DECISION SUPPORT SYSTEMS (DSS)

• An interactive IS that helps managers and other decision-makers use data, models, and
tools to solve complex problems and make informed decisions.

• Key components:

1. Knowledge database – a repository that stores information to support decision-

making, problem-solving, and information retrieval

2. Software or models – Collects and stores data from various sources and
provides tools for analyzing it through statistical, simulation, and optimization
models

3. User Interface – The interactive front-end that allows users to access the data,
run analyses, and visualize results.

Types of DSS:

• Data-Oriented DSS: Focus on a large dataset

• Business Intelligence Systems (e.g., Tableau, Microsoft PowerBI)

• Data Warehousing Solutions (e.g., Amazon Redshift, Snowflake)

• Model-Oriented DSS: Focus on statical Models to simulate scenarios

• Financial Modeling Tools (e.g., IBM Planning Analytics, Oracle Crystal Ball)

• Simulation Software (e.g., AnyLogic, Simul8)

• Knowledge-Oriented DSS: Focus on expert advice and recommendation System

• Expert Systems (e.g., MYCIN for medical diagnosis, DENDRAL for chemical
analysis)
• Knowledge Management Systems (e.g., IBM Watson, SAP Knowledge
Management)

• Communication-Oriented DSS: Facilitates collaboration & communication in

decision-making

• Group Decision Support Systems (GDSS) (e.g., GroupSystems, Microsoft

Teams)

• Collaborative Platforms (e.g., Slack, Trello)

• Web-Based DSS: Manage and retrieve content through internet

• Online Portfolio Management Tools (e.g., Personal Capital, Wealthfront)

 • Cloud-Based Analytics Platforms (e.g., Google Analytics, Microsoft Azure)

-----------------------------------------------------------------------------------------------------------

Material requirement planning (MRP)

• To ensure that the Manufacturing department has the correct amount of material on-
hand at the time it is needed.

• MRP determines the number of parts, components, and raw material to produce a
product.

• Create schedule identifying the specific parts and material required to produce end
items.

• Determines the exact number of units required.

• Determines the date to place orders and procure materials

• Inputs

• Material Schedule – List of orders and forecast

• Bill of Material – List of all raw material, parts, and sub-assemblies need to
produce 1 unit of product.

• Inventory Record – Receipts and Withdrawal of inventory records

• Output
 • Primary Reports

• Plan Order schedule – A schedule indicating of amount and timing of future

orders

• Order Release schedule – Authorizing the execution of planned orders

• Changes – Revision of dates, quantities, or cancellation of orders

• Secondary Reports

• Planning Reports – Future procurement, purchase commitments

• Exception Reports – Any discrepancies (e.g., late order deliveries, increase in

prices)

• Performance control Reports – Evaluation of system operation, deviation from

plans and estimated costs

• Inventory Transaction Reports – Consumed inventories, & left-over inventories

-------------------------------------------------------------------------------------------------------

ENTERPRISE RESOURCE PLANNING (ERP)

ERP Systems are designed to correct a lack of communication among the functional
Information Systems (IS). ERP systems resolve this problem by tightly integrating the
functional IS areas via a common database.

For this reason, experts credit ERP systems with greatly increasing organizational productivity.

ERP consists of various modules:

• Financial management
• Procurement
• Risk management
• Supply chain management
• Project management
• Manufacturing process
• Customer relationship management
• Human resources

Advantages of ERP:

• Integration of business processes across multiple departments

• Improved communication with suppliers and customers

 • Consistent and accurate data

• Better inventory management

Challenges of ERP:

• Time-Consuming: Implementation can take months or even years.

• High Costs: ERP implementation can be expensive.

• Complexity: The system can be difficult to understand and use

• Data Security: Integrating data from different departments can create security risks.

• Resistance to Change: Employees may be reluctant to adopt the new system.

The 3 Types of ERP

1. On-Premise : refers to an ERP solution that is installed and hosted on organisations

own servers and infrastructure. This traditional deployment provides full control over
hardware, software, and network. It is suitable for large businesses.

Benefits:

• Customized features
• Greater control
• Data privacy
• No internet needed
• Integration with existing systems

2. Cloud: ERP software hosted on cloud servers and accessed through internet. It
eliminates the need for organization to maintain its own hardware and infrastructure. It
is suitable for small to medium size businesses.

Benefits:

• Low upfront costs

• Scalable
• Data redundancy
• Mobile-friendly
• Seamless updates

3. Hybrid: Combination of on-premise and cloud ERP systems allowing businesses to

use both models simultaneously to provide flexibility and control the cost. It is suitable
 for businesses with legacy systems in transition and where regulatory compliance is
high.

Benefits:

• Broad functionality
• Versatility
• Data Control and access
• Easier transition to full cloud
• Combine best-of-breed
solutions
-----------------------------------------------------------------------------------------------------------

Cyber-security

1. Definition of cyber security concepts

1.1. Cyber

• Cyber is the confluence between technology, humans, and organizations.

• A cyber attack is orchestrated by individuals or groups to breach, disrupt, or gain
unauthorized access to computer systems, networks, or devices.
• To understand that not all threat actors are focused on the same things.
• Attackers execute operations by utilizing available resources, leveraging tactics, tools,
and processes that vary.
1.2. Cyberattack

• A cyber-attack is an assault launched by cybercriminals using one or more computers

against a single or multiple computers or networks.

1.3. Computer security

• The protection of the computer and its content, evolved into information technology or
IT security,

1.4. Information Security

• A broader concept that encompasses protecting all types of information, regardless of

the format (physical, digital, or verbal).

1.5. Cybersecurity

• A subset of info security, focusing specifically on protecting digital information from

cyber threats (e.g., hackers, malware, etc.).

2. Motivation for the cyber-attack:

• Out of curiosity
• To seek financial gain
• To attack critical assets of a nation
• To steal plans and intelligence
• To convey a message related to politics and society

3. Threat Actors

• A threat actor is a person or group that carries out malicious activities to exploit
systems or data for financial, political, or personal gain.

• Types of threat actors:

1. Hobbyist
2. Hacktivist
3. Criminal Organization
4. Organized Crime Syndicate
3.1. Hobbyist

• Hobbyists are curious about how technology works and where the vulnerabilities lie.
• Attack level -> Low-level attacks
• Skill & Resource -> Low skilled and lightly resource.
• Motivation: Curiosity and a desire to build a reputation.
• How?
o Tend to leverage established tools and tactics, not building their own custom
software or reverse-engineering the complicated systems
o They're taking advantage of what is already been done.
• Alone or Teamwork: Often act alone
• They frequently violate confidentiality and potentially impact the access to a device or
service itself
3.2. Hacktivist

• Objectives related to political, economic, or even social concerns.

• Attack level -> Low-level attacks
• Skill & Resource -> Low skilled and lightly resource.
• Motivation: Non-alignment with government
• Social justice
• How?
o Website defacement and denial-of-service attacks
• Alone or Teamwork:
o Often act alone or part of a small organization

3.3. Criminal Organization

• Low-level criminals utilizing basic techniques, or they could be highly skilled hackers.
• Attack level -> Both Low-level and High-level attacks
• Skill & Resource -> Low & Highly skilled and Highly resourced
• Motivation -> For financial gains
• How?
o They can use a variety of techniques and tactics to engage in online
fraud, industrial espionage, and the stealing of corporate secrets.
o Build their own tools for exploitation.
• Alone or Teamwork
o Often act alone or part of a large criminal organization
3.4. Organized crime syndicate

• Persistently engaged with their targets. They are mostly tied to nation-states or aligned
with their geopolitical goals.
• Attack level -> High-level attacks
• Skill & Resource -> Highly skilled and Highly resourced
• Motivation -> Espionage
• How?
o They can use various techniques and tactics to engage in espionage, stealing a
country’s secrets.
o Build their own tools for exploitation.
• Alone or Teamwork
o Large group
4. Hacking process

• Hacking refers to the process of gaining unauthorized access to computers,

networks, or digital systems, often to exploit vulnerabilities for various purposes,
such as stealing data, causing damage, or conducting illegal activities.
• Reconnaissance - an exploration of the target and includes a lot of different
activities like general web research on the organization
• Weaponization - the process of taking something—such as technology or a system—
and converting it into a tool or weapon for harmful purposes.
• Exploitation and installation- exploiting the device once a person clicks on the link or
does some activity
• Command and control - the user’s device

5. Attack

• Virus
• Trojan horse
• Spoofing
• Phishing
• Cybervandalism
• Insider job
• Denial-of-service
• Distributed denial-of-service

5.1. Virus

• A computer virus is a type of malicious software (malware) designed to replicate

itself by infecting other programs or files.
• Corrupting or deleting data
• Slowing down system performance
• Stealing sensitive information
• Allowing unauthorized access to the infected system

5.2. Trojan horse (Trojan

• A Trojan horse is a type of malicious software (malware) that disguises itself as a

legitimate or harmless program to deceive users into installing or executing it.
• Unlike a computer virus, a Trojan does not replicate itself

5.3. Spoofing

• Spoofing is the act of disguising a communication from an unknown source as being

from a known, trusted source.
• Use Email address & Phone number
• Acting as individual

5.4. Phishing

• The practice of sending fraudulent communications that appear to come from a

reputable source.
• Use Website
• Acting as Organization

5.5. Cybervandalism

• Intentionally disrupting, defacing, or destroying a Website

• Typically intended to cause disruption, embarrassment, or chaos.
• Political or Social Activism (Hacktivism)
 5.6. Insider Jobs

• Accessing confidential information of users (by employees) is one of the largest

financial threat

5.7. Denial-of-service

• A cyberattack aimed at disrupting the normal functioning of a system, network, or

website by overwhelming it with a flood of illegitimate requests or excessive traffic.

5.8. Distributed Denial-of-service

• An advanced form of a Denial of Service (DoS) attack where multiple systems, often
distributed across various locations, work together to flood a target system, server, or
network with an overwhelming volume of illegitimate requests or excessive traffic.

6. Types of security breaches:

6.1. Data breach

6.2. Data Theft
6.3. Disruption

7. Impact of security breaches

• Reputational harm
• Damage and destruction of data
• Stolen money
• Lost productivity
• Theft of intellectual property
• Theft of personal and financial data
• Post-attack disruption to the normal course of business
• Restoration and deletion of hacked data

----------------------------------------------------------------------------------------------------------

Hardware Security

1. Definition and concept

• Involves hardware design, access control, secure multi-party computation, secure

key storage, ensuring code authenticity and measures
• To ensure the supply chain that built the product is secure among other things.
• For example:
 • Spectre and Meltdown are two major hardware vulnerabilities discovered in
modern processors (CPUs) in 2018.

1.1. Physical Unclonable Functions (PUFs)

• Unique physical attributes ( hardware), leveraged for cryptographic purposes

1.2. Tamper Resistance Technology

• Techniques protecting unauthorized access and alterations

1.3. Supply Chain Security

• Practices ensuring security of hardware, from manufacturing to deployment, from any

spoilage, interference or modifications.

1.4. Trusted Platform Modules (TPM)

• Security modules (chips) integrated with devices to provide hardware-based security

along with secure boot and cryptographic key generation.

2. Hardware Security Modules

• A physical computing device that safeguards and manages digital keys

• Devices providing robust encryption and management for strong authentication
• These modules are installed in the form of a plug-in card or an external device that
attaches directly to a computer or network server.
3. Hardware Security: Consequences

• Financial Consequences
• Economic impact of data breach: Financial losses, legal costs, compensation
• Operational downtime
• Hardware replacement cost
• Legal and Regulatory Implications
• Compliance with data protection (e.g., GDPR, CCPA) that penalizes
businesses for failing to secure hardware.
• Industry-specific regulations (e.g., healthcare, finance) and failed hardware
security lead to severe fines and penalties.
• Reputational Damage:
• Erosion of Customer Trust
• Stock price impact and decline in brand value
4. Hardware Security: Prevention Strategies

• Seamless Vendor Investigations

• Assess suppliers timely, randomly and periodically
• Encryption
 • Encrypting sensitive information
• Access Control Measures
• strict access restrictions
• Regular Audits
• periodic security audits
• Tamper-evident Mechanisms
• Devices to detect tampering

5. Tools & technologies for safeguarding

• Identity management and authentication

• Firewalls, intrusion detection system and anti-virus
• Encryption and public key infrastructure
• Ensuring system availability
• Security issues for cloud computing and the mobile digital platform

5.1. Identity management and authentication

• Technologies for protecting information resources, managing user identities,
preventing unauthorized access to systems and data, ensuring system availability, and
ensuring software quality
• Authentication Technologies- to know that a person is who he or she claims to be
• Passwords
• Tokens
• Smart Cards
• Biometric Authentication
• Two-factor authentication
5.2. Firewalls, intrusion detection system and anti-virus
• Firewalls
• Combination of hardware and software that controls the flow of incoming
and outgoing network traffic. It is generally placed between an organization’s
private internal networks and distrusted external networks
• Network Address Translation (NAT)
• Conceals the IP address of the organization’s internal host computer(s) to
prevent sniffer programs outside the firewall from penetrating the internal
system.
• Intrusion detection systems
• Features full-time monitoring tools placed at the most vulnerable points of
corporate networks to detect and deter intruders continually
• Antivirus software
• Unified threat management system
• Combines various security tools including firewalls
5.3. Encryption and public key infrastructure
• Encryption- transform plain text or data into cyber text

5.4. Ensuring system availability

• Fault-tolerant computer systems
• Contain redundant hardware, software and power supply components to
create an environment to provide continuous, uninterrupted service
• Downtime
• Period of time in which the system is not operational
• Controlling network traffic- assigning priority to files
• Security outsourcing
• Outsource security functions to managed security service providers (MSSPs)
-----------------------------------------------------------------------------------------------------------

Software Security

1. Concept

• It encompasses practices, concepts, and principles

• Aligned towards securing software applications and systems against cyber threats
and vulnerabilities.
• With recent digital transformation the concerns related to software securities have
gone up across industries.
2. Software Security – Some Principles

• Principle 1: There Is No Such Thing as Absolute Security.

• Principle 2: The Three Security Goals Are Confidentiality, Integrity, and Availability.
• Principle 3: Defence-in-Depth (DiD) as Strategy.
• Principle 4: When Left on Their Own, People Tend to Make the Worst Security
Decisions.
• Principle 5: Computer Security Depends on Two Types of Requirements: Functional
and Assurance.
• Principle 6: Security Through Obscurity Is Not an Answer.
• Principle 7: Security = Risk Management.
• Principle 8: The Three Types of Security Controls Are Preventative, Detective, and
Responsive.
• Principle 9: Complexity Is the Enemy of Security.
• Principle 10: Fear, Uncertainty, and Doubt Do Not Work in Selling Security.
• Principle 11: People, Processes, and Technology Are All Needed to Secure a System or
Facility Adequately.
• Principle 12: Open Disclosure of Vulnerabilities Is Good for Security!.
-----------------------------------------------------------------------------------------------------------
 Ethical hacking

• Use of technology in a non-violent or non-harmful way in the pursuit of a cause,

political, social, or otherwise, which is often legally and permitted by authorities, also
morally ambiguous.

• Ethical hacking is described as the legal access of a hacker to any organization's online
property after receiving prior permission from the organization.

• “Application testing, war dialing, network testing, wireless security, system hardening”,
are among the many services that require ethical hacking.

• Ethical hacking is done to improve a company's security.

Key Requirements for Ethical Hacking

• Consent: Ethical hackers must have permission from the owners of the systems they
are testing.
• Legal Boundaries: The hacking must comply with national laws and regulations.
• Clear Objectives: The goals of the testing must be documented and agreed upon
beforehand.

Five types of ethical hacking:

• Online civil disobedience

• Hacktivism
• Counterattack/hackback
• Penetration/intrusion testing and vulnerability discovery
• Security activism

-----------------------------------------------------------------------------------------------------------

Artificial Intelligence

Artificial Intelligence refers to the simulation of human intelligence by machines that can
perform tasks like reasoning, learning, and decision-making.

Key Features:

• Machine Learning (ML)

• Natural Language Processing (NLP)
• Computer Vision

Examples:

Chatbots (e.g., ChatGPT), Virtual Assistants (e.g., Alexa), Recommendation Systems (e.g.,
Netflix).
Evolution of AI

Year Development Explanation Achievement

The Birth of AI - Establishment of AI as a
1956 N/A
Dartmouth Conference field of study.
Demonstrated basic
Development of ELIZA,
1966 ELIZA natural language
the first chatbot.
processing.
Improved decision-
Rise of Expert Systems
1980s MYCIN making in specific
(e.g., MYCIN)
domains.
Proved AI can outperform
IBM’s Deep Blue defeats
1997 Deep Blue humans in strategy
Garry Kasparov in chess.
games.
Definition and rise of Various ML Shift towards data-driven
1997
Machine Learning. algorithms algorithms.
Highlighted the potential
IBM’s Watson wins on
2011 Watson of AI in language and
Jeopardy!
reasoning tasks.
Major leap in image
Demonstration of deep Convolutional Neural
2012 recognition and
learning with ImageNet. Networks (CNNs)
processing.
Showcased AI’s capability
AlphaGo defeats world
2016 AlphaGo in complex decision-
champion Lee Sedol.
making.
Waymo's
Introduction of self- Disrupted transportation
2018 autonomous
driving taxis by Waymo. industry with AI.
vehicles
Enhanced focus on AI Various AI ethics Highlighted the need for
2023
ethical considerations. frameworks bias mitigation in AI.
AI expected to enhance Generative AI tools,
Revolutionizing decision-
2024 decision-making in predictive analytics
making processes.
industries. tools

Importance of AI in Business

• Data-Driven Decisions
• Analyze large datasets for actionable insights.
• Cost Efficiency
• Automates repetitive tasks, reducing operational costs.
• Enhanced Customer Experience
• Personalizes interactions through AI-driven chatbots and recommendations.
• Competitive Advantage
• Early adopters gain a technological edge in the market.
Impact of AI in Industries

1. AI in various fields like Natural Language Processing

2. New age conversational Artificial Intelligence models.
3. Upgradation of expert systems in the healthcare industry.
4. AI capability in the gaming industry for enhanced decision-making.
5. Enhanced Image and video analysis.
6. Automated vehicle technologies.

Real-World Examples of AI

• Amazon: Uses AI for product recommendations and Alexa voice assistant.

• Tesla: AI-powered autonomous vehicles and autopilot features.
• Netflix: Personalized content recommendations based on user preferences.
• Zoom: AI tools for virtual meeting transcription and noise cancellation.
• Swiggy/Zomato: Customer support

Notes: The list of real-world examples is extensive. You are encouraged as per your
interest.

Advantage

• Accuracy and Precision: Reduces human errors.

• Scalability: Handles complex and repetitive tasks efficiently.
• 24/7 Operations: AI systems can work continuously without fatigue.
Challenges

• Implementation Cost: High initial investment in AI technologies.

• Skill Gap: Need for skilled professionals to manage AI systems.
• Ethics: Concerns over privacy, bias, and job displacement.

Future of AI in Business

• Integration with SMAC: AI will enhance Social, Mobile, Analytics, and Cloud
technologies.

• AI in Decision-Making: Advanced predictive tools for better strategic planning.

• AI-Powered Innovations: AI-driven robotics, IoT devices, and autonomous systems

will become mainstream.
Notes:

1. Please refer to the mid-term notes in conjunction with this document/note for a
more comprehensive understanding.
2. Please re-visit and recall in-class assignments.
3. Please visit the major assignment and mid-term submissions.
4. Please read these topics in the reference book and research these topics on the
web.