Enhancing Decision Making - Management Information SystemFaHaD .H. NooR
Problem: Chain retailers need to determine what products will sell at what prices at different locations
Solutions: Business analytics software to analyze patterns in sales data, create pricing profiles and buyer profiles for different regions, locales, even times of day
Senior managers:
Make many unstructured decisions
E.g. Should we enter a new market?
Middle managers:
Make more structured decisions but these may include unstructured components
E.g. Why is order fulfillment report showing decline in Lahore?
Operational managers, rank and file employees
Make more structured decisions
E.g. Does customer meet criteria for credit?
MIS, describe Management , information and System , introduction of MIS, definition of MIS , Types of MIS, Implementation of MIS in banking sector, Advantages of MIS, Issues in MIS.
This presentation is on the topic - Transaction Processing System. It is a topic in Information Technology for Managers. It includes the concept, characteristics, functions, advantages and disadvantages, types and application of TPS
Management: The organization and coordination of the activities of a business in order to achieve defined objectives.
Information: It is that which informs, i.e. an answer to a question, as well as that from which knowledge and data can be derived.
System: A set of detailed methods, procedures and routines created to carry out a specific activity, perform a duty, or solve a problem.
Management Information System: It broadly refers to a computer-based system that provides managers with the tools to organize, evaluate and efficiently manage departments within an organization.
This primary focus of study was to investigate how cyber risks in ICT infrastructures of supply chains are managed. As its theoretical base, the study used the Adaptive Security Architecture framework that has been employed by most IT security specialists. Five experienced IT experts participated in a semi-structured interview to provide practical insights on the state of cybersecurity in supply chains operations from various industries. Their responses were analyzed based on the four stages of prediction, prevention, detection and response.
This study offers a new framework that suggests cybersecurity requires anticipatory vigilance, profiling malevolence, instantaneous response and uncompromised recovery to dealing with the cyber threats posing disruptions to supply chains.
Enhancing Decision Making - Management Information SystemFaHaD .H. NooR
Problem: Chain retailers need to determine what products will sell at what prices at different locations
Solutions: Business analytics software to analyze patterns in sales data, create pricing profiles and buyer profiles for different regions, locales, even times of day
Senior managers:
Make many unstructured decisions
E.g. Should we enter a new market?
Middle managers:
Make more structured decisions but these may include unstructured components
E.g. Why is order fulfillment report showing decline in Lahore?
Operational managers, rank and file employees
Make more structured decisions
E.g. Does customer meet criteria for credit?
MIS, describe Management , information and System , introduction of MIS, definition of MIS , Types of MIS, Implementation of MIS in banking sector, Advantages of MIS, Issues in MIS.
This presentation is on the topic - Transaction Processing System. It is a topic in Information Technology for Managers. It includes the concept, characteristics, functions, advantages and disadvantages, types and application of TPS
Management: The organization and coordination of the activities of a business in order to achieve defined objectives.
Information: It is that which informs, i.e. an answer to a question, as well as that from which knowledge and data can be derived.
System: A set of detailed methods, procedures and routines created to carry out a specific activity, perform a duty, or solve a problem.
Management Information System: It broadly refers to a computer-based system that provides managers with the tools to organize, evaluate and efficiently manage departments within an organization.
This primary focus of study was to investigate how cyber risks in ICT infrastructures of supply chains are managed. As its theoretical base, the study used the Adaptive Security Architecture framework that has been employed by most IT security specialists. Five experienced IT experts participated in a semi-structured interview to provide practical insights on the state of cybersecurity in supply chains operations from various industries. Their responses were analyzed based on the four stages of prediction, prevention, detection and response.
This study offers a new framework that suggests cybersecurity requires anticipatory vigilance, profiling malevolence, instantaneous response and uncompromised recovery to dealing with the cyber threats posing disruptions to supply chains.
Evolving technologies and business models have led to advanced network security threats that never existed a few years back. Moreover, enterprises are also relying on outdated security solutions to shut out such threats and this is leading to bigger and frequent data breaches. So if your company recognizes the need for a reliable IT security solution, then you should join our webinar to learn the following:
- An overview of the prevalent enterprise security threats
- The evolving security landscape and the obsolete security mechanisms
- What Seqrite does to ensure enterprise security and network compliance
This presentation discusses the massive increases in cyber threats and the best ways to keep your data safe. Through this presentation, you will learn the best practices for implementing and testing a data security program.
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
Cutting through the APT hype to help businesses prevent, detect and mitigate advanced threats.
Sophisticated cyber-espionage operations aimed at pilfering
trade secrets and other sensitive data from corporate networks currently present the biggest threat to businesses. Advanced threat actors ranging from nation-state adversaries to organized cyber-crime gangs are using zero-day exploits, customized malware toolkits and clever social engineering tricks to break into corporate networks, avoid detection,
and steal valuable information over an extended period
of time.
In this presentation, we will cut through some of the hype
surrounding Advanced Persistent Threats (APTs), explain the
intricacies of these attacks and present recommendations to
help you improve your security posture through prevention,
detection and mitigation.
History, What is Information Security?, Critical Characteristics of Information, Components of an
Information System, Securing the Components, Balancing Security and Access,
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
2. Content
• Security
• Testing
• Error deduction
• Controls
• IS vulnerability
• Disaster Management
• Computer crimes
• Securing the web
• Intranet and wireless
networks
• Software audit
• Ethics in IT
• User interface and reporting
2MSM-MBA Even Semester 2020
3. Introduction
• Information system have become ubiquitous in
the organizational world
• Information system often contain data that are
sensitive, personal and private about people and
must be protected from inquiring and
unauthorized eyes
• Providing security –major concern for managers
3MSM-MBA Even Semester 2020
4. Objectives of Information security
1. To control the loss of assets
2. To ensure the integrity and reliability of
data
3. To improve the efficiency or effectiveness
of IS application
4MSM-MBA Even Semester 2020
5. What is risk? (Information
Management)
• Various dangers to information systems and
the people, hardware, software, data and
other assets
• Dangers include natural disasters, thieves,
industrial spies, disgruntled employees,
computer viruses, accidents and poorly
trained or naïve employees
MSM-MBA Even Semester 2020 5
6. Risks, threats and vulnerabilities
• Potential risk refers to potential monetary losses,
whether those losses are direct or indirect
• EDP auditors use the term “Threat”.They refer to
people, actions, events or other situations that
could trigger losses
• Vulnerabilities – they mean flaws, problems or
other conditions that make a system, open to
threats
MSM-MBA Even Semester 2020 6
7. Assessing risks
• Risk – uncertainties (event); EDP auditors estimate potential loss in
several ways
• Method – probability of occurrence of loss (risk assessment)
• 2 basic questions asked? – 1. if loss. How an organization would
respond
2. cost of response be?
• The manager – should access-potential loss – from the lack of
availability or existence of a data file, key information, system, people,
In- house developed software and other information systems assets
MSM-MBA Even Semester 2020 7
8. Control measures
• Controls – countermeasures to threats
• Tools that are used to counter risks from people,
actions, events or situations – can threaten IS
• Prevent – the threat of unauthorized access to
sensitive data
• Controls – used to identify, prevent and reduce risk
and to recover from actual losses.
MSM-MBA Even Semester 2020 8
9. • Classifies in many ways as follows:
1. Physical control – controls that use physical
protection measures (e.g.) locking that door of
computer facilities
2. Electronic controls – electronic measures to
identify or prevent threats (e.g.) Intruder
detection, Id’s, password, biometric protection
MSM-MBA Even Semester 2020 9
Contd…
10. 3. Software controls – program code controls used in IS
applications to identify, prevent or recover from
errors, unauthorized access and other threats
(e.g.) Programming code (encryption and decryption)
4. Management controls – result from setting,
implementing, and enforcing policies and procedures
(e.g.) need to take back up or archive their data at
regular intervals
MSM-MBA Even Semester 2020 10
11. Common threats to information
management
• - number of threats are common to computer
system and need the special attention from manager
1. Natural disasters – such as fire, floods, water
damages, earth quakes, landslides , hurricanes,
winds and storm damages
Security plans – 1. disaster prevention 2. disaster
containment 3. disaster recovery
MSM-MBA Even Semester 2020 11
Contd…
12. 2. Employee errors – carelessness or poor employee
training may cause threat to information system.
(e.g.) incorrect entry of data, formatting of hard
disk accidentally instead of pen drive, not
checking for logical
3. Computer crime, fraud and abuse – computer
crime is hard to find at the time of occurrence
MSM-MBA Even Semester 2020 12
Contd…
13. People or employee working inside organization may
be malicious
- Cause damage by gaining access to computer
facilities, systems, software and data to commit a
variety of computer crimes.
3. Computer crimes – stealing data, damaging or
vandalizing illegally or committing fraud
MSM-MBA Even Semester 2020 13
Contd…
14. 4. Industrial Espionage – the theft of an organizational
data by competitors – “Industrial Espionage” or
“Economic Espionage”
5. Hacking – Sometimes called “Cracking – because the
person cracks the log-in codes and sequences of system.
- unauthorized entry by a person into computer system
or network
Hackers – who illegally gain access to the computer
systems
MSM-MBA Even Semester 2020 14
Contd…
15. 6.Toll fraud – toll charges are cheated
7. ComputerViruses – real threat to computer systems
A computer virus is a hidden program that inserts itself into
a computer system and starts attack it.
programs to detect the viruses – called as “Antivirus
programs”
8. Hardware theft andVandalism – theft of hardware's (hard
disk, CD’s like storage devices) or damages caused by
vandalism
MSM-MBA Even Semester 2020 15
Contd…
16. 9. Software piracy – the software
publishers association (SPA) holds
that “any reproduction of a copyright
program is theft”
software piracy levies a much higher
toll
MSM-MBA Even Semester 2020 16
Contd…
17. 10. Privacy violations – (Privacy – defined as the
capacity of individual or organizations to control
information
privacy means rights of individuals or
organizations have the ability to access, examine
and correct the data.
- causes huge damage by unwanted people access
a sensitive data or information
MSM-MBA Even Semester 2020 17
Contd…
18. 11. Program bugs – defects in
programming code.Vendor provide
“patches” to the bugs in software
programs
- cause serious problem to the system
by causing sudden irreversible crashes
MSM-MBA Even Semester 2020 18
19. Protecting Information Systems
• “prevention is better than cure”
- Need to identify the potential risks and consider the use
of controls for the information systems
1. Securing Information system facilities:
Facilities for information system include the building
and rooms –furniture, hardware, software and
documents.
MSM-MBA Even Semester 2020 19
Contd…
20. - need to consider employing controls to prevent,
reduce or eliminate the threats or reduce loss.
- Should take physical security measures even in
the crisis situations.
Disaster recovery plan – the set of alternative
backups and storage triggered on the event of
unexpected disasters
MSM-MBA Even Semester 2020 20
Contd…
21. 3. Securing communication system:
Communication systems provide many benefits for users
such as the ability to share data and printers
Encryption- major tool for protecting information systems –
process of exceeding data.
E-Commerce safety - the customers’ sensitive financial
information such as credit card and debit card is under the
risk of theft and misuse by criminals. So the encryption
needed
MSM-MBA Even Semester 2020 21
Contd…
22. Firewalls – when a organization connects to
external networks, the connectivity
increases the risk that an organization’s
internal information system will be
accessed by potential intruders or invaders
to reduce these risks from external sources
– “Firewalls” used
MSM-MBA Even Semester 2020 22
Contd…
23. • Network auditing software - can identity and
prevent many types of problems in local or
wide area networks
• The software is usually of 2 types: activity
logs, which record all log in attempt, failed or
successful and network scanning software –
looks for flaws or holes in network security
MSM-MBA Even Semester 2020 23
24. Securing Database Information
system
• Massive amounts of organizational data re stored
today in electronic databases on computer systems
• Consider the importance of the financial
accounting database information stores in very
sensitive
• When database data – restricted called “Trusted
systems”
MSM-MBA Even Semester 2020 24
25. Securing information system
applications
• Important method of preventing security problems is to
acquire secure applications or to build them from the
ground up.
The make or buy decision: to consider for design options
• Pros and cons – for decision making
• The decision making can be done by taking various
factors into consideration:
MSM-MBA Even Semester 2020 25
Contd…
26. 1. Testing software – evaluate before making
purchase
2. Appropriateness – is it necessary to carry on the
business processes
3. Stability – shouldn’t contains bugs and crash
4. Security features – features should satisfy
company requirements
5. Access and update security – frequent updation
and adding more features.
MSM-MBA Even Semester 2020 26
Contd…
27. 6. Input controls: ensure the accuracy of data
7. Process controls: ensure the proper
functioning
8. Output Controls: protecting and storing of
data output
Securing the information – important to
prevent the potential harms
MSM-MBA Even Semester 2020 27
28. Disaster Management
• Disaster Management planning (DMP) – plan of
action to recover from the impact on the
information systems
• Collapsed or dysfunctional – need to recover
• Specifies the procedure the procedure of recovery
action when disaster occurs
MSM-MBA Even Semester 2020 28
Contd…
29. DMP process
MSM-MBA Even Semester 2020 29
Step 1: • Identify Critical Business Processes
Step 2:
• Assess the Business risk – Probability, risk exposure
Step 3:
• Impact of damage of target entity
Step 4:
• Identify the life saving data, files, software, applications, packages, hardware, servers and databases
Step 5:
• Segregate the need in 2 classes
Step 6:
• Prepare a plan of bridging
Step 7
• Ensure all risks are suitably covered by appropriate insurance policies
Step 8:
• Authority, rights of decision and action in the event of disaster
Step 9:
• Test DMR plan once a year
30. Advantages:
1. Forecasting
2. Provide response
measures
3. Provide recovery
measures
4. Provide sense of
ownership
5. Empowers people
Disadvantages:
1. Reluctance to expose
vulnerabilities
2. Unavailability of
resources
3. Improper public
awareness
MSM-MBA Even Semester 2020 30
31. Testing
• Successful test – one finds error
• The output of the test run should match the
expected results
Objectives of testing:
1.To ensure the proper functioning of systems
2.To ensure user’s requirement; system meet
3.To verify the proper use of control
4.To verify the inputs and outputs correct
5.To make sure the errors not crept in.
MSM-MBA Even Semester 2020 31
32. Types of Testing
1. Unit testing – method by which individual units of
source codes are tested
2. Integration testing – systematic technique for
constructing the program structure
- to ensure that this modules combine together
correctly to achieve a product that meets its
specification
MSM-MBA Even Semester 2020 32
Contd…
33. 3.Validation testing - validation succeeds
when software functions as expected.
(2 types of alpha testing – software tested
by customer under supervision of
developer)
Beta testing – software tested by customer
without the supervision of developer.
MSM-MBA Even Semester 2020 33
Contd…
34. 4. System testing – behavior of whole
system/ product is tested
- development of project or product
5. Acceptance testing – to establish
confidence in the system
- most often focused on a validation type
testing
MSM-MBA Even Semester 2020 34
35. Error Detection
- Software errors are unavoidable and they are
easily penetrate into programs
- Error detection techniques are the techniques of
software development, software quality
assurance (SQA), software verification, validation
and testing
- To locate anomalies in software products
MSM-MBA Even Semester 2020 35
36. Classes of Error detection techniques
1. Static analysis:
- code walkthrough
- code inspection
2. Dynamic analysis:
while in execution or process
3. Formal analysis:
mathematical technique
MSM-MBA Even Semester 2020 36
37. Error Detection in phases of life cycle
1. Requirements – analysis of what is needed?
2. Design – Well design for requirements specified
3. Implementation – made possible in reality
4. Test – involves different types of testing – ensure proper
functioning
5. Installation and checkout – placing in the right area and validate
it
6. Operation and maintenance – working of system and check it
for future too.
MSM-MBA Even Semester 2020 37
38. Securing the web, intranets and
wireless networks
• Need of protecting the internet
Internet Security standards:
TCP/IP(Transmission control protocol/Internet protocol)
standards
Internet means that security must be addressed deliberately
and aggressively in internet standards
1. Point to point tunneling protocol
2. core four standards (IP,TCP, user diagram protocol and
internet control message)
MSM-MBA Even Semester 2020 38
39. Types of Internet Security
• 1 st layer – network layer security (Border
security)
1. Virus scanning
2. Firewalls
3. Intrusion
4. Virtual Private networks (VPN)
5. Denial of service protection
MSM-MBA Even Semester 2020 39
Contd…
40. 2nd layer – proof of identity (Authentication)
1. Username/Password
2. Password synchronization
3. Public key
4.Tokens
5. Biometrics
6. Single sign-on
MSM-MBA Even Semester 2020 40
Contd…
41. • 3rd layer – permission based on identity
(Authorization)
1. User/group permissions
2. Enterprise directories
3. Enterprise user administration
4. Rules based access control
MSM-MBA Even Semester 2020 41
42. Border Security Tools
1. Firewall – A firewall is a system or group of systems, that
enforces an access control policy between two networks
2. Virus control – penetration of harmful and malicious
viruses can be prevented by “Anti-virus
program”/”Antivirus software”.
3. Intrusion detection- Intrusion is an illegal part act of
entering, seizing or taking possession of another’s
property
MSM-MBA Even Semester 2020 42
Contd…
43. • An Intrusion Detection System (IDS) –
software and/or hardware designed to
detect unwanted attempts at
accessing, manipulating and/or
disabling of computer systems mainly
through a network
MSM-MBA Even Semester 2020 43
44. Functions of Intrusion Detection
1. Network Intrusion detection system (NIDS) – is an
independent platform which identifies intrusions
by examining network traffic and monitors
multiple hosts
2. Protocol based Intrusion detection system (PIDS) –
it consists of a system or agent that would
typically sit at the front end of a server, monitoring
and analyzing the communication protocol
between connected device and the server
MSM-MBA Even Semester 2020 44
Contd…
45. 3. Application protocol based intrusion detection system (APIDS):
Consists of a system or agent that would typically sit within
a group of servers, monitoring and analyzing the communication
on application specific protocols
4. Host-based intrusion detection system (HIDS):
Consists of an agent on a host which identifies intrusion by
analyzing system calls, application logs, file system modifications.
5. Hybrid Intrusion detection system:
Combines two or more approaches
MSM-MBA Even Semester 2020 45
Contd…
46. • Denial of service (DOS): preventing denial of service
attacks on the internet network
• Virtual private network (VPN): uses a public network to
connect remote sites or users together
• Authentication: Authentication is the process by which the
identity of an entity is established
• Authorization: process of determining the user’s level of
access – whether a user has a right to perform certain
actions
MSM-MBA Even Semester 2020 46
47. Authorization models
1. Passwords : login credentials created and used
General guidelines for passwords:
1. Should not be name, place or easily guessed
2. Should be 6 to 8 characters at least
3. Should contain mixture of letters, numbers and special
characters
4. Change the “Password” frequently
5. Do not use same password for all accounts
MSM-MBA Even Semester 2020 47
Contd…
48. 2.Tokens: can be a software or hardware
- prevent against from the passive attacks and instant reply
attacks
3. Single sign-on
Single sign-on programs allow a user to authenticate one time
and there after be able to access additional network resources
and systems
4. Encryption
Way to protect data and other computer network resources
especially on the internets, intranets and extranets.
MSM-MBA Even Semester 2020 48
49. Software Audit
• Software audit – process of checking
each computer in the organization and
listing the software packages installed
• Investigation of the software installed or
the computers in an organization with
the purpose of ensuring that it is all legal
and authorized
MSM-MBA Even Semester 2020 49
50. Objectives of software audit
• Software audit – process of checking each
computer in the organization and listing the
software package installed
• Investigation of the software installed or the
computers in organization with the purpose
of ensuring that it is all legal an authorized
MSM-MBA Even Semester 2020 50
51. Objectives of software audit
1. Organization’s standards, process and systems
and/or plans – adequate to enable organization
to meet its policies, requirements and objectives
2. Comply with standards
3. Organization’s standards, process and systems
4. Resources include people and non human
resources
MSM-MBA Even Semester 2020 51
52. Audit roles and responsibilities
1. Client
2. Auditor Management
3. Auditors
4. Auditee management
5. Lead auditor
6. Escort
MSM-MBA Even Semester 2020 52
53. Types of software audit
1. Classification by participant – Internal
audit and External audit
2. Classification by action – System audit,
process audit and product audit
3. Special purpose audit – follow up and
desk audits
MSM-MBA Even Semester 2020 53
54. Software Audit process
MSM-MBA Even Semester 2020 54
Step 1: • Initiation
Step 2: • Planning
Step 3: • Preparation
Step 4: • Execution
Step 5: • Reporting
Step 6: • Corrective action and follow up
55. Ethics in IT
• Ethics is a study principles and practices which guides to
decide whether the action taken is morally right or wrong
• About values and human behavior
Ethical responsibility of business professionals:
1. Natural Law
2. Utilititarianism
3. Respect for person
4. Ethical values
MSM-MBA Even Semester 2020 55
56. Ethical guidelines
1. Obligation to management:
• Keep personal knowledge upto date and insure that
proper expertise is available when needed
• Share knowledge with others
• Not misuse of authority entrusted
• Not take advantage of lack of knowledge of others
• Not misrepresented or with hold information
MSM-MBA Even Semester 2020 56
Contd…
57. 2. Obligation to members:
• Be honest in all professional relationships
• Take appropriate action in regard to any illegal or
unethical practices
• Attempt to share special knowledge
• Cooperate with others in achieving
• Don’t use the ignorance of other’s as favor understanding
MSM-MBA Even Semester 2020 57
58. Ethics to overcome vulnerability
1. Vulnerability Assessment:
It is a periodic process that works on a system to
identify, track and manage the repair of vulnerabilities
on the system
Vulnerability assessment does a health check of the
system
It is an essential security process and best practice for
well being of the system
MSM-MBA Even Semester 2020 58
Contd…
59. • Vulnerability scanning:
System and network scanning for
vulnerabilities is an automated process where
a scanning program send network traffic to all
or selected computers in the network and
expects to receive return traffic that will
indicate whether those computers have
known vulnerabilities
MSM-MBA Even Semester 2020 59
60. User Interface
• An interface - common boundary
between user and computer system
application
• User interface – (1) Input (2) process and
control (3) Output and maintenance (4)
testing
MSM-MBA Even Semester 2020 60
61. Types of Interface
1. Natural Language Interfaces
2. Question Answer Interfaces
3. Menu driven Interfaces
4. Form-fill interfaces
5. Command Language Interfaces
6. Graphical user Interface
MSM-MBA Even Semester 2020 61
62. Reporting
• Report is a business document that contains only
predefined data
• Passive document for reading or viewing data
• Good report design effort and attention in detail
• The ability to enable large numbers of people to easily
access real time enterprise information and transform
it into richly formatted reports
MSM-MBA Even Semester 2020 62
63. Reporting (Characteristics)
1. Reports should be attractive and easy to understand
2. Managers sometimes judge an entire project by the quality of
reports received
3. Reports must include information that user needs
4. Report with too little information is of no value
5. Too much information can make a report confusing and difficult
to understand
6. The essential goal when designing reports is to match the report
to the user’s specific information needs
MSM-MBA Even Semester 2020 63
64. Types of Reporting
1. Detail reports
2.Exception reports
3. Summary reports
MSM-MBA Even Semester 2020 64