Professional Documents
Culture Documents
Agenda
System Terminology
Systems Development Life Cycle
Planning and analysis defines needed
information etc
Design - data structures, software
architecture, interface
Implementation - Source code, database,
documentation, testing and validation etc.
Operations and maintenance - ongoing
SDLC
A framework to describe the activities
performed at each stage of a software
development project.
MIS Structure
Strategic Top management
Tactical Middle Management
Operational Lower Management
Strategic
External information Competitive forces,
customer actions, resource availability,
regulatory approvals
Predictive information long term trends
What if information
Strategic Management
The People
Decisions
Board of Directors
Develop Overall Goals
Chief Executive Officer Long-term Planning
President
Determine Direction
Political
Economic
Competitive
Tactical
Tactical Management
People
Business Unit
Managers
Vice-President to
Middle-Manager
Decisions
short-medium range
planning
schedules
budgets
policies
procedures
resource allocation
Operational
Descriptive historical information
Current performance information
Exception reporting
Operational Management
People
Decisions
Middle-Managers to
Supervisors
Self-directed teams
short-range planning
production schedules
day-to-day decisions
use of resources
enforce polices
follow procedures
MIS System
MIS provides information about the
performance of an organization
Think of entire company (the firm) as
a system.
An MIS provides management with
feedback
The Firm
Processing
Input: Raw Materials,
Supplies, Data, etc.
MIS
Managers,
VPs, CEO
Output: Products,
Services, Information etc.
MIS - Questions
Q: How are we doing?
A: Look at the report from the MIS
Generic reports: Sales, Orders,
Schedules, etc.
Periodic: Daily, Weekly, Quarterly, etc.
Pre-specified reports
Obviously, such reports are useful for
making good decisions.
DSS
Special reports that may
only be generated once
Pre-specified,
generic reports
Types of Decisions
Operational
Unstructured
Tactical
Cash
Re-engineering a
Management process
Strategic
New e-business initiatives
Company re-organization
Semistructured
Production
Scheduling
Structured Payroll
Project Management
Planning Tools
Gantt chart
PERT
Interdependencies
Precedence relationships
Information Technology
Some IT systems simply process transactions
Some help managers make decisions
Some support the interorganizational flow of
information
Some support team work
INFORMATION FLOWS
Upward Flow of Information - describes the current
state of the organization based on its daily
transactions.
Downward Flow of Information - consists of the
strategies, goals, and directives that originate at one
level and are passed to lower levels.
Horizontal Flow of Information - between functional
business units and work teams.
INFORMATION PROCESSING
1. Information Sourcing- at its point of origin.
2. Information - in its most useful
form.
3.Creating information - to obtain new
information.
4.Storing information - for use at a later time.
5.Communication of information - to other
people or another location.
Data Centers
Centralised data environment
Data integration
Management awareness
Change impact
Functional specialisation
Local differences
User proximity
User confidence
Lack of central control
Corporate level reporting
Data redundancy
Loss of synergy
Selection criteria
Industry knowledge
Banking IT knowledge
Application familiarity
Project Management
Pricing options
Track record
Incumbency
Technical skills
Accessibility
Total Cost
Other systems
Electronic clearing and settlement systems
MICR/OCR
Debit Clearing system
Credit Clearing system
RTGS
Cheque truncation
Networking Systems
Data communications
Electronic mail
Internet Connectivity
Local Area Networking
Remote Access Services
Computer Security
Physical security
Logical Security
Network security
Biometric security
Physical Security
Intrusion prevention- locking, guarding,
lighting
Intrusion detection mechanisms
Disturbance sensors, buried line sensors,
Surveillance
Document security
Power supply
Logical security
Software access controls
Multiple type of access control
Internal access control based on date, time
etc
Max tries
Audit trails
Priviliged access
Encryption
Network Security
Physical intrusion
System intrusion
Attacks
Methods
Signature recognition Pattern recognition
Anomaly detection Statistical anomalies
Firewalls
First line or last line of defence?
Others
VPN
Encryption
Honey pots
Biometric Security
Signature recognition
Fingerprint recognition
Palmprint recognition
Hand recognition
Voiceprint
Eye retina pattern
Communication Security
Cryptography
Digital Signatures
PKI
CA
Cryptography
Art and science of keeping files and
messages secure.
Encryption
Key to encode
DES and Triple DES, IDEA
Safe key length
Cipher
Decryption
Digital Signatures
Usage
Verification
Why use?
Authenticity
Integrity
Confidentiality
Non repudiation
Key distribution
Disaster Management
Natural
Accidents
Malicious
Disaster Management
Disaster avoidance
Inventory
Risk Management
Disaster Recovery
Data off site
Data off line
Data out of reach
Test
Employee awareness
Fire detection and prevention
Hardcopy records
Human factors
LAN
Media handling and storage
Preplanning
Vulnerability assessment
BIA Business Impact Assessment
Detailed definition RTO and RPO
Plan development
Testing
Maintenance program
IS Audit
Objectives
Safeguarding assets
Data Integrity
Process Integrity
Effectiveness auditing
Efficiency auditing
Importance
IS Audit Procedures
Audit objectives
Planning
Who, how and reporting structures
Environmental Controls
Access controls
Input controls
Communication controls
Processing controls
Database controls
Output controls
Control of last resort (DRP, Insurance)
Cyber Law
IT Act 2000
Data theft
Email abuse
Data alteration
Unauthorised access
Virus and malicious code
Denial of Service
Thank You