CATHOLIC UNIVERSITY

OF ZIMBABWE

NAME: NQABENHLE TRAVOLTA

SURNAME: MOYO

REGISTRATION NUMBER:212679B

M.O.E: ONLINE

PROGRAM: BACHELOR OF BUSINESS MANAGEMENT AND

INFORMATION TECHNOLOGY

MODULE: Management Information Systems

COURSE CODE: IT402

LEVEL: 4:1

LECTURER: Mr H.Chikunya
1)
a) The rapid growth of ICTs has significantly expanded the attack surface for cyber
threats, resulting in a variety of security challenges beyond viruses. Some of these are:
Phishing and Social Engineering Attacks:
Phishing attacks use deceptive emails or websites to trick individuals into providing
sensitive information such as passwords, financial details, or personal data.
Social engineering manipulates people into bypassing security protocols, exploiting
human psychology rather than technical vulnerabilities

Ransomware:

Ransomware attacks have escalated, targeting businesses, government institutions, and

healthcare systems. Attackers encrypt critical organizational data, demanding a ransom
for decryption keys

Insider Threats:

Insider threats arise from employees or contractors misusing their access privileges,
whether intentionally or through negligence. These threats are particularly difficult to
detect because they occur within trusted environments

Distributed Denial of Service (DDoS) Attacks:

DDoS attacks disrupt service availability by overwhelming servers, networks, or systems

with excessive traffic. These attacks have targeted financial institutions and e-commerce
platforms, causing significant operational downtime.

Zero-Day Exploits:

Attackers exploit vulnerabilities in software or systems before vendors are aware of the
issues and can provide patches. These exploits are particularly dangerous due to their
unpredictability and the window of opportunity they provide to attackers.

Web Application Vulnerabilities:

Cybercriminals exploit flaws in web applications, such as SQL injection and cross-site
scripting, to gain unauthorized access to data or compromise systems. As organizations
increasingly rely on web-based platforms, these threats have become more prevalent

Advanced Persistent Threats (APTs):

APTs are long-term, targeted cyber-attacks often conducted by well-funded groups with
specific objectives, such as stealing intellectual property or conducting espionage.

Mobile and IoT Device Exploitation:

With the proliferation of mobile devices and IoT (Internet of Things), attackers target
these technologies to access sensitive data or disrupt critical services. These threats
illustrate the dynamic and evolving nature of cybersecurity challenges in modern
information systems.
b) Major Differences Between Supply Chain and Value Chain
The supply chain and value chain are fundamental concepts in business operations,
with distinct scopes, goals, and components. Here is a detailed comparison:
Definition and Focus:

Supply Chain: Refers to the sequence of processes involved in producing and

delivering a product or service, from raw materials to end customers.
Focuses on efficiency, cost reduction, and timely delivery of goods.

Value Chain:

Encompasses the full range of activities that create value for customers, including
design, production, marketing, and after-sales service. Aims to enhance customer
satisfaction and competitive advantage by delivering superior value.

Primary Goals:

Supply Chain:

Emphasizes minimizing costs, managing logistics, and ensuring the smooth flow of
goods across different entities.

Value Chain:

Focuses on creating value through innovation, quality improvements, and customer-

centric activities.

Components:

Supply Chain:

Includes procurement, production, inventory management, transportation, and

distribution. Typically involves external suppliers and logistics partners.

Value Chain:

Consists of primary activities (e.g., inbound logistics, operations, marketing) and

support activities (e.g., technology development, HR management).

Internal and customer-focused.

Perspective:

Supply Chain:

Operations-oriented, ensuring the availability of goods and resources.

Value Chain:

Customer-oriented, aiming to enhance product desirability and satisfaction.

 Strategic Importance:

Supply Chain:

Critical for operational efficiency and cost savings.

Supports timely delivery of goods and scalability.

Value Chain:

Central to developing and sustaining competitive advantage.

Drives innovation and market differentiation.

Integration:

Supply Chain:

Involves collaboration with external entities like suppliers and logistics providers.

Focuses on seamless coordination across these entities.

Value Chain:

Stresses internal synergies and aligning activities with strategic objectives.

In summary, while the supply chain emphasizes efficient resource management and
logistics, the value chain focuses on creating and delivering value that meets
customer expectations. Both are critical to achieving holistic business success.

2)
a) Introducing a new information system in the workplace can disrupt established
workflows, roles, and expectations. Staff objections to these changes often stem from
several key factors:
i) Fear of Job Loss or Role Redefinition:

Employees may worry that automation or improved efficiency brought by the system
could make their roles redundant or lead to significant job restructuring.

ii) Disruption of Established Workflows:

Familiarity with current systems and workflows provides a sense of stability.

Changes can disrupt routines, leading to reduced productivity during the transition
period.

iii) Learning Curve and Skill Gaps:

 New systems often require training and skill development. Employees may resist
changes due to the perceived difficulty of mastering new tools or fear of failure in
adapting to the changes.

iv) Lack of Involvement in Decision-Making:

Employees may feel alienated if they are not consulted during the selection and
implementation process of the new system. This lack of involvement can lead to
resistance out of frustration or a sense of undervaluation.

v) Cultural Resistance to Change:

Organizational culture plays a significant role. In environments where change is

viewed sceptically, resistance may arise simply because employees prefer the
status quo.

vi) Concerns Over Increased Workload:

During the transition phase, employees may face increased workloads due to dual-
system operations (old and new) or additional tasks like data migration and
testing.

vii) Unclear Benefits:

If the advantages of the new system are not effectively communicated, employees
might perceive the changes as unnecessary or arbitrary, fuelling resistance.

b) Impact of Developments in Social Networking, Internet, and Mobile

Technologies on MIS
The evolution of technology, particularly in social networking, the Internet, and mobile
devices, has profoundly transformed Management Information Systems (MIS) in
organizations:
i) Enhanced Communication and Collaboration:

Social networking tools (e.g., Microsoft Teams, Slack) and platforms have
enabled real-time communication, fostering collaboration among
geographically dispersed teams.

Interactive features such as shared documents and cloud-based MIS allow

multiple users to work concurrently on projects.

ii) Greater Accessibility Through Mobile Integration:

Mobile technologies, including smartphones and tablets, provide on-the-go

access to MIS, enabling decision-makers to retrieve real-time data and make
informed decisions anywhere.

Applications integrated with mobile devices enhance productivity by

providing seamless connectivity to organizational databases and analytics
tools.
 iii) Improved Data Collection and Analysis:

Social media platforms generate vast amounts of user data, offering insights
into customer behaviour and preferences. MIS now incorporates advanced
analytics tools to process this data for business intelligence.

iv) Customizable and User-Centric Systems:

Users expect personalized experiences from MIS, akin to their interactions

with social networks. Modern MIS allows customization based on roles,
preferences, and workflows.

v) Expansion of Cloud-Based MIS:

Cloud technology, often coupled with mobile and social networking, enables
scalable and cost-effective deployment of MIS, ensuring broader
organizational access and reduced dependency on physical infrastructure.

vi) Shift Towards a "Flat" Organizational Structure:

The ease of access to information through mobile and internet-based MIS

reduces reliance on hierarchical decision-making, empowering employees at
all levels.

These developments have made MIS more dynamic, flexible, and user-oriented,
aligning with the needs of modern, interconnected organizations.

3) Challenges Faced by Magaba Holdings During ERP Implementation

a) Magaba Holdings can encounter several challenges while implementing an Enterprise
Resource Planning (ERP) system. These challenges stem from technical,
organizational, and human factors:
i) High Costs:

ERP systems require substantial financial investment for software licensing,

hardware upgrades, and consultant fees. Additionally, customization and training
may increase overall costs.

ii) Time-Consuming Implementation:

Implementing an ERP system can take several years due to its complexity. This
extended timeframe may lead to delays in realizing the expected benefits.

iii) Resistance to Change:

Employees may resist adopting the new system due to fear of job
displacement, lack of familiarity, or reluctance to change established
workflows. Proper change management is crucial to address this issue.

iv) Business Disruptions:

 During implementation, disruptions to regular business operations are
common. Errors during the transition from old systems to ERP can lead to data
inconsistencies and operational inefficiencies.

v) Data Migration Challenges:

Integrating existing data into the ERP system involves identifying and
correcting data silos, inconsistencies, and redundancies. Poor data quality can
impede system functionality.

vi) Customization and Integration Issues:

While ERP systems offer best-practice templates, organizations may need

customizations to align with unique business processes. These customizations
can be costly and complicate system upgrades

vii) Inadequate Training:

Without comprehensive training programs, employees may struggle to

effectively use the ERP system, impacting productivity and system adoption.

viii) Vendor Dependence:

Organizations may become reliant on ERP vendors for ongoing support,

updates, and system enhancements, which can increase operational costs

ix) Unrealistic Expectations:

Overestimating the capabilities of ERP systems and underestimating the effort

required for implementation can lead to unmet expectations and project
failure.

b) Enhancing Collaboration with ERP Modules

ERP systems integrate various organizational functions into a centralized platform,

significantly improving collaboration. Three modules that facilitate this are:

i) Customer Relationship Management (CRM):

Facilitates seamless communication with customers by centralizing customer data

such as purchase history, preferences, and interactions.

Enhances collaboration between sales, marketing, and customer service teams

by providing shared access to real-time customer insights, enabling
coordinated efforts to improve customer satisfaction.

ii) Supply Chain Management (SCM):

Integrates procurement, inventory, and logistics data, enabling smooth

coordination between suppliers, production, and distribution.
 Encourages collaboration across the supply chain by providing real-time
visibility into stock levels, supplier performance, and shipment status, helping
teams make informed decisions.

iii) Human Resource Management (HRM):

Centralizes employee data, streamlining processes like recruitment, payroll,

and performance evaluation.

Promotes collaboration between HR and other departments by ensuring all

teams have access to accurate and up-to-date workforce information, aiding in
resource allocation and team-building efforts(ISBB-2019)(ISBB-2019).

By providing centralized data access and automation, ERP modules break down silos
and foster an environment where teams can work together effectively, ultimately
enhancing organizational productivity and decision-making.

4)
a) The Information Systems Processing Cycle involves four main stages: input,
processing, output, and storage. Each stage comes with potential challenges and risks:
i) Input Stage:

Challenges and Risks:

Data entry errors: Manual input can result in inaccuracies, affecting

downstream processes.

Incompatible formats: Data from multiple sources may not align with
system requirements.

Mitigation:

Use automated input devices and validation checks to minimize human

errors.

Implement standard data formats across the organization age.

Challenges and Risks:

System malfunctions: Errors in algorithms or hardware failures can

disrupt data processing.

Security vulnerabilities: Unauthorized access to the processing phase

can lead to data manipulation.

Mitigation:

Regular system updates and rigorous testing of algorithms.

 Employ robust security measures such as encryption and access
controls.

ii) Output Stage Challenges and Risks:

Unauthorized dissemination: Sensitive information might be inadvertently

shared.

Formatting issues: Output data might not meet the end-users' needs.

Mitigation:

Implement role-based access controls to restrict access to outputs.

Conduct user feedback sessions to tailor output formats.

i) Storage Stage:

Data breaches: Stored data is vulnerable to hacking or theft.

Data loss: Poor backup strategies can lead to irreversible data loss.

Mitigation:

Use secure and redundant storage solutions, such as cloud backups.

Regularly update and test data recovery plans.

b) Main Components of an Information System comprises five major

components, each playing a vital role in achieving organizational goals:
i) Hardware:

The tangible, physical elements of the system, including computers, servers,

and networking devices.

Responsible for executing instructions and managing data .

ii) Software:

Includes system software (e.g., operating and software (e.g., database

programs).

Facilitates communication between hardware and users while executing tasks.

iii) Data:

The raw facts and figures processed into meaningful information. action for
decision-making and operational activities.

iv) People:
 Includes all users, from front-line employees to IT professionals and decision-
makers designing, managing, and operating the system.

v) Processes:

The workflows and procedures that guide the collection, processing, and use
of data.

Aim to ensure, accuracy, and alignment with organizational objectives.

These components interact synergistically to enable the effective management and

dissemination of information, ensuring competitive advermations.

5) Common Obstacles or Challenges During Process Improvement Initiatives

and Their Solutions
a) Process improvement initiatives aim to enhance efficiency, quality, and performance
in organizations, but they often face the following challenges:
i) Resistance to Change:

Employees may fear job losses or be reluctant to adopt new processes that disrupt
established workflows.

Solution: Engage employees early in the planning stages, provide comprehensive

training, and communicate the benefits of the changes.

ii) Inadequate Resources:

Insufficient time, funds, or personnel can hinder successful implementation.

Solution: Allocate dedicated budgets, hire external consultants if needed, and

ensure management commitment.

iii) Lack of Clear Objectives:

Ambiguous goals can lead to misaligned efforts and ineffective outcomes.

Solution: Define specific, measurable, attainable, relevant, and time-bound

iv) Poor Data Management:

Process improvements rely on accurate data, which may be scattered or outdated.

Solution: Invest in data analytics tools and establish robust data governance
practices.

v) Incompatibility with Existing Systems:

New processes may not integrate well with existing workflows or systems.
 Solution: Conduct compatibility assessments and involve IT teams to address
integration issues.

vi) Short-Term Focus:

Focusing solely on immediate benefits can undermine long-term sustainability.

Solution: Develop a phased approach that incorporates both quick wins and long-
term strategies

b) Leading and Lagging Indicators in Business

Definition:

Leading Indicators:

Predict future performance and help guide proactive strategies.

Examples: Employee training hours (predicts productivity), customer inquiries

about new products (indicates demand trends).

Lagging Indicators:

Measure past performance and outcomes.

Examples: Annual revenue (reflects profitability), customer churn rate

(indicates customer retention.

c) Waste Reduction in Process Improvement

Definition: Waste reduction focuses on identifying and eliminating inefficiencies

within processes, aligning with lean management principles. The goal is to reduce
non-value-adding activities while enhancing productivity.

Examples:

i) Excess Inventory:

Maintaining unnecessary stock ties up resources.

Solution: Implement just-in-time (JIT) inventory practices.

ii) Overproduction:

Producing more than required leads to wastage.

Solution: Align production schedules with actual demand.

iii) Process Inefficiencies:

 o Bottlenecks and redundant tasks slow operations.
o Solution: Use workflow automation and continuous improvement strategies.

By adopting waste reduction techniques, organizations can achieve cost savings,

enhance customer satisfaction, and support sustainability.

6) Decision Support Systems and Their Components

a) A Decision Support System (DSS) is a computerized system that aids organizational

decision-making processes by providing timely and relevant information to support
structured, semi-structured, or unstructured decisions. DSSs integrate data, analytical
tools, and user-friendly interfaces to facilitate better decision outcomes.

Components of DSS:

i) Database Management System (DBMS):

Stores and manages large volumes of data used for analysis.

Includes both historical and real-time data to support decisions.

ii) Model Management System (MMS):

Provides access to various analytical and mathematical models.

Includes simulation, optimization, and statistical tools for decision evaluation.

iii) User Interface (UI):

The point of interaction between the user and the DSS.

Ensures ease of use through graphical interfaces, dashboards, and reporting tools.

iv) Knowledge Management System (KMS):

Incorporates domain expertise and rules for decision-making.

Helps in applying organizational insights to support complex decisions.

v) Integration Tools:

Connects the DSS with other organizational systems, such as ERP and CRM.

Enables seamless data flow and broader insights.

DSS is especially useful in scenarios requiring data-driven decision-making,

such as inventory management, market analysis, or healthcare diagnostics.
 b) Differences Between Executive Information Systems (EIS) and Decision
Support Systems (DSS)

Aspect Executive Information Systems (EIS) Decision Support Systems (DSS)

Designed for top executives to monitor Helps middle and lower management make
Purpose
organizational performance and trends. tactical and operational decisions.

High-level summarized and aggregated Both detailed and summarized data for deep
Data Scope
data. analysis.

Strategic decision-making and

Focus Tactical decision-making and problem-solving.
performance tracking.

Simplified with pre-defined reports and Complex analytical models requiring user input
Complexity
dashboards. and interaction.

What-if analyses for project scheduling or

Monitoring company-wide KPIs and
Examples resource allocation. (ISBB-2019)(ISBB-2019)
financial health.
(ISBB-2019).

EIS is ideal for executives focusing on broad organizational insights, while DSS supports
managers and analysts working on specific, data-driven tasks.

7)
a) Differentiation Between Data and Information and Characteristics of
Information

Differentiation Between Data and Information:

i) Data:

Raw, unprocessed facts without context.

Examples include numbers, dates, or strings like "1234" or "blue."

It lacks relevance until processed.

ii) Information:

Processed, structured, or contextualized data.

Adds meaning and purpose, making it actionable.

Example: Monthly sales figures derived from daily sales records

Characteristics of Information:

1. Accuracy:
 Reliable and free from significant errors.

Essential for decision-making and planning

2. Relevance:

Must meet the specific needs of the decision-maker.

Irrelevant information wastes resources and effort.

3. Timeliness:

Delivered when needed to support decisions.

Late information reduces its value.

4. Completeness:

Includes all necessary details to make informed decisions.

Partial information can lead to poor outcomes.

5. Consistency:

Uniformity in data representation across all sources.

Inconsistencies cause confusion and errors.

b) "Information Systems Improve the Overall Performance of a Business

Unit"

Explanation: Information Systems (IS) integrate technology, people, and processes to

facilitate efficient operations and decision-making. Their role in business
improvement includes:

i) Enhanced Decision-Making:

By providing real-time and accurate data, IS aids in better decision-making.

For instance, Walmart's Retail Link system enables suppliers to manage
inventory efficiently, ensuring product availability.

ii) Process Automation:

iii) IS automates repetitive tasks, increasing efficiency and reducing errors. For
example, ERP systems streamline accounting, payroll, and supply chain
operations.
iv) Improved Communication:

Facilitates seamless communication between departments and across

geographies through tools like email and collaborative platforms.
 i) Customer Satisfaction:

CRM systems enhance customer service by centralizing customer data and

interactions, enabling personalized and timely responses.

iii) Cost Reduction:

Minimizes waste and optimizes resource allocation by integrating various

business processes, leading to cost savings.

Examples:

Walmart: Uses IS for real-time inventory management, maintaining a

competitive edge by ensuring products are always available to customers.

Amazon: Leverages IS for customer behaviour analysis, enhancing user

experience and driving sales.

8) Prototyping Life Cycle Approach for MIS Design

a) The prototyping life cycle approach involves creating a preliminary version of the
system, allowing users to interact with it and provide feedback. This iterative
approach ensures that user requirements are accurately captured and refined during
the development process.

Steps in Prototyping Life Cycle:

i) Initial Requirements Identification:

Gather initial user requirements and objectives.

Focus on core functionalities for a basic prototype.

ii) Developing the Prototype:

Build a simplified model of the system with key features.

Use tools and techniques to simulate functionalities without full-scale

implementation.

iii) User Evaluation:

Users interact with the prototype and provide feedback.

Suggestions and corrections are documented for refinement.

iv) Refining the Prototype:

 Incorporate user feedback to improve the system.

Iterate the process until user satisfaction is achieved.

v) Final Implementation:

Transition the refined prototype into a fully functional MIS.

Perform rigorous testing to ensure stability and performance.

b) Information System Functional Areas

Information systems are designed to support various functional areas in organizations.

Key areas include:

i) Sales and Marketing:

Supports customer relationship management, market analysis, and sales tracking.

Tools: CRM systems, digital marketing platforms.

ii) Finance and Accounting:

Manages financial transactions, budgeting, and compliance.

Tools: ERP systems, financial software.

iii) Human Resources:

Tracks employee data, payroll, and performance metrics.

Tools: HRM systems, talent management software.

iv) Operations and Supply Chain:

Facilitates production planning, inventory management, and logistics.

Tools: SCM systems, MRP software.

v) IT and Support:

Ensures network security, system maintenance, and user support.

Tools: ITSM platforms, monitoring tools.

c) Differentiation Between MIS and DSS

Aspect Management Information System (MIS) Decision Support System (DSS)

Purpose Provides routine reports and summaries for Assists in making semi-structured and
 Aspect Management Information System (MIS) Decision Support System (DSS)

managerial decision-making. unstructured decisions.

Focuses on structured data and predefined Uses both structured and unstructured
Data Scope
processes. data for analysis.

User Limited user interaction; delivers static High interaction; supports dynamic
Interaction reports. queries and simulations.

What-if analyses, forecasting, and

Examples Monthly sales reports, financial summaries.
decision modelling.

d) Using an Executive Information System (EIS) to Monitor Corporate

Strategies

An Executive Information System (EIS) is a tool designed to assist senior

management in monitoring and achieving corporate strategies. It provides high-level
data and visualizations, supporting strategic oversight and decision-making.

Uses in Monitoring Strategies:

i) Performance Tracking:

Displays KPIs (Key Performance Indicators) and dashboards for real-time

performance monitoring.

Example: Monitoring revenue growth against strategic goals.

ii) Trend Analysis:

Analyses historical data to identify patterns and predict future outcomes.

Example: Analysing market trends to adapt product strategies.

iii) Resource Allocation:

Helps allocate resources efficiently by providing insights into financial and

operational data.

Example: Identifying underperforming units and reallocating budgets.

iv) Strategic Alignment:

Ensures departmental goals align with overall corporate strategies.

Example: Linking marketing campaigns to revenue objectives.

v) Risk Management:

Monitors risks through compliance reports and anomaly detection.

 Example: Flagging budget overruns in real time.

By offering actionable insights and fostering data-driven decisions, EIS enhances

senior management's ability to steer the organization toward its strategic objectives.

9) Analysis of a Real-Life IS Failure: The Equifax Data Breach (2017)

a) Scenario Overview

In 2017, Equifax, one of the largest credit reporting agencies, suffered a massive data
breach exposing sensitive personal information of approximately 147 million individuals.
The breach is considered one of the most severe due to its scale and the nature of data
involved, including Social Security numbers, addresses, and credit card details.

i) Causes of the Incident

(1) Unpatched Vulnerability:

The breach occurred due to an unpatched vulnerability in the Apache Struts web
application framework. Despite a known vulnerability and a fix being available,
Equifax failed to apply the patch promptly.

(2) Lack of Robust Security Protocols:

Inefficient scanning and monitoring processes meant that the vulnerability remained
undetected for months.

(3) Weak Incident Response:

The organization’s slow response to the breach exacerbated the situation. Hackers
had access to sensitive data for over two months before the breach was detected.

(4) Inadequate Data Encryption:

Critical data was either inadequately encrypted or not encrypted at all, making it
easier for attackers to exploit.

ii) Impact on the Organization

(5) Financial Loss:

Equifax faced fines, lawsuits, and compensation pay-outs, amounting to

approximately $1.38 billion.

(6) Reputation Damage:

The breach severely impacted customer trust, tarnishing Equifax's reputation and
credibility.

(7) Regulatory Consequences:

 The incident led to increased scrutiny and stricter regulations for data protection
within the credit reporting industry.

(8) Operational Disruptions:

Equifax's internal operations and IT systems faced significant disruptions during

investigations and recovery.

ii) Recommendations to Prevent Similar Incidents

(1) Proactive Patch Management:

Implement automated systems to detect and apply security patches promptly across
all applications and systems.

(2) Comprehensive Security Framework:

o Adopt robust cybersecurity protocols, including regular vulnerability assessments,

penetration testing, and system audits.

(3) Data Encryption and Access Control:

Encrypt all sensitive data both in transit and at rest. Ensure strict access control
mechanisms are in place to limit exposure.

(4) Enhanced Incident Response Plan:

Develop a clear, well-documented incident response plan, including regular drills to

ensure readiness for potential breaches.

(5) User Awareness and Training:

Train employees on cybersecurity best practices, including recognizing phishing

attempts and managing secure passwords.

(6) Continuous Monitoring and Threat Detection:

Deploy advanced monitoring tools like Security Information and Event Management
(SIEM) systems to detect and respond to threats in real-time.

(7) Regulatory Compliance and Audit:

Align security practices with industry regulations such as GDPR and ensure regular
compliance audits.

Conclusion: The Equifax data breach underscores the importance of proactive

cybersecurity measures and a culture of vigilance in information systems
management. By addressing the root causes and implementing the recommended
 strategies, organizations can significantly reduce the risk of IS failures and data
breaches.

10)
a)

System quality in information systems refers to the effectiveness, reliability, and

efficiency of a system in meeting organizational goals. It encompasses system
functionality, usability, performance, scalability, security, and maintainability. To
ensure system quality, organizations should follow structured practices within the
System Development Life Cycle (SDLC), which involves defining, analysing,
designing, developing, testing, and deploying the system with a focus on meeting user
needs and organizational objectives.

Ensuring quality in information systems involves implementing quality assurance

(QA) and control mechanisms, as well as ongoing monitoring and maintenance. Key
strategies include:

i) Requirement Gathering and Analysis: Defining clear, user-driven requirements

to guide the system's purpose and capabilities. Engaging stakeholders in joint
application development (JAD) sessions can improve requirement accuracy and
user satisfaction.
ii) Use of Standardized Methodologies: Adopting methodologies such as ISO 9000,
which provides frameworks for maintaining consistent quality in design,
development, and deployment processes.
iii) Testing and Validation: Rigorous testing, including functional, integration, and
user acceptance testing, ensures that the system performs as expected under
various conditions.
iv) Continuous Feedback Loops: Implementing pilot programs and iterative
feedback loops helps refine system performance based on real-world user
interactions.
v) Ongoing Maintenance and Updates: Quality assurance is not limited to initial
deployment; continuous monitoring and regular updates are essential to adapt to
evolving requirements and potential security threats.
b) Information Systems (IS) security and control are critical for protecting organizational
data, ensuring system integrity, and maintaining the confidentiality of sensitive
information. IS security aims to safeguard the system from unauthorized access, data
breaches, and other cyber threats, which can have significant implications for an
organization’s reputation, finances, and operational stability.

Inadequate security measures expose systems to a range of potential risks, including:

i) Data Breaches: Sensitive information may be accessed or stolen, leading to

regulatory penalties and reputational damage.
ii) Operational Disruptions: Cyber-attacks such as Distributed Denial of Service
(DDoS) can interrupt essential services, causing significant business losses.
iii) Financial Losses: Unauthorized transactions, data theft, and the resulting
remedial actions can incur substantial costs for an organization.
iv) Legal and Compliance Risks: Organizations may face legal repercussions if they
fail to protect personal data, particularly under regulations like GDPR or HIPAA.
 v) Loss of Trust: A security breach can erode trust between a business and its
customers, leading to loss of business and a damaged reputation.

Implementing robust security and control measures, including encryption,

authentication, and regular audits, can mitigate these risks, ensuring that IS resources
are secure, reliable, and aligned with organizational goals.

c)
i) Computer Operations Controls [3 marks]

Computer operations controls focus on ensuring that day-to-day IT activities

follow standard operating procedures to maintain system stability and reliability.
Examples include:

Backup Procedures: Regular data backups protect against data loss and
enable system restoration in case of failure.

Disaster Recovery Plans: A predefined plan that ensures continuity of

operations in case of system disruptions.

Access Controls: Managing and monitoring who can access certain data
or system functionalities.

d)

Data security controls are measures to protect data from unauthorized access,
alteration, or destruction. Examples include:

Encryption: Protects data integrity and confidentiality by encoding

information so only authorized parties can read it.

Access Control Lists (ACLs): Define user permissions for accessing specific
data.

Data Masking: Conceals sensitive data in non-production environments to

protect privacy while enabling testing.

e) Administrative Controls

Administrative controls establish policies, guidelines, and organizational

procedures to ensure information security and compliance. Examples include:

Security Policies: Documented guidelines that outline acceptable use and

access requirements.

Employee Training: Regular training to raise awareness about security best

practices and potential threats.

Audits and Compliance Checks: Periodic reviews to verify adherence to

security protocols and regulatory standards.
 e)

Application controls are specific safeguards within an application to ensure data

accuracy, validity, and proper authorization. Examples include:

Input Validation: Checks that user-entered data is correct and within

acceptable parameters.

Authorization Controls: Ensures that only users with appropriate

permissions can execute certain actions within the application.

Audit Trails: Tracks changes and access within the application to monitor for
unauthorized or suspicious activity.

These controls collectively contribute to a secure, reliable, and well-functioning

information system.

11)

a) Information systems ethics refers to the principles and standards governing the
acceptable use of information systems, addressing issues of privacy, property rights,
accuracy, and accessibility. It encompasses both the ethical challenges presented by
digital technology and the expectations for responsible behaviour in managing,
accessing, and distributing information.

Ethical behaviour is essential in the field of information systems because it builds

trust, ensures compliance, and maintains the integrity of systems and data. Ethical
practices help organizations avoid misuse of sensitive data, prevent security breaches,
and protect the rights of individuals and entities associated with the system.
Moreover, ethical behaviour in information systems fosters a culture of accountability
and transparency, which is crucial for safeguarding public trust and ensuring
sustainable technological advancements.

b) Ethical considerations in information systems revolve around ensuring that data is

managed responsibly and in alignment with both legal standards and societal
expectations. The primary concerns include:
i) Privacy: This involves protecting individuals’ personal data from unauthorized
access or misuse. Ethical practices in this area require organizations to implement
policies that limit data collection to what is necessary and ensure proper handling
of sensitive information. Organizations can address privacy concerns by
implementing strict data protection measures, such as encryption and
anonymization, and by complying with regulations like GDPR.
ii) Accuracy: Maintaining the reliability and correctness of data is crucial. Errors in
data can lead to flawed decision-making and may harm individuals if incorrect
information is shared. Organizations can address this by instituting data validation
processes, regular audits, and ensuring data is updated and corrected as needed.
iii) Property: Intellectual property rights must be respected to protect ownership of
digital assets, such as software, data, and content. Ethical behaviour involves
 using these assets only with appropriate authorization and recognizing creators'
rights. Organizations can address property issues by enforcing licensing
agreements, respecting copyrights, and providing proper attribution for intellectual
property.
iv) Accessibility: Ensuring equitable access to information and systems is a core
ethical concern, particularly for users with disabilities. Ethical considerations
involve making digital systems accessible and usable for all individuals.
Organizations can address this by adhering to accessibility standards, such as the
Web Content Accessibility Guidelines (WCAG), and investing in inclusive
technology.

By implementing these practices, organizations can create a responsible and ethical

information systems environment that respects users' rights and promotes fairness and
inclusivity.

c) Ethical behaviour in information systems is crucial to safeguard trust, comply with

legal requirements, and promote a positive impact on society. Since information
systems often handle sensitive personal and business data, ethical conduct ensures that
this data is treated with respect and confidentiality. Additionally, as information
systems influence decisions in areas like healthcare, finance, and security, ethical
behaviour guarantees that these decisions are based on accurate, unbiased
information, preventing potential harm to individuals and organizations.

The consequences of unethical behaviour in information systems can be significant:

i) Loss of Trust: When unethical practices are exposed, organizations risk losing the
trust of customers, stakeholders, and the public. This erosion of trust can have
lasting reputational damage.
ii) Legal and Financial Penalties: Many unethical practices, such as data breaches
and intellectual property violations, lead to legal action and costly penalties.
Compliance with regulations like GDPR is essential to avoid these repercussions.
iii) Operational Disruptions: Unethical behaviour, such as cutting corners in
security practices, can lead to system failures, data breaches, and cyber-attacks,
which disrupt operations and require costly recovery measures.
iv) Harm to Individuals: Inaccurate information, invasion of privacy, or
discrimination due to inaccessible systems can result in personal harm or even
physical danger, particularly in sensitive fields like healthcare and finance.
v) Loss of Competitive Advantage: A lack of ethical standards can hinder
innovation, alienate clients, and drive talent away, weakening the organization's
market position.

Overall, ethical behaviour is foundational to the integrity and success of information

systems. It minimizes risks, supports compliance, and fosters a culture of
responsibility, which benefits both organizations and society at large.