1.

Discuss Information systems components and activities

Solution;

Information system (IS) is any combination of information technology and people's activities
using that technology to support operations, management, and decision-making. In a very broad
sense, the term information system is frequently used to refer to the interaction between people,
algorithmic processes, data and technology. In this sense, the term is used to refer not only to the
information and communication technology (ICT) an organization uses, but also to the way in
which people interact with this technology in support of business processes.

In a broad scope, the term Information Systems (IS) is a scientific field of study that addresses
the range of strategic, managerial and operational activities involved in the gathering, processing,
storing, distributing and use of information, and its associated technologies, in society and
organizations

Components of information systems

The information system components should come together in order to produce a Computer-
Based Information system which are;

Hardware resources: The term hardware refers to machinery. This category includes the
computer itself, which is often referred to as the central processing unit (CPU), and all of its
support equipments. Among the support equipments are input and output devices, storage
devices and communications devices.

Software resources: The term software refers to computer programs and the manuals (if any)
that support them. Computer programs are machine-readable instructions that direct the circuitry
within the hardware parts of the CBIS to function in ways that produce useful information from
data. Programs are generally stored on some input / output medium, often a disk or tape.

1
Data resources: Data are facts that are used by programs to produce useful information. Like
programs, data are generally stored in machine-readable form on disk or tape until the computer
needs them.

Procedures resources: Procedures are the policies that govern the operation of a computer
system. "Procedures are to people what software is to hardware" is a common analogy that is
used to illustrate the role of procedures in a computer based information system.

People resources: Every computer based information system needs people if it is to be useful.
Often the most over-looked element of the CBIS is the people, probably the component that most
influence the success or failure of information systems.

Network resources: this involves communication media such as communication satellite

systems, fiber-optic cables and microwave systems. And also involves network support which
includes communications processors such as modems and internetwork processors.

Information system activities

Information processing (or data processing) activities that occur in information system include
the following:

Input of Data Resources:

Data about business transactions and other events must be captured and prepared for processing
by the input activity. Input typically takes the form of data entry activities such as recording and
editing. Once entered, data may be transferred onto a machine-readable medium such as
magnetic disk or type, until needed for processing.

Processing of Data into Information:

Data is typically subjected to processing activities such as calculating, comparing, sorting,

classifying, and summarizing. These activities organize, analyze, and manipulate data, thus

2
converting them into information for end users. A continual process of correcting and updating
activities must maintain quality of data stored in an information system.

Output of Information Products:

Information in various forms is transmitted to end-users and made available to them in the
output activity. The goal of information systems is the production of appropriate information
products for end users.

Storage of Data Resources:

Storage is a basic system component of information systems. Storage is the information system
activity in which data and information are retained in an organized manner for later use.

Control of System Performance:

An important information system activity is the control of its performance.

An information system should produce feedback about its input, processing, output, and storage
activities. Feedback must be monitored and evaluated to determine if the system is meeting
established performance standards. Feedback is used to make adjustments to system activities to
correct deficiencies.

2. Discuss the evolution of the field of information system

Solution;

The field of information systems (IS) has evolved along with the development of information
technology and applications over the past twenty years. Even though IS research is often defined
as an interdisciplinary field of study that stretches across computer science, management science,
and organizational science (e.g., Swanson, 1984), the field has become more mature and
3
demands to be a reference discipline. Many researchers have drawn attention to the evolution of
research focus, diversity of research issues and methods, and theory development in information
systems. A better understanding of its evolution allows us to identify the driving forces that
underlie IS research and makes trends in future research more predictable. To date the evolution
of IS research has been examined from different perspectives.

Information systems are now seldom built from scratch. They are modified from or built on top
of existing ones or bolted together from third-party components. In practice, the old division
between design, implementation and maintenance has largely disappeared. What has replaced it
is the process of IS evolution. IS evolution can be seen in two ways, planned and unplanned.

Planned evolution is the process by which strategic decision-makers, and/or IT departments,

work to determine the ways in which their information systems should develop over time. It
involves issues of evaluating the impact and appropriateness of existing information systems;
examining the value and ‘maintainability’ of legacy systems (ageing information systems that
serve a purpose but are out of step with the needs or capabilities of the organisations that use
them); decision-making about which changes to existing systems are appropriate; and
understanding how future changes to the organisation’s environment could require changes to
information systems. In each of these cases, issues will be considered from a socio-technical
perspective, looking at organizational, social and technical issues. This part of the course draws
on concepts and techniques from the areas of IS strategy, evaluation, software engineering,
decision-making, and scenario planning.

Unplanned evolution, by contrast, is a way of looking at changes within information systems that
happen without them being intended by the ‘owners’ of those systems. The technology may
change; the business needs may change; the people involved may change; the organization may
change. This area is less well-understood but equally important. The course will examine this by
looking at the dynamics of the way information systems evolve; by analogy with natural
evolution; by considering trends of evolution in information systems, and their organizational
and societal contexts, over time; and by looking at what trends might arise in the future. This part
of the course draws on systems theory, the history of IT and organizations, forecasting and
scenario planning.
4
So generally, it is important by making decisions about, or working with, information systems as
they evolve.

3. Explain principles of IT security management

Solution;

Information security means protecting information and information systems from unauthorized
access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

The terms information security, computer security and information assurance are frequently
incorrectly used interchangeably although they share the common goals of protecting the
confidentiality, integrity and availability of information.

These differences lie primarily in the approach to the subject, the methodologies used, and the
areas of concentration.

Information security is concerned with the confidentiality, integrity and availability of data
regardless of the form the data may take such as electronic, print, or other forms. While
Computer security can focus on ensuring the availability and correct operation of a computer
system without concern for the information stored or processed by the computer.

For examples, individuals, Governments, military, corporations, financial institutions, hospitals,

and private businesses amass a great deal of confidential information about their employees,
customers, products, research, and financial status. Most of this information is now collected,
processed and stored on electronic computers and transmitted across networks to other
computers.

Basic principles of information security

Confidentiality

5
Confidentiality is the term used to prevent the disclosure of information to unauthorized
individuals or systems. For example, a credit card transaction on the Internet requires the credit
card number to be transmitted from the buyer to the merchant and from the merchant to a
transaction processing network. The system attempts to enforce confidentiality by encrypting the
card number during transmission, by limiting the places where it might appear (in databases, log
files, backups, printed receipts, and so on), and by restricting access to the places where it is
stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality
has occurred.

Breaches of confidentiality take many forms. For example, if a laptop computer containing
sensitive information about a company's employees is stolen or sold, it could result in a breach of
confidentiality. Giving out confidential information over the telephone is a breach of
confidentiality if the caller is not authorized to have the information.

Integrity

In information security, integrity means that data cannot be modified undetectably. This is not
the same thing as referential integrity in databases, although it can be viewed as a special case of
Consistency as understood in the classic model of transaction processing. Integrity is violated
when a message is actively modified in transit. Information security systems typically provide
message integrity in addition to data confidentiality.

Availability

For any information system to serve its purpose, the information must be available when it is
needed. This means that the computing systems used to store and process the information, the
security controls used to protect it, and the communication channels used to access it must be
functioning correctly. High availability systems aim to remain available at all times, preventing
service disruptions due to power outages, hardware failures, and system upgrades. Ensuring
availability also involves preventing denial-of-service attacks.

Authenticity

6
In computing, e-Business and information security it is necessary to ensure that the data,
transactions, communications or documents (electronic or physical) are genuine. It is also
important for authenticity to validate that both parties involved are who they claim they are.

Non-repudiation

In law, non-repudiation implies one's intention to fulfill their obligations to a contract. It also
implies that one party of a transaction cannot deny having received a transaction nor can the
other party deny having sent a transaction.

Electronic commerce uses technology such as digital signatures and encryption to establish
authenticity and non-repudiation.

4. Explain alerts and challenges for e-crime management

Solution:

Computer crime, or Cybercrime, refers to any crime that involves a computer and a network.
The computer may have been used in the commission of a crime, or it may be the target. Net
crime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type
of crime have become high-profile, particularly those surrounding cracking, copyright
infringement, child pornography, and child grooming. There are also problems of privacy when
confidential information is lost or intercepted, lawfully or otherwise.

Some of the more common offences that are committed via this medium include credit card
fraud, online auction fraud, computer hacking, and the forwarding of offensive/menacing or
harassing emails. With the ongoing growth of Internet and email usage, consumers need to
remain vigilant against those unscrupulous persons who prey on the unsuspecting.

Computer crime encompasses a broad range of potentially illegal activities. Generally, however,
it may be divided into one of two types of categories: (1) crimes that target computer networks or

7
devices directly; (2) crimes facilitated by computer networks or devices, the primary target of
which is independent of the computer network or device.

Examples of crimes that primarily target computer networks or devices would include:

• Computer viruses
• Denial-of-service attacks
• Malware (malicious code)

Examples of crimes that merely use computer networks or devices would include:

• Cyber stalking
• Fraud and identity theft
• Information warfare
• Phishing scams

Alerts and challenges for e-crime

Spam

Spam, or the unsolicited sending of bulk email for commercial purposes, is unlawful to varying
degrees. As applied to email, specific anti-spam laws are relatively new, but however, limits on
unsolicited electronic communications have existed in few forms for some time.

Fraud

Computer fraud is any dishonest misrepresentation of fact intended to let another to do or refrain
from doing something which causes loss. In this context, the fraud will result in obtaining a
benefit by:

8
 • Altering computer input in an unauthorized way. This requires little technical expertise
and is not an uncommon form of theft by employees altering the data before entry or
entering false data, or by entering unauthorized instructions or using unauthorized
processes;
• Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized
transactions: this is difficult to detect;
• Altering or deleting stored data;
• Altering or misusing existing system tools or software packages, or altering or writing
code for fraudulent purposes.

Other forms of fraud may be facilitated using computer systems, including bank fraud, identity
theft, extortion, and theft of classified information.

Offensive content

The content of websites and other electronic communications may be distasteful, obscene or
offensive for a variety of reasons. In some instances these communications may be illegal.

Harassment

Whereas content may be offensive in a non-specific way, harassment directs obscenities and
derogatory comments at specific individuals focusing for example on gender, race, religion,
nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by
sending hate e-mail to interested parties (see cyber bullying, cyber stalking, harassment by
computer, hate crime, Online predator, and stalking). Any comment that may be found
derogatory or offensive is considered harassment.

Drug trafficking

Drug traffickers are increasingly taking advantage of the Internet to sell their illegal substances
through encrypted e-mail and other Internet Technology. Some drug traffickers arrange deals at
internet cafes, use courier Web sites to track illegal packages of pills, and swap recipes for
amphetamines in restricted-access chat rooms.
9
Cyber terrorism

Cyber terrorism in general, can be defined as an act of terrorism committed through the use of
cyberspace or computer resources. As such, a simple propaganda in the Internet, that there will
be bomb attacks during the holidays can be considered cyber terrorism. As well there are also
hacking activities directed towards individuals, families, organized by groups within networks,
tending to cause fear among people, demonstrate power, collecting information relevant for
ruining peoples' lives, robberies, blackmailing etc.

Cyber extortion is a form of cyber terrorism in which a website, e-mail server, or computer
system is subjected to repeated denial of service or other attacks by malicious hackers, who
demand money in return for promising to stop the attacks.

Cyber warfare

The U.S. Department of Defense (DoD) notes that cyberspace has emerged as a national-level
concern through several recent events of geo-strategic significance. Among those are included
the attack on Estonia's infrastructure in 2007, allegedly by Russian hackers. "In August 2008,
Russia again allegedly conducted cyber attacks, this time in a coordinated and synchronized
kinetic and non-kinetic campaign against the country of Georgia.

E-crime alert cases

One of the highest profiled banking computer crime occurred during a course of three years
beginning in 1970. The chief teller at the Park Avenue branch of New York's Union Dime
Savings Bank embezzled over $1.5 million from hundreds of accounts.[8]

10
A hacking group called the MOD (Masters of Deception, allegedly stole passwords and technical
data from Pacific Bell, Nynex, and other telephone companies as well as several big credit
agencies and two major universities. The damage caused was extensive, one company,
Southwestern Bell suffered losses of $370,000 alone.

Between 1995 and 1998 the Newscorp satellite pay to view encrypted SKY-TV service was
hacked several times during an on-going technological arms race between a pan-European
hacking group and Newscorp.

On In February 2000 a individual going by the alias of Mafia Boy began a series denial-of-
service attacks against high profile websites, including Yahoo!, Amazon.com, Dell, Inc., eBay,
and CNN. About fifty computers at Stanford University, and also computers at the University of
California at Santa Barbara, were amongst the zombie computers sending pings in DDoS attacks.

Attacks on government websites in the US, UK and Australia by Pentaguard in January 2001,
said to be one of the largest most systematic defacements of worldwide government serves on
the www.

On 2 March 2010, Spanish investigators busted 3 in infection of over 13 million computers

around the world. The "botnet" of infected computers included PCs inside more than half of the
Fortune 1000 companies and more than 40 major banks, according to investigators.

The largest identity theft case in internet history involving 200 of the 400 richest people in
American listed in Forbes magazine, which was discovered in the US (Weiss 2001)

Challenges for e-crime proceedings

The inadequacy of legal powers for investigation and access to computer systems, including the
inapplicability of seizure powers to intangibles such as computerized data.

The lack of harmonization between the different national procedural laws concerning the
investigation of computer related crimes.

11
The inability of existing treaties to take into accounts the dynamics and special requirements of
computer crime investigation.

The lack of expertise on the part of police, prosecutors and the courts in this field.

The transnational character of many computer crimes.

The lack of mutual assistance treaties and of synchronized law enforcement mechanisms that
would permit international cooperation, or the inability of existing treaties to take into account
the dynamics and special requirement of computer crime investigation.

5. Discuss how modern information system is useful for organizational

development

Solution;
Modern information systems represent a set of computers and software that electronically
transfer information between various business functions. Companies use these information
systems to improve and enhance their business tasks and activities. Advancements in the
information technology field allow both small and large businesses to implement computerized
information systems in their operations. The type of information systems used depends on a
company's size, scope of operations and number of users.

An understanding of the effective and responsible use and management of modern information
systems and technologies is important for managers, business professionals, and other
knowledge workers in today’s internetworked enterprises. Modern Information systems play a
vital role in the e-business and e-commerce operations, enterprise collaboration and
management, and strategic success of businesses that must operate in an internetworked global
environment. Thus, the field of information systems has become a major functional area of
business administration.

12
Business applications of information system support development of an organization’s business
processes and operations, business decision-making, and strategic competitive advantage.

Major application categories of information systems include operations support systems, such as
transaction processing systems, process control systems, and enterprise collaboration systems,
and management support systems, such as management information systems, decision support
systems, and executive information systems. Other major categories are expert systems,
knowledge management systems, strategic information systems, and functional business systems.

However, in the real world most application categories are combined into cross-functional
information systems that provide information and support for decision-making and also perform
operational information processing activities.

Some of the areas in which modern information system is applied and bring about the
development of the whole entity are:

Enterprise Resource Planning

Enterprise resource planning is a large-scale computer-based system that organizations use to

create information systems in all of their departments. Large organizations use these systems
because it creates a single computer system that can integrate various tasks and activities. A
common downside in business is using too many hardware or software applications in business
operations, which can create redundancies in the company. Enterprise resource planning can also
use an Internet-based system that allows multiple regional or international locations to access
this information system.

Accounting

Accounting information systems are common in many companies that need a way to track
financial information. These systems process financial transactions from various departments
and allow accountants to access the information to input it into the company's general ledger. An
accounting information system typically uses a specific software application that focuses solely

13
on financial transactions. Business owners and managers rely on this system to provide support
information for making business decisions and measuring financial performance.

Data

Data systems allow for the internal or external transfer of business information. Operational
managers take advantage of these systems to review data or figures not related to a company's
accounting information. Employee productivity, production output and resource waste are all
pieces of information that operational managers will review. Outside companies often use data
information systems to electronically order or process information relating to the company. This
creates a shorter lead time for ordering raw materials and products for the production process or
increasing sales to consumers.

Therefore, modern Information systems are implemented within an organization for the purpose
of improving the effectiveness and efficiency of that organization. Capabilities of the
information system and characteristics of the organization, its work systems, its people, and its
development and implementation methodologies together determine the extent to which that
purpose is achieved

6. What do you think are the challenges for the development of IT industry in
third world countries and how such challenges can be addressed?

Solution:

Information technology (IT) is the acquisition, processing, storage and dissemination of vocal,
pictorial, textual and numerical information by a microelectronics-based combination of
computing and telecommunications.

IT is the area of managing technology and spans wide variety of areas that include but are not
limited to things such as processes, computer software, information systems, computer
hardware, programming languages, and data constructs. In short, anything that renders
14
 data, information or perceived knowledge in any visual format whatsoever, via any
multimedia distribution mechanism, is considered part of the domain space known as
Information Technology (IT)

Challenges for the development of IT

The use and application of media and communication technologies for development has attracted
the interest of researchers and scholars who question their potential as well as challenges and
effectiveness in addressing the development needs of the region. One of the visible challenges in
ICTs for development is the lack of financial resources to adopt and maintain the technologies
in several third world countries.

Financial strains related to connectivity are largely felt by NGOs and Community Based
Organizations (CBOs) that struggle to keep or update websites due to high costs of subscription
and maintenance. The prohibitive costs for IT consultants to create and maintain a web site
prevent many organizations from using the Internet for their communication efforts.

Related to connectivity is the cost of individual Internet access. The prohibitive costs of
computers due to a government levy on technology imports as well as high internet monthly fees
depending on connectivity time make it impossible for Internet access from home for the
majority people. This situation is worsened by the high cost of fixed-lines telephones that puts an
additional strain on consumers. As such many people rely on access at the workplace, school or
public places like libraries, Internet cafés and more recently, post offices. Internet connection is
also available via the mobile telephones along with some service packages but limited by the
high costs.

Lack of diversity among service providers also poses a great challenge. In Jamaica for instance,
Cable and Wireless a UK subsidiary, enjoys a monopoly in fixed-line services and until recently
the Internet and mobile phones. The provider holds a significant stake in the Telecommunication
Services of Trinidad and Tobago (TSTT), thus enjoying similar monopoly in the Republic of
Trinidad and Tobago.

15
From a user perspective, access and effective use of computers is dependent on resources, skills
and comfort with the technology. Many computer users in third world countries have very
limited IT skills thus only utilizing the technology for basic functions including word processing,
data processing and email. A gender-gap also exists in the access and use of communication
technologies, which calls for gender sensitive and gender-inclusive policies.

Related to gender issues are cultural factors that determine access to media and communication
technologies. In rural Africa for instance, many women had little access to the family radio,
which was controlled by the man and the older boys. In some African countries , men are
considered techno-savvy and therefore required to know more about the technology such as
computers, television and to some extent radio, which makes many women take a back seat in
regard to media and other communication technologies and skills.

The way forward to these challenges

In spite of challenges, the recognition of ICTs in third world countries development has
contributed to continued efforts to improve the situation while creating the proper environment
for their application. Tanzania has demonstrated this effort in financial support and a recent
development and launch of IT policies in various government Ministries. Though the initial
grants are from external sources, the commitment of the government has ensured a budget within
the ministry of commerce science and technology for maintenance of the technology.

Building up the local capacity in ICTs and the need for skilled human resources is now
recognized as a critical sustainability issue in the development with the goal of eliminating or
reducing the number of expatriates. The Tanzanian government has introduced IT training
courses to build the capacity required for effective use of technology for e-readiness, e-
commerce, e-government and other e-business, which is done collaboratively with the academic
institutions.

Participants in the Masters in Communication for Social and Behaviour Change are equipped
with a laptop computer with wireless internet card for connectivity while the University provides
hot spots at various locations on campus. This connectivity has enhanced access to information

16
and online resources in this resource poor Tanzanian where laptops are excellent networking
tools with professionals and programs in the development field.

With this strategy, however, there is still the need to move forward in the use of the technology
for development purposes, addressing real problems that affect people in their daily lives. To use
the technology as mass media there is a need for the development of policies and regulatory
measures.

Support for the development of such policies as would be a welcome step for the third world
countries. Policies also need to address the social, cultural, economic and gender factors that
hinder the access and effective use of new media for development purposes and as a step toward
the closure of the digital divide within the countries.

Finally, a collaborative effort between governments, private sector and non-governmental work
is necessary for the adoption of ICTs for development in the third world countries. For small
countries, such collaborative efforts would reduce reliance on the international funding agencies
in the adoption and maintenance of ICTs by pooling their resources and through proper
coordination.

It is probably possible for such collaboration to occur between the countries, most of which have
very small populations and, therefore, inadequate human resources. The technology, however, if
properly utilized could fill the human resources challenges in the third world countries.

Bibliography
17
• Allen, Julia H. (2001). The CERT Guide to System and Network Security Practices.
Boston, MA: Addison-Wesley.
• Layton, Timothy P. (2007). Information Security: Design, Implementation, Measurement,
and Compliance.
• McNab, Chris (2004). Network Security Assessment. Sebastopol, Hambly Odame, Helen
(2005).
• Introduction: Gender and ICTs for development: setting the context. In Sarah Cummings,
Henk van Dam, and Minke Valk (Eds) Gender, Society & Development series
• www.wikipedia.com
• Lecturer notes

18