ZQMS-ARC-REC-002

ASSIGNMENT COVER

REGION: HARARE_______________________________________________

PROGRAM: ________________MBA____________________________INTAKE: __________

FULL NAME OF STUDENT: __HARINANGONI CORDILIA_____PIN: _P1932908R_

MAILING ADDRESS: cordieharina@gmail.com________

CONTACT TELEPHONE/CELL: 0772470747________ ID. NO.: 47-143197E47____

COURSE NAME: MANAGEMENT INFORMATION SYSTEMS COURSE CODE:

MBAZ507

ASSIGNMENT NO. e.g. 1 or 2: _____1___________ DUE DATE: ___________________

ASSIGNMENT TITLE:
______________________________________________________________________________
___

______________________________________________________________________________
___

______________________________________________________________________________

MARKER’S COMMENTS: ______________________________________________________

______________________________________________________________________________

OVERALL MARK: _____________ MARKER’S NAME: ________________________

MARKER’S SIGNATURE:_______________________________ DATE: ___________

 Question 1: Generate a report to management that describes the primary causes of the
problems, a detailed plan to solve them. [25]

To: Management

From: Project Manager

RE: PRIMARY CAUSES OF IT FAILURE IN THE COMPANY

Causes of IT failure

Readers of this blog know IT initiatives generally fail for business, organizational, or cultural

reasons. Sure, technology screw-ups occur all the time, but that's one of the realities to be

managed. Success or failure ultimately depends on how project leadership manages the full

range of technical- and non-technical issues.

The following are guidelines describing critical areas of weakness in our bus projects:

1. Poor Communication. Enterprise projects usually impact a large amount of people.

This requires constant communications to all levels of people throughout the organization. A

strong communication strategy can help with this.

2. Underestimating or ignoring impact of change. This is another way of saying poor

change management. People need to know WIIFM (what's in it for me). Resistance to change

can kill any project. Your initiative must have a champion who carries a lot of clout.

3. Lack of Leadership. IT Leadership requires excellence in three key areas:

Technology, Business, and People. If the leadership is missing any of the three components

you are doomed.

4. Lack of strong executive sponsorship. For these projects to succeed you must have

somebody high up in the organization with a lot of clout.

5. Poor project management. Often, large enterprise initiatives have a ton of logistics

that need to be identified and managed accordingly.

6. Poor Planning. This could also fall into a category of unrealistic expectations.

Initiatives like SOA require a well thought out strategy. Many IT shops do not have the

patience for this and rush into their project head first without a clue of how to actually

accomplish their goals.

7. Trying to do it cheap. Organizations want it all, but they don't want to invest the

time and money. I have seen many projects get completed using this strategy, but they almost

always run over budget, are late, are missing many features, and have many various quality or

process issues due to the quick-n-dirty approach.

8. Lack of technical knowledge. You wouldn't ask me to remove your appendix so why

would you have somebody with little or no knowledge of the technology at hand lead your

enterprise initiative.

9. Lack of sound business case. You can get all of the other issues right but if your

solution has no business context then you are wasting your time.

10. Poor vendor management. Somebody hires a high priced group of consultants and

lets them run wild. You should make sure that what they build meets your requirements, your

standards, your needs, and your timelines.

Complex projects are hard to get right, which is why IT failure remains a serious

issue.Successful leaders create project success on the foundation of skillfully managing

people, process, and technology. While this perspective may appear obvious, the experience

and wisdom needed to make IT projects successful is not common at all.

A typical organization is divided into operational, middle, and upper level. The information

requirements for users at each level differ. Towards that end, there are number of information

systems that support each level in an organization.Understanding the various levels of an

organization is essential to understand the information required by the users who operate at

their respective levels.

The following diagram illustrates the various levels of a typical organization.

Operational management level

The operational level is concerned with performing day to day business transactions of the

organization. Examples of users at this level of management include cashiers at a point of

sale, bank tellers, nurses in a hospital, customer care staff, etc. Users at this level use make

structured decisions. This means that they have defined rules that guides them while making

decisions.

For example, if a store sells items on credit and they have a credit policy that has some set

limit on the borrowing. All the sales person needs to decide whether to give credit to a

customer or not is based on the current credit information from the system.
Tactical Management Level

This organization level is dominated by middle-level managers, heads of departments,

supervisors, etc. The users at this level usually oversee the activities of the users at the

operational management level.

Tactical users make semi-structured decisions. The decisions are partly based on set

guidelines and judgmental calls. As an example, a tactical manager can check the credit limit

and payments history of a customer and decide to make an exception to raise the credit limit

for a particular customer. The decision is partly structured in the sense that the tactical

manager has to use existing information to identify a payments history that benefits the

organization and an allowed increase percentage.

Strategic Management Level

This is the most senior level in an organization. The users at this level make unstructured

decisions. Senior level managers are concerned with the long-term planning of the

organization. They use information from tactical managers and external data to guide them

when making unstructured decisions.

In different management levels there is need to take the following systems into consideration

for effective decision making;

Transaction Processing System (TPS)

Transaction processing systems are used to record day to day business transactions of the

organization. They are used by users at the operational management level. The main

objective of a transaction processing system is to answer routine questions such as;

  How much inventory do we have at hand?

By recording the day to day business transactions, TPS system provides answers to the above

questions in a timely manner.

 The decisions made by operational managers are routine and highly structured.

 The information produced from the transaction processing system is very detailed.

For example, banks that give out loans require that the company that a person works for

should have a memorandum of understanding (MoU) with the bank. If a person whose

employer has a MoU with the bank applies for a loan, all that the operational staff has to do is

verify the submitted documents. If they meet the requirements, then the loan application

documents are processed. If they do not meet the requirements, then the client is advised to

see tactical management staff to see the possibility of signing a MoU.

Examples of transaction processing systems include; Point of Sale Systems – records daily

sales

 Payroll systems – processing employees’ salary, loans management, etc.

 Stock Control systems – keeping track of inventory levels

 Airline booking systems – flights booking management

Management Information System (MIS)

Management Information Systems (MIS) are used by tactical managers to monitor the

organization's current performance status. The output from a transaction processing system is

used as input to a management information system.

The MIS system analyses the input with routine algorithms i.e. aggregate, compare and

summarizes the results to produced reports that tactical managers use to monitor, control and

predict future performance.

For example, input from a point of sale system can be used to analyse trends of products that

are performing well and those that are not performing well. This information can be used to

make future inventory orders i.e. increasing orders for well-performing products and reduce

the orders of products that are not performing well.

Examples of management information systems include;

 Sales management systems – they get input from the point of sale system

 Budgeting systems – gives an overview of how much money is spent within the

organization for the short and long terms.

 Human resource management system – overall welfare of the employees, staff

turnover, etc.

Tactical managers are responsible for the semi-structured decision. MIS systems provide the

information needed to make the structured decision and based on the experience of the

tactical managers, they make judgement calls i.e. predict how much of goods or inventory

should be ordered for the second quarter based on the sales of the first quarter.

Decision Support System (DSS)

Decision support systems are used by senior management to make non-routine decisions.

Decision support systems use input from internal systems (transaction processing systems

and management information systems) and external systems.

The main objective of decision support systems is to provide solutions to problems that are

unique and change frequently. Decision support systems answer questions such as;

 What would happen to our sales if a new competitor entered the market?

Decision support systems use sophisticated mathematical models, and statistical techniques

(probability, predictive modelling, etc.) to provide solutions, and they are very interactive.

Examples of decision support systems include;

 Financial planning systems – it enables managers to evaluate alternative ways of

achieving goals. The objective is to find the optimal way of achieving the goal. For

example, the net profit for a business is calculated using the formula Total Sales less

(Cost of Goods + Expenses). A financial planning system will enable senior

executives to ask what if questions and adjust the values for total sales, the cost of

goods, etc. to see the effect of the decision and on the net profit and find the most

optimal way.

 Bank loan management systems – it is used to verify the credit of the loan applicant

and predict the likelihood of the loan being recovered.

Thank you for your cooperation.

Question 2. Using an organisation of your choice, critically evaluate Internet security

challenges prevailing and the solutions thereof. [25]

When the Internet becomes part of the corporate system, the organisation information

systems are even more vulnerable to actions from outside. Taking into consideration

Zimbabwe Open University (ZOU) it is facing challenges in internet security due increase in

its clientele base. Cable modems and lines are more open to penetration by outsiders because

they use fixed Internet addresses where they can be easily identified. A fixed Internet address

creates a fixed target for hackers.

Most voice over IP (VOIP) traffic over the public Internet is not encrypted, so anyone with a

network can listen in on conversations. Hackers can intercept conversations or shut down

voice service by flooding servers supporting VOIP with bogus traffic.

Vulnerability has increased from widespread use of e-mail to stakeholders and other

outsiders, instant messaging (IM) and peer-to-peer file sharing programmes. E-mails may

contain attachments that serve as springboards for malicious software or unauthorised access

to internal corporate systems. Instant messaging applications can be intercepted and read by

outsiders during transmission. Sharing files over peer to-peer (P2P) networks such as those

for illegal music sharing may transmit malicious software.

While technology is helping ZOU to optimise their operations through various innovative

means, the number of cyber security threats that companies must tackle has grown. 
It suffers from numerous network security problems without ever actually realizing it.

What’s worse, when these problems go unresolved, they can create openings for attackers to

breach a company’s security infrastructure to steal data and generally wreak havoc.

 There are far too many potential problems to cover. So, this article will cover a few of

the most common network security problems and their solutions to help you cover

your bases.

Unknown Assets on the Network

 There are many businesses that don’t have a complete inventory of all of the IT assets

that they have tied into their network. This is a massive problem. If you don’t know

what all of the assets are on your network, how can you be sure your network is

secure?

 The easiest fix for this is to conduct a review of all the devices on your network and

identify all of the various platforms they run. By doing this, you can know what all of

the different access points are on your network and which ones are most in need of

security updates.

Abuse of User Account Privileges

 According to data cited by the Harvard Business Review, for the year of 2016, “60%

of all attacks were carried out by insiders.” Whether it’s because of honest mistakes

(accidentally sending info to the wrong email address or losing a work device),

intentional leaks and misuse of account privileges, or identity theft arising from a

phishing campaign or other social engineering attack that compromises their user
 account data, the people inside your business represent one of the biggest security

problems you’ll ever face.

 Because these threats come from trusted users and systems, they’re also among the

hardest to identify and stop. Considering IT personnel and other insiders who can

access administration passwords they can easily temper with the system.

 However, there are ways to minimize the risk in case of an insider attack. For

example, if the company uses a policy of least privilege (POLP) when it comes to user

access, you can limit the damage that a misused user account can do. In a POLP,

every user’s access to the various systems and databases on your network is restricted

to just those things that they need to do their jobs.

Unpatched Security Vulnerabilities

 Many businesses are concerned with “zero day” exploits. These exploits are those

unknown issues with security in programs and systems that have yet to be used

against anyone. However, zero day vulnerabilities aren’t the problem—

unpatched known vulnerabilities are the problem.

 The easiest fix for this problem is to maintain a strict schedule for keeping up with

security patches. Also, gradually changing the programs and operating systems on

your network to make them the same can simplify this process. For example, if every

system is Windows-based or Mac-based (rather than a hodgepodge of Mac, Windows,

Linux, etc.), then you only have to keep track of Mac OS or Windows OS security

patch schedules and alerts.

A Lack of Defence in Depth

 Eventually, despite all of your best efforts, there will be a day where an attacker

succeeds in breaching your network security. However, just how much damage this

attacker will be capable of depends on how the network is structured.

 The problem is that some businesses have an open network structure where once an

attacker is in a trusted system, they have unfettered access to all systems on the

network.

 If the network is structured with strong segmentation to keep all of its discrete parts

separate, then it’s possible to slow down the attacker enough to keep them out of vital

systems while your security team works to identify, contain, and eliminate the breach.

Not Enough IT Security Management

 Another common issue for many companies is that even when they have all of the

best cybersecurity solutions in place, they might not have enough people in place to

properly manage those solutions.

 When this happens, critical cybersecurity alerts may get missed, and successful

attacks may not be eliminated in time to minimize damage.

 However, finding a large enough internal IT security team to manage all of your

needs can be an expensive and time-consuming process. Qualified professionals are in

demand, and they know it.

 To build up IT security staff quickly, many businesses use the services of a dedicated

partner such as Comp Quip Cybersecurity. This allows these businesses to access a

full team of experienced cybersecurity professionals for a fraction of the cost of hiring

them full-time internally.

  Some businesses use these cybersecurity solutions partners to shore up their IT

security departments in the short-term while they’re preparing their own internal

cybersecurity teams.

Social Engineering Attacks

Cyber-criminals are increasingly using sophisticated tools – including Artificial Intelligence –

to troll the web for information that corporations and employees are inadvertently posting on

their social media sites. This information will likely become a new threat vector in the new

year where this information is exploited in phishing and spear-phishing attacks.

Supply Chain Attacks

As corporations continue to harden their own perimeters and attack surfaces, criminals are

increasingly looking at the vulnerable supply chain where risks are not completely

understood. Increasingly, the vendors in that supply chain will be regarded as part of the

company’s own vulnerability and risk profile. Criminals will increasingly exploit the supply

chain to gain access to critical information about corporations.

IoT and Infrastructure Attacks

The proliferation of cheap and insecure devices that comprise the Internet of Things (IoT),

coupled with the legacy systems that control our Infrastructure, are combining to create a

perfect storm in the New Year. Ransomware is likely to be higher as criminals hold

companies, cities and even countries hostage as they take over and compromise such systems.

Attribution will be very difficult thus providing cover to criminals and nation states.

Identity and Mobile Authentication

As we understand the limitations of passwords and identity management moves increasingly

to the cloud, mobile device authentication is likely to explode. At least initially, expect some

of this transition to be exploited, particularly where insecure approaches are used. Facial

recognition and biometrics are still undergoing rapid development and have not reached a

true trusted-state.

Malicious software: viruses, worms, Trojan horses, and spyware

Malicious software programmes are referred to as malware and include threats such as

viruses, worms and Trojan horses. These are very common in institutions of Higher Learning

like ZOU as there is a lot of research work by academic giants from different cites. A virus is

a rogue software programme that attaches itself to other software programmes or data files

without user knowledge or permission. It can destroy programmes or data, clogging computer

memory, reformatting a hard drive, or causing programmes improperly. Viruses spread from

computer to computer.

Viruses

These are rogue software programme that attaches itself to other software programmes or

data files in order to be executed

Worms

These are independent computer programmes that copy themselves from one computer to

other computers over a network. They destroy data and programmes, disrupt and halt

computer operations

Trojan horses
These are software programme that appears to be benign but then does something other than

expected. A Trojan horse is not a virus as it does not replicate but is often a way for viruses

and worms to be introduced in the computer system

Spyware

Small programs install themselves surreptitiously on computers to monitor user Web surfing

activity and serve up advertising

Key loggers

These are spyware programmes. They record every keystroke on computer to steal serial

numbers, passwords, launch Internet attacks

Spoofing

This is a process of misrepresenting oneself by using fake e-mail addresses or masquerading

as someone else. It redirects Web link to address different from intended one, with site

masquerading as intended destination

Sniffer

This is an eavesdropping programme that monitors information travelling over network. This

enables hackers to steal proprietary information such as e-mail, company files, and so on

Computer crime

It is defined as “any violations of criminal law that involves knowledge of computer

technology for their perpetration, investigation, or prosecution”. Computer may be target of

crime, for example, breaching confidentiality of protected computerized data, and accessing a

computer system without authority Computer may be instrument of crime, for instance, theft

of trade secrets or using e-mail for threats or harassment

Conclusion

In conclusion, have explained why systems are vulnerable and how best you can protect

them. Remember employees cannot be trusted and protection of the system is vital for the

organisation. There are, however, many other security software that an organisation can use

to protect their network.

References

Laudon, K.C. and Laudon, J.P. (2010), Management Information Systems, London Pearson

Prentice-Hall.

Turban, E., Ranier, R.K. and Potter, R.E. (2001), Introduction to Information Technology,

New York John Wiley and Sons Inc.

Tyson, J. (2011), “How Internet Infrastructure Works”, www.howstuufworks.com/internet.

Kayne, R. (2011), “What is E-commerce?”, www.wisegeeek.com.

Wikipedia, Electronic Commerce (the free encyclopaedia).