Advanced Management Information System

INDIVIDUAL ASSIGNMENTS

In MIS

Reviewed By:
Name –BIruktawit Mamo
ID NO – MBA 0643/15
Section 11
Submitted to :- Temtim (Dr.)

Submitted date June,2023

0
1.Explain the difference between data, information and knowledge? Provide example for
your answer

Data, information, and knowledge are related concepts, but they have different meanings and
levels of complexity.

Data refers to raw, unorganized facts and figures that are collected and stored. Data can be in any
form, such as numbers, text, images, or audio. For example, a list of customer names and
addresses is data.

Information is data that has been processed, organized, and structured in a meaningful way.
Information provides context and meaning to data, making it useful for decision-making. For
example, a report that summarizes customer demographics and buying habits is information.

Knowledge is a deeper understanding of information that is gained through experience, analysis,

and synthesis. Knowledge involves the ability to apply information to solve problems or make
decisions. For example, a marketing manager who uses customer data and market research to
develop a new product strategy has knowledge.

To illustrate the difference between these concepts, consider the following example:

Data: A list of sales figures for a company's products.

Information: A chart that shows the sales figures for each product, organized by region and time
period.

Knowledge: An analysis of the sales figures that identifies trends and patterns, and uses this
information to develop a sales strategy for each product and region.

2.What is an information system? What are the major components of information?

An information system is a system that collects, stores, processes, and disseminates data and
information within an organization. It combines people, processes, and technology to facilitate
the management and flow of information for decision-making and operational activities.

1
Information systems can vary in scope and complexity, ranging from simple manual systems to
sophisticated computer-based systems.

The major components of an information system typically include:

1. Networks: Networks enable the connectivity and communication between different components of
an information system. They facilitate the transmission of data and information between devices, users,
and systems. Networks can be local area networks (LANs), wide area networks (WANs), or the internet.

2. Processing: Once the data is inputted, it undergoes processing to transform it into

meaningful information. Processing involves organizing, manipulating, calculating, and
summarizing the data. This component includes various operations and algorithms performed
by the system to derive insights or generate outputs. For instance, calculating sales totals,
generating reports, or analyzing trends.

3. Storage: The storage component involves holding and preserving data and information for
future use. It includes physical or digital storage devices such as hard drives, databases, or cloud
storage systems. The stored data can be retrieved and accessed whenever needed, allowing for
efficient data management and retrieval.

4. Hardware: This includes the physical devices and equipment used to process, store, and
transmit data and information. It encompasses computers, servers, networks, storage devices, and
peripheral devices like printers and scanners.

5. Software: Software refers to the programs and applications that enable the processing,
manipulation, and presentation of data. This includes operating systems, database management
systems, productivity software, and specialized applications tailored for specific purposes.

3. Explain how information systems help organizations to achieve different business

strategic objectives such as operational excellence and cost leadership, etc.
Information systems play a vital role in helping organizations achieve various business strategic
objectives. Here are a few ways in which information systems contribute to specific objectives:
1. Operational excellence: Information systems can help organizations improve their operational
efficiency and effectiveness by automating routine tasks, streamlining processes, and reducing
errors and delays. For example, an enterprise resource planning (ERP) system can integrate
various functional areas of an organization, such as finance, accounting, inventory, and
production, to provide real-time visibility and control over the entire supply chain.
2. Cost leadership: Information systems can help organizations reduce their costs and increase
their profitability by optimizing their resources, minimizing waste, and improving their pricing
strategies. For example, a customer relationship management (CRM) system can help
organizations identify their most profitable customers, segment them based on their needs and
preferences, and tailor their marketing and sales efforts accordingly.

2
3. Product differentiation: Information systems can help organizations create unique and
innovative products and services by leveraging their knowledge and expertise, collaborating with
their partners and customers, and adapting to changing market trends and demands. For example,
a product lifecycle management (PLM) system can help organizations manage their product
development process from ideation to launch, by integrating various stakeholders, such as
designers, engineers, suppliers, and customers.

4. Explain the different layers of information systems by managerial hierarchies. What are
the main input data and output information?
Information systems can be classified into different layers based on managerial hierarchies within an
organization. The main layers are as follows:

1. Operational Level: This is the bottom layer of the managerial hierarchy and involves day-to-day
operational activities. Information systems at this level focus on collecting, storing, and processing
transactional data. The main input data at the operational level include transactional data such as sales
transactions, inventory updates, employee time records, and customer orders. The output information
consists of operational reports, routine summaries, and exception reports that help monitor and control
daily activities.

2. Management Level: The management level is responsible for tactical decision making and monitoring
the performance of different departments or units. Information systems at this level provide
summarized and aggregated data from various operational systems. The input data for management-
level systems include operational data, as well as periodic reports and summaries from different
functional areas. The output information consists of management reports, performance indicators, and
analytical tools that help managers evaluate performance, allocate resources, and make informed
decisions.

3. Strategic Level: This is the top layer of the managerial hierarchy and involves long-term strategic
planning and decision making. Information systems at this level provide high-level, aggregated
information to support strategic decisions. The input data for strategic-level systems include data from
both internal and external sources, such as market research, competitive analysis. The output
information includes strategic reports, executive dashboards, financial statements, and performance
indicators. These systems help top management gain a holistic view of the organization, identify
opportunities and threats, and make strategic decisions to achieve long-term objectives.

5. Discuss one of functional information system that you commonly found in any
organization such as financial information system, human resource information system,
geographic information system, etc. Each component of the information, the type of data
managed by system and main organizational activities supported by the system?

One of the functional information systems that is commonly found in any

organization is the human resource information system (HRIS). This is a
software solution that maintains, manages, and processes detailed employee

3
information and human resources-related policies and procedures. An HRIS
can support various HR functions, such as recruitment, performance
management, learning and development, compensation and benefits,
payroll, time and attendance, and more.

The components of an HRIS can vary depending on the specific needs and
goals of the organization, but they generally include:

 A database that stores employee data, such as personal, demographic,

compensation, benefit selections, skills, certifications, performance
reviews, training records, and more.
 A user interface that allows employees, managers, and HR
professionals to access, update, and report on the employee data.
 A set of modules or applications that automate and streamline various
HR processes, such as applicant tracking, onboarding, payroll
processing, benefits administration, time tracking, performance
appraisal, learning management, succession planning, and more.
 A reporting and analytics tool that enables the generation of reports
and dashboards on key HR metrics and indicators, such as turnover
rate, employee engagement, productivity, diversity and inclusion,
compliance, and more.

The main organizational activities supported by an HRIS are:

 Employee Data Management: The HRIS serves as a central repository for storing and
managing employee information, ensuring data accuracy, and facilitating easy access for HR
professionals, managers, and employees.
 Payroll and Benefits Administration: The HRIS automates payroll processes, calculates
salaries, deductions, and taxes, and generates paychecks. It also supports benefits administration
by tracking employee enrollments, managing benefit plans, and facilitating open enrollment
periods.
 Performance Management: The HRIS assists in managing performance evaluations, goal
setting, and performance tracking. It helps HR professionals and managers conduct performance
appraisals, document feedback, and monitor employee performance over time.
 Training and Development: The HRIS helps in managing training programs and employee
development activities. It tracks training requirements, manages course registrations, and
provides access to training materials and resources.

6. What is data mining and what is the major application of data mining in the org

Data mining is the process of discovering patterns, trends, and insights from
large datasets using statistical and machine learning techniques. It involves
extracting useful information from data that may not be immediately
apparent, and using that information to make informed decisions.
4
The major application of data mining in organizations is in the field of
business intelligence. Data mining can be used to analyze customer
behavior, market trends, and business performance, and to identify
opportunities for growth and improvement.

7. What is expert system? What is the purpose of expert system? What are main
components of expert system? Give two examples of expert system?

An expert system is a computer-based system that emulates the decision-making abilities and
problem-solving skills of human experts in specific domains. It is designed to provide expert-
level knowledge and advice to users, assisting them in solving complex problems, making
decisions, and performing tasks within a specialized area.

The purpose of an expert system is to capture and apply the expertise and knowledge of human
experts, enabling non-experts to access and utilize that knowledge. Expert systems aim to
provide accurate, consistent, and timely advice or solutions, even in the absence of a human
expert.

The main components of an expert system are:

1. Knowledge Base: The knowledge base stores the domain-specific knowledge and
expertise of human experts. It consists of rules, facts, heuristics, and algorithms that
define the problem-solving capabilities of the expert system.
2. Inference Engine: The inference engine is the reasoning component of the expert system.
It applies logical rules and algorithms to the knowledge base to generate conclusions or
recommendations based on user inputs or queries.
3. User Interface: The user interface allows users to interact with the expert system. It can
be in the form of a text-based interface, graphical interface, or natural language interface,
facilitating the input of problem details and receiving system outputs.
4. Explanation Facility: The explanation facility provides transparency and justification for
the system's recommendations or decisions. It explains how the system arrived at a
particular conclusion by tracing the reasoning process or presenting supporting evidence.
5. Knowledge Acquisition System: The knowledge acquisition system is used to capture
and input the expertise of human experts into the knowledge base. It involves interviews,
documentation reviews, and other methods to extract knowledge and encode it in a
format suitable for the expert system.

Two examples of expert systems are:

1.PROSPECTOR: An expert system developed by Exxon in the 1980s to explore for oil
and gas reserves.

5
 2.MYCIN: An expert system developed in the 1970s to diagnose bacterial infections and
recommend antibiotics.

8. What is knowledge management and why is knowledge management critical in today’s

organization.

Knowledge management is the process of creating, organizing, storing, sharing, and utilizing knowledge
within an organization to enhance its performance and achieve its objectives. It involves capturing tacit
and explicit knowledge, making it easily accessible, and fostering a culture of learning and knowledge
sharing. like sharing, Innovation, Improved decision-making, Employee, Risk management

knowledge management is critical in today's organization because it enables organizations to leverage

their knowledge assets, drive innovation, improve decision-making, engage and retain employees, and
manage risks.

9. Technology is backbone of any management information system implementation.

Explain the different technologies that are used to implement a management information
system?

Implementing a management information system (MIS) requires various technologies to support

the collection, processing, storage, retrieval, and dissemination of information within an
organization. Here are some key technologies used in MIS implementation:

1. Hardware: Hardware forms the physical infrastructure of an MIS. It includes servers,

computers, networking devices, storage systems, and peripherals such as printers and
scanners. These components provide the necessary computing power and resources to
support MIS operations.
2. Software: Software plays a crucial role in MIS implementation. It includes operating
systems, database management systems (DBMS), programming languages, middleware,
and application software. DBMS software is particularly important for storing,
organizing, and managing data in a structured manner. Application software includes
specific MIS applications for data analysis, reporting, and decision support.
3. Databases: Databases are used to store and manage structured data within an MIS.
Relational database management systems (RDBMS) are commonly used to ensure data
integrity, consistency, and efficient retrieval. Data warehouses and data marts are used
for storing large volumes of historical data for reporting and analysis purposes.
4. Networks: Networking technologies enable the connectivity and communication between
different components of the MIS. Local Area Networks (LANs), Wide Area Networks
(WANs), and the internet facilitate data transfer, remote access, and collaboration among
users and systems. Network security measures, such as firewalls and encryption, protect
the integrity and confidentiality of MIS data.
5. Cloud Computing: Cloud computing has become increasingly relevant for MIS
implementation. Cloud-based solutions offer scalability, flexibility, and cost-
6
 effectiveness by providing on-demand access to computing resources and software
applications. Cloud-based MIS solutions enable organizations to store data, host
applications, and access information from anywhere with an internet connection.

10.What are information system development life cycles we follow to develop an

information system? What are the main activities in each phase of system development?

There are several information system development life cycles (SDLC) that organizations follow
to develop an information system. One commonly used SDLC model is the Waterfall model.
Here are the main phases and activities involved in the Waterfall model:

 Requirements Gathering and Analysis:

o Identify and document the business requirements and objectives for the system.
o Conduct interviews, surveys, and workshops with stakeholders to gather
requirements.
o Analyze and prioritize requirements, and create a detailed requirements
specification document.
 System Design:
o Design the system architecture and overall structure based on the requirements.
o Define the logical and physical components of the system.
o Create system design documents, including data models, process flows, and
interface designs.
 Implementation:
o Develop the system components based on the design specifications.
o Write and test code, create databases, and configure hardware and software
components.
o Conduct unit testing to verify the functionality of individual modules or
components.
 Integration and Testing:
o Integrate the developed modules or components into a complete system.
o Perform system testing to validate the integrated system against the requirements.
o Identify and fix any defects or issues found during testing.
 Deployment:
o Deploy the system into the production environment.
o Install the necessary hardware and software components.
o Conduct user training and prepare documentation to support system users.
 Maintenance:
o Monitor and support the live system, ensuring its availability and performance.
o Address user queries, issues, and enhancement requests.
o Perform regular maintenance tasks, such as backups, security updates, and
performance tuning.

7
11.What is a database? Why we need to maintain a database in the organization?

A database is a structured collection of data that is organized, managed, and stored in a way that allows
for efficient retrieval, manipulation, and analysis. It is designed to store and manage large volumes of
data in a systematic and structured manner, enabling easy access and retrieval of information.

Overall, maintaining a database in an organization provides a structured and secure approach to data
management, promoting data integrity, sharing, analysis, and efficient decision making. It is a vital asset
for organizations to store, manage, and leverage their data effectively in today's data-driven business
environment.

12.What is information security? Why information security is hot issue at present time?

Information security refers to the practice of protecting information assets from unauthorized access,
disclosure, disruption, modification, or destruction. It involves implementing measures and controls to
ensure the confidentiality, integrity, and availability of information, as well as safeguarding it against
various threats and risks.

Given these factors, information security is a hot issue that organizations must address to safeguard
their data, protect their systems and networks, ensure regulatory compliance, and maintain business
continuity. It requires a proactive and multi-layered approach that combines technological measures,
policies, procedures, employee awareness, and ongoing monitoring and response capabilities.

13. Mention some common human related security threats? Why employees are the main
source information security threats?

Some common human-related security threats are:

1. Phishing: This is a type of social engineering attack where attackers send fraudulent emails or
messages to trick users into revealing sensitive information, such as passwords or credit card
numbers.

2. Insider threats: This is when employees or contractors with authorized access to an

organization's systems and data intentionally or unintentionally misuse or disclose sensitive
information.

3. Social engineering: This is a type of attack where attackers use psychological manipulation to
trick users into divulging sensitive information or performing actions that compromise security.

4. Password attacks: This is when attackers use various techniques to guess or steal passwords,
such as brute force attacks, dictionary attacks, or password phishing.

8
5. Malware: This is a type of software that is designed to harm or exploit computer systems,
often by tricking users into downloading or installing it.

Employees are the main source of information security threats because they have access to
sensitive information and systems, and they are often the weakest link in an organization's
security chain. Employees may inadvertently or intentionally compromise security by clicking on
phishing links, sharing passwords, or mishandling sensitive information. Additionally,
employees may be targeted by attackers who use social engineering tactics to trick them into
revealing sensitive information or performing actions that compromise security. Therefore, it is
important for organizations to provide regular security awareness training to employees and
implement security policies and procedures to mitigate the risk of human-related security
threats.compromised by their own mistakes or negligence. Employees can also pose
a threat to information security because they Employees are the main source of
information security threats because they often have access to sensitive and
valuable information and systems that can be exploited by malicious actors or may
lack awareness or training on how to protect information and systems from various
risks and vulnerabilities. Employees may also have personal or professional motives
to harm the organization or its information assets

14. Mention some common software related security threats? What kind of consequence it
brings to the organization?
Some common software-related security threats include:
1. Malware: Malware refers to malicious software such as viruses, worms, ransomware, and
spyware. It can infect systems and networks, compromise data, and disrupt operations. Malware
is often designed to steal sensitive information, gain unauthorized access, or cause damage to the
organization's infrastructure.
2. Phishing Attacks: Phishing attacks involve the use of deceptive emails, messages, or websites
to trick individuals into revealing sensitive information, such as usernames, passwords, or
financial details. Phishing attacks can lead to data breaches, identity theft, and financial losses.
3. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks: DoS and DDoS
attacks overload systems or networks with a flood of traffic, rendering them inaccessible to
legitimate users. These attacks can disrupt business operations, cause service outages, and result
in financial losses.
7. Insider Attacks: Insider attacks involve individuals with authorized access to systems or
networks intentionally misusing their privileges. This can include stealing or leaking sensitive
information, modifying data, or disrupting operations from within the organization.

The consequences of software-related security threats can be significant for organizations,

including:

9
1. Data Breaches: Security threats can result in the exposure or theft of sensitive data, including
customer information, intellectual property, financial records, or confidential business data. Data
breaches can lead to financial losses, legal consequences, reputational damage, and loss of
customer trust.
2. Operational Disruption: Security threats can disrupt business operations, rendering systems or
networks inaccessible, causing service outages, or slowing down processes. This can result in
productivity losses, missed deadlines, and customer dissatisfaction.
3. Financial Losses: Security incidents can lead to financial losses due to the costs associated
with incident response, remediation, legal proceedings, regulatory fines, and potential lawsuits.
Additionally, organizations may face financial repercussions from stolen funds, fraudulent
activities, or lost business opportunities.
4. Reputational Damage: Security breaches can tarnish an organization's reputation, erode
customer trust, and damage relationships with partners and stakeholders. Rebuilding trust and
recovering from reputational damage can be challenging and time-consuming.
15.What are the common security prevention mechanisms? Explain
how an information security policy is used as security prevention
mechanism?
Common security prevention mechanisms include:
1. Firewalls: These are network security devices that monitor and control incoming
and outgoing network traffic based on predetermined security rules.
2. Antivirus software: This is software that is designed to detect and remove
malware from computer systems.
3. Access controls: These are security measures that limit access to sensitive
information and systems to authorized users only.
4. Encryption: This is the process of converting sensitive information into a code
that can only be deciphered with a key or password.
6.Security awareness training: This is training that is provided to employees to
educate them on security best practices and how to identify and prevent security
threats.

#Reference
Module,Textbook
https://www.forbes.com/advisor/business/common-cyber-security-threats/
cisco

10