developing MIS, the analyst
should keep future oriented analysis and needs of the company in mind.
8. Relevant connection of sub-system planning:
The MIS development should be decomposed into its related subsystems. These
subsystems must be meaningful with proper planning.

9. Central database:
It contains data in tabular form. The database is responsible for operations like
insertion, deletion, updation of records. This database covers information related
to inventory, personnel, vendors, customers, etc. the data stored in the database.

Q4.Explain with a neat diagram the necessary elements of IS.

An Information system is a combination of hardware and software and
telecommunication networks that people build to collect, create and distribute
useful data, typically in an organization. It defines the flow of information within
the system. The objective of an information system is to provide appropriate
information to the user, to gather the data, process the data and communicate
information to the user of the system.

Components of the information system are as follows:

1. Computer Hardware:
Physical equipment used for input, output and processing. The hardware
structure depends upon the type and size of the organization. It consists of an
input and an output device, operating system, processor, and media devices.
This also includes computer peripheral devices.
2. Computer Software:
The programs/ application program used to control and coordinate the hardware
components. It is used for analysing and processing of the data. These programs
include a set of instruction used for processing information.
Software is further classified into 3 types:

1. System Software
 2. Application Software
3. Procedures

3. Databases:
Data are the raw facts and figures that are unorganized that are later processed
to generate information. Softwares are used for organizing and serving data to
the user, managing physical storage of media and virtual resources. As the
hardware can’t work without software the same as software needs data for
processing. Data are managed using Database management system.
Database software is used for efficient access for required data, and to manage
knowledge bases.
4. Network:

● Networks resources refer to the telecommunication networks like the

intranet, extranet and the internet.
● These resources facilitate the flow of information in the organization.
● Networks consists of both the physicals devices such as networks
cards, routers, hubs and cables and software such as operating
systems, web servers, data servers and application servers.
● Telecommunications networks consist of computers, communications
processors, and other devices interconnected by communications
media and controlled by software.
● Networks include communication media, and Network Support.

5. Human Resources:
It is associated with the manpower required to run and manage the system.
People are the end user of the information system, end-user use information
produced for their own purpose, the main purpose of the information system is to
benefit the end user. The end user can be accountants, engineers, salespersons,
customers, clerks, or managers etc. People are also responsible to develop and
operate information systems. They include systems analysts, computer
operators, programmers, and other clerical IS personnel, and managerial
techniques.

Q5.What is IS? What are its advantages And disadvantages?

Cutshort from Question 4.

Advantages of Information System

1) Storage and protection of information
The storing components of information systems are created to collect and store an enormous amount
of data for a very long time. These stored data can be accessed by the users whenever necessary.
Maintaining the security of company records is very vital to the integrity of the company. Moreover,
hackers can be blocked with intense security. Even the virtual vault limits the loss or damage of
electronic information during a system breakdown.

2) More efficiency and greater productivity

Most businesses are now highly dependent on information systems for more efficiency and increased
productivity. The automated processes enable the completion of more work in a shorter amount of
time. This allows the employees to handle a greater workload with more efficiency and accuracy and
less human error. Many tasks are completed by the computer. This provides more free time and
flexibility to the employees to focus on other tasks to improve the company’s efficiency as well.

3) Reduced risk of errors

As information systems employ automated processes so users can get the most accurate information
needed to perform an activity. It is better to say that all the steps – from input to organizing, storing,
and processing of data and finally output– are done with great accuracy.

Potential human errors in manual processes can be minimized.

4) Better communication
Communication is very essential to personal as well as business relationships. The success of a
company depends highly on communication between supervisors and employees, as well as between
employees and clients. Telecommunication in the form of video conferences, emails, fax, and so on
allow easier exchanges of information and opinions.

Disadvantages of Information System

1) Expensive
At the primary level, some technologies, hardware, tools, and means of communication require great
expenses. Then the setup of the information system can also be very costly. Regular maintenance and
repair of these types of equipment are also required. Updating and upgrading the devices, software,
and other components associated with additional costs. Apart from the technological side, people
should also be employed to operate the system and thus should be paid wages. Training of these
people again requires some expenses.

2) Reduction in jobs
As tasks are completed quickly and efficiently using an information system so employees get more
time. So, to operate fully companies are trying to combine jobs in order to reduce the number of
employees. In some cases, machines are replacing human labor and eliminating jobs.

3) Security breaches
Electronic information is highly prone to security breaches. Hackers are constantly updating and
upgrading themselves along with the technology. So, companies should keep a security specialist
employed all the time to prevent any threat to the security of their vital information. This interrupts
the smooth functioning of the system, causing customer dissatisfaction and other problems for the
company.
Q6.Explain the role of IS in framing organizational strategy & bringing competitive advantage?

1. It allows organizations to be proactive rather than

reactive

A strategic plan allows organizations to foresee their future and to prepare accordingly. Through

strategic planning, companies can anticipate certain unfavourable scenarios before they happen

and take necessary precautions to avoid them. With a strong strategic plan, organizations can

be proactive rather than merely reacting to situations as they arise. Being proactive allows

organizations to keep up with the ever-changing trends in the market and always stay one step

ahead of the competition.

2. It sets up a sense of direction

A strategic plan helps to define the direction in which an organization must travel, and aids in

establishing realistic objectives and goals that are in line with the vision and mission charted out

for it. A strategic plan offers a much-needed foundation from which an organization can grow,

evaluate its success, compensate its employees and establish boundaries for efficient

decision-making.

3. It increases operational efficiency

A strategic plan provides management the roadmap to align the organization’s functional

activities to achieve set goals. It guides management discussions and decision making in
determining resource and budget requirements to accomplish set objectives — thus increasing

operational efficiency.

4. It helps to increase market share and profitability

Through a dedicated strategic plan, organizations can get valuable insights on market trends,

consumer segments, as well as product and service offerings which may affect their success.

An approach that is targeted and well-strategized to turn all sales and marketing efforts into the

best possible outcomes can help to increase profitability and market share.

5. It can make a business more durable

Business is a tumultuous concept. A business may be booming one year and in debt the next.

With constantly changing industries and world markets, organizations that lack a strong

foundation, focus and foresight will have trouble riding the next wave. According to reports, one

of every three companies that are leaders in their industry might not be there in the next five

years… but the odds are in favour of those that have a strong strategic plan!

If you’re considering adopting a strategic plan at your organization, or are looking for a way to

align your staff and daily operations on your existing one, then Envisio may just be the solution

you’ve been looking for. Envisio’s cloud-based strategic plan management software helps

organizations manage their strategic and operating plans, track performance, and report to

stakeholders.

Q7. What are the challenges faced by knowledge management in diff business scenarios?
Some of major challenges faced by knowledge management function are as follows −
 ● Security − Accommodating the right level of security for knowledge

management is key. Conscious information should be shielded from most

users, while allowing easy access to those with the proper credentials.

● Getting People Motivated − Overpowering organizational culture

challenges and developing a culture that embraces learning, sharing,

changing, improving can’t be done with technology.

● Keeping Up With Technology − Regulating how knowledge should be

dispensed, transferring it quickly, and effectively is a huge challenge.

Constantly changing structures mean learning how to be smart, quick,

agile and responsive − all things a KM tool must be able to finish.

● Measuring Knowledge − Knowledge is not something that can be easily

quantified, and is far more complex because it is copied out of human

relationships and experience. The focus should be on distributed purpose

rather than results or efforts.

● Overpowering Shared Leadership − As a knowledge leader, the

concerned person has the responsibility to collaborate with fellow

colleagues, persuade them to share their knowledge base for the benefit

of the organization.

● Keeping Accurate Data − It is also the basic function to keep basic data

which is accurate and authentic in nature.

Q8.Explain the components of Data Warehouse with a neat diagram.

The data moves from the data source area through the staging area to the
presentation server. The entire process is better known as ETL (extract,
transform, and load) or ETT (extract, transform, and transfer).
Components of Data Warehouse Architecture and their tasks :
1. Operational Source –
● An operational Source is a data source consists of Operational Data
and External Data.
● Data can come from Relational DBMS like Informix, Oracle.

2. Load Manager –
● The Load Manager performs all operations associated with the
extraction of loading data in the data warehouse.
● These tasks include the simple transformation of data to prepare data
for entry into the warehouse.

3. Warehouse Manage –
 ● The warehouse manager is responsible for the warehouse
management process.
● The operations performed by the warehouse manager are the analysis,
aggregation, backup and collection of data, de-normalization of the
data.

4. Query Manager –
● Query Manager performs all the tasks associated with the management
of user queries.
● The complexity of the query manager is determined by the end-user
access operations tool and the features provided by the database.

5. Detailed Data –
● It is used to store all the detailed data in the database schema.
● Detailed data is loaded into the data warehouse to complement the data
collected.

6. Summarized Data –
● Summarized Data is a part of the data warehouse that stores
predefined aggregations
● These aggregations are generated by the warehouse manager.

7. Archive and Backup Data –

● The Detailed and Summarized Data are stored for the purpose of
archiving and backup.
 ● The data is relocated to storage archives such as magnetic tapes or
optical disks.

8. Metadata –
● Metadata is basically data stored above data.
● It is used for extraction and loading process, warehouse, management
process, and query management process.

9. End User Access Tools –

● End-User Access Tools consist of Analysis, Reporting, and mining.
● By using end-user access tools users can link with the warehouse.

Q9. Explain the significance of knowledge for a business firm and differentiate between
knowledge and information.

Business knowledge is an important strategic asset. It is a sum of skills, experiences,

capabilities and insight which you collectively create and rely on in your business. It affects all
the activities in and around your business.

Types of business knowledge

Knowledge can exist in many forms, but usually falls under one of three main categories:

Tacit knowledge - personal know-how or skills rooted in experience or practice (eg aesthetic
sense or intuition). Tacit knowledge is difficult to write down, visualise or transfer.
Explicit knowledge - articulated knowledge recorded in documents, memos, databases, etc.
Explicit knowledge is easy to store, distribute and communicate.
Embedded knowledge - skills and understanding locked in processes, products, rules or
organisational culture (eg informal routines, codes of conduct, organisational ethics).
Knowledge can belong to individuals or groups within your business, or exist at the
organisational level. You can also share it with different organisations.
Information vs knowledge table

Basis of
compari Information Knowledge
son

Information is organized data Knowledge refers to the

about someone, or something awareness or comprehension of
obtained from various sources a person’s education or
Meaning such as television, internet etc. experience gained on the subject.
So, information is facts or data It refers to the relevant and
being systematically presented in objective information gained
each context. through experience.

Information can be easily

It is difficult to transfer
transferred through different
knowledge as it require learning
Transfer means. It can be transferred
and efforts on the part of the
through both verbal and
receiver.
nonverbal signals.

Information alone is not

Predicti sufficient to generalize or making Knowledge can be used to make
on predictions about someone or predictions or make influences.
something.
 Information has narrow scope. Knowledge has wider scope. This
Scope This is because every information is because all knowledge is
is not necessarily a knowledge. information.

Knowledge is experience
Oriented Information is theory oriented. oriented as it is derived through
experiences.

Nature Information is static in nature Knowledge is dynamic in nature

Information is a refined form of Knowledge is relevant

What is data which is helpful to information with the help of
it understand the meaning of which conclusions can be drawn
something. and generalizations can be made.

Knowledge is combination of
Combina Information is combination of
information, experience and
tion of data and context
intuition.

Q10.What is the impact of BI on decision making?

Q11.Explain Data WareHouse & Data Mart in an organization.
A data warehouse is storage of convenient, consistent, complete and consolidated data,
which is collected for the purpose of making quick analysis for the end users who take
place in Decision Support Systems (DSS).
Data warehouses have no standard definition and the people who work on data
warehouse subject have defined it in many ways as follows:
[1] “The basic data warehouse architecture interposes between end-user desktops and
production data sources a warehouse that we usually think of as a single, large system
maintaining an approximation of an enterprise data model.”
[2] “A data warehouse is a copy of transaction data specifically structured for querying
and reporting.”
[3] “A data warehouse as a “subject-oriented, integrated, time-variant, and nonvolatile
collection of data in support of management’s decision-making process”.
These data is obtained from different operational sources and kept in separate physical
store. A data warehouse is not only a relational database that contains historical data
derived from transactional data but also it is an environment that includes all the
operations and applications to manage the process of gathering data, and delivering it
to business users such as extraction, transportation, transformation, and loading (ETL)
solution, an online analytical processing (OLAP) engine, client analysis tools

Data Mart:
Data mart is a logical subset of the complete data warehouse and prepared for a
single business process in an organization. When they come together, an integrated enterprise
data warehouse is formed. Data marts must be built from shared dimensions and fact. By this
way they can be combined and used together.

Q12.Describe DBMS & What are its building blocks.

The database approach is an improvement on the shared file solution as the use of a
database management system (DBMS) provides facilities for querying,data security
and integrity, and allows simultaneous access to data by several different users.
❖ Database: A database is a collection of related data.
❖ The Database is a shared collection of logically related data, designed to meet the
information needs of an organization.
❖ A database is a computer-based record keeping system whose over all purpose is to
record and maintains information.
❖ The database is a single, large repository of data, which can be used simultaneously
by many departments and users. Instead of disconnected files with redundant data,
all data items are integrated with a minimum amount of duplication.
Building blocks of a Database
The following three componentsform the building blocks of a database. They storethe
data
that we want to save in our database.
i. Columns. Columns are like fields, that is, individual items of data that we wish to
store. A Student' Roll Number, Name, Address etc. are all examplesof columns.
They are also like the columns found in spreadsheets (the A, B,C etc. along the
top).
ii. Rows. Rows are like records as they contain data of multiple columns (like the 1,
2, 3 etc. in a spreadsheet). A row can be made up of as many or as few columns as
you want. This makes reading data much more efficient - you fetch what you want.
iii. Tables. A table is a logical group of columns. For example, you may have atable
that stores details of customers' names and addresses. Another table would be
used to store details of parts and yet another would be used for supplier's names
and addresses.

Q13.What is Knowledge Management? Describe its working in detail.

Q14. Describe OLAP.

OLAP stands for Online Analytical Processing Server. It is a software

technology that allows users to analyze information from multiple database
systems at the same time. It is based on multidimensional data model and allows
the user to query on multi-dimensional data (eg. Delhi -> 2018 -> Sales data).
OLAP databases are divided into one or more cubes and these cubes are known
as Hyper-cubes.
OLAP operations:

There are five basic analytical operations that can be performed on an OLAP
cube:

1. Drill down: In drill-down operation, the less detailed data is converted

into highly detailed data. It can be done by:
○ Moving down in the concept hierarchy
○ Adding a new dimension
2. In the cube given in overview section, the drill down operation is
performed by moving down in the concept hierarchy of Time dimension
 (Quarter -> Month).

3. Roll up: It is just opposite of the drill-down operation. It performs

aggregation on the OLAP cube. It can be done by:
○ Climbing up in the concept hierarchy
○ Reducing the dimensions
4. In the cube given in the overview section, the roll-up operation is
performed by climbing up in the concept hierarchy of Location
 dimension (City -> Country).

5. Dice: It selects a sub-cube from the OLAP cube by selecting two or

more dimensions. In the cube given in the overview section, a sub-cube
is selected by selecting following dimensions with criteria:
○ Location = “Delhi” or “Kolkata”
○ Time = “Q1” or “Q2”
○ Item = “Car” or “Bus”

6.
7. Slice: It selects a single dimension from the OLAP cube which results
in a new sub-cube creation. In the cube given in the overview section,
 Slice is performed on the dimension Time = “Q1”.

8. Pivot: It is also known as rotation operation as it rotates the current

view to get a new view of the representation. In the sub-cube obtained
after the slice operation, performing pivot operation gives a new view of
it.

Q15. What are the measures to improve cyber security with eg.
Use strong passwords

Strong passwords are vital to good online security. Make your password difficult to guess by:

● using a combination of capital and lower-case letters, numbers and symbols

 ● making it between eight and 12 characters long
● avoiding the use of personal data

Control access to data and systems

Make sure that individuals can only access data and services for which they are authorised. For
example, you can:

● control physical access to premises and computers network

● restrict access to unauthorised users
● limit access to data or services through application controls
● restrict what can be copied from the system and saved to storage devices
● limit sending and receiving of certain types of email attachments

Put up a firewall

Firewalls are effectively gatekeepers between your computer and the internet. They act as a barrier
to prevent the spread of cyber threats such as viruses and malware. It's important to set up firewall
devices properly and check them regularly to ensure their software/firmware is up to date, or they
may not be fully effective. Read more about firewalls in server security.

Use security software

You should use security software, such as anti-spyware, anti-malware and anti-virus programs, to
help detect and remove malicious code if it slips into your network. See out detailed guidance to help
you detect spam, malware and virus attacks.

Update programs and systems regularly

Updates contain vital security upgrades that help protect against known bugs and vulnerabilities.
Make sure that you keep your software and devices up-to-date to avoid falling prey to criminals.

Monitor for intrusion

You can use intrusion detectors to monitor systems and unusual network activity. If a detection
system suspects a potential security breach, it can generate an alarm, such as an email alert, based
upon the type of activity it has identified. See more on cyber security breach detection.

4. Use multi-factor authentication

Multi-factor authentication means that to access software or carry out a transaction, at

least one more means of personal verification is needed.
Q16.Explain the different categories of ethical issues related to IT.

1. Personal Privacy:
It is an important aspect of ethical issues in information technology. IT facilitates the
users having their own hardware, operating system and software tools to access the
servers that are connected to each other and to the users by a network. Due to the
distribution of the network on a large scale, data or information transfer in a big
amount takes place which leads to the hidden chances of disclosing information and
violating the privacy of any individuals or a group. It is a major challenge for IT
society and organizations to maintain the privacy and integrity of data. Accidental
disclosure to inappropriate individuals and provisions to protect the accuracy of data
also comes in the privacy issue.
2.
Access Right:
 The second aspect of ethical issues in information technology is access right. Access
right becomes a high priority issue for the IT and cyberspace with the great
advancement in technology. E-commerce and Electronic payment systems evolution
on the internet heightened this issue for various corporate organizations and
government agencies. Network on the internet cannot be made secure from
unauthorized access. Generally, the intrusion detection system are used to
determine whether the user is an intruder or an appropriate user.
3.

Harmful Actions:
Harmful actions in the computer ethics refers to the damage or negative
consequences to the IT such as loss of important information, loss of property, loss
of ownership, destruction of property and undesirable substantial impacts. This
principle of ethical conduct restricts any outsiders from the use of information
technology in manner which leads to any loss to any of the users, employees,
employers and the general public. Typically, these actions comprises of the
intentional destruction or alteration of files and program which drives a serious loss
of resources. To recover from the harmful actions extra time and efforts are required
to remove the viruses from the computer systems.
4.
Patents:
It is more difficult to deal with these types of ethical issues. A patent can preserve the
unique and secret aspect of an idea. Obtaining a patent is very difficult as compared
with obtaining a copyright. A thorough disclosure is required with the software. The
patent holder has to reveal the full details of a program to a proficient programmer for
building a program.
5.
Copyright:
The information security specialists are to be familiar with necessary concept of the
copyright law. Copyright law works as a very powerful legal tool in protecting
computer software, both before a security breach and surely after a security breach.
This type of breach could be the mishandling and misuse of data, computer
programs, documentation and similar material. In many countries, copyright
 legislation is amended or revised to provide explicit laws to protect computer
programs.
6.
Trade Secrets:
Trade secrets is also a significant ethical issue in information technology. A trade
secret secures something of value and usefulness. This law protects the private
aspects of ideas which is known only to the discover or his confidants. Once
disclosed, trade secret is lost as such and is only protected by the law for trade
secrets. The application of trade secret law is very broad in the computer range,
where even a slight head start in the advancement of software or hardware can
provide a significant competitive influence.
7.
Liability:
One should be aware of the liability issue in making ethical decisions. Software
developer makes promises and assertions to the user about the nature and quality of
the product that can be restricted as an express warranty. Programmers or retailers
possess the legitimate to determine the express warranties. Thus they have to be
practical when they define any claims and predictions about the capacities, quality
and nature of their software or hardware. Every word they say about their product
may be as legally valid as stated in written. All agreements should be in writing to
protect against liability. A disclaimer of express warranties can free a supplier from
being held responsible of informal, speculative statements or forecasting made
during the agreement stages.
8.
Piracy:
Piracy is an activity in which the creation of illegal copy of the software is made. It is
entirely up to the owner of the software as to whether or not users can make backup
copies of their software. As laws made for copyright protection are evolving, also
legislation that would stop unauthorized duplication of software is in consideration.
The software industry is prepared to do encounter against software piracy. The
courts are dealing with an increasing number of actions concerning the protection of
software.
Q17.What are the major security threats to the IS & discuss the measures taken to control
Information Security.
Information Security threats can be many like Software attacks, theft of
intellectual property, identity theft, theft of equipment or information, sabotage,
and information extortion.
Threat can be anything that can take advantage of a vulnerability to breach
security and negatively alter, erase, harm object or objects of interest.
Software attacks means attack by Viruses, Worms, Trojan Horses etc. Many
users believe that malware, virus, worms, bots are all same things. But they are
not same, only similarity is that they all are malicious software that behaves
differently.
Malware is a combination of 2 terms- Malicious and Software. So Malware
basically means malicious software that can be an intrusive program code or
anything that is designed to perform malicious operations on system. Malware
can be divided in 2 categories:

1. Infection Methods
2. Malware Actions

Malware on the basis of Infection Method are following:

1. Virus – They have the ability to replicate themselves by hooking them to the
program on the host computer like songs, videos etc and then they travel all over the
Internet. The Creeper Virus was first detected on ARPANET. Examples include File
Virus, Macro Virus, Boot Sector Virus, Stealth Virus etc.
2. Worms – Worms are also self-replicating in nature but they don’t hook themselves to
the program on host computer. Biggest difference between virus and worms is that
worms are network-aware. They can easily travel from one computer to another if
network is available and on the target machine they will not do much harm, they will,
for example, consume hard disk space thus slowing down the computer.
 3. Trojan – The Concept of Trojan is completely different from the viruses and worms.
The name Trojan is derived from the ‘Trojan Horse’ tale in Greek mythology, which
explains how the Greeks were able to enter the fortified city of Troy by hiding their
soldiers in a big wooden horse given to the Trojans as a gift. The Trojans were very
fond of horses and trusted the gift blindly. In the night, the soldiers emerged and
attacked the city from the inside.
Their purpose is to conceal themselves inside the software that seem legitimate and
when that software is executed they will do their task of either stealing information or
any other purpose for which they are designed.
They often provide backdoor gateway for malicious programs or malevolent users to
enter your system and steal your valuable data without your knowledge and
permission. Examples include FTP Trojans, Proxy Trojans, Remote Access Trojans
etc.

4. Bots –: can be seen as advanced form of worms. They are automated processes
that are designed to interact over the internet without the need for human interaction.
They can be good or bad. Malicious bot can infect one host and after infecting will
create connection to the central server which will provide commands to all infected
hosts attached to that network called Botnet.
5. Adware – Adware is not exactly malicious but they do breach privacy of the users.
They display ads on a computer’s desktop or inside individual programs. They
come attached with free-to-use software, thus main source of revenue for such
developers. They monitor your interests and display relevant ads. An attacker can
embed malicious code inside the software and adware can monitor your system
activities and can even compromise your machine.
6. Spyware – It is a program or we can say software that monitors your activities on
computer and reveal collected information to an interested party. Spyware are
generally dropped by Trojans, viruses or worms. Once dropped they install
themselves and sits silently to avoid detection.
One of the most common example of spyware is KEYLOGGER. The basic job of
keylogger is to record user keystrokes with timestamp. Thus capturing interesting
information like username, passwords, credit card details etc.
7. Ransomware – It is type of malware that will either encrypt your files or will lock
your computer making it inaccessible either partially or wholly. Then a screen will

be displayed asking for money i.e. ransom in exchange.Types of information

security controls include security policies, procedures, plans,
devices and software intended to strengthen cybersecurity. There
are three categories of information security controls:
● Preventive security controls, designed to prevent cyber security
incidents
● Detective security controls, aimed at detecting a cyber security
breach attempt (“event”) or successful breach (“incident”) while it
is in progress, and alerting cyber security personnel
● Corrective security controls, used after a cyber security incident to
help minimize data loss and damage to the system or network, and
restore critical business systems and processes as quickly as
possible (“resilience”)

Security controls come in the form of:

● Access controls including restrictions on physical access such as

security guards at building entrances, locks, and perimeter fences
● Procedural controls such as security awareness education,
security framework compliance training, and incident response
plans and procedures
● Technical controls such as multi-factor user authentication at login
(login) and logical access controls, antivirus software, firewalls
 ● Compliance controls such as privacy laws and cyber security
frameworks and standards.

MIS security refers to measures put in place to protect information

system resources from unauthorized access or being
compromised. Security vulnerabilities are weaknesses in a
computer system, software, or hardware that can be exploited by
the attacker to gain unauthorized access or compromise a system.
People as part of the information system components can also be
exploited using social engineering techniques. The goal of social
engineering is to gain the trust of the users of the system. Let's
now look at some of the threats that information system face and
what can be done to eliminate or minimize the damage if the threat
were to materialize.

Computer viruses – these are malicious programs as described in

the above section. The threats posed by viruses can be eliminated
or the impact minimized by using Anti-Virus software and following
laid down security best practices of an organization.

Unauthorized access – the standard convention is to use a combination

of a username and a password. Hackers have learnt how to circumvent
these controls if the user does not follow security best practices. Most
organizations have added the use of mobile devices such as phones to
provide an extra layer of security. Let's take Gmail as an example, if
Google is suspicious of the login on an account, they will ask the person
about to login to confirm their identity using their android powered
mobile devices or send an SMS with a PIN number which should
supplement the username and password.If the company does not have
enough resources to implement extra security like Google, they can use
other techniques. These techniques can include asking questions to
users during signup such as what town they grew up in, the name of
their first pet, etc. If the person provides accurate answers to these
question, access is granted into the system.

Data loss – if the data center caught fire or was flooded, the hardware
with the data can be damaged, and the data on it will be lost. As a
standard security best practice, most organizations keep backups of the
data at remote places. The backups are made periodically and are
usually put in more than one remote area.

Biometric Identification – this is now becoming very common especially

with mobile devices such as smartphones. The phone can record the
user fingerprint and use it for authentication purposes. This makes it
harder for attackers to gain unauthorized access to the mobile device.
Such technology can also be used to stop unauthorized people from
getting access to your devices
Q18. Define Business Ethics with eg.
Ans:
Business ethics refers to the set of principles or standards that govern the moral
conduct of business. It is concerned with the relationship between the
techniques, practices, and objectives of an organization. Business ethics says
that businesses have to be honest with themselves and society. Some examples
of business ethics are treating workers fairly, charging fair prices from customers,
providing good quality goods and services, earning reasonable profits, using
accurate and fair weights of the goods, etc. However, unethical behavior involves
corrupting public servants to get favors, defrauding customers through
misleading advertisements, providing a false image of the business in its books
of accounts and financial statements, using the properties and assets of the
business for personal use, revealing trade secrets to competitors, etc. A
businessperson is said to be ethical if he/she acts upright and serves society’s
interests. An ethical business is a good business as it works for the interests of
society. Ethical businesses have a good image in the eyes of the public, as
people have confidence in the business, which leads towards greater success.
Ethical activity is not only good for society, but also for business people and
businesses as it helps them enhance the quality of their lives and the work they
do. There are various types of business ethics. Both the nature of the company's
business and where the company is located can affect which ethics it
emphasizes. The following are some of the more common business ethics.

1. Personal responsibility

Each person who works for a business, whether on the executive level or the
entry-level, will be expected to show personal responsibility.

2. Corporate responsibility

Businesses have responsibilities to their employees, their clients or customers,

and, in some cases, to their board of directors.

3. Loyalty

Both businesses and their employees are expected to show loyalty. Employees
should be loyal to their co-workers, managers, and the company. This might
involve speaking positively about the business in public and only addressing
personnel or corporate issues in private.

4. Respect

Respect is an important business ethic, both in the way the business treats its
clients, customers and employees, and also in the way its employees treat one
another.

5. Trustworthiness

A business cultivates trustworthiness with its clients, customers and employees

through honesty, transparency and reliability. Clients and customers should be
able to trust the business with their money, data, contractual obligations and
confidential information.

6. Fairness

When a business exercises fairness and integrity, it applies the same standards
for all employees regardless of rank.

7. Community and Environmental Responsibility

Not only will businesses act ethically toward their clients, customers and
employees, but also with regard to the community and the environment.

some examples of ways a business might practice its ethics.

1. Data Protection

Businesses often collect information about their customers. This may only be an
email address, but it could also be their physical address, or health or financial
information, depending on the nature of the business. Companies that collect
customer data normally promise to secure that information and not share it
without the customer's permission. The same applies to employee information.
Business ethics usually protect employees' personnel records and allow access
only to those with a valid need to know.

2. Customer Prioritization

One way a business shows respect for its customers is by prioritizing the
customer's needs, even at the expense of the company. For example, if a
customer purchases goods or services that turn out to be unsatisfactory, the
business will do what it must to recompense the customer. If it is a faulty product,
the business will offer a replacement or a refund. If the customer experienced
bad service, the company will usually apologize and offer a discount or some
other form of compensation.

3. Workplace Diversity

A business might express fairness is by placing a high importance on having a

diverse workplace. Achieving a diverse workplace means using recruiting
practices that give equal opportunity to people from different ethnic, gender and
social groups. This can add time and effort to the hiring process, but it is
worthwhile. Employing a diverse range of people gives the business the benefit
of different perspectives. It also demonstrates that the company is serious about
equality and treating all people with respect.

4. Whistleblower Protection

As a business grows, it becomes harder to verify that employees are keeping to

the ethical standards set by the company. Sometimes the business will rely upon
a whistleblower to draw attention to unethical practices within the company. To
encourage employees to come forward to report unethical practices, businesses
will often put in place protections against negative consequences. With these
protections, employees don't need to fear losing their jobs or facing disciplinary
action for pointing out unethical behavior.

5. Corporate Transparency

A business that practices transparency will be clear in its communications both

with employees and to clients or customers. The language used will be
unambiguous so there is no doubt about the policies or priorities that guide
business decisions. Transparent corporate communications will also be honest
and truthful. Everyone working for or engaging with the company should be able
to trust what it says.

Q19.What are the principles on which Information Security is based.

Q20. State any causes of threats to DB security.
Human Error

Weak passwords, password sharing, accidental erasure or corruption

of data, and other undesirable user behaviors are still the cause of
almost half of data breaches reported.

Exploitation of Database Software Vulnerabilities

Attackers constantly attempt to isolate and target vulnerabilities in

software, and database management software is a highly valuable
target. New vulnerabilities are discovered daily, and all open source
database management platforms and commercial database software
vendors issue security patches regularly. However, if you don’t use
these patches quickly, your database might be exposed to attack.

Even if you do apply patches on time, there is always the risk of

zero-day attacks, when attackers discover a vulnerability, but it has
not yet been discovered and patched by the database vendor.

SQL/NoSQL Injection Attacks

A database-specific threat involves the use of arbitrary non-SQL and

SQL attack strings into database queries. Typically, these are
queries created as an extension of web application forms, or
received via HTTP requests. Any database system is vulnerable to
these attacks, if developers do not adhere to secure coding
practices, and if the organization does not carry out regular
vulnerability testing.

Buffer Overflow Attacks

Buffer overflow takes place when a process tries to write a large

amount of data to a fixed-length block of memory, more than it is
permitted to hold. Attackers might use the excess data, kept in
adjacent memory addresses, as the starting point from which to
launch attacks.

Denial of Service (DoS/DDoS) Attacks

In a denial of service (DoS) attack, the cybercriminal overwhelms

the target service—in this instance the database server—using a
large amount of fake requests. The result is that the server cannot
carry out genuine requests from actual users, and often crashes or
becomes unstable.

In a distributed denial of service attack (DDoS), fake traffic is

generated by a large number of computers, participating in a botnet
controlled by the attacker. This generates very large traffic volumes,
which are difficult to stop without a highly scalable defensive
architecture. Cloud-based DDoS protection services can scale up
dynamically to address very large DDoS attacks.

Malware

Malware is software written to take advantage of vulnerabilities or

to cause harm to a database. Malware could arrive through any
endpoint device connected to the database’s network. Malware
protection is important on any endpoint, but especially so on
database servers, because of their high value and sensitivity.
An Evolving IT Environment

The evolving IT environment is making databases more susceptible

to threats. Here are trends that can lead to new types of attacks on
databases, or may require new defensive measures:

● Growing data volumes—storage, data capture, and processing

is growing exponentially across almost all organizations. Any
data security practices or tools must be highly scalable to
address distant and near-future requirements.
● Distributed infrastructure—network environments are
increasing in complexity, especially as businesses transfer
workloads to hybrid cloud or multi-cloud architectures, making
the deployment, management, and choice of security solutions
more difficult.
● Increasingly tight regulatory requirements—the worldwide
regulatory compliance landscape is growing in complexity, so
following all mandates are becoming more challenging.
● Cybersecurity skills shortage—there is a global shortage of
skilled cybersecurity professionals, and organizations are
finding it difficult to fill security roles. This can make it more
difficult to defend critical infrastructure, including databases.

Q21.Describe the security technologies used to secure E-commerce.