UNIT-VORGANIZATION OF INFORMATION SYSTEM

Organisation of Information System

Centralized, Decentralized and Distributed Processing

Role and Responsibilities of Information Systems Professionals

Security and Ethical Issues in Information Systems

Risks, Controls and Threats

1. ORGANIZATION OF INFORMATION SYSTEM.

Organizations have grown in complexity tolevels which are unprecedented andinformation plays a vital role in holdingtogether and coordinating organizations.

Information is the mortar that holdstogether the edifice of the modern multi-product, multi-division, multi-locationorganizations.

The role of MIS is very important to theorganization as information occupied andis very vital for every organizationalactivity.

MIS helps the management of organizationat various levels and it is a means ofcommunication where data are collected,processed, stored and retrieved later formaking decisions regarding planning,operation and control of an organization.

Decision-making is an importantrequirement in every organization, where inthere are different types of informationobtained from different functional areas ofmanagement like finance, marketing,production, personnel, planning and controletc.

Each of the levels of an organizationneeds information systems.

The specific needs vary from level tolevel.

A well defined organizationalmanagement information systemintegrates the operations of severaldepartments into a single organization.

The use of information systems to add value to the organization is strongly influenced by organizational structure, culture, and change.

Information systems help lower costs,increase profits, improve service, orachieve a competitive advantage.

With out the proper informationsystems, organizations cannotimplement its strategies.

2). CENTRALIZED, DECENTRALIZED AND DISTRIBUTED PROCESSING

In a Centralised data processing, one or more centralized computers are used for processing and the retrieval of information is done from them.

The distributed processing systems involve number of computers located remotely in the branches/departments of the organisation.

The client/server technologies are also gaining popularity these days.

i). Centralised information processing system

With the increasing use of computer based data processing, there has been a growing tendency to centralize the data processing activities.

A separate department EDP (Electronic Data Processing) department is established to carry out the data processing work of different department in the organisation.

Many a times the data processing is also done by hiring the services of the out side agencies.

Benefits of centralised data processing

The emergence of data takes place only at one place.

The loss of data is minimised.

The methods and machines can be standardized.

Services of more competent and technical personnel can be taken.

It is also very cost-effective particularly in the case of large operations.

Duplication of work can be avoided.

The disadvantages are: Lack of cooperation from managers, who

do not like to be under control ofcentralised Data Processing department.

Resistance from managers formechanising the data processingactivities relating to their variousfunctions.

It is difficult to provide equitable servicesto various departments.

The data security is also questioned.

The centralised information system-useful in cases where -

Information is very complex, or highly structured.

There are legal issues surrounding the release of the information.

Information is commercially-sensitive.

A very high writing standard is required.

The information must be ‘distilled’ from many different sources into a brief format.

Overall structure and consistency is required.

Content is to be published externally.

ii). Decentralised Data Processing System

In the decentralized data processing system, there is really a divisional breakdown of computing services.

Each division, unit or department handles its own computer needs and does not like to interact with any other division, unit or department.

It is well suited to a decentralized management scheme in which organizational autonomy is important.

Advantages

Familiarity with local problems.

Rapid response to local processing needs

Profit-and-loss responsibility can be easily fixed

Disadvantages

· There is duplication of activities and redundancy in the maintenance of files.

· It is difficult to maintain uniformity in the procedures throughout the organisation.

· The overall cost of the data processing for the organisation is more.

iii). Distributed Information processing System

The concept of a distributed information

system has emerged as an alternative to the integrated information system.

In the distributed information system, there are information sub-systems that form islands of information systems.

The distributed information system aims at establishing relatively independent sub-systems, which are, however, connected through communication interfaces.

Advantages :- The processing equipment as well as

database are dispersed, bringing them closer to the users.

It does not involve huge initial investment as is required in an integrated system.

It is more flexible and changes can be easily taken care of as per user's requirements.

The problem of data security and control can be handled more easily than in an integrated system.

There is no need of standby facilities because equipment breakdowns are not as calamitous as in an integrated system.

Disadvantages :-

It does not eliminate duplication of activities and redundancy in maintaining files.

Coordination of activities becomes a problem.

It needs more channels of communication than in an integrated system.

3). ROLE AND RESPONSIBILITIES OF INFORMATION SYSTEM PROFESSIONALS

The traditional role of the IP working in an information center (IC) was to identify, collect, organize, synthesize, repackage, and distribute information for both internal and external consumption.

The Web allowed the merger of business management and information management, thereby integrating systems and providing end-users with easy access to personal and shared information.

The role of information system professionals is vital in implementing the information system in organizations.

Gathering information, analyzing it and report it to the organizational members are the main jobs of information system professionals.

The information system professionals act as mediators between management information system and the users of the MIS.

The information system professionals -support to the organizations are:-

• Supporting the goals of the organization.• Collecting and storing large structured

data sets.• Building and maintaining reliable and

secure systems.• Providing data reports for internal

customers to support decision making.• Providing selective access to information

(easily anticipated, well-defined reports).• Providing information resources and

services to meet the demands and needs of stakeholders.

Cont.,

• Purchasing, acquiring, and providing access to materials and resources.

• Educating stakeholders, as needed, on the proper use of materials and information systems.

• Collecting, preserving, storing, and cataloging materials.

• Working with the IT department to provide database services.

Other major roles of the business applications provided by the information system professional include:

1. Support business processes – involves dealing with information systems that support the business processes and operations in a business.

2. Support Decision Making – help decision makers to make better decisions and attempt to gain a competitive advantage.

3. Support Competitive Advantage – help decision makers to gain a strategic advantage over competitors requires innovative use of information technology.

4). SECURITY AND ETHICAL ISSUES IN INFORMATION SYSTEMS

• Security is the protection of both physical and conceptual resources from natural and human hazards.

• Ethics: Principles of right and wrong that can be used by individuals acting as free moral agents to make choices to guide their behavior

Relationship between ethical, social and political issues:

1. Information rights

2. Property rights

3. Intellectual property rights (Trade secret, copy right, patent law)

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

The terms information security, computer security and information assurance are frequently incorrectly use interchangeably.

These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them.

5). SECURITY AND RISKS IN INFORMATION SYSTEMS

Some of the security risks which are faced by the organizations in maintaining the information system include:

1. Security – (protection of computer resources)

2. Hardware – (failure of projection mechanisms)

3. Software – Failure of protection mechanisms, info. Leakage, logic bombs

4. People - Terminal user, fraudulent identification, software piracy, installing insecure systems, disasting security mechanisms

5. Data – Terminal/workstation, unauthorized database access, theft, copying data,

6. External – natural disaster, computer censor, hackers, radiation, computer uses from external networks etc.

THREATS TO INFORMATION SYSTEMS

• Loss, theft or corruption of data

• Inappropriate use of data ( manipulating inputs)

• Theft of mainframe computer crime

• Theft of equipment and/or programs

• Errors in handling, entering, processing, transferring or programming of data

• Equipment malfunctions

• Accidental or malicious damage to computer resources

• Destruction from viruses and similar attacks.

– Identifying needs

5). ACTIONS AND CONTROL OF THREATS

• Information rights and obligations

• Keeping a special view on Property rights and obligations

• Ensuring and taking care about System quality

• Quality of work life maintained in each and every department and its concerned information systems.

• Maintaining proper Accountability and control

Other actions include:

1. Hiring the information specialists and professionals carefully

2. Monitoring malcontents that arise because of threats and risks in the information system

3. Separating employee functions and restricting the employees to work in their specified

locations and sections only.

4. Protecting resources with passwords or access cards

5. Monitoring system transactions

6. Conducting frequent audits

7. Educating people in security measures

8. Consideration of ethics and training companies

9. Disguising data or programs in coded form through encryption