Individual Assignment

Cover Sheet

Semonè Pillay
Student number 201506896
Name of
Campus Damelin - Overport

Year of Study 2024 Semester 2nd

Programme Higher Certificate in Business Management

Module
Module Name Information Systems 120 INS120
Code
Lecturer Francisca Chipunza
Date
Due date 30 September 2024 30 September 2024
submitted

KEEP A COPY
Please note that it is your responsibility to retain copies of your assessments.

A CheckforPlagiarism report MUST be attached to each assignment submission.

DECLARATION BY STUDENT

I, the undersigned declare that:

I have retained a copy of this assessment.
I understand what plagiarism is and are aware of the Damelin s policy in this regard.
The work hereby submitted is my original work, gathered and utilised to fulfil the
requirements of this assignment
I have not used work previously produced by another student or any other persons to hand
in as my own.
I have not allowed, and will not allow, anyone to copy my work with the intention of
passing it off as their own work.

Signature of Student Date 30/09/2024

Statistics Individual Assignment Page 3 of 3

Damelin©
 PLAGIARISM SCAN REPORT

Date 2024-10-02

0% 100%
Words 994
Plagiarised Unique

Characters 7460

Content Checked For Plagiarism

Introduction to the prevention of computer-related crime in an organization In an increasingly digital world, organizations
are confronted with the growing threat of computer-related crimes, which can severely impact their operations and
reputation. Ralph Stair, in "Principles of Business Information Systems, 4th edition, 2020" highlights the necessity of a
comprehensive approach to cybersecurity that integrates technology, policy, and human factors.
To effectively combat these threats, organizations should implement a multi-faceted strategy that includes robust security
measures, clear policies, employee training, regular risk assessments, and the adoption of advanced technologies. By
fostering a culture of security awareness and ensuring compliance with legal regulations, organizations can mitigate risks
associated with cybercrime and enhance their overall resilience against emerging threats. This summary encapsulates the
best practices for tackling computer-related crime as outlined by Stair and current industry standards.
Computer crime refers to actions carried out by an informed computer user, often referred to as a "hacker," who unlawfully
accesses or steals private information belonging to a company or individual. In some cases, this individual or group may
have malicious intent, leading to the destruction or corruption of computer systems or data files. A lack of Security
Awareness and Training, Organizational Culture and Policies, and Technological Vulnerabilities contribute to computer
crimes. Types of Computer Crime depend on various situations such as Organization size and industry, Geographical
Location, Technology Infrastructure and Security Measures. Organizations take crime-fighting efforts seriously by
implementing specialized hardware, software, and procedures to protect corporate data. Encryption is a key method,
converting messages into a form readable only by intended recipients, with stronger encryption depending on key length.
Public-key infrastructure (PKI) enables secure data exchange on public networks through cryptographic key pairs.
Biometrics, like fingerprint and face recognition, offer another layer of protection by verifying physical traits to prevent
unauthorized access. Companies also use role-based access lists to ensure that only authorized employees can access
specific systems.
To counter computer-related crimes, businesses are implementing stronger controls and collaborating with organizations
like the Business Software Alliance (BSA) to combat piracy. Some companies even hire former criminals to improve their
security defences. Due to the rise in computer usage, there is a heightened focus on preventing and detecting computer
crime. Many countries have passed data laws governing how data can be stored, processed, and transferred, and laws on
computer crime. Some believe that these laws are not effective because companies do not always actively detect and
pursue computer crime, security is inadequate and convicted criminals are not severely punished. However, all over the
world, private users, companies, employees, and public officials are making individual and group efforts to curb computer
crime, and recent efforts have met with some success.

The following guidelines are helpful for protecting your computer from criminal hackers:
 Implement robust user authentication and encryption features on your firewall.
 Apply the latest security patches, which can typically be found on the vendor’s website.
 Disable guest accounts and null user accounts that allow unauthorized access to the network without a password.
 Do not provide overfriendly logon procedures for remote users (e.g. an organization that included the word 'welcome'
on their initial logon screen encountered challenges in prosecuting a criminal hacker).
 Restrict physical access to the server and configure it so that breaking into one server will not compromise the whole

Page 1 of 2
network.

1. Implement Robust Security Measures

Organizations should adopt a defence-in-depth strategy that includes multiple layers of security controls. This involves:
• Firewalls and Intrusion Detection Systems (IDS): These tools help monitor and control network traffic and security
while detecting threats to prevent unauthorized access. For example, using advanced IDS can alert organizations to
suspicious activities before they escalate into serious breaches.
• Encryption Key: Sensitive data should be encrypted both at rest i.e. algorithm encryption and in transit i.e. HTTPS and
VNPs to protect it from interception or unauthorized access. For example, A healthcare organization encrypts patient
records both when stored on servers and when transmitted over the network to protect against data breaches.
• Access Controls: Providing access to privileged users only by implementing the Principle Of Least Privilege (POLP),
Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) i.e. passwords and biometrics ensures authorized
personnel Implementing can access sensitive information. For example, A financial institution installs MFA while
implementing POLP and RBAC to ensure employees only can access data and systems needed to perform while reducing
the risk of unauthorized access.
• Counterintelligence (CI): involves efforts to prevent spying, intelligence gathering, and other threats from adversaries.
Implementing measures to safeguard sensitive information identifying potential threats from foreign or domestic
adversaries, prevent unauthorized access is a key aspect of counterintelligence and enabling organizations to proactively
address vulnerabilities. For example, A government agency might use counterintelligence by conducting surveillance on
suspected spies to prevent unauthorized access to classified information and thwart potential espionage activities.
• Distributed Database (DDB): Data spread across several smaller databases connected via telecommunications devices.
Enhances security by decentralizing data storage, which reduces the risk of a single point of failure or attack. Additionally,
distributed databases can offer improved access controls, data redundancy, and encryption, making it harder for
unauthorized users to access sensitive information. For example, A global retail company may use a distributed database to
manage inventory across multiple locations, allowing real-time data access and updates, which enhances security and
ensures consistent stock levels while protecting sensitive sales data from centralized vulnerabilities.
• Call Data Records (CDR): Helps monitor communications for compliance, detect potential security breaches, and
ensure that sensitive information is handled appropriately. For example, An insider threat where an employee illegally
accesses and leaks sensitive call recordings containing confidential customer information, potentially leading to identity
theft and privacy violations.
• Simple Network Management Protocol (SNMP): This is the framework that enables Network Management Software,
Fault Management Software and Performance Management Software, these management software tools to function
effectively. Safeguards software from unauthorized copying, modification, or downloading, while also implementing error
control to identify telecommunications errors

Matched Source

No plagiarism found

Page 2 of 2
 PLAGIARISM SCAN REPORT

Date 2024-10-02

0% 100%
Words 235
Plagiarised Unique

Characters 1817

Content Checked For Plagiarism

potential network problems. For example, A telecommunications company employs Simple Network Management Protocol
(SNMP) to monitor its network infrastructure. Using SNMP-enabled performance management software, the company
collects data on bandwidth usage and device health across its routers and switches. If a router experiences a fault, the fault
management software receives an alert via SNMP, allowing the IT team to quickly diagnose and address the issue,
minimizing downtime and maintaining service quality for customers.
2. Develop Comprehensive Security Policies
Creating clear and comprehensive security policies is crucial. These policies should outline acceptable use, data handling
procedures, and incident response protocols. Key elements include:
• Acceptable Use Policy (AUP): Provide clear guidelines and consequences, defining what constitutes acceptable
behaviour regarding the use of organizational resources and the Internet. For example, An organization's AUP prohibits
employees from using company resources for personal use, sharing confidential information, or accessing unauthorized
websites.
• Incident Response Plan: This is based on preparedness, testing and communication, a well-defined plan detailing how
to respond to security incidents can minimize damage and recovery time. For example, A company's incident response
plan includes procedures for isolating compromised systems, conducting forensic analysis, and notifying affected
customers.
• Regular Reviews and Updates: Includes policy review, compliance checks and technology assessments that should be
regularly reviewed and updated to reflect changes in technology, threats, and legal requirements. For example, A company
conducts annual security audits to assess its

Matched Source

No plagiarism found

Page 1 of 1
 PLAGIARISM SCAN REPORT

Date 2024-10-02

0% 100%
Words 994
Plagiarised Unique

Characters 7435

Content Checked For Plagiarism

3. Training Materials Development:

• Develop or acquire appropriate training materials, including manuals, tutorials, and online resources.
• Ensure materials are clear, concise, and aligned with the system's features and functionality.
4. Training Delivery:
• Choose the most suitable delivery method (e.g., classroom, online, self-paced).
• Schedule training sessions at convenient times for users.
• Provide adequate support and resources during training.
5. Hands-on Practice:
• Offer opportunities for users to practice using the system in a simulated or controlled environment.
• Provide guidance and feedback to help users develop proficiency.
6. Knowledge Checks and Assessments:
• Conduct quizzes or assessments to evaluate user understanding and retention.
• Provide additional training or support as needed.
7. Go-Live Support:
• Offer ongoing support and assistance during the initial period of system usage.
• Be available to answer questions and address any issues that may arise.
8. Post-Implementation Evaluation:
• Conduct a follow-up evaluation to assess the effectiveness of the training program.
• Identify areas for improvement and adjust as needed.

STAGE 5: IS PERSONNEL: HIRING AND TRAINING

Training programs should be conducted for these new employees and existing IS staff to ensure they can effectively use
and support the system. These training programs should focus on the technical aspects of the system and help IS
personnel perform their jobs and support other users.
Steps of IS Personnel Hiring and Training:
1. Needs Assessment:
• Identify the specific skills and expertise required for the new system.
• Determine the number of personnel needed and their roles.
2. Recruitment:
• Develop job descriptions and post them on appropriate job boards or recruitment platforms.
• Evaluate and interview candidates to choose the most qualified individuals.
• Conduct reference checks and background checks.
3. Onboarding:
• Welcome new hires and provide them with necessary information and resources.
• Assign mentors or buddies to assist with integration.
4. Training:
• Develop and deliver comprehensive training programs on system administration, troubleshooting, and maintenance.

Page 1 of 3
• Offer practical training and opportunities for hands-on practice.
• Provide continuous support and guidance.
5. Performance Evaluation:
• Monitor and evaluate the performance of IS personnel.
• Provide feedback and coaching to help them improve.
• Identify training or development needs.
6. Professional Development:
• Encourage and support professional development opportunities, such as certifications or conferences.
• Provide resources for continuous learning.
7. Retention:
• Implement strategies to retain talented IS personnel, such as competitive compensation and benefits packages.
• Foster a positive work environment and culture.

STAGE 6: SITE PREPARATION

It involves preparing the physical location, ranging from simple rearrangements to extensive renovations. Larger systems
may require special wiring, air conditioning, new furniture, and even security upgrades. Additional power circuits might
also be needed for larger systems.
Steps of Site Preparation:
1. Needs Assessment:
• Determine the specific requirements of the new system, such as space, power, and environmental conditions.
• Assess the suitability of the existing location or identify potential new locations.
2. Space Allocation:
• Allocate the necessary space for the system, including equipment, workstations, and cabling.
• Consider factors like accessibility, security, and environmental conditions.
3. Infrastructure Preparation:
• Install or upgrade electrical power outlets, network cables, and other infrastructure components as needed.
• Ensure adequate cooling and ventilation for equipment.
• Implement security measures to protect the system and data.
4. Environmental Considerations:
• Assess the environmental conditions of the location, such as temperature, humidity, and dust levels.
• Take steps to ensure a suitable environment for the equipment.
5. Furniture and Equipment Placement:
• Arrange furniture and equipment in a way that is efficient and ergonomic.
• Take into account factors such as cable management and accessibility.
6. Testing and Commissioning:
• Test the prepared site to ensure that it meets the system's requirements.
• Commission the system and verify that it is functioning properly.

STAGE 7: DATA PREPARATION

Making sure that all files and databases are prepared for use with the new computer software and systems. Converts
existing data into a compatible format. Once converted, the new system can be used to maintain and update the data.
Steps of Data Preparation:
1. Data Assessment:
• Identify the data sources and formats that need to be converted.
• Assess the data's quality and completeness.
• Detect any inconsistencies or errors that require correction.
2. Data Extraction:
• Extract data from existing systems or sources, such as databases, spreadsheets, or text files.
• Ensure that the extracted data is accurate and complete.
3. Data Transformation:
• Convert data into the appropriate format and structure for the new system.
• This may involve changing data types, normalizing data, or cleaning up inconsistencies.
4. Data Validation:
• Check the converted data to confirm its accuracy and integrity.

Page 2 of 3
• Check for errors, inconsistencies, or missing data.

STAGE 8: INSTALLATION
The procedure of physically installing the computer equipment at the location and making it operational. While the
hardware manufacturer typically installs equipment, an organization's IS manager should oversee the process to ensure
compliance with the contract. After installation, the manufacturer conducts tests to verify proper operation. Then, the
acquired software is installed and tested on the new hardware.
Steps involving Installation:
1. Hardware Setup:
• Unpack and assemble hardware components according to manufacturer's instructions.
• Connect hardware devices, such as servers, workstations, and peripherals.
• Install any necessary cables and network connections.
• Configure hardware settings, such as IP addresses and network settings.
2. Software Installation:
• Install the operating system on the hardware.
• Install application software, databases, and other necessary components.
• Configure software settings and parameters.
3. Network Configuration:
• Configure network settings, including IP addresses, routing, and firewall rules.
• Link the system to the organization's network.
4. Data Migration:
• Transfer data from the old system to the new system, ensuring data integrity and accuracy.
5. Testing and Configuration:
• Perform comprehensive testing to confirm that all components are functioning properly.
• Configure the system to meet specific requirements and preferences.

Matched Source

No plagiarism found

Page 3 of 3
 PLAGIARISM SCAN REPORT

Date 2024-10-01

0% 100%
Words 968
Plagiarised Unique

Characters 6857

Content Checked For Plagiarism

6. User Training:
• Provide training to users on how to use the new system effectively.
7. Go-Live:
• Transition to the new system, either through a direct cutover or a phased approach.

STAGE 9: TESTING
Effective testing is essential to ensure that new or modified information systems function properly. Poor testing can lead to
significant issues, as seen in a case where a tax preparation system exposed users' tax returns. Different types of testing are
required: unit testing for individual programs, system testing for overall program functionality, volume testing to handle
large data loads, and integration testing to ensure smooth interaction between applications. Alpha testing checks early
versions, while beta testing involves end-user testing of a complete system. Comprehensive testing, including abnormal
data checks, helps prevent errors and ensures smooth data flow between systems.
Types of Testing to consider:
Unit testing: Testing individual programs.
System testing: Testing the entire system.
Volume testing: Evaluating the system using substantial amounts of data.
Integration testing: Testing interactions between different applications.
Acceptance testing: Conducting any tests required by the user.
Alpha testing: Evaluating an incomplete or early version of the system.
Beta testing: Assessing a fully developed and stable system by end-users.

Steps of Testing:
1. Test Planning:
• Develop a comprehensive testing plan outlining the scope, objectives, and resources required for testing.
• Identify the types of testing needed (unit, system, integration, volume, etc.)
• Determine the test environment and data requirements.
2. Test Data Preparation:
• Create test data that represents various scenarios and use cases.
• Ensure that the data is accurate, representative, and covers a wide range of possibilities.
3. Test Execution:
• Execute tests according to the testing plan, using the prepared test data.
• Monitor system behaviour and identify any deviations from expected results.

Page 1 of 3
• Document any issues or defects encountered.
4. Defect Tracking and Management:
• Track and manage identified defects using a defect tracking system.
• Rank defects according to their severity and impact.
• Assign defects to developers for resolution.
5. Retesting:
• After defects are fixed, retest the affected areas to ensure that the issues have been resolved.
6. Regression Testing:
• Test the entire system to ensure that changes made to fix one defect have not introduced new problems.
• Conduct final testing to verify that the system meets the specified requirements and is ready for deployment.

STAGE 10: START-UP

The procedure of rendering the final tested information system fully operational. Start-up, also called cutover, begins with
the final tested information system. There are various approaches to start-up, each with its advantages and drawbacks.
Direct conversion is the least desirable due to potential risks, while phase-in is a popular approach that gradually replaces
the old system with the new. Pilot running involves testing the new system on a smaller group of users, and parallel
running compares the output of both systems before fully transitioning. The choice of start-up approach depends on the
organization's specific needs and risk tolerance.
List of Start-Up Approaches:
Direct Conversion: A risky approach involving immediate replacement of the old system.
Phase-In A gradual replacement of components, allowing for testing and adjustments.
Pilot Running: Testing the new system on a limited group of users.
Parallel Running: Operating both old and new systems simultaneously for comparison.
Steps for Start-Up:
1. Final Testing and Verification:
• Conduct final rounds of testing to ensure that the system meets all requirements and is ready for deployment.
• Address any outstanding issues or defects.
2. Data Migration:
• Transfer data from the old system to the new system, ensuring accuracy and completeness.
• Validate the migrated data to ensure it is being processed correctly.
3. User Training and Support:
• Provide comprehensive training to users on how to use the new system effectively.
• Offer ongoing support and assistance during the initial period of use.
4. Parallel Operation (Optional):
• In some cases, both the old and new systems may run in parallel for a period to allow for comparison and testing.
• Gradually phase out the old system as confidence in the new system increases.
5. Cutover:
• The point at which the old system is completely turned off, and the new system becomes the primary system of
record.
• This may involve a planned shutdown or a gradual transition.
6. Monitoring and Evaluation:
• Continuously monitor the system's performance and address any issues that arise.
• Gather feedback from users and evaluate the system's effectiveness.
7. Optimization and Refinement:
• Make necessary adjustments and improvements based on feedback and performance data.
• Continuously refine and enhance the system to meet evolving needs.

STAGE 11: USER ACCEPTANCE

User acceptance is a formal agreement document signed by the user that states that a phase of the installation or the
complete system is approved, which most mainframe computer manufacturers use. This legal document typically limits the
IS vendor's liability for post-acceptance problems. Given its significance, organizations often seek legal counsel before
signing it. Stakeholders can participate in acceptance testing to verify that the system delivers the expected benefits.
Steps of User Acceptance:
1. User Acceptance Testing (UAT) Plan:

Page 2 of 3
• Develop a detailed plan outlining the scope, objectives, and procedures for UAT.
2. Test Cases:
• Create test cases that represent real-world scenarios and user tasks.
3. User Involvement:
• Involve end-users who will be using the system in the testing process.
4. Testing Execution:
• Users execute test cases and document their findings.
5. Evaluation:
• Assess the system's performance against predefined criteria and requirements.
6. Feedback Collection:
• Gather feedback from users on the system's usability, functionality, and effectiveness.
7. Issue Resolution:
• Address any identified issues or defects.
8. Acceptance or Rejection:
• Based on the testing results, determine whether the system meets the acceptance criteria and is ready for
deployment.

Matched Source

No plagiarism found

Page 3 of 3
 PLAGIARISM SCAN REPORT

Date 2024-10-01

0% 100%
Words 969
Plagiarised Unique

Characters 7641

Content Checked For Plagiarism

3. Request for Proposal (RFP):

• Prepare and send an RFP to selected vendors, outlining the organization's hardware requirements, budget, and timelines.
4. Evaluate Proposals:
• Review vendor proposals
• Consider factors such as cost, performance, scalability, vendor reputation, and support services.
5. Select Vendor:
• Choose the vendor that best meets the organization's needs, offering the optimal balance of price, quality, and support.
6. Negotiate Terms:
• Negotiate the purchase, lease, or rental agreement, including pricing, delivery schedules, warranties, and maintenance
services.
7. Purchase or Lease Agreement:
• Finalize and sign the agreement with the vendor for the acquisition of the hardware.
8. Hardware Delivery and Installation:
• Ensure timely delivery of the hardware, followed by its installation at the designated site, according to the system
specifications.
9. Testing and Integration:
• Conduct hardware testing to ensure compatibility and functionality with the existing system and integrate it into the
broader IT infrastructure.
10. Ongoing Support and Maintenance:
• Arrange for continued support, including maintenance, troubleshooting, and updates as necessary.

STAGE 2: ACQUIRING SOFTWARE: MAKE OR BUY?

Companies have two main options for acquiring application software: purchasing pre-made software or developing it in-
house. While purchasing offers higher quality and wider testing, developing software allows for greater customization.
Many companies today opt to purchase software, often using cloud-based solutions or modifying existing software. Weigh
the advantages and disadvantages of “Make-or-Buy” decisions to determine whether a company would obtain the
necessary Externally Acquired Software from outside or develop software from internal sources with their decision-making
differences below:
Steps of Acquiring Software: Make or Buy?
1. Choose between Externally Acquired Software and Developing Software below, weighing the Pros and Cons of each
option:
Externally Acquired Software: Can provide expertise and may be more cost-effective.
• COTS (Commercial Off-The-Shelf) approach combines existing products with external resources from various vendors to
create a finished system.
Pros and cons of COTS:
• Advantages of COTS:
 Cost-Effective: Often less expensive than developing software from scratch.

Page 1 of 3
 Time-efficient: Can streamline and shorten the development process.
• Disadvantages of COTS:
 Integration: Integrating different components can be complex.
 Limited customization: May lack flexibility for specific needs.
 Quality and security concerns: Potential issues with purchased software.

Developing Software: Offers greater control and customization but can be resource intensive.
• Advantages of Internal Development Software
 Meeting specific requirements: Tailored to the organization's needs.
 Increased flexibility: Easier to customize and modify.
 Competitive advantage: Unique software can differentiate the organization.
• Disadvantages of Internal Development Software
 Higher Costs: Internal development can be more expensive due to resource requirements.
 Increased Risk: There's a higher risk of delays, budget issues, and quality problems.
 Slower Time-to-Market: Development from scratch takes longer than purchasing pre-built software.
Internal Software Development Tools and Techniques:
 Chief programmer team: A specialized team for software development.
 CASE tools: Automated tools for software development.
 Object-oriented approaches: Focus on objects and their interactions.
 Cross-platform development: Creating software that runs on different systems.
 Integrated development environments (IDEs): Tools for programming, including visual interfaces and features.
 Structured walkthroughs: Reviews to evaluate progress and identify issues.

STAGE 3: ACQUIRING DATABASE AND TELECOMMUNICATIONS SYSTEMS

The purpose of acquiring database and telecommunications systems is to meet the growing needs of modern businesses,
which often involve e-commerce, internet use, and internal networks (intranets and extranets). Since both databases and
telecommunications systems consist of hardware and software, the acquisition process involves purchasing or developing
the necessary equipment and software from vendors or in-house. As businesses upgrade their systems, they may require
more storage, new database management systems (DBMS), and enhanced telecommunications tools, making these areas
critical for ongoing technological growth and integration.
Steps of Acquiring Database and Telecommunications Systems:
1. Assess Needs and Requirements:
• Identify specific needs and goals for the systems.
• Consider factors like data volume, scalability, security, and integration with existing systems.
2. Research and Evaluate Options:
• Explore available database and telecommunications solutions from different vendors.
• Compare features, pricing, performance, and customer support.
• Consider open-source options or custom development.
3. Consider Acquisition Methods:
• Purchase: Outright purchase of hardware and software.
• Lease or rental: Renting equipment or software on a subscription basis.
• Cloud-based services: Utilizing cloud platforms for database and telecommunications needs.
4. Evaluate Hardware and Software Components:
• Assess the compatibility and performance of hardware and software components.
• Consider factors like processing power, storage capacity, network bandwidth, and database management system (DBMS)
features.
5. Factors to take into consideration:
• Scalability: Choose systems that can accommodate future growth and increased workloads.
• Customization: Consider the flexibility to customize systems to meet specific requirements.
• Support and Maintenance: Evaluate the vendor's support services and maintenance options.
• Cost-Benefit Analysis: Evaluate the costs and benefits of various options to facilitate an informed decision.
STAGE 4: USER PREPARATION
The process of readying managers, decision-makers, employees, other users and stakeholders for new systems. Training
users is crucial for successful systems implementation. Inadequate training can lead to operational issues and customer

Page 2 of 3
dissatisfaction. Companies should provide comprehensive training programs to ensure employees are prepared to use the
new system effectively. Training can be conducted internally or by external providers, and the cost can be negotiated
during the software selection process. Effective training helps address concerns and apprehensions about the new system
and ensures employees are familiar with its capabilities.
Steps for User Preparation:
1. Needs Assessment
• Identify the specific training requirements for different user groups.
• Assess the level of technical proficiency and existing knowledge.
• Determine the scope of training needed (e.g., basic functionality, advanced features, troubleshooting).
2. Training Plan Development:
• Create a comprehensive training plan that outlines the objectives, content, delivery methods, and schedule.
• Consider factors such as learning styles, available resources, and budget constraints.

Matched Source

No plagiarism found

Page 3 of 3
 PLAGIARISM SCAN REPORT

Date 2024-10-01

0% 100%
Words 969
Plagiarised Unique

Characters 7641

Content Checked For Plagiarism

3. Request for Proposal (RFP):

• Prepare and send an RFP to selected vendors, outlining the organization's hardware requirements, budget, and timelines.
4. Evaluate Proposals:
• Review vendor proposals
• Consider factors such as cost, performance, scalability, vendor reputation, and support services.
5. Select Vendor:
• Choose the vendor that best meets the organization's needs, offering the optimal balance of price, quality, and support.
6. Negotiate Terms:
• Negotiate the purchase, lease, or rental agreement, including pricing, delivery schedules, warranties, and maintenance
services.
7. Purchase or Lease Agreement:
• Finalize and sign the agreement with the vendor for the acquisition of the hardware.
8. Hardware Delivery and Installation:
• Ensure timely delivery of the hardware, followed by its installation at the designated site, according to the system
specifications.
9. Testing and Integration:
• Conduct hardware testing to ensure compatibility and functionality with the existing system and integrate it into the
broader IT infrastructure.
10. Ongoing Support and Maintenance:
• Arrange for continued support, including maintenance, troubleshooting, and updates as necessary.

STAGE 2: ACQUIRING SOFTWARE: MAKE OR BUY?

Companies have two main options for acquiring application software: purchasing pre-made software or developing it in-
house. While purchasing offers higher quality and wider testing, developing software allows for greater customization.
Many companies today opt to purchase software, often using cloud-based solutions or modifying existing software. Weigh
the advantages and disadvantages of “Make-or-Buy” decisions to determine whether a company would obtain the
necessary Externally Acquired Software from outside or develop software from internal sources with their decision-making
differences below:
Steps of Acquiring Software: Make or Buy?
1. Choose between Externally Acquired Software and Developing Software below, weighing the Pros and Cons of each
option:
Externally Acquired Software: Can provide expertise and may be more cost-effective.
• COTS (Commercial Off-The-Shelf) approach combines existing products with external resources from various vendors to
create a finished system.
Pros and cons of COTS:
• Advantages of COTS:
 Cost-Effective: Often less expensive than developing software from scratch.

Page 1 of 3
 Time-efficient: Can streamline and shorten the development process.
• Disadvantages of COTS:
 Integration: Integrating different components can be complex.
 Limited customization: May lack flexibility for specific needs.
 Quality and security concerns: Potential issues with purchased software.

Developing Software: Offers greater control and customization but can be resource intensive.
• Advantages of Internal Development Software
 Meeting specific requirements: Tailored to the organization's needs.
 Increased flexibility: Easier to customize and modify.
 Competitive advantage: Unique software can differentiate the organization.
• Disadvantages of Internal Development Software
 Higher Costs: Internal development can be more expensive due to resource requirements.
 Increased Risk: There's a higher risk of delays, budget issues, and quality problems.
 Slower Time-to-Market: Development from scratch takes longer than purchasing pre-built software.
Internal Software Development Tools and Techniques:
 Chief programmer team: A specialized team for software development.
 CASE tools: Automated tools for software development.
 Object-oriented approaches: Focus on objects and their interactions.
 Cross-platform development: Creating software that runs on different systems.
 Integrated development environments (IDEs): Tools for programming, including visual interfaces and features.
 Structured walkthroughs: Reviews to evaluate progress and identify issues.

STAGE 3: ACQUIRING DATABASE AND TELECOMMUNICATIONS SYSTEMS

The purpose of acquiring database and telecommunications systems is to meet the growing needs of modern businesses,
which often involve e-commerce, internet use, and internal networks (intranets and extranets). Since both databases and
telecommunications systems consist of hardware and software, the acquisition process involves purchasing or developing
the necessary equipment and software from vendors or in-house. As businesses upgrade their systems, they may require
more storage, new database management systems (DBMS), and enhanced telecommunications tools, making these areas
critical for ongoing technological growth and integration.
Steps of Acquiring Database and Telecommunications Systems:
1. Assess Needs and Requirements:
• Identify specific needs and goals for the systems.
• Consider factors like data volume, scalability, security, and integration with existing systems.
2. Research and Evaluate Options:
• Explore available database and telecommunications solutions from different vendors.
• Compare features, pricing, performance, and customer support.
• Consider open-source options or custom development.
3. Consider Acquisition Methods:
• Purchase: Outright purchase of hardware and software.
• Lease or rental: Renting equipment or software on a subscription basis.
• Cloud-based services: Utilizing cloud platforms for database and telecommunications needs.
4. Evaluate Hardware and Software Components:
• Assess the compatibility and performance of hardware and software components.
• Consider factors like processing power, storage capacity, network bandwidth, and database management system (DBMS)
features.
5. Factors to take into consideration:
• Scalability: Choose systems that can accommodate future growth and increased workloads.
• Customization: Consider the flexibility to customize systems to meet specific requirements.
• Support and Maintenance: Evaluate the vendor's support services and maintenance options.
• Cost-Benefit Analysis: Evaluate the costs and benefits of various options to facilitate an informed decision.
STAGE 4: USER PREPARATION
The process of readying managers, decision-makers, employees, other users and stakeholders for new systems. Training
users is crucial for successful systems implementation. Inadequate training can lead to operational issues and customer

Page 2 of 3
dissatisfaction. Companies should provide comprehensive training programs to ensure employees are prepared to use the
new system effectively. Training can be conducted internally or by external providers, and the cost can be negotiated
during the software selection process. Effective training helps address concerns and apprehensions about the new system
and ensures employees are familiar with its capabilities.
Steps for User Preparation:
1. Needs Assessment
• Identify the specific training requirements for different user groups.
• Assess the level of technical proficiency and existing knowledge.
• Determine the scope of training needed (e.g., basic functionality, advanced features, troubleshooting).
2. Training Plan Development:
• Create a comprehensive training plan that outlines the objectives, content, delivery methods, and schedule.
• Consider factors such as learning styles, available resources, and budget constraints.

Matched Source

No plagiarism found

Page 3 of 3
 PLAGIARISM SCAN REPORT

Date 2024-10-01

0% 100%
Words 987
Plagiarised Unique

Characters 7509

Content Checked For Plagiarism

STAGE 5: FREEZING DESIGN SPECIFICATIONS

This approach safeguards designs to minimize the risks of changes making the design more fixed and detailed. Compiling,
organizing and completing the overall design stages before the deadlines. Forcing the users into an agreement by writing
that the design is acceptable.
1. Design Review and Approval:
• Conduct a thorough review of the design specifications by stakeholders, including project managers, developers, and
users.
• Ensure that the design meets all requirements and aligns with the project's objectives.
• Obtain formal approval from key decision-makers.
2. Change Control Procedures:
• Establish a process for managing and approving changes to the design after the freeze.
• Define criteria for evaluating the impact and necessity of changes.
• Require formal approval for any significant changes.
3. Documentation:
• Create detailed documentation of the frozen design specifications. This documentation should include:
 System requirements
 Functional specifications
 Data models
 Interface designs
 Hardware and software specifications
 Other relevant design details
4. Communication:
• Communicate the design freeze to all stakeholders involved in the project.
• Ensure that everyone understands the implications of the freeze and the process for requesting changes.

STAGE 6: THE CONTRACT

A well-crafted contract is essential for a successful systems design project. It protects the organization's interests, ensures
that the vendor meets their obligations, and helps to prevent disputes and delays. The Request for Proposal (RFP) serves as
a valuable starting point for contract development, outlining many of the required specifications. By incorporating the RFP
into the contract, organizations can save time and ensure that the vendor's obligations align with their needs. External legal
advice develops contracts which protect their rights and interests.

List of Expectations and Considerations between Vendors & Organizations:

Scope of Work: A clear definition of the deliverables and services to be provided.
Timeline: Specific deadlines for project milestones and completion.
Payment Terms: Payment schedules and conditions.

Page 1 of 3
Intellectual Property: Ownership and rights related to the developed system.
Confidentiality: Provisions to protect sensitive information.
Warranties and Guarantees: Statements regarding the quality and performance of the system.
Dispute Resolution: Methods for addressing conflicts or disagreements.
Termination: Criteria that outline when the contract may be terminated.

Steps of The Contract:

1. RFP or RFQ:
• The process often starts with a Request for Proposal (RFP) or Request for Quotation (RFQ), where the organization
outlines its requirements and seeks proposals from vendors.
2. Contract Negotiation:
• Once a vendor is selected, negotiations begin to finalize the terms and conditions of the contract.
3. Contract Development:
• The contract is drafted, including detailed specifications, timelines, deliverables, payment terms, and dispute
resolution mechanisms.
4. Contract Review and Approval:
• Both parties review the contract and make any necessary revisions. The contract is subsequently signed by authorized
representatives.
5. Contract Management:
• Throughout the project, the contract is monitored to ensure compliance and address any issues that may arise.

STAGE 7: THE DESIGN REPORT

The main outcome of systems design, which captures the decisions made and paves the way for systems implementation.
A detailed system includes a technical description of outputs, inputs and user interfaces, as well as all hardware, software,
databases, telecommunications, personnel and procedure components, and the way these components are related. The
design report captures the decisions made during systems design and sets the stage for systems implementation.
Steps of The Design Report:
1. Executive Summary:
• A brief overview of the project, its objectives, and the key findings of the design process.
2. System Overview:
• A high-level description of the system's architecture, components, and functionalities.
3. Requirements Analysis:
• A summary of the gathered requirements, including functional and non-functional requirements.
4. Design Specifications:
• Comprehensive specifications for each system component, including
 Data flow diagrams
 Entity-relationship diagrams
 User interface designs
 Hardware and software requirements
 Security and control measures
5. Design Alternatives:
• A discussion of the considered alternatives and the rationale for the chosen design.
6. Testing Plan:
• A description of the testing strategy and procedures to be followed.
7. Implementation Plan:
• A plan outlining the steps involved in implementing the system, including timelines, resources, and responsibilities.

Page 2 of 3
SYSTEMS IMPLEMENTATION
Systems implementation involves installing a new system and preparing all components, including users, for operation.
This process includes acquiring or developing hardware and software, training personnel, preparing the site and data,
installing, testing, and starting the system. Hardware can be purchased, leased, or rented, while software can either be
bought or developed in-house, depending on the business's needs. Software development can offer greater customization
and potential competitive advantage.
During implementation, it’s crucial to prepare users, hire necessary personnel, and ensure the system’s physical and data
requirements are met. The system undergoes various testing stages, including unit, system, and integration testing, before
it goes live. Different start-up approaches, such as direct conversion, phased-in, pilot, and parallel start-up, are used to
transition from the old system to the new one. Once fully operational, a user acceptance document may be signed to
confirm satisfaction with the new system.

STAGES OF SYSTEMS IMPLEMENTATION

STAGE 1: ACQUIRING HARDWARE FROM AN IS VENDOR
To obtain the components for an information system, organizations can purchase, lease or rent computer hardware and
other resources from an IS vendor such as manufacturers, distributors, or leasing companies. The physical mechanisms
necessary for an information system from a third-party supplier can include servers, computers, storage devices,
networking equipment, and peripherals like printers or scanners. This process ensures that an organization has the
necessary hardware to support its system's operations, and it may also include services such as installation, maintenance,
and technical support from the vendor.
The steps for acquiring hardware from an IS vendor during systems implementation are as follows:
1. Needs Assessment:
• Determine the hardware requirements based on system needs.
2. Vendor Research:
• Identify potential IS vendors
• Compare offers from general computer manufacturers, small manufacturers, peripheral equipment makers, and
leasing companies.

Matched Source

No plagiarism found

Page 3 of 3
 PLAGIARISM SCAN REPORT

Date 2024-10-01

0% 100%
Words 787
Plagiarised Unique

Characters 6020

Content Checked For Plagiarism

Steps of Design of System Security and Controls

1. Risk Assessment:
• Identify potential security threats and vulnerabilities.
• Assess the likelihood and impact of these threats.
2. Security Policies and Standards:
• Develop and implement comprehensive security policies and standards that define the organization's security
requirements.
• Ensure compliance with relevant regulations and industry best practices.
3. Access Controls:
• Implement robust access controls to restrict access to sensitive information and systems based on user roles and
permissions.
• Use strong authentication mechanisms (e.g., passwords, multi-factor authentication) to verify user identity.
4. Encryption:
• Encrypt sensitive data to protect it from unauthorized access even if it's compromised.
• Use strong encryption algorithms and protocols.
5. Network Security:
• Implement firewalls, intrusion detection systems (IDS), and other network security measures to protect the system
from external threats.
• Regularly update and patch network devices and software.
6. Application Security:
• Secure applications and software components to prevent vulnerabilities and attacks.
• Perform regular vulnerability assessments and implement security patches.
7. Data Loss Prevention (DLP):
• Implement DLP measures to prevent unauthorized data exfiltration.
• Monitor network traffic and data transfers for suspicious activity.
8. Incident Response Planning:
• Create a thorough incident response plan to effectively manage security breaches.
• Define roles and responsibilities, communication procedures, and recovery strategies.
9. User Education and Awareness:
• Educate users about security best practices, including password management, phishing prevention, and social
engineering awareness.
10. Continuous Monitoring and Evaluation:
• Regularly monitor the system for security threats and vulnerabilities.
• Perform security audits and assessments to assess the effectiveness of security measures.
• Continuously improve and update security controls based on evolving threats and best practices.

STAGE 4: GENERATING SYSTEMS DESIGN ALTERNATIVES

Page 1 of 3
Is the process of exploring and generating multiple ideas and approaches for a task to broaden the design space and avoid
settling on a single design idea or an existing solution.
The following steps assist in deciding on an alternative systems design:
1. Brainstorming:
• Gather a diverse group of stakeholders, including subject matter experts, users, and technical staff.
• Encourage open and creative thinking to generate a wide range of ideas and possibilities.
• Use techniques like brainstorming, mind mapping, or scenario planning to stimulate creativity.
2. Evaluation Criteria:
• Define the criteria that will be used to evaluate the generated alternatives.
• Consider factors such as cost, feasibility, scalability, maintainability, and alignment with organizational goals.
3. Alternative Development:
• Based on the brainstorming session, develop detailed descriptions of each alternative.
• Consider different approaches, technologies, and architectures that could be used to solve the problem.
4. Feasibility Analysis:
• Assess the feasibility of each alternative based on the defined criteria.
• Evaluate technical feasibility, economic feasibility, operational feasibility, and schedule feasibility.
5. Trade-Off Analysis:
• Identify the trade-offs between different alternatives, such as cost vs. functionality or performance vs. complexity.
6. Prioritization:
• Rank the alternatives based on their overall suitability and alignment with organizational goals.
• Select the most promising alternatives for further evaluation.
7. Prototyping:
• Create prototypes or proof-of-concept models to visualize and test the alternatives.
• Collect feedback from stakeholders and users to enhance the designs.

Decision Making:
• Based on the evaluation and prototyping, decide on the preferred alternative.
• Consider factors such as cost, benefits, risks, and alignment with strategic objectives.

The following sections help produce alternative system designs:

1. Request for Proposal:
• A document providing specific resources required i.e. Hardware and Software.
2. Financial Options:
• Evaluate and compare the financial implications of each alternative design by selecting a cost-effective solution.
3. Evaluating and Selecting a Systems Design:
• A criteria of performance, cost and alignment requirements is reviewed and compared to selecting the best design.
4. The Preliminary Evaluation:
• An initial assessment which begins after all proposals have been submitted to dismiss the unwanted proposals.
5. The Final Evaluation:
• A detailed investigation of the proposals offered by the vendors remains after the preliminary evaluation.
6. Group Consensus Evaluation:
• Involves decision-making by a group that is appointed and given the responsibility of making the final evaluation and
selection.
7. Cost–Benefit Analysis Evaluation:
• A method that outlines the costs and benefits of each proposed system. Once quantified in monetary terms, all costs
are compared against all benefits.
8. Benchmark Test Evaluation:
• An evaluation that compares computer systems functioning under identical conditions.
9. Point Evaluation:
• A review process where each evaluation criterion is assigned a weight in percentage based on its significance. Each
proposed system is then assessed according to these criteria and scored on a scale from 0 to 100. The scores are totalled
and the system with the greatest total score is selected.

Page 2 of 3
 Matched Source

No plagiarism found

Page 3 of 3
 PLAGIARISM SCAN REPORT

Date 2024-10-01

0% 100%
Words 712
Plagiarised Unique

Characters 5016

Content Checked For Plagiarism

steps to analysis requirements 1 identify stakeholders determine who will be affected by the system and who has a stake in
its success 2 gather requirements collect information from stakeholders through interviews surveys workshops and other
methods 3 document requirements create a detailed list of functional and non-functional requirements including
functional requirements what the system must do to meet its objectives non-functional requirements constraints such as
performance security and scalability 4 validate requirements verify that requirements are clear consistent and feasible 5
prioritize requirements rank requirements based on importance and urgency 6 create use cases create scenarios that
illustrate how users will engage with the system stage 2 interface design and controls focuses on creating a user-friendly
intuitive experience that allows users to interact efficiently with a system or software the type of level needed varies
depending on the specific context and the desired depth of knowledge of the task menu-driven system and command-line
interfaces depending on the target audience logical design and physical design are fundamental aspects of systems design
and they directly influence the choice between menu-driven systems eg microsoft windows web browser and mobile apps
and command-line interfaces eg linux or unix terminals dos prompt and scripting select interface design type based on the
target audience logical design on interface choice between menu-driven system and command-line interfaces menu-
driven system focuses on 1 clear and intuitive menu structures 2 consistent navigation 3 helpful tooltips or context-
sensitive help 4 error handling and feedback mechanisms command-line interfaces involve languages by 1 defining valid
commands and their syntax 2 specifying command-line options and arguments 3 designing error messages and handling
mechanisms physical design on interface choice between menu-driven system and command-line interfaces menu-driven
system include 1 graphical user interface gui elements buttons menus icons 2 screen layout and design 3 colour schemes
and typography 4 responsiveness and performance command-line interfaces focuses on 1 terminal or console application
2 text-based output and input 3 command history and editing features 4 keyboard shortcuts and aliases types of control
interactive help 1 assisting users within the system 2 choosing between 2d 3d virtual reality touchscreens or keyboards 3
implementing features like spell-checking and lookup tables to assist users steps in interface design and controls 1 user
research understand your target audience and their needs preferences and capabilities conduct user interviews surveys and
usability testing to gather insights 2 information architecture organize the content and structure of the interface to make it
easy for users to navigate create a clear hierarchy and labelling system for menus buttons and other elements 3
wireframing create low-fidelity visual representations of the interface to visualize the layout and structure test different
layouts and designs to identify the most effective options 4 visual design develop the visual elements of the interface
including colours typography and imagery ensure a consistent and visually appealing design 5 interaction design define
how users will interact with the interface such as through clicks gestures or voice commands create a seamless and user-
friendly experience 6 prototyping create interactive prototypes to test the interface with users gather feedback and make
necessary adjustments 7 usability testing conduct usability tests to evaluate the effectiveness of the interface observe users
as they interact with the system and identify any usability issues 8 iterative design continuously refine and improve the
interface based on user feedback and testing results make necessary changes and adjustments to enhance the user
experience 9 accessibility ensure that the interface is accessible to users with disabilities following guidelines like wcag 10
consistency and branding maintain a consistent look and feel throughout the interface align the interface with the
organizations branding and identity stage 3 design of system security and controls protects sensitive information and
prevents unauthorized access use disclosure disruption modification or destruction of data and systems the following

Page 1 of 2
components serve a distinct purpose to ensure the overall security and reliability of the system the following key factors
involve error prevention detection and correction minimize occurring errors by identifying and correcting them effectively
disaster planning and recovery prepare for any major disruptions or system failure ensuring quick data backup solutions to
minimize the impact on a system systems controls protect unauthorized access by enforcing policies procedures and
compliance with security standards by ensuring the system operates securely and effectively

Matched Source

No plagiarism found

Page 2 of 2
Table
Of
Content
COVER PAGE I
PLAGIARISM II-
REPORT XXIV
COMPUTER-
RELATED CRIME
IN AN
1-5
ORGANIZATION.

SYSTEM DESIGN
& SYSTEM 6-27
IMPLEMENTATION

REFERENCES 28
 Pa ge |1

INFORMATION SYSTEMS
1. DISCUSS WAYS YOU CAN TACKLE ANY COMPUTER-RELATED CRIME IN AN ORGANISATION.

COMPUTER-RELATED CRIME IN AN ORGANIZATION.

Introduction to the prevention of computer-related crime in an organization In an increasingly
digital world, organizations are confronted with the growing threat of computer-related crimes,
which can severely impact their operations and reputation. Ralph Stair, in "Principles of Business
Information Systems, 4th edition, 2020" highlights the necessity of a comprehensive approach to
cybersecurity that integrates technology, policy, and human factors.

To effectively combat these threats, organizations should implement a multi-faceted strategy that
includes robust security measures, clear policies, employee training, regular risk assessments, and
the adoption of advanced technologies. By fostering a culture of security awareness and ensuring
compliance with legal regulations, organizations can mitigate risks associated with cybercrime and
enhance their overall resilience against emerging threats. This summary encapsulates the best
practices for tackling computer-related crime as outlined by Stair and current industry standards.

Computer crime refers to actions carried out by an informed computer user, often referred to as a
"hacker," who unlawfully accesses or steals private information belonging to a company or
individual. In some cases, this individual or group may have malicious intent, leading to the
destruction or corruption of computer systems or data files. A lack of Security Awareness and
Training, Organizational Culture and Policies, and Technological Vulnerabilities contribute to
computer crimes. Types of Computer Crime depend on various situations such as Organization size
and industry, Geographical Location, Technology Infrastructure and Security Measures.
Organizations take crime-fighting efforts seriously by implementing specialized hardware, software,
and procedures to protect corporate data. Encryption is a key method, converting messages into a
form readable only by intended recipients, with stronger encryption depending on key length.

Public-key infrastructure (PKI) enables secure data exchange on public networks through
cryptographic key pairs. Biometrics, like fingerprint and face recognition, offer another layer of
protection by verifying physical traits to prevent unauthorized access. Companies also use role-
based access lists to ensure that only authorized employees can access specific systems.

To counter computer-related crimes, businesses are implementing stronger controls and

collaborating with organizations like the Business Software Alliance (BSA) to combat piracy. Some
companies even hire former criminals to improve their security defences. Due to the rise in
computer usage, there is a heightened focus on preventing and detecting computer crime. Many
countries have passed data laws governing how data can be stored, processed, and transferred,
and laws on computer crime. Some believe that these laws are not effective because companies
do not always actively detect and pursue computer crime, security is inadequate and convicted
criminals are not severely punished. However, all over the world, private users, companies,
employees, and public officials are making individual and group efforts to curb computer crime,
and recent efforts have met with some success.
 Pa ge |2

CRIME IN AN ORGANISATION.
The following guidelines are helpful for protecting your computer from criminal hackers:
▪ Implement robust user authentication and encryption features on your firewall.
▪ Apply the latest security patches, which can typically be found on the vendor’s website.
▪ Disable guest accounts and null user accounts that allow unauthorized access to the network
without a password.
▪ Do not provide overfriendly logon procedures for remote users (e.g. an organization that included the
word 'welcome' on their initial logon screen encountered challenges in prosecuting a criminal
hacker).
▪ Restrict physical access to the server and configure it so that breaking into one server will not
compromise the whole network.

WAYS TO TACKLE ANY COMPUTER-RELATED CRIME IN AN ORGANIZATION

1. Implement Robust Security Measures
Organizations should adopt a defence-in-depth strategy that includes multiple layers of security
controls. This involves:
• Firewalls and Intrusion Detection Systems (IDS): These tools help monitor and control network
traffic and security while detecting threats to prevent unauthorized access. For example, using
advanced IDS can alert organizations to suspicious activities before they escalate into serious
breaches.
• Encryption Key: Sensitive data should be encrypted both at rest i.e. algorithm encryption and in
transit i.e. HTTPS and VNPs to protect it from interception or unauthorized access. For example, A
healthcare organization encrypts patient records both when stored on servers and when transmitted
over the network to protect against data breaches.
• Access Controls: Providing access to privileged users only by implementing the Principle Of Least
Privilege (POLP), Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) i.e.
passwords and biometrics ensures authorized personnel Implementing can access sensitive
information. For example, A financial institution installs MFA while implementing POLP and RBAC to
ensure employees only can access data and systems needed to perform while reducing the risk of
unauthorized access.
• Counterintelligence (CI): involves efforts to prevent spying, intelligence gathering, and other threats
from adversaries. Implementing measures to safeguard sensitive information identifying potential
threats from foreign or domestic adversaries, prevent unauthorized access is a key aspect of
counterintelligence and enabling organizations to proactively address vulnerabilities. For example, A
government agency might use counterintelligence by conducting surveillance on suspected spies to
prevent unauthorized access to classified information and thwart potential espionage activities.
• Distributed Database (DDB): Data spread across several smaller databases connected via
telecommunications devices. Enhances security by decentralizing data storage, which reduces the
risk of a single point of failure or attack. Additionally, distributed databases can offer improved
access controls, data redundancy, and encryption, making it harder for unauthorized users to
access sensitive information. For example, A global retail company may use a distributed database
 Pa ge |3

to manage inventory across multiple locations, allowing real-time data access and updates, which
enhances security and ensures consistent stock levels while protecting sensitive sales data from
centralized vulnerabilities.
• Call Data Records (CDR): Helps monitor communications for compliance, detect potential security
breaches, and ensure that sensitive information is handled appropriately. For example, An insider
threat where an employee illegally accesses and leaks sensitive call recordings containing
confidential customer information, potentially leading to identity theft and privacy violations.
• Simple Network Management Protocol (SNMP): This is the framework that enables Network
Management Software, Fault Management Software and Performance Management Software, these
management software tools to function effectively. Safeguards software from unauthorized copying,
modification, or downloading, while also implementing error control to identify telecommunications
errors and potential network problems. For example, A telecommunications company employs
Simple Network Management Protocol (SNMP) to monitor its network infrastructure. Using SNMP-
enabled performance management software, the company collects data on bandwidth usage and
device health across its routers and switches. If a router experiences a fault, the fault management
software receives an alert via SNMP, allowing the IT team to quickly diagnose and address the issue,
minimizing downtime and maintaining service quality for customers.
2. Develop Comprehensive Security Policies
Creating clear and comprehensive security policies is crucial. These policies should outline acceptable
use, data handling procedures, and incident response protocols. Key elements include:
• Acceptable Use Policy (AUP): Provide clear guidelines and consequences, defining what
constitutes acceptable behaviour regarding the use of organizational resources and the Internet.
For example, An organization's AUP prohibits employees from using company resources for
personal use, sharing confidential information, or accessing unauthorized websites.
• Incident Response Plan: This is based on preparedness, testing and communication, a well-
defined plan detailing how to respond to security incidents can minimize damage and recovery
time. For example, A company's incident response plan includes procedures for isolating
compromised systems, conducting forensic analysis, and notifying affected customers.
• Regular Reviews and Updates: Includes policy review, compliance checks and technology
assessments that should be regularly reviewed and updated to reflect changes in technology,
threats, and legal requirements. For example, A company conducts annual security audits to
assess its compliance with industry standards and identify areas for improvement.
3. Enhance Employee Training and Awareness
Human error frequently plays a major role in security breaches.. Continuous education programs
should be implemented to train employees on recognizing potential threats such as phishing and social
engineering attacks. Best practices include:
• Security Awareness Training: Password management, data handling practices and phishing
awareness involve regular training sessions to educate employees about the latest cyber threats
and safe computing practices. For example, A company conducts regular phishing simulations to
test employees' awareness and provide training on how to identify and report suspicious emails.
• Simulated Phishing Attacks: Conducting regular simulations through feedback, training and
coaching can help employees recognize phishing attempts and improve their response to real
threats. For example, A company sends out a fake phishing email to employees, mimicking a
legitimate email from a known sender (e.g., HR department, CEO). The email contains a malicious
link or attachment. If the employee selected Report Phishing, positive feedback is given. If a
 Pa ge |4

malicious link (URL) or attachment is clicked, employees are directed to additional training on how
to identify phishing attempts
4. Conduct Regular Risk Assessments
Organizations should regularly assess their security posture through risk assessments, vulnerability
scans, and penetration testing. This helps identify weaknesses before they can be exploited by
attackers. Key strategies include:
• Vulnerability Scanning: Automated tools and regular scans can be used to identify known
vulnerabilities and threats in systems and applications. For example, A company uses a
vulnerability scanner to identify outdated software and missing security patches.
• Penetration Testing: Engaging ethical hackers to test the organization’s defences provides insights
into potential attack vectors. For example, A company hires a penetration testing firm to attempt to
breach its network and identify vulnerabilities.
5. Utilize Advanced Technologies
Leveraging emerging technologies by the practice of employing cutting-edge tools and techniques to
enhance various aspects of operations, processes, or services to enhance an organization's ability to
detect and respond to threats in real-time. These technologies can analyze vast amounts of data to
identify anomalies that may indicate a security incident:

• Artificial Intelligence (AI): Automate tasks, improve decision-making, and enhance customer
experiences. For example, chatbots powered by AI can offer immediate customer support. For
example, A bank uses AI-powered chatbots to provide instant customer support 24/7, reducing
wait times and improving customer satisfaction.

• Machine Learning (ML): Analyze large datasets to identify patterns, trends, and insights. This can
be used for predictive analytics, fraud detection, and personalized recommendations. For
example, A financial institution uses ML to detect fraudulent transactions by identifying unusual
patterns in customer behaviour.

• Robotic process automation (RPA): Automation of repetitive tasks, streamline processes, reduce
manual labour, and increase efficiency. For example, A customer service department uses RPA to
automate routine tasks like answering FAQs, improving efficiency and reducing costs.

• Data Analytics: Gain valuable insights from data to make informed decisions. Data analytics can
be used to optimize operations, improve marketing campaigns, and identify new business
opportunities. For example, A marketing team uses data analytics to analyze customer behaviour
and optimize advertising campaigns for better results.

• Cloud Computing: Leverage cloud-based services to scale resources, reduce costs, and improve
flexibility. For example, A software company uses cloud-based development tools to collaborate
with teams across the globe and scale their operations efficiently.
6. Establish Incident Response Teams
Having a dedicated incident response team ensures that there are trained professionals ready to
respond quickly to any security incidents. This team should be responsible for:
• Containment: Isolation and Network segmentation are used to quickly identify the affected
systems to prevent further damage and limit the spread of malware. For example, If a system is
 Pa ge |5

suspected of being compromised, the IT team immediately isolates it from the network to prevent
further damage.
• Investigation: Forensic and Root cause analysis is used to determine the “what happened and why
it happened” of a breach to identify any contributing factors, underlying issues and compromised
data. For example, A company hires a forensic expert to analyze compromised systems and
identify the source of a data breach.
• Communication: Maintaining clear communication with stakeholders throughout the incident
response process, including notifying affected parties as required by law. For example, A
company sends out a public statement informing customers of a data breach and outlines the
steps being taken to address the incident.
7. Legal Compliance
Organizations must ensure compliance with relevant laws and regulations such as GDPR, HIPAA, or PCI
DSS. This involves:
• Regular Audits: Compliance checks and Policy enforcement ensure the procedure is being
followed and that the organization remains compliant with legal standards. For example, A
company conducts annual security audits to assess its compliance with GDPR and other data
protection laws.
• Documentation: Evidence and Record- Keeping details of all security policies, incidents,
training sessions, and compliance efforts can protect in the event of legal scrutiny. For example,
A company maintains a log of all security incidents, including incident reports, investigation
findings, and remediation steps.
Conclusion
By implementing these strategies based on Ralph Stair's principles, organizations can create a robust
framework for tackling computer-related crime effectively. This holistic approach not only enhances
security but also fosters a culture of awareness and accountability among all employees.
 Pa ge |6

2. DISCUSS WHAT YOU UNDERSTAND BY SYSTEM DESIGN AND IMPLEMENTATION, GIVING AN

OUTLINE OF ALL THAT WILL USUALLY OCCUR THROUGH BOTH STAGES.

SYSTEMS DESIGN & SYSTEMS IMPLEMENTATION

An Introduction to Systems Design and Implementation. In Information Systems, a System
is known as a set of elements or components that interact to accomplish goals. Systems
Development is established through the activity of creating or modifying an existing business
system. The systems development process is also called the ‘Systems Development Lifecycle’
due to the continuous nature of the associated activities. As each system is built, the project has specific
timelines and deadlines that must be met until the system is installed and approved. The system's
lifecycle continues as it undergoes maintenance and review. If the system needs significant
improvement beyond the scope of maintenance, if it needs to be replaced because of a new
generation of technology, or if the IS needs of the organization change significantly, a new project
will be initiated, and the cycle will start over. Several common systems development lifecycles
exist in the traditional or waterfall approach, prototyping, rapid application development (RAD)
and end-user development.

In modern businesses, managers and employees across all departments collaborate.

and use business information systems. Because they are central to project success,
Users are contributing to the development process and, in many instances, taking the lead.
Users might ask the systems development team to assess whether they should make a purchase.
a few PCs, update an existing order processing system, develop a new medical diagnostic
or design and implement a new website. In other cases, systems development might
include the acquisition or leasing of a system, such as an enterprise resource planning (ERP) package.

Conventional systems development initiatives can vary from minor projects, such as acquiring,
an inexpensive computer program, to a major undertaking. The steps of traditional systems
development processes may differ between companies, but most methodologies share five common
phases: investigation, analysis, design, implementation, and maintenance and review.

Systems Investigation - understands the company’s problem.

Systems Analysis - determines what must be done to solve the problem.
Systems Design - plans out the solution.
Systems Implementation - buys, builds or replaces the old system.
System Maintenance and Review - evaluate the new system.
 Pa ge |7

SYSTEMS DESIGN
Characteristics using two key aspects of systems design are logical and physical design.
Logical Design defines the system's functions and processes, specifies data requirements, inputs,
outputs, and storage, and designs user interfaces and controls.

Physical Design specifies characteristics of the system components necessary to put the logical design
into action. How a system's components work together and what they do. Turning the logical design
(what the system should do) into a practical reality. This includes defining the hardware, software,
database, telecommunications components, personnel, and procedures needed to make the system
function.

Visual tools like data-flow diagrams, class diagrams, and sequence diagrams are often used to document
physical design to determine the system architecture and deployment strategy. The main outcome of this
phase is a technical design that outlines either the new system or the modifications to existing systems.

The system design details system outputs, inputs and user interfaces; specifies hardware, software,
database, telecommunications, personnel and procedure components; and shows how these
components are related. Building the system according to the design specifications and testing the
system to ensure it meets requirements help answer the question ‘How will the information system do
what it must do to obtain the problem solution?’ in the design process.

STAGES OF SYSTEMS DESIGN

STAGE 1: REQUIREMENTS ANALYSIS
Determines the user, stakeholder and organizational needs. The purpose of requirements analysis is to
capture these requests in detail. Data Collection, Direct Observation, Questionnaires, Structured and
Unstructured Interview Questions.

Questions identifying requirements analysis:

1. Are these stakeholders satisfied with the current account’s application?
2. What improvements could be made to satisfy suppliers and help the purchasing department?
3. The user/stakeholder requirements for the new system (also called the functional requirements).
4. The strengths and weaknesses of the existing system from a stakeholder’s perspective.
5. The organizational requirements for the new system.
6. A description of what the new information system should do to solve the problem.

Steps to Analysis Requirements:

1. Identify stakeholders:
Determine who will be affected by the system and who has a stake in its success.
 Pa ge |8

2. Gather requirements:
Collect information from stakeholders through interviews, surveys, workshops, and other methods.
3. Document requirements:
Create a detailed list of functional and non-functional requirements, including:
✓ Functional requirements: What the system must do to meet its objectives.
✓ Non-functional requirements: Constraints, such as performance, security, and scalability.
4. Validate requirements:
Verify that requirements are clear, consistent, and feasible.
5. Prioritize requirements:
Rank requirements based on importance and urgency.
6. Create use cases:
Create scenarios that illustrate how users will engage with the system.

STAGE 2: INTERFACE DESIGN AND CONTROLS:

Focuses on creating a user-friendly, intuitive experience that allows users to interact efficiently with a
system or software. The type of level needed varies depending on the specific context and the desired
depth of knowledge of the task. Menu-driven system and Command-line interfaces depending on the
target audience.
Logical design and physical design are fundamental aspects of systems design, and they directly
influence the choice between menu-driven systems (e.g. Microsoft Windows, Web Browser, and Mobile
Apps) and command-line interfaces (e.g. Linux or Unix terminals, DOS prompt, and Scripting).

Select Interface Design Type Based on the Target Audience:

Logical Design on Interface Choice between Menu-Driven System and Command-Line Interfaces.
• Menu-Driven System focuses on:
1. Clear and intuitive menu structures
2. Consistent navigation
3. Helpful tooltips or context-sensitive help
4. Error handling and feedback mechanisms
• Command-Line Interfaces involve languages by:
1. Defining valid commands and their syntax
2. Specifying command-line options and arguments
3. Designing error messages and handling mechanisms
 Pa ge |9

Physical Design on Interface Choice between Menu-Driven System and Command-Line Interfaces.

• Menu-Driven System Include:

1. Graphical user interface (GUI) elements (buttons, menus, icons)
2. Screen layout and design
3. Colour schemes and typography
4. Responsiveness and performance

• Command-Line Interfaces focuses on:

1. Terminal or console application
2. Text-based output and input
3. Command history and editing features
4. Keyboard shortcuts and aliases

Types of Control:
Interactive Help:
1. Assisting users within the system.
2. Choosing between 2D, 3D, virtual reality, touchscreens, or keyboards.
3. Implementing features like spell-checking and lookup tables to assist users.

Steps in Interface Design and Controls:

1. User Research:
• Understand your target audience and their needs, preferences, and capabilities.

• Conduct user interviews, surveys, and usability testing to gather insights.

2. Information Architecture:
• Organize the content and structure of the interface to make it easy for users to navigate.

• Create a clear hierarchy and labelling system for menus, buttons, and other elements.
3. Wireframing:
• Create low-fidelity visual representations of the interface to visualize the layout and structure.

• Test different layouts and designs to identify the most effective options.
4. Visual Design:

• Develop the visual elements of the interface, including colours, typography, and imagery.

• Ensure a consistent and visually appealing design.

5. Interaction Design:
 P a g e | 10

• Define how users will interact with the interface, such as through clicks, gestures, or voice
commands.

• Create a seamless and user-friendly experience.

6. Prototyping:

• Create interactive prototypes to test the interface with users.

• Gather feedback and make necessary adjustments.
7. Usability Testing:

• Conduct usability tests to evaluate the effectiveness of the interface.

• Observe users as they interact with the system and identify any usability issues.
8. Iterative Design:

• Continuously refine and improve the interface based on user feedback and testing results.

• Make necessary changes and adjustments to enhance the user experience.

9. Accessibility:

• Ensure that the interface is accessible to users with disabilities, following guidelines like WCAG.
10. Consistency and Branding:

• Maintain a consistent look and feel throughout the interface.

• Align the interface with the organization's branding and identity.

STAGE 3: DESIGN OF SYSTEM SECURITY AND CONTROLS

Protects sensitive information and prevents unauthorized access, use, disclosure, disruption,
modification, or destruction of data and systems. The following components serve a distinct purpose to
ensure the overall security and reliability of the system.
The following Key Factors involve:
Error Prevention, Detection, and Correction:
Minimize occurring errors by identifying and correcting them effectively.
Disaster Planning and Recovery:
Prepare for any major disruptions or system failure, ensuring quick data backup solutions to
minimize the impact on a system.
Systems Controls:
Protect unauthorized access by enforcing policies, procedures and compliance with security
standards by ensuring the system operates securely and effectively.

Steps of Design of System Security and Controls

1. Risk Assessment:
 P a g e | 11

• Identify potential security threats and vulnerabilities.

• Assess the likelihood and impact of these threats.

2. Security Policies and Standards:

• Develop and implement comprehensive security policies and standards that define the
organization's security requirements.
• Ensure compliance with relevant regulations and industry best practices.
3. Access Controls:

• Implement robust access controls to restrict access to sensitive information and systems based on
user roles and permissions.

• Use strong authentication mechanisms (e.g., passwords, multi-factor authentication) to verify user
identity.
4. Encryption:

• Encrypt sensitive data to protect it from unauthorized access even if it's compromised.

• Use strong encryption algorithms and protocols.

5. Network Security:

• Implement firewalls, intrusion detection systems (IDS), and other network security measures to
protect the system from external threats.

• Regularly update and patch network devices and software.

6. Application Security:

• Secure applications and software components to prevent vulnerabilities and attacks.

• Perform regular vulnerability assessments and implement security patches.

7. Data Loss Prevention (DLP):

• Implement DLP measures to prevent unauthorized data exfiltration.

• Monitor network traffic and data transfers for suspicious activity.

8. Incident Response Planning:

• Create a thorough incident response plan to effectively manage security breaches.

• Define roles and responsibilities, communication procedures, and recovery strategies.

9. User Education and Awareness:

• Educate users about security best practices, including password management, phishing prevention,
and social engineering awareness.
10. Continuous Monitoring and Evaluation:

• Regularly monitor the system for security threats and vulnerabilities.

• Perform security audits and assessments to assess the effectiveness of security measures.

• Continuously improve and update security controls based on evolving threats and best practices.
 P a g e | 12

STAGE 4: GENERATING SYSTEMS DESIGN ALTERNATIVES

Is the process of exploring and generating multiple ideas and approaches for a task to broaden the design
space and avoid settling on a single design idea or an existing solution.
The following steps assist in deciding on an alternative systems design:
1. Brainstorming:

• Gather a diverse group of stakeholders, including subject matter experts, users, and technical staff.
• Encourage open and creative thinking to generate a wide range of ideas and possibilities.

• Use techniques like brainstorming, mind mapping, or scenario planning to stimulate creativity.
2. Evaluation Criteria:

• Define the criteria that will be used to evaluate the generated alternatives.

• Consider factors such as cost, feasibility, scalability, maintainability, and alignment with
organizational goals.
3. Alternative Development:

• Based on the brainstorming session, develop detailed descriptions of each alternative.

• Consider different approaches, technologies, and architectures that could be used to solve the
problem.
4. Feasibility Analysis:

• Assess the feasibility of each alternative based on the defined criteria.

• Evaluate technical feasibility, economic feasibility, operational feasibility, and schedule feasibility.
5. Trade-Off Analysis:

• Identify the trade-offs between different alternatives, such as cost vs. functionality or performance
vs. complexity.
6. Prioritization:

• Rank the alternatives based on their overall suitability and alignment with organizational goals.
• Select the most promising alternatives for further evaluation.
7. Prototyping:

• Create prototypes or proof-of-concept models to visualize and test the alternatives.

• Collect feedback from stakeholders and users to enhance the designs.

Decision Making:

• Based on the evaluation and prototyping, decide on the preferred alternative.

• Consider factors such as cost, benefits, risks, and alignment with strategic objectives.
 P a g e | 13

The following sections help produce alternative system designs:

1. Request for Proposal:
• A document providing specific resources required i.e. Hardware and Software.
2. Financial Options:

• Evaluate and compare the financial implications of each alternative design by selecting a cost-
effective solution.
3. Evaluating and Selecting a Systems Design:

• A criteria of performance, cost and alignment requirements is reviewed and compared to selecting
the best design.
4. The Preliminary Evaluation:

• An initial assessment which begins after all proposals have been submitted to dismiss the
unwanted proposals.
5. The Final Evaluation:

• A detailed investigation of the proposals offered by the vendors remains after the preliminary
evaluation.
6. Group Consensus Evaluation:

• Involves decision-making by a group that is appointed and given the responsibility of making the
final evaluation and selection.
7. Cost–Benefit Analysis Evaluation:

• A method that outlines the costs and benefits of each proposed system. Once quantified in
monetary terms, all costs are compared against all benefits.
8. Benchmark Test Evaluation:

• An evaluation that compares computer systems functioning under identical conditions.

9. Point Evaluation:
• A review process where each evaluation criterion is assigned a weight in percentage based on its
significance. Each proposed system is then assessed according to these criteria and scored on a
scale from 0 to 100. The scores are totalled and the system with the greatest total score is
selected.

STAGE 5: FREEZING DESIGN SPECIFICATIONS

 P a g e | 14

This approach safeguards designs to minimize the risks of changes making the design more fixed and
detailed. Compiling, organizing and completing the overall design stages before the deadlines. Forcing
the users into an agreement by writing that the design is acceptable.
1. Design Review and Approval:

• Conduct a thorough review of the design specifications by stakeholders, including project managers,
developers, and users.

• Ensure that the design meets all requirements and aligns with the project's objectives.

• Obtain formal approval from key decision-makers.

2. Change Control Procedures:

• Establish a process for managing and approving changes to the design after the freeze.

• Define criteria for evaluating the impact and necessity of changes.

• Require formal approval for any significant changes.

3. Documentation:

• Create detailed documentation of the frozen design specifications. This documentation should
include:
✓ System requirements
✓ Functional specifications
✓ Data models
✓ Interface designs
✓ Hardware and software specifications
✓ Other relevant design details
4. Communication:
• Communicate the design freeze to all stakeholders involved in the project.

• Ensure that everyone understands the implications of the freeze and the process for requesting
changes.

STAGE 6: THE CONTRACT

A well-crafted contract is essential for a successful systems design project. It protects the organization's
interests, ensures that the vendor meets their obligations, and helps to prevent disputes and delays. The
Request for Proposal (RFP) serves as a valuable starting point for contract development, outlining many
of the required specifications. By incorporating the RFP into the contract, organizations can save time
and ensure that the vendor's obligations align with their needs. External legal advice develops contracts
which protect their rights and interests.

List of Expectations and Considerations between Vendors & Organizations:

 P a g e | 15

Scope of Work: A clear definition of the deliverables and services to be provided.

Timeline: Specific deadlines for project milestones and completion.
Payment Terms: Payment schedules and conditions.
Intellectual Property: Ownership and rights related to the developed system.
Confidentiality: Provisions to protect sensitive information.
Warranties and Guarantees: Statements regarding the quality and performance of the system.
Dispute Resolution: Methods for addressing conflicts or disagreements.
Termination: Criteria that outline when the contract may be terminated.

Steps of The Contract:

1. RFP or RFQ:

• The process often starts with a Request for Proposal (RFP) or Request for Quotation (RFQ), where
the organization outlines its requirements and seeks proposals from vendors.
2. Contract Negotiation:

• Once a vendor is selected, negotiations begin to finalize the terms and conditions of the contract.
3. Contract Development:

• The contract is drafted, including detailed specifications, timelines, deliverables, payment terms,
and dispute resolution mechanisms.
4. Contract Review and Approval:

• Both parties review the contract and make any necessary revisions. The contract is subsequently
signed by authorized representatives.
5. Contract Management:

• Throughout the project, the contract is monitored to ensure compliance and address any issues
that may arise.

STAGE 7: THE DESIGN REPORT

The main outcome of systems design, which captures the decisions made and paves the way for systems
implementation. A detailed system includes a technical description of outputs, inputs and user
interfaces, as well as all hardware, software, databases, telecommunications, personnel and procedure
components, and the way these components are related. The design report captures the decisions made
during systems design and sets the stage for systems implementation.
Steps of The Design Report:
1. Executive Summary:

• A brief overview of the project, its objectives, and the key findings of the design process.
2. System Overview:
• A high-level description of the system's architecture, components, and functionalities.
 P a g e | 16

3. Requirements Analysis:

• A summary of the gathered requirements, including functional and non-functional requirements.

4. Design Specifications:

• Comprehensive specifications for each system component, including

✓ Data flow diagrams
✓ Entity-relationship diagrams
✓ User interface designs
✓ Hardware and software requirements
✓ Security and control measures
5. Design Alternatives:

• A discussion of the considered alternatives and the rationale for the chosen design.
6. Testing Plan:

• A description of the testing strategy and procedures to be followed.

7. Implementation Plan:
• A plan outlining the steps involved in implementing the system, including timelines, resources, and
responsibilities.
 P a g e | 17

SYSTEMS IMPLEMENTATION
Systems implementation involves installing a new system and preparing all components, including users,
for operation. This process includes acquiring or developing hardware and software, training personnel,
preparing the site and data, installing, testing, and starting the system. Hardware can be purchased,
leased, or rented, while software can either be bought or developed in-house, depending on the
business's needs. Software development can offer greater customization and potential competitive
advantage.
During implementation, it’s crucial to prepare users, hire necessary personnel, and ensure the system’s
physical and data requirements are met. The system undergoes various testing stages, including unit,
system, and integration testing, before it goes live. Different start-up approaches, such as direct
conversion, phased-in, pilot, and parallel start-up, are used to transition from the old system to the new
one. Once fully operational, a user acceptance document may be signed to confirm satisfaction with the
new system.

STAGES OF SYSTEMS IMPLEMENTATION

STAGE 1: ACQUIRING HARDWARE FROM AN IS VENDOR
To obtain the components for an information system, organizations can purchase, lease or rent computer
hardware and other resources from an IS vendor such as manufacturers, distributors, or leasing
companies. The physical mechanisms necessary for an information system from a third-party supplier
can include servers, computers, storage devices, networking equipment, and peripherals like printers or
scanners. This process ensures that an organization has the necessary hardware to support its system's
operations, and it may also include services such as installation, maintenance, and technical support
from the vendor.
The steps for acquiring hardware from an IS vendor during systems implementation are as follows:
1. Needs Assessment:
• Determine the hardware requirements based on system needs.
2. Vendor Research:
• Identify potential IS vendors

• Compare offers from general computer manufacturers, small manufacturers, peripheral equipment
makers, and leasing companies.
3. Request for Proposal (RFP):
• Prepare and send an RFP to selected vendors, outlining the organization's hardware requirements,
budget, and timelines.
4. Evaluate Proposals:
• Review vendor proposals

• Consider factors such as cost, performance, scalability, vendor reputation, and support services.
5. Select Vendor:
 P a g e | 18

• Choose the vendor that best meets the organization's needs, offering the optimal balance of price,
quality, and support.
6. Negotiate Terms:

• Negotiate the purchase, lease, or rental agreement, including pricing, delivery schedules,
warranties, and maintenance services.
7. Purchase or Lease Agreement:

• Finalize and sign the agreement with the vendor for the acquisition of the hardware.
8. Hardware Delivery and Installation:

• Ensure timely delivery of the hardware, followed by its installation at the designated site, according
to the system specifications.
9. Testing and Integration:

• Conduct hardware testing to ensure compatibility and functionality with the existing system and
integrate it into the broader IT infrastructure.
10. Ongoing Support and Maintenance:

• Arrange for continued support, including maintenance, troubleshooting, and updates as necessary.

STAGE 2: ACQUIRING SOFTWARE: MAKE OR BUY?

Companies have two main options for acquiring application software: purchasing pre-made software or
developing it in-house. While purchasing offers higher quality and wider testing, developing software
allows for greater customization. Many companies today opt to purchase software, often using cloud-
based solutions or modifying existing software. Weigh the advantages and disadvantages of “Make-or-
Buy” decisions to determine whether a company would obtain the necessary Externally Acquired
Software from outside or develop software from internal sources with their decision-making differences
below:
Steps of Acquiring Software: Make or Buy?
1. Choose between Externally Acquired Software and Developing Software below, weighing the
Pros and Cons of each option:
Externally Acquired Software: Can provide expertise and may be more cost-effective.

• COTS (Commercial Off-The-Shelf) approach combines existing products with external resources
from various vendors to create a finished system. Here are the pros and cons of COTS:

• Advantages of COTS:
✓ Cost-Effective: Often less expensive than developing software from scratch.
✓ Time-efficient: Can streamline and shorten the development process.

• Disadvantages of COTS:
✓ Integration: Integrating different components can be complex.
✓ Limited customization: May lack flexibility for specific needs.
✓ Quality and security concerns: Potential issues with purchased software.
 P a g e | 19

Developing Software: Offers greater control and customization but can be resource intensive.

• Advantages of Internal Development Software

✓ Meeting specific requirements: Tailored to the organization's needs.
✓ Increased flexibility: Easier to customize and modify.
✓ Competitive advantage: Unique software can differentiate the organization.

• Disadvantages of Internal Development Software

✓ Higher Costs: Internal development can be more expensive due to resource requirements.
✓ Increased Risk: There's a higher risk of delays, budget issues, and quality problems.
✓ Slower Time-to-Market: Development from scratch takes longer than purchasing pre-built
software.
Internal Software Development Tools and Techniques:
✓ Chief programmer team: A specialized team for software development.
✓ CASE tools: Automated tools for software development.
✓ Object-oriented approaches: Focus on objects and their interactions.
✓ Cross-platform development: Creating software that runs on different systems.
✓ Integrated development environments (IDEs): Tools for programming, including visual interfaces
and features.
✓ Structured walkthroughs: Reviews to evaluate progress and identify issues.

STAGE 3: ACQUIRING DATABASE AND TELECOMMUNICATIONS SYSTEMS

The purpose of acquiring database and telecommunications systems is to meet the growing needs of
modern businesses, which often involve e-commerce, internet use, and internal networks (intranets and
extranets). Since both databases and telecommunications systems consist of hardware and software,
the acquisition process involves purchasing or developing the necessary equipment and software from
vendors or in-house. As businesses upgrade their systems, they may require more storage, new database
management systems (DBMS), and enhanced telecommunications tools, making these areas critical for
ongoing technological growth and integration.
Steps of Acquiring Database and Telecommunications Systems:
1. Assess Needs and Requirements:

• Identify specific needs and goals for the systems.

• Consider factors like data volume, scalability, security, and integration with existing systems.
2. Research and Evaluate Options:

• Explore available database and telecommunications solutions from different vendors.

• Compare features, pricing, performance, and customer support.
 P a g e | 20

• Consider open-source options or custom development.

3. Consider Acquisition Methods:

• Purchase: Outright purchase of hardware and software.

• Lease or rental: Renting equipment or software on a subscription basis.

• Cloud-based services: Utilizing cloud platforms for database and telecommunications needs.
4. Evaluate Hardware and Software Components:

• Assess the compatibility and performance of hardware and software components.

• Consider factors like processing power, storage capacity, network bandwidth, and database
management system (DBMS) features.
5. Factors to take into consideration:

• Scalability: Choose systems that can accommodate future growth and increased workloads.

• Customization: Consider the flexibility to customize systems to meet specific requirements.

• Support and Maintenance: Evaluate the vendor's support services and maintenance options.
• Cost-Benefit Analysis: Evaluate the costs and benefits of various options to facilitate an informed
decision.

STAGE 4: USER PREPARATION

The process of readying managers, decision-makers, employees, other users and stakeholders for new
systems. Training users is crucial for successful systems implementation. Inadequate training can
lead to operational issues and customer dissatisfaction. Companies should provide comprehensive
training programs to ensure employees are prepared to use the new system effectively. Training can be
conducted internally or by external providers, and the cost can be negotiated during the software
selection process. Effective training helps address concerns and apprehensions about the new system
and ensures employees are familiar with its capabilities.
Steps for User Preparation:
1. Needs Assessment

• Identify the specific training requirements for different user groups.

• Assess the level of technical proficiency and existing knowledge.

• Determine the scope of training needed (e.g., basic functionality, advanced features,
troubleshooting).
2. Training Plan Development:

• Create a comprehensive training plan that outlines the objectives, content, delivery methods, and
schedule.

• Consider factors such as learning styles, available resources, and budget constraints.
3. Training Materials Development:

• Develop or acquire appropriate training materials, including manuals, tutorials, and online
resources.
 P a g e | 21

• Ensure materials are clear, concise, and aligned with the system's features and functionality.
4. Training Delivery:

• Choose the most suitable delivery method (e.g., classroom, online, self-paced).

• Schedule training sessions at convenient times for users.

• Provide adequate support and resources during training.

5. Hands-on Practice:

• Offer opportunities for users to practice using the system in a simulated or controlled environment.
• Provide guidance and feedback to help users develop proficiency.
6. Knowledge Checks and Assessments:

• Conduct quizzes or assessments to evaluate user understanding and retention.

• Provide additional training or support as needed.
7. Go-Live Support:

• Offer ongoing support and assistance during the initial period of system usage.

• Be available to answer questions and address any issues that may arise.
8. Post-Implementation Evaluation:
• Conduct a follow-up evaluation to assess the effectiveness of the training program.

• Identify areas for improvement and adjust as needed.

STAGE 5: IS PERSONNEL: HIRING AND TRAINING

Training programs should be conducted for these new employees and existing IS staff to ensure they can
effectively use and support the system. These training programs should focus on the technical aspects of
the system and help IS personnel perform their jobs and support other users.
Steps of IS Personnel Hiring and Training:
1. Needs Assessment:
• Identify the specific skills and expertise required for the new system.

• Determine the number of personnel needed and their roles.

2. Recruitment:
• Develop job descriptions and post them on appropriate job boards or recruitment platforms.

• Evaluate and interview candidates to choose the most qualified individuals.

• Conduct reference checks and background checks.

3. Onboarding:

• Welcome new hires and provide them with necessary information and resources.
 P a g e | 22

• Assign mentors or buddies to assist with integration.

4. Training:

• Develop and deliver comprehensive training programs on system administration, troubleshooting,

and maintenance.

• Offer practical training and opportunities for hands-on practice.

• Provide continuous support and guidance.
5. Performance Evaluation:

• Monitor and evaluate the performance of IS personnel.

• Provide feedback and coaching to help them improve.

• Identify training or development needs.

6. Professional Development:

• Encourage and support professional development opportunities, such as certifications or

conferences.

• Provide resources for continuous learning.

7. Retention:

• Implement strategies to retain talented IS personnel, such as competitive compensation and

benefits packages.
• Foster a positive work environment and culture.

STAGE 6: SITE PREPARATION

It involves preparing the physical location, ranging from simple rearrangements to extensive renovations.
Larger systems may require special wiring, air conditioning, new furniture, and even security upgrades.
Additional power circuits might also be needed for larger systems.
Steps of Site Preparation:
1. Needs Assessment:

• Determine the specific requirements of the new system, such as space, power, and environmental
conditions.

• Assess the suitability of the existing location or identify potential new locations.
2. Space Allocation:

• Allocate the necessary space for the system, including equipment, workstations, and cabling.

• Consider factors like accessibility, security, and environmental conditions.

3. Infrastructure Preparation:

• Install or upgrade electrical power outlets, network cables, and other infrastructure components as
needed.
 P a g e | 23

• Ensure adequate cooling and ventilation for equipment.

• Implement security measures to protect the system and data.

4. Environmental Considerations:

• Assess the environmental conditions of the location, such as temperature, humidity, and dust levels.

• Take steps to ensure a suitable environment for the equipment.

5. Furniture and Equipment Placement:

• Arrange furniture and equipment in a way that is efficient and ergonomic.

• Take into account factors such as cable management and accessibility.
6. Testing and Commissioning:

• Test the prepared site to ensure that it meets the system's requirements.
• Commission the system and verify that it is functioning properly.

STAGE 7: DATA PREPARATION

Making sure that all files and databases are prepared for use with the new computer software and
systems. Converts existing data into a compatible format. Once converted, the new system can be used
to maintain and update the data.
Steps of Data Preparation:
1. Data Assessment:

• Identify the data sources and formats that need to be converted.

• Assess the data's quality and completeness.

• Detect any inconsistencies or errors that require correction.

2. Data Extraction:

• Extract data from existing systems or sources, such as databases, spreadsheets, or text files.

• Ensure that the extracted data is accurate and complete.

3. Data Transformation:

• Convert data into the appropriate format and structure for the new system.

• This may involve changing data types, normalizing data, or cleaning up inconsistencies.
4. Data Validation:

• Check the converted data to confirm its accuracy and integrity.

• Check for errors, inconsistencies, or missing data.

 P a g e | 24

STAGE 8: INSTALLATION
The procedure of physically installing the computer equipment at the location and making it operational.
While the hardware manufacturer typically installs equipment, an organization's IS manager should
oversee the process to ensure compliance with the contract. After installation, the manufacturer
conducts tests to verify proper operation. Then, the acquired software is installed and tested on the new
hardware.
Steps involving Installation:
1. Hardware Setup:

• Unpack and assemble hardware components according to manufacturer's instructions.

• Connect hardware devices, such as servers, workstations, and peripherals.

• Install any necessary cables and network connections.

• Configure hardware settings, such as IP addresses and network settings.

2. Software Installation:
• Install the operating system on the hardware.

• Install application software, databases, and other necessary components.

• Configure software settings and parameters.
3. Network Configuration:

• Configure network settings, including IP addresses, routing, and firewall rules.

• Link the system to the organization's network.

4. Data Migration:

• Transfer data from the old system to the new system, ensuring data integrity and accuracy.
5. Testing and Configuration:

• Perform comprehensive testing to confirm that all components are functioning properly.

• Configure the system to meet specific requirements and preferences.

6. User Training:

• Provide training to users on how to use the new system effectively.

7. Go-Live:

• Transition to the new system, either through a direct cutover or a phased approach.
 P a g e | 25

STAGE 9: TESTING
Effective testing is essential to ensure that new or modified information systems function properly. Poor
testing can lead to significant issues, as seen in a case where a tax preparation system exposed users' tax
returns. Different types of testing are required: unit testing for individual programs, system testing for
overall program functionality, volume testing to handle large data loads, and integration testing to ensure
smooth interaction between applications. Alpha testing checks early versions, while beta testing involves
end-user testing of a complete system. Comprehensive testing, including abnormal data checks, helps
prevent errors and ensures smooth data flow between systems.
Types of Testing to consider:
Unit testing: Testing individual programs.
System testing: Testing the entire system.
Volume testing: Evaluating the system using substantial amounts of data.
Integration testing: Testing interactions between different applications.
Acceptance testing: Conducting any tests required by the user.
Alpha testing: Evaluating an incomplete or early version of the system.
Beta testing: Assessing a fully developed and stable system by end-users.
Steps of Testing:
1. Test Planning:

• Develop a comprehensive testing plan outlining the scope, objectives, and resources required for
testing.

• Identify the types of testing needed (unit, system, integration, volume, etc.)

• Determine the test environment and data requirements.

2. Test Data Preparation:

• Create test data that represents various scenarios and use cases.

• Ensure that the data is accurate, representative, and covers a wide range of possibilities.
3. Test Execution:

• Execute tests according to the testing plan, using the prepared test data.

• Monitor system behaviour and identify any deviations from expected results.
• Document any issues or defects encountered.
4. Defect Tracking and Management:

• Track and manage identified defects using a defect tracking system.

• Rank defects according to their severity and impact.

• Assign defects to developers for resolution.

5. Retesting:
 P a g e | 26

• After defects are fixed, retest the affected areas to ensure that the issues have been resolved.
6. Regression Testing:

• Test the entire system to ensure that changes made to fix one defect have not introduced new
problems.

• Conduct final testing to verify that the system meets the specified requirements and is ready for
deployment.

STAGE 10: START-UP

The procedure of rendering the final tested information system fully operational. Start-up, also called
cutover, begins with the final tested information system. There are various approaches to start-up, each
with its advantages and drawbacks. Direct conversion is the least desirable due to potential risks, while
phase-in is a popular approach that gradually replaces the old system with the new. Pilot running involves
testing the new system on a smaller group of users, and parallel running compares the output of both
systems before fully transitioning. The choice of start-up approach depends on the organization's
specific needs and risk tolerance.
List of Start-Up Approaches:
Direct Conversion: A risky approach involving immediate replacement of the old system.
Phase-In A gradual replacement of components, allowing for testing and adjustments.
Pilot Running: Testing the new system on a limited group of users.
Parallel Running: Operating both old and new systems simultaneously for comparison.
Steps for Start-Up:
1. Final Testing and Verification:

• Conduct final rounds of testing to ensure that the system meets all requirements and is ready for
deployment.
• Address any outstanding issues or defects.
2. Data Migration:
• Transfer data from the old system to the new system, ensuring accuracy and completeness.

• Validate the migrated data to ensure it is being processed correctly.

3. User Training and Support:

• Provide comprehensive training to users on how to use the new system effectively.

• Offer ongoing support and assistance during the initial period of use.
4. Parallel Operation (Optional):

• In some cases, both the old and new systems may run in parallel for a period to allow for comparison
and testing.

• Gradually phase out the old system as confidence in the new system increases.
5. Cutover:
 P a g e | 27

• The point at which the old system is completely turned off, and the new system becomes the
primary system of record.

• This may involve a planned shutdown or a gradual transition.

6. Monitoring and Evaluation:

• Continuously monitor the system's performance and address any issues that arise.
• Gather feedback from users and evaluate the system's effectiveness.
7. Optimization and Refinement:

• Make necessary adjustments and improvements based on feedback and performance data.

• Continuously refine and enhance the system to meet evolving needs.

STAGE 11: USER ACCEPTANCE

User acceptance is a formal agreement document signed by the user that states that a phase of the
installation or the complete system is approved, which most mainframe computer manufacturers use.
This legal document typically limits the IS vendor's liability for post-acceptance problems. Given its
significance, organizations often seek legal counsel before signing it. Stakeholders can participate in
acceptance testing to verify that the system delivers the expected benefits.
Steps of User Acceptance:
1. User Acceptance Testing (UAT) Plan:

• Develop a detailed plan outlining the scope, objectives, and procedures for UAT.
2. Test Cases:

• Create test cases that represent real-world scenarios and user tasks.
3. User Involvement:

• Involve end-users who will be using the system in the testing process.
4. Testing Execution:

• Users execute test cases and document their findings.

5. Evaluation:

• Assess the system's performance against predefined criteria and requirements.

6. Feedback Collection:

• Gather feedback from users on the system's usability, functionality, and effectiveness.
7. Issue Resolution:

• Address any identified issues or defects.

8. Acceptance or Rejection:

• Based on the testing results, determine whether the system meets the acceptance criteria and is
ready for deployment.
 P a g e | 28

REFERENCES
TEXTBOOK TITLE:
Principles of Business Information Systems

EDITION & YEAR:

4th edition, 2020

AUTHOR:
Ralph Stair, George Reynolds and Thomas Chesney.

TOPICS AND PAGE NOS:

• An Introduction to Information Systems:
✓ Page Nos: 4, 13, 14, 16, 17, 18, 19, 20, 22, 24.
• Information Systems in Organizations:
✓ Page Nos: 36, 42, 46, 49, 51.
• Hardware: Input, Processing, Output and Software Devices:
✓ Page Nos: 68, 69.
• Software: Systems and Application Software:
✓ Page Nos: 114, 115, 116, 118, 127, 128, 129, 138, 139, 140, 141,142.
• Organizing and Storing Data:
✓ Page Nos: 156, 157, 158, 159 163, 164, 165, 166, 167, 168, 171, 172, 175.
• Computer Networks:
✓ Page Nos: 186, 195, 202, 203, 204, 205, 206, 207, 209, 212, 213, 215, 216, 217, 218, 219, 220.
• Operation Systems:
✓ Page Nos: 236, 237, 243.
• Management Information and Decision Support Systems:
✓ Page Nos: 288, 290.
• Knowledge Management and Specialized Information Systems:
✓ Page Nos: 309, 310, 311, 313, 315, 316, 317, 326, 327, 349.
• Systems Analysis, Design and Implementation, Security, Privacy and Ethical Issues in Information Systems,
✓ Page Nos: 365-471