Module 4

Contemporary Issues in Management

Information Systems

Jitendra B Patil
Contains
 Chapter-I
E-commerce

 Chapter-II
Securing Information System

 Chapter-III
Ethical & Social Issues in Information systems
 Chapter-I
E-commerce
E-commerce
 E-commerce (electronic commerce) is the activity
of electronically buying or selling of products on
online services or over the Internet. E-commerce draws
on technologies such as mobile commerce, electronic
funds transfer, supply chain management, Internet
marketing, online transaction processing, electronic
data interchange (EDI), inventory management
systems, and automated data collection systems. E-
commerce is in turn driven by the technological
advances of the semiconductor industry, and is the
largest sector of the electronics industry.
Cont.
 In recent years India has experienced a boom in
internet and Smartphone penetration. The number of
internet connections in 2021 increased significantly to
830 million, driven by the ‘Digital India’ programme.
Types of E-Commerce
Business-to-Business (B2B)
 A B2B model of business involves the conduct of trade
between two or more businesses/companies. The channels
of such trade generally include conventional wholesalers
and producers who are dealing with retailers.

Business-to-Consumer (B2C)
 Business-to-Consumer model of business deals with the
retail aspects of e-commerce, i.e. the sale of goods and/or
services to the end consumer through digital means. a
Cont.
Consumer-to-Consumer (C2C)
 This business model is leveraged by a consumer for
selling used goods and/or services to other consumers
through the digital medium. The transactions here are
pursued through a platform provided by a third party,
the likes of which include OLX, Quickr, etc.
A Private Industrial Network
Cont.
 Private industrial networks typically consist of a large
firm using an extranet to link to its suppliers and other
key business partners.

 Another term for a private industrial network is a

private exchange.
A Net Marketplace
Cont.
 Net marketplaces which are sometimes called e-hubs,
provide a single, digital marketplace based on internet
technology for many different buyers and sellers.

 Net marketplaces generate revenue from purchase and

sale transactions and other services provided to clients.
E-commerce businesses may also
employ some or all of the following:
 Online shopping for retail sales direct to consumers via web
sites and mobile apps, and conversational commerce via live
chat, chatbots, and voice assistants;
 Providing or participating in online marketplaces, which process third-
party business-to-consumer (B2C) or consumer-to-consumer (C2C)
sales;
 Business-to-business (B2B) buying and selling;
 Gathering and using demographic data through web contacts and social
media;
 B2B electronic data interchange;
 Marketing to prospective and established customers by e-mail or fax
(for example, with newsletters);
 Engaging in pretail for launching new products and services;
 Online financial exchanges for currency exchanges or trading purposes.
Key Concepts of E-commerce
 The internet has created a digital marketplace where millions of
people all over the world are able to exchange massive amounts
of information directly, instantly, and for free.
 The Internet shrinks information asymmetry. An information
asymmetry exists when one party in a transaction has more
information that is important for the transaction than the other
party.
 Digital markets are very flexible and efficient because they
operate with reduced search and transaction costs, lower menu
costs (merchants costs of changing prices) price
discrimination, and the ability to change prices dynamically
based on market conditions.
 In dynamic pricing, the price of product varies depending on
the demand characteristics of the customer or the supply
situation of the seller
Cont.
 Digital markets provide many opportunities to sell
directly to the consumer, bypassing intermediaries,
such as distributers or retail outlets. The removal of
organizations or business process layers responsible
for intermediary steps in a value chain is called
disintermediation
The benefits of Disintermediation to the
Consumer
Cont.
Digital Goods
 The internet digital marketplace ha greatly expanded
sales of digital goods. Digital goods are goods that can
be delivered over a digital network. Music tracks,
Video, Software, Newspapers, Magazines, and Books
can all be expressed, stored, delivered and sold as
purely digital products.
Internet Business Models
 The Internet has created online communities, where
people with similar interests exchange ideas from
many different locations. Some of these virtual
communities are providing the foundation for new
businesses. Village.com provides an online community
for women sharing similar interests, such as diet and
fitness, pregnancy, parenting, home and garden, and
food. Members post their own personal Web pages,
participate in online discussion groups, and join online
“clubs” with other like-minded people.
Cont.
 A banner ad is a graphic display on a web page used for
advertising.
 Pop-up ads work in the opposite manner. These ads
automatically open up when a user accesses a specific web
site, and the user must click the ad to make it disappear.
 Social networking sites are a type of online community
that has become extremely popular. Social networking is
the practice of expanding the number of one’s business or
social contacts by making connections through individuals.
 Social networking is so appealing that it has inspired a new
type of e-commerce experience called social shopping.
Social shopping sites such as Kaboodle, ThisNext, and
Stylehive.com provide online meeting places for people to
swap shopping ideas.
M-commerce/Mobile commerce
 M-commerce (mobile commerce) is the buying and
selling of goods and services through wireless
handheld devices such as smart-phones and tablets.
M-commerce is a form of e-commerce that enables
users to access online shopping platforms without the
use of a desktop computer.
M-commerce Services and Applications
 Location based Services
 Banking and Financial Services
 Wireless Advertising
 Games and Entertainment
Examples of Electronic Payment
Systems for E-Commerce
 Chapter-II
Securing Information System
Securing Information Systems
 Security refers to the policies, procedures, and
technical measures used to prevent unauthorized
access, alteration, theft, or physical damage to
information systems.

 Controls are methods, policies, and organizational

procedures that ensure the safety of the organization’s
assets; the accuracy and reliability of its records; and
operational adherence to management standards.
System Vulnerability and Abuse
 As firms become more technologically oriented, they must
become more aware of security and control issues
surrounding their information systems and protect the
resources.
 When large amounts of data are stored in electronic form,
they are vulnerable to many more kinds of threats than
when they existed in manual form.
 Through communications networks, information systems in
different locations are interconnected.
 The potential for unauthorized access, abuse, or fraud is not
limited to a single location but can occur at any access
point in the network.
Why Systems Are Vulnerable?
 Vulnerability is weakness or flaw in a computer system
that can be exploited by a threat.
 Security threat is a possible danger that might exploit
vulnerabilities in a computer system to breach security
and thus cause possible harm.
 Information systems are vulnerable to technical,
organizational, and environmental threats from internal
and external sources.
 If managers at all levels don't make security and
reliability their number one priority, then the threats to
an information system can easily become real.
Contemporary security challenges and
vulnerabilities
Cont.
 Businesses that partner with outside companies are
more vulnerable. Partnering companies may not
protect information as strictly.
 Employees of the partnering firm may not view
security as diligently as the primary business. In
today's business environment, it's not enough to protect
hardware and software physically located within an
organization.
 Mobile computing devices like smart-phones, cell
phones, net-books, and laptops, add to the
vulnerability of information systems by creating new
points of entry into information systems.
Internet Vulnerabilities
 Large public networks, such as the Internet, are more
vulnerable than internal networks because they are virtually
open to anyone.
 The Internet is so huge that when abuses do occur, they can
have an enormously widespread impact.
 When the Internet becomes part of the corporate network,
the organization’s information systems are even more
vulnerable to actions from outsiders.
 Computers that are constantly connected to the Internet by
cable modems or digital subscriber line (DSL) lines are
more open to penetration by outsiders because they use
fixed Internet addresses where they can be easily identified.
Cont.
 Vulnerability has also increased from widespread use
of e-mail, instant messaging (IM), and peer to-peer
file-sharing programs.
 E-mail may contain attachments that serve as
springboards for malicious software or unauthorized
access to internal corporate systems.
 Employees may use e-mail messages to transmit
valuable trade secrets, financial data, or confidential
customer information to unauthorized recipients.
WI FI security challenges
Malicious Software
 Malicious software programs are referred to as malware and
include a variety of threats, such as computer viruses, worms,
and Trojan horses.
 A computer virus is a rogue software program that attaches itself
to other software programs or data files in order to be executed,
usually without user knowledge or permission.
 Most computer viruses deliver a “payload.”
 The payload may be relatively not harmful, such as the
instructions to display a message or image, or it may be highly
destructive—destroying programs or data, clogging computer
memory, reformatting a computer’s hard drive, or causing
programs to run improperly.
 Viruses typically spread from computer to computer when
humans take an action, such as sending an e-mail attachment or
copying an infected file.
Cont.
 Most recent attacks have come from worms, which are
independent computer programs that copy themselves from
one computer to other computers over a network.
 (Unlike viruses, they can operate on their own without
attaching to other computer program files and rely less on
human behavior in order to spread from computer to
computer. This explains why computer worms spread much
more rapidly than computer viruses.)
 Worms destroy data and programs as well as disrupt or
even halt the operation of computer networks.
 Worms and viruses are often spread over the Internet from
files of downloaded software, from files attached to e-mail
transmissions, or from compromised e-mail messages or
instant messaging.
Cont.
 Viruses have also invaded computerized information
systems from “infected” disks or infected machines. E-
mail worms are currently the most problematic.
 A Trojan horse is a software program that appears to be
benign (genuine) but then does something other than
expected.
 The Trojan horse is not itself a virus because it does
not replicate, but it is often a way for viruses or other
malicious code to be introduced into a computer
system.
Cont.
 The term Trojan horse is based on the huge wooden
horse used by the Greeks to trick the Trojans into
opening the gates to their fortified city during the
Trojan War. Once inside the city walls, Greek soldiers
hidden in the horse revealed themselves and captured
the city.
 SQL injection attacks are the largest malware threat.
SQL injection attacks take advantage of vulnerabilities
in poorly coded Web application software to introduce
malicious program code into a company’s systems and
networks.
Cont.
 Large Web applications have hundreds of places for
inputting user data, each of which creates an
opportunity for an SQL injection attack.
 Spyware is any software installed on your PC that
collects your information without your knowledge, and
sends that information back to the creator so they can
use your personal information in some nefarious way.
This could include key logging to learn your
passwords, watching your searching habits, changing
out your browser home and search pages, adding
obnoxious browser toolbars, or just stealing your
passwords and credit card numbers.
Cont.
 Keyloggers record every keystroke made on a
computer to steal serial numbers for software, to
launch Internet attacks, to gain access to e-mail
accounts, to obtain passwords to protected computer
systems, or to pick up personal information such as
credit card numbers.
 A backdoor in a computer system is a method of
bypassing normal authentication, securing
unauthorized remote access to a computer, obtaining
access to plain text, and so on, while attempting to
remain undetected.
Hackers and Computer Crime
 A hacker is an individual who intends to gain
unauthorized access to a computer system.
 Within the hacking community, the term cracker is
typically used to denote a hacker with criminal intent,
although in the public press, the terms hacker and
cracker are used interchangeably.
 Hackers and crackers gain unauthorized access by
finding weaknesses in the security protections
employed by Web sites and computer systems, often
taking advantage of various features of the Internet that
make it an open system that is easy to use. a
Spoofing and Sniffing
 Hackers attempting to hide their true identities often
spoof, or misrepresent, themselves by using fake e-
mail addresses or masquerading as someone else.
 Spoofing also may involve redirecting a Web link to an
address different from the intended one, with the site
masquerading as the intended destination.
 For example, if hackers redirect customers to a fake
Web site that looks almost exactly like the true site,
they can then collect and process orders, effectively
stealing business as well as sensitive customer
information from the true site.
Cont.
 A sniffer is a type of eavesdropping program that
monitors information traveling over a network.
 When used legitimately, sniffers help identify potential
network trouble spots or criminal activity on networks,
but when used for criminal purposes, they can be
damaging and very difficult to detect.
 Sniffers enable hackers to steal proprietary information
from anywhere on a network, including e-mail
messages, company files, and confidential reports.
Computer Crime
 Most hacker activities are criminal offenses, and the
vulnerabilities of systems make them targets for other
types of computer crime as well.
 Computer crime is a growing national and
international threat to the continued development of e-
business and e-commerce.
 It's very difficult for our society and our governments
to keep up with the rapid changes in the types of
computer crime being committed. Many laws have to
be rewritten and many new laws must be implemented
to accommodate the changes.
Examples of Computer Crime
Business Value of Security and Control
 Many firms are reluctant to spend heavily on security
because it is not directly related to sales revenue. However,
protecting information systems is so critical to the
operation of the business that it deserves a second look.

 Companies have very valuable information assets to

protect. Systems often house confidential information about
individuals’ taxes, financial assets, medical records, and job
performance reviews.

 They also can contain information on corporate operations,

including trade secrets, new product development plans,
and marketing strategies.
Cont.
 Government systems may store information on weapons
systems, intelligence operations, and military targets.

 These information assets have tremendous value, and the

repercussions can be devastating if they are lost, destroyed,
or placed in the wrong hands.

 Transactions worth billions and trillions of dollars are

carried out on networks every day. Think of the impact if
the networks experience downtime for even a few minutes.
It may create serious harm to business reputation of the
organization.
Legal and Regulatory Requirements for
Electronic Records Management
 Because information systems are used to generate, store,
and transport such data, the legislation requires firms to
consider information systems security and other controls
required to ensure the integrity, confidentiality, and
accuracy of their data.

 Each system application that deals with critical financial

reporting data requires controls to make sure the data are
accurate.

 Controls to secure the corporate network, prevent

unauthorized access to systems and data, and ensure data
integrity and availability in the event of disaster or other
disruption of service are essential as well.
Cont.
 Because so much of our personal and financial information
is now maintained electronically, the government needs to
pass laws mandating how the data will be protected from
unauthorized or illegal misuse.

 Govt. of India has already passed a cyber law outlining the

requirements for electronic records management and is in
process of modifying the law and creating new laws.

 All of these laws are in response to computer crimes and

abuses that businesses or individual have committed or
experienced.
Electronic Evidence and Computer
Forensics
 Several things are happening in the corporate worlds that
are changing the requirements for how companies handle
their electronic documents:
 Companies are communicating more and more with email and
other forms of electronic transmissions, and
 Courts are allowing all forms of communication to be held as
evidence.

 Therefore, businesses must develop methods of capturing,

storing, and presenting any and all electronic
communications including email, instant messaging, and e-
commerce transactions.
Cont.
 Computer forensics is the application of investigation and analysis
techniques to gather and preserve evidence from a particular computing
device in a way that is suitable for presentation in a court of law.

 It can be used in the detection and prevention of crime and in any

dispute where evidence is stored digitally.

 Computer forensics is the scientific collection, examination,

authentication, preservation, and analysis of data held on or retrieved
from computer storage media in such a way that the information can be
used as evidence in a court of law. It deals with the following problems:
 Recovering data from computers while preserving evidential integrity
 Securely storing and handling recovered electronic data
 Finding significant information in a large volume of electronic data
 Presenting the information to a court of law.
Information Systems Controls
 Information systems controls are both manual and automated and
consist of both general controls and application controls.
 General controls govern the design, security, and use of
computer programs and the security of data files in general
throughout the organization’s information technology
infrastructure.
 On the whole, general controls apply to all computerized
applications and consist of a combination of hardware, software,
and manual procedures that create an overall control
environment.
 General controls include software controls, physical hardware
controls, computer operations controls, data security controls,
controls over implementation of system processes, and
administrative controls. Table below describes the functions of
each of these controls.
General controls
Risk Assessment
 A risk assessment determines the level of risk to the firm if
a specific activity or process is not properly controlled.

 Not all risks can be anticipated and measured, but most

businesses will be able to acquire some understanding of
the risks they face.

 Business managers working with information systems

specialists should try to determine the value of information
assets, points of vulnerability, the likely frequency of a
problem, and the potential for damage.
 Chapter-III
Ethical & Social Issues in
Information systems
IT Security, Ethics, and Society

1
Cont.
 Ethics are the principles of right and wrong
individuals, acting as free moral agents, use to make
choices to guide their behavior. Information systems
raise new ethical questions for both individuals and
societies because they create opportunities for intense
social change.
Recent Examples of Failed Ethical
Judgment by Managers
The Relationship Between Ethical, Social, And
Political Issues In An Information Society
Cont.
 Information rights and obligations. What information
rights do individuals and organizations possess with
respect to themselves? What can they protect?

 Property rights and obligations. How will traditional

intellectual property rights be protected in a digital
society in which tracing and accounting for ownership
are difficult and ignoring such property rights is so
easy?
Cont.
 Accountability and control. Who can and will be held
accountable and liable for the harm done to individual and
collective information and property rights?

 System quality. What standards of data and system quality

should we demand to protect individual rights and the
safety of society?

 Quality of life. What values should be preserved in an

information- and knowledge-based society? Which
institutions should we protect from violation? Which
cultural values and practices are supported by the new
information technology?
Technology Trends that Raise Ethical
Issue
Non-obvious Relationship Awareness
(NORA)
Cont.
 NORA is software that help firm or organization to use
data to find out the relationship of something that
maybe no one would think that relationship exist.
Basically, NORA help you to discover relationship
between data types and data locations that disparate.
NORA are software of data mining that using real-time
analysis of data and distributed data mining to uncover
‘non-obvious’ relationships.
How does NORA Works?
 Accepts data feeds from numerous enterprise
information system

 Built a model of identities and relationship between

identities in real time

 If a new identity matched or related to another identity

in a manner that warranted human scrutiny the system
would immediately generate an intelligence alert.
Information used in NORA
 Transaction data from sales across the nation
 Personal data
 Work histories
 Human resources issue (firing, etc.)
 Criminal records
 Incident Records (visit hospital, etc.)
Ethical Analysis
When confronted with a situation that seems to present
ethical issues, how should you analyze it?
The following five-step process should help.
 Identify and describe clearly the facts
 Define the conflict or dilemma and identify the
higher-order values involved
 Identify the stakeholders
 Identify the options that you can reasonably take
 Identify the potential consequences of your options
Federal Privacy Laws in The united
states and India
Property Rights: Intellectual Property
 Intellectual property (IP) refers to creations of the
mind, such as inventions; literary and artistic works;
designs; and symbols, names and images used in
commerce.
 IP is protected in law by,
for example, patents, copyright and trademarks, which
enable people to earn recognition or financial benefit
from what they invent or create. By striking the right
balance between the interests of innovators and the
wider public interest, the IP system aims to foster an
environment in which creativity and innovation can
flourish.
Types of IP
Trade secrets
 Trade secrets are IP rights on confidential information
which may be sold or licensed. The unauthorized
acquisition, use or disclosure of such secret information in
a manner contrary to honest commercial practices by others
is regarded as an unfair practice and a violation of the trade
secret protection.

Copyright
 Copyright is a legal term used to describe the rights that
creators have over their literary and artistic works. Works
covered by copyright range from books, music, paintings,
sculpture and films, to computer programs, databases,
advertisements, maps and technical drawings.
Cont.
Patents
 A patent is an exclusive right granted for an invention.
Generally speaking, a patent provides the patent owner
with the right to decide how - or whether - the
invention can be used by others. In exchange for this
right, the patent owner makes technical information
about the invention publicly available in the published
patent document.
Thank You