IFT121 – INTRODUCTION TO INFORMATION SYSTEM

2022/2023 SESSION

COURSE LECTURERS: Dr. Isiaq O. Alabi and Mr. Mustapha Atiku

COURSE OUTLINE

IFT121 – Introduction to Information Systems 2 Units

This course demonstrates how information is used by organisations to conduct business and
solve problems. This course presents information systems principles and demonstrates how they
form an integral part of modern organisations. Topics include systems concepts; organisational
processes; technological aspects of information systems; the Internet; information technology
security and ethical issues; database management; and systems development life cycle.

MODULE ONE
1.0 Information System Definition
Information systems use information technology to collect, create, and distribute useful data.
Note that data is the most basic element of any information system.

Information technology includes hardware, software, and telecommunications networks.

Hardware refers to physical computer equipment, such as a computer, tablet, or printer, as well
as components like a computer monitor or keyboard.

Software refers to a program or set of programs that tell the computer to perform certain tasks.

Telecommunications networks refer to a group of two or more computer systems linked together
with communications equipment.

Traditionally the term information technology referred to the hardware, software, and
networking components of an information system, the difference is shrinking, with many using
the terms IS and IT synonymously. In Figure 1.1, we show the relationships among these IS
components.
 Figure 1.1: An IS use IT to collect, create and distribute data
1.1 DATA

In order to understand how information systems (IS) work, it is important to distinguish between
raw, unformatted data and information.

Unformatted data, or simply data, are raw symbols, such as words and numbers. Data have no
meaning in and of themselves, and are of little value until processed. For example, if someone
gives you a number, 41709, the number is of no value until the context is defined, either for an
NIN number of a Post-office box number.

Information: Data can be formatted, organized, or processed to be useful; it is transformed into

information, which can be defined as a representation of reality, and can help to answer
questions about who, what, where, and when. An information systems, are used to transform
raw data into useful information.

Knowledge: This is the ability to understand information, form opinions, and make decisions or
predictions based on the information. For example, you know that only one NIN identity number
can uniquely identify each individual, this knowledge can assist you to find out any other
information you need about any individual in the NIN system.

1.2 THE COMPONENTS OF INFORMATION SYSTEMS

The other IS components are the software, hardware and telecommunication infrastructure.
Computer hardware has replaced physical files storage in filing cabinets. Also, computer
hardware provides the technologies to input and process data and output useful information;
software enables organizations to utilize the hardware to execute their business processes and
competitive strategy by providing the computer hardware with instructions on what processing
functions to perform.

Finally, the telecommunications networks allow computers to share information and services,
enabling the global collaboration, communication, and commerce as we see today.
1.2.1 People

Aside the hardware, software and telecoms equipment, another vital infrastructure is the people.
The IS field includes a vast collection of people who develop, maintain, manage, and study
information systems. These are individuals—whether they are end-users, managers, or IT
professionals—have their own set of skills, attitudes, preconceptions, and personal agendas that
determine what they are able to do and what they will elect to do as part of the IS.

Major features of IS people are their skills, interests, and motivations when designing and
implementing a new IS or when troubleshooting an existing
IS that is not performing as expected.

1.2.2 Process
The process component of an information system is defined here as the series of steps necessary
to complete a business activity.

For example, consider a Store manager. The store manager must follow the following process to
restock his inventory:

(1) check the inventory and identify the needed items;

(2) call individual suppliers for quotes and delivery dates;
(3) compare the various quotes;
(4) select one or more suppliers for each of the needed items based on the terms of the agreement
(e.g., availability, quality, delivery);
(5) call these suppliers and place the orders;
(6) receive the goods upon delivery, checking the accuracy and quality of the shipped items; and
(7) pay the suppliers.

Note that any potential discrepancy between the business processes as designed by the
organization and the manner in which it is actually enacted is often the root cause of IS failure.

Hence, when designing a new IS or when confronted with IS failure, identify possible or existing
obstacles that may make it difficult for people to accurately follow the business process.

1.2.3 Organizations:
Having talked about the technology side of information systems: data, information, as well as the
people side of information systems, let us turn to the Organizations that use the IS.

The organizational structure component (or “structure” for short) refers to the organizational
design (hierarchy, decentralized, loose coupling); reporting (functional, divisional, matrix); and
relationships (communication and reward mechanisms) within the information system.

Understanding the structure component is crucial because user resistance, incentive systems, and
relationships are often silent enemies of IS success that go undetected before, and sometimes
even after, IS failure becomes apparent.
Organizations use information systems for the following reasons:

i. to become more productive and profitable,

ii. to gain competitive advantage,
iii. to reach more customers, and/or
iv. To improve customer service.

This holds true for all types of organizations you can think of, therefore the four components of
an information system are IT (infrastructure), people, processes, and structure (Organization).

1.3 TYPES OF INFORMATION SYSTEMS

Organizations use various types of information systems as shown in the table below:

For example, transaction processing systems (TPS) are used by a broad range of organizations to
efficiently process customer transactions, it also generates a tremendous amount of data that can
be used by the organization to learn about customers and product(s) trends. Large data
warehouses are then used to process and analyze the datra to provide purchase recommendations
to future customers.

TPS data also provide input into a variety of information systems within organizations, such as
decision support systems, intelligent systems, data mining and visualization systems, etc.

In the past, these IS categories were distinct within organization. Today, many organizations
have replaced standalone systems with enterprise systems that span the entire organization.
Likewise, with the Internet—and systems integration—connecting separate information systems
and data to improve business processes and decision making—it is difficult to say that any given
information system fits into only one of these categories (e.g., that a system is a management
information system only and nothing else).

In addition, many of these systems are not housed within organizations any more, but are located
“in the cloud,” and accessed via the user’s browser when needed.

Given that many modern-day information systems span several of these IS categories, it is still
useful to understand these categories, in order to gain insight into different approaches, goals,
features, and functions of modern information systems.

1.4 SYSTEMIC EFFECTS

It should be noted from the ongoing that all the four components discussed so far are necessary
to ensure that the information system is successful and delivers the functionality it was intended
to provide.

Dropping any of the IS components would not work since the components would not work in
isolation but rather they interact with one another. Therefore, the systemic effects, imply that
changes in one component (e.g., the introduction of a new software application, a process
redesign, a new organization chart, or turnover among employees) affect all other components of
the system and, if not properly managed, its outputs.

1.5 WHY DO ORGANIZATIONS BUILD IS?

An organization introduces information systems in order to improve efficiency and effectiveness.
Hence, an organization must capture relevant data that are then manipulated, or processed, to
produce an output that will be useful to the appropriate users, either internal or external to the
firm (e.g., customers).

These data and information are typically accumulated, or stored, for future retrieval and use.
Figure: 1.2: Information processing in an IS

1.6 THE IS CYCLE

The information systems cycle indicates the transition of business data from The beginning in
transaction processing systems, to storage in data repositories, and finally to their use in
analytical tools. See figure 1.3.
Data are typically produced as a result of daily transactions (e.g., purchases at a retail outlet,
transport fare tickets, etc.). Such transactional data, when not disposed of, can be accumulated in
data repositories (storage) and create a record of past transactions (past records). Using analytical
tools, the stored data can be used to find patterns, test assumptions, and inform accurate decision
making or forecast.

Figure 1.3: The Information System Life Cycle

1.7 COMPETITIVE ADVANTAGE THROUGH IS

Apart from the use of IS to enable efficiency and provide a return on investment (ROI), IS
introduction can also be used to strategically edge out competitors (or rivals), hence the
Competitive advantage of IS. This is because data that are gathered from different sources,
stored, processed, and used as a source of sustained competitive advantage
1.8 ETHICAL ISSUES IN INFORMATION SYSTEMS
Computer ethics is used to describe moral issues and standards of conduct as they pertain to the
use of information systems. Information systems ethics include information privacy, accuracy,
property, and accessibility (“PAPA”).

Ethical issues are practices and behavior that surround what is good (ethical) and what is bad
(unethical). Attempting to draw a distinction between good and evil, that is. Due to the rapid
pace of the IT trends and the slow pace of legislation, some formal explicit rules lag behind the
possibilities offered by new technologies.

Unethical practices abound in societies. For instance, copying or downloading a music or

software over the web is more attractive than to order to buy original software or music copies.
Perhaps, as an IS manager you are reading off other people’s emails from the mail server, just
because you have access to the mail server and hence the individual email accounts. Another
unethical practice is to disclose confidential information you gained as an IS officer to a third
party.

Ethically, IS officers should focus on good practices by keeping fidelity of information and shun
unethical practices.

1.9 INFORMATION PRIVACY

Information privacy is concerned with what information do you want others to know about you
and how to share it appropriately in the workplace or through other transactions. Personal
information, such as National Identity numbers, ATM card numbers, medical histories, etc. are
better known to you and those you have trusted to share them with.

To protect your private information, you should always review the privacy policy of all
companies you do business with or interact with over the internet and refuse to do business with
those that do not have a clear policy or do not respect your privacy.

1.9.1 TIPS FOR DATA PRIVACY

The following tips can safeguard your privacy:

 Be cautious of revealing your true identity;

 Visit sites anonymously;
 Avoid Cookies left on your computer;
 Beware of you online posts;

SELF-ASSESSMENT QUESTIONS
1. Name your two favorite mobile devices. For each device, explain how it has enhanced
your work performance.
2. Define and contrast data, information, and knowledge.
3. List and define five types of information systems used in organizations
 4. Discuss the issues surrounding information privacy, and how you can protect yourself
5. Describe the difference between information systems and information technology.
6. Define the concept of systemic effects
7. List and describe the primary threats to IS security.
8. Define computer crime and list several examples of computer crime.
9. Why are insider threats particularly dangerous for organizations?
10. Define malware and give several examples Describe the process of managing IS security.

SELF-ASSESSMENT EXERCISES
1. Information systems today are _______.
A. slower than in the past
B. ubiquitous
C. utilized by only a few select individuals
D. stable and should not change

2. Whereas data are raw unformatted symbols or lists of words or numbers, information is _______.
A. data that have been organized in a form that is useful
B. accumulated knowledge
C. what you put in your computer
D. what your computer prints out for you

3. Information systems were described as _______.

A. any complicated technology that requires expert use
B. the use of information technology to collect, create, and distribute data
C. any technology (mechanical or electronic) used to supplement, extend, or replace human, manual labor
D. any technology used to leverage human capital

4. Which of the following was not discussed as a common type, or category, of information system used in
organizations?
A. transaction processing
B. decision support
C. enterprise resource planning
D. Web graphics

5. A Web site asking you for permission to send you a weekly newsletter is an example of _______.
A. opt-in
B. permissions
C. opt-out
D. data privacy

6. All of the following are examples of infrastructure components except

A. hardware
B. system software
C. data centers
D. applications

7. Which of the following is not a consequence of lack of availability, performance, or security?

A. loss of managerial oversight
B. loss of business
C. loss of trust
D. loss of goodwill

8. A company is said to have ______________ when it has gained an edge over its rivals.
A. monopoly
B. profitability
C. competitive advantage
D. computer advantage

9. Each of the following was described in this module as a source of competitive advantage except for
______________.
A. delivering superior customer service
B. achieving lower cost than rivals
C. being the subject of a hostile takeover
D. having shorter lead times in developing and testing new products

10. Those individuals who break into computer systems

with the intention of doing damage or committing
a crime are usually called ______________.
A. hackers
B. crackers
C. computer geniuses
D. computer operatives

SOLUTION TO EXERCISES
1. B 2. A 3. B 4. D 5. A 6. D 7. A 8. C 9. C 10. B

MODULE TWO

2.0 MANAGING INFORMATION SYSTEM IN AN ORGANIZATION

Management of information systems in organizations include budgeting, operational planning,
design and development or implementation. The management role is important as it deals with
the management of the IS resources (infrastructure, processes and people).

The burden of managing IS facilities fall on the stakeholders such as the management staff
(Chief executive), and IS experts who meet regularly to provide guidance to the IS function.

2.1 ORGANIZATIONAL PROCESS

These are activities an organization want to accomplish (goal) and how the series of steps
(process) to get them done are established. Assigning the processes or tasks to groups or
individuals and arranging the groups or individuals in a decision making framework (structure).

The first step in process organizing is to identify and divide tasks or work to be done into smaller
units and avoid duplication of work.

2.2 PROCESS INTEGRATION

Process integration refers to the unification or the creation of tight linkages among the diverse,
but connected, business processes carried out by individuals, groups, and departments within an
organization. The outcome of process integration is the introduction of cohesive, streamlined
business processes that encompass previously separate processes.

Note that information systems and technology infrastructure work together for process
integration strategies to be realized (or feasibly implemented). The term system integration
refers to the synergy of IT-enabled information systems and databases.

2.3 BUSINESS PROCESS MANAGEMENT

The role of business process management (BPM) is to optimize business processes for
organizational efficiency, and effectiveness. BPM must be a systematic and structured
improvement approach to be adopted by a part or all of the organization whereby people
critically examine, rethink, and redesign business processes in order to achieve satisfactory
improvements in performance measures, such as quality, response time, or cost. BPM is often
called business process reengineering [BPR].

Behind every BPM initiatives are information systems that enable the streamlining of business
processes. Hence, IS consultants and business analysts who have a sound understanding of the
business but who are also well versed in technology are engaged to accomplish BPM.

2.4 ENTERPRISE SYSTEMS

Traditionally, organizations designed and custom developed software applications to support
their unique work activities and business processes. These custom-developed applications were
typically designed and implemented for specific processes. As more and more organizational
processes are being automated then came the need for integrating the process systems, which
gave rise to the term Enterprise systems integration or simply Enterprise systems.

It is common to find an organization enterprise system using a single database to integrate

disparage software like accounting, inventory, vendor or customers supply chain, human
resources and payroll processes together.
 Figure 2.1: An Enterprise system integration

2.5 ENTERPRISE RESOURCE PLANNING (ERP)

In the 1990s, ERP systems replaced standalone applications by providing various modules based
on a common database and similar application interfaces that serve the entire enterprise.
Information stored on legacy systems were converted into a large, centralized database that
stores information related to the various business activities of an organization.

Thus, ERP applications access information from a central information repository. For example,
inventory information is accessible not only to inbound logistics and operations, but also to
accounting, sales, and customer service personnel.

Storing data in a single place and making it available to everyone within the organization
empowers everyone in the organization to be aware of the current state of business and to
perform their jobs better. Examples ERP systems are SAP, Globus (an enterprise-wide banking
application) and Microsoft Suite.

2.6 GREEN IS
The Environmental impact of use, disposal and emission of IT (eWaste) from IT equipment from
data centres and the desire to preserve the natural environment led to the creation of the term
“Green IT” and/or “Green IS”.
Thus, Green IT (or IS) initiatives and practices are focused on minimizing the direct impact of
IT production and use on the environment.

2.7 THE INTERNET AND ITS SERVICES

Internet is, simply put, “internetwork, a network of networks” or a collection of networked
(inter-connected) computers that can communicate with one another. Several computers are
linked over the internet by the Transmission control protocol/Internet protocol suite (TCP/IP).
The Internet is an infrastructure that has some vital services such as e-mail, the web, instant
messaging, telephony (Voice-over internet protocol, VoIP), file transfer, etc.

Note however, that Internet and World Wide Web (or web) are not the same.

The Internet is the infrastructure upon which many services are made available including the web
itself! So, the web is one of the internet services.

2.8 SECURING INFORMATION SYSTEMS

Those individuals who are knowledgeable enough to gain access to computer systems without
authorization are referred to as Hackers. Computer crimes are almost as varied as the users who
commit them.

Crimes in the form of electronic vandalism using virus codes, causing computer systems to
crash, or deny service on a Web site, unauthorized access, information modification. Aside from
hackers, others disasters that can happen to information systems are accidents caused by natural
disasters, fire outbreak, inexperienced users, or mistakes, caused maliciously or intentionally by
crackers.

In order to manage IS security effectively a variety of managerial methods and security

technologies can be adopted to manage IS security effectively. The following methods can be
used to secure information systems:

1. Assessing risks
2. Developing a security strategy
3. Implementing controls and training
4. Monitoring security

In addition, organizations should continuously watch for emerging threats, vulnerabilities and so
as to update risk assessments and strategies, and implement additional controls.

SELF-ASSESSMENT QUESTIONS
1. What is an enterprise system (ES)?
2. Explain how enterprise application integration (EAI) works
3. Define the following terms: business intelligence, business intelligence infrastructure,
data warehouse, data mart, OLAP, and data mining
4. How do an organization’s resources and capabilities result in a competitive advantage?
5. What are core business processes?
6. What are the core components of an ERP system?
7. How do applications support organizational business processes?
8. For which purposes are data stored in organizations?
9. What are the major types of networks?
10. What is the World Wide Web, and what is its relationship to the Internet?

SELF-ASSESSMENT EXERCISES
1. ______________ is using technology as a way to help complete a task within an organization faster and, perhaps,
more cheaply.
A. Automating
B. Learning
C. Strategizing
D. Processing

2. What is the process of choosing, matching, executing, and assessing innovative technologies called?
A. environmental scanning
B. disruptive innovation cycle
C. strategic planning
D. none of the above

3. ______________ are information systems that allow companies to integrate information and support operations
on a company-wide basis.
A. Customer relationship management systems
B. Enterprise systems
C. Wide area networks
D. Interorganizational systems

4. All of the following are true about legacy systems Except ______________.
A. they are standalone systems
B. they are older software systems
C. they are ERP systems
D. they may be difficult to integrate into other Systems

5. Information systems that focus on supporting functional areas, business processes, and decision making within
an organization are referred to as ______________.
A. legacy systems
B. enterprise-wide information systems
C. interorganizational systems
D. internally focused systems

6. An enterprise system that has not been customized is

commonly referred to as ______________.
A. a vanilla version
B. a root version
C. a core version
D. none of the above

7. ______________ is a systematic, structured improvement approach by all or part of an organization that

critically examines, rethinks, and redesigns processes in order to achieve dramatic improvements in one or more
performance measures, such as quality, cycle time, or cost.
A. Systems analysis
B. Business process management
C. Customer relationship management
D. Total quality management

8. What is the common rule for deciding if an information system faces a security risk?
A. Only desktop computers are at risk.
B. Only network servers are at risk.
C. All systems connected to networks are vulnerable
to security violations.
D. Networks have nothing to do with computer security.
9. Those individuals who break into computer systems with the intention of doing damage or committing
a crime are usually called ______________.
A. hackers
B. crackers
C. computer geniuses
D. computer operatives

10. Which of the following does not pose a threat to electronic information?
A. unauthorized access
B. jailbreaking one’s mobile phone
C. unauthorized information modification
D. all of the above can compromise information

SOLUTION TO EXERCISES
1.A 2.B 3.B 4.C 5.D 6.A 7.B 8.C 9.B 10.D

MODULE THREE

3.1 BUSINESS INTELLIGENCE

Business intelligence is therefore the ability to gather and make sense of information about IS.
business intelligence infrastructure to refer to the set of applications and technologies designed
to create, manage, and analyze large repositories of data in an effort to extract value from them.

The main components of a BI infrastructure are data warehouses, data marts, query and reporting
tools, online analytical processing (OLAP), and data mining.

3.2 CLOUD COMPUTING

Cloud computing uses the Internet to pool IT resources such as applications or storage
components residing online and are accessed by clients through the Internet infrastructure thus
enhancing portability and mobility. Examples of cloud resources are Dropbox (a service to back up,
and share files) and Netflix (video and audio streaming services). Spotify and Reddit are other
examples of cloud applications.

A typical cloud computing provider adopts a utility billing model, whereby the user only pays for
the usage of the service on an as-needed basis, and pay only for what is actually used. Cloud
computing thus helps to transform IT infrastructure costs from a capital expenditure to an
operational expenditure Cloud computing is differentiated along three main delivery modes: the
application (SaaS), the platform (PaaS), and the infrastructure (IaaS) (aaS means “as a
service”).

3.3 DATABASE MANAGEMENT

A database is a collection of related records. We use database management systems (DBMSs) to
interact with the data in databases. A DBMS is a software application with which you create,
store, organize, and retrieve data from a single database or several databases.

Figure 3.1: A user application and Database

Microsoft Access is an example of a popular DBMS for personal computers. It allows individuals or small
groups to create and manage relatively small databases. In the DBMS, the individual database is a
collection of related attributes about entities. An entity is something you collect data about, such as people, students
or classes.

Typically, a DBMS can manage hundreds or even thousands of records (or tables)
simultaneously by linking the tables as part of a single system. A DBMS gives a database
administrator the tools to manage the data (e.g., protect the data through authentication, schedule
backups).The database can therefore be shared among multiple applications, and users. Since
every client is running the only copy of the application and database rather than separate
instances, any update is immediately and automatically propagated to all users

SELF-ASSESSMENT QUESTIONS
1. Describe how cloud computing can improve your personal productivity.
2. Describe the difference between information systems and information technology.
3. What are the principal challenges associated with information systems ethics?
4. Define and provide an example of each of the different types of intrusion threats.
5. What is an enterprise system (ES)?

SELF-ASSESSMENT EXERCISES

3-19. Which of the following is the protocol of the Internet?

A. URL
B. HTML
C. TCP/IP
D. ARPA

3-20. All of the following are correct domain suffixes except

A. edu—educational institutions
B. gov—U.S. government
C. neo—network organizations
D. com—commercial businesses

3-21. The ability to adapt to increases or decreases in demand for processing or storage is referred to as
______________.
A. adaptability
B. flexibility
C. scalability
D. agility

3-22. In cloud computing, services are typically offered using ______________.

A. private clouds
B. heterogeneous grids
C. a utility computing model
D. edge computing

3-23. For the most flexibility in the use of computing resources, companies choose a (n) ______________
provider.
A. utility computing
B. software as a service
C. platform as a service
D. infrastructure as a service

3-24. Large-scale computing problems can be solved using ______________ computing.

A. grid
B. utility
C. cloud

3-17. Engineering drawings are typically prepared using ______________.

A. mainframes
B. servers
C. personal computers
D. workstations

1-21. Being _______, or knowing how to use the computer as a device to gather, store, organize, and process
information, can open up myriad sources of information.
A. technology literate
B. digitally divided
C. computer literate
D. computer illiterate

6-18. In order to swiftly respond to a highly competitive and

rapidly changing environment, organizations utilize a
______________.
A. continuous planning process
B. structured decision-making process
C. decision support process
D. decision-making process

9-14. In the systems design phase, the elements that must be

designed when building an information system include
all of the following except ______________.
A. the human–computer interface
B. questionnaires
C. databases and files
D. processing and logic
REFERENCES
SOLUTION TO EXERCISES
1.C 2.C 3,C 4.C 5.D 6.A 7.D 8.C 9. A. 10. B

MODULE FOUR

3.1 SYSTEMS DEVELOPMENT LIFE CYCLE

There are two dominant systems development methodologies: the system
development life cycle (SDLC) and prototyping. SDLC is a highly structured
methodology where the outputs of one stage become the inputs of the next.

The SDLC methodology comprises of three phases—definition, build, and

implementation—each one further divided into three steps. See figure 4.1.

Figure 4.1: The SLDC phases

Definition The definition phase of the SDLC is concerned with clearly identifying the features of
the proposed information system by liaising with the IS end-users.

Build The build phase of the SDLC is the most technical, and this is when software developers
designed and developed the application software according to the system requirements.
Implementation Once the software has been developed and tested, the project team needs to
ensure that it is properly integrated with the other components of the information system.

3.2 RISKS ASSESSMENT AND MITIGATION

The risk assessment process consists of auditing all the current resources, technological as well
as human, in an IS in order to know the set of vulnerabilities the organization is facing.

Risk mitigation is the process of matching the appropriate response to the security threats an
organization had identified. Risk mitigation allows an organization to devise the optimal strategy
to neutralize the effects of the set of security risks (or threats) it had identified.

Once an organization had identified some risks (or threats), the organization has three
mitigation strategies to respond to the risks. The strategies are: Risk acceptance, Risk reduction,
and Risk transference.

Risk acceptance. This strategy means not investing in countermeasures and not reducing the
security risk. The organization is aware of the risks and it is ready to bear the risks.

Risk reduction. This strategy involves taking measures to mitigate the identified risks (or
threats).

Risk transference. This strategy consists of passing a portion (or all) of the Identified risks to a
third party (e.g. buying insurance policy).

As an organization gravitates to identify the optimal IT risk management and IS

security strategy, it will have to identify the best mix of the three mitigation strategies. Today,
many information systems are facing both internal and external risk factors.

3.3 INTERNAL AND EXTERNAL RISK FACTORS

Internal threats or risks are those posed by individuals who have direct access to the firm’s
technology infrastructure. Examples include staff careless behaviour, intentional or malicious
damage to IS facilities, disclosure of confidential information, etc.

External risks are those risks inflicted by the outsiders on the organization’s information
systems. Examples are virus threats, external intrusion into IS, backdoor and security weakness,
etc.

SELF-ASSESSMENT QUESTIONS
1. What are the four phases of the systems development life cycle (SDLC)?
2. What are the three major components/tasks of the systems design phase of the SDLC?
3. List and describe the primary threats to IS security.
4. Define malware and give several examples.
5. Describe the process of managing IS security.
SELF-ASSESSMENT EXERCISES
1. Which of the following is not one of the four phases of the systems development life cycle?
A. systems analysis
B. systems implementation
C. systems design
D. systems resource acquisition

2. ______________ is the process of gathering and organizing information from users,

managers, business processes, and documents to understand how a proposed information system
should function.
A. Requirements collection
B. Systems collection
C. Systems analysis
D. Records archiving

3. Which of the following is the correct order of phases in the systems development life cycle?
A. analysis, planning, design, implementation
B. analysis, design, planning, implementation
C. planning, analysis, design, implementation
D. design, analysis, planning, implementation

4. ______________ maintenance involves making enhancements to improve processing

performance or interface usability or adding desired (but not necessarily required) system
features (in other words, “bells and whistles”).
A. preventive
B. perfective
C. corrective
D. adaptive

5. ______________ is the process of encoding messages before they enter the network or
airwaves, then decoding them at the receiving end of the transmission so that recipients can read
or hear them.
A. encryption
B. biometrics
C. authentication
D. disaster recovery

6. Which of the following is the process of determining the true, accurate identity of a user of an
information
system?
A. audit
B. authentication
C. firewall
D. virtual private network
7. Limiting access to electronic information usually involves ______________.
A. something you have
B. something you know
C. something you are
D. all of the above

8. Technological controls used to protect information include ______________.

A. laws
B. effective management
C. firewalls and physical access restrictions
D. ethics

9. Which of the following does not pose a threat to

electronic
information?
A. unauthorized access
B. jailbreaking one’s mobile phone
C. unauthorized information modification
D. all of the above can compromise information

10. What is the common rule for deciding if an information

system faces a security risk?
A. Only desktop computers are at risk.
B. Only network servers are at risk.
C. All systems connected to networks are vulnerable
to security violations.
D. Networks have nothing to do with computer security.

REFERENCES
1. HBR Analytic Service. (2014). Driving digital transformation: New skills for leaders, new
role for the CIO. Boston, MA: Harvard Business School Press.
2. Hilbert, M., & Lopez P. (2011, April 1). The world’s technological capacity to store,
communicate, and compute information. Science, 60–65.

3. HBR Analytic Service. (2012). Innovation from efficiency: Unlocking the value in IT systems.
Boston, MA: Harvard Business School Press.

4. Hofstede, G., Hofstede, G. J., & Minkov, M. (2010). Cultures and organizations: Software of
the mind. Revised and expanded ed. New York, NY: McGraw-Hill.

5. Birst, S. J. (2014, August 21). The battle of business intelligence: Data discovery vs.
traditional BI. Wired. Retrieved from
http://www.wired.com/insights/2014/08/battle-business-intelligence-datadiscovery-
vs-traditional-bi/
6. Chen, H., Chiang, R. H. L., and Storey, V. C. (2012). Business intelligence and analytics:
From big data to big impact. MIS Quarterly, 36(4), 1165–1188.

7. Smith, H. J., Dinev, T., and Xu, H. (2011). Information privacy research: An interdisciplinary
review. MIS Quarterly, 35(4), 989–1015.

8. Morey, T., Forbath, T. “Theo,” and Schoop, A. (2015, May). Customer Data: Designing for
Transparency and Trust, Harvard Business Review. Retrieved
from https://hbr.org/2015/05/customer-data-designing-for-transparency-andtrust.

SOLUTION TO EXERCISES
1. D 2. A 3. C 4. B 5. A 6. B 7. D 8. C 9. D 10. C