Management Information System

BABASAHEB GAWDE INSTITUTE OF

MANAGEMENT STUDIES

MMS I Sem-II Div B

MIS ASSIGNMENT

SUBMITTED TO

Prof. Gaurav Rathod

SUBMITTED BY-

N Name Roll No
Arati H. Patil 85
1. Discuss the Information Security in the organization

Ans :

The goal of security management is the accuracy, integrity, and safety of all
information system processes and resources.

Internetworked Security Defenses

Encryption data transmitted in scrambled form and unscrambled by computer

systems for authorized users only

Firewalls a gatekeeper system that protects a companys intranets and other

computer networks from intrusion by providing a filter and safe transfer point for
access to and from the Internet and other networks

E-mail Monitoring use of content monitoring software that scans for

troublesome words that might compromise corporate security

Virus Defenses centralize the distribution and updating of antivirus software

Security Codes multilevel password system used to gain access into the system

Backup Files duplicate files of data or programs

Security Monitors software that monitors the use of computer systems and
networks and protects them from unauthorized use, fraud, and destruction

Biometrics computer devices that measure physical traits that make each
individual unique

Computer Failure Controls devices used to prevent computer failure or

minimize its effects
Information is the crown jewels of business. Your business partners want to know if you
have done enough to protect your information assets. The BS 7799 Information Security
Management System outlines the best practices that one should follow and is a
benchmark for security certification in business.

The manufacturing records, sales records, financial records, customer records are all kept
on computers. In today's networked world, these may be accessible from anywhere, via
the Internet. You can't be too sure that all your digitized information is secure.

There is way to if an organization can be entrusted with confidential information and if it

maintains Information Security - BS 7799 Information Security Management System

BS 7799 standard
Anyone who wants to ascertain the quality of a business process will look for an ISO
9001:2000 certificate. This gives an assurance that the organization has achieved the
minimum requirements for establishing a Quality Management System (QMS). Similarly,
the British Standards Institute (BSI) has established a standard for Information Security
Management System (ISMS). The BS 7799 was first issued in 1995 and was revised in
1999. Latest revision i.e. BS 7799 -2 2002 is due on 5th Sept. 2002.

The BS 7799 standard comprises two parts:

Part 1: Code of Practice for Information security management.

Part 2: Specifications of Information Security Management Systems.

Part 1 outlines the recommended best practices that one should follow and Part 2 gives
the specifications against which an organization will be evaluated to determine whether it
deserves to be certified.

Advantages of BS 7799 Certification

Despite these shortcomings, BS 7799 presents the following advantages:

1. You will have a structured, risk based approach to information security.

2. Your employees will have to take security seriously as you will have framed adequate
policies and penalties for any breach of security.
3. Your clients will be assured about your security seriousness.
4. Foreign companies that are paranoid about information security, may feel comfortable
dealing with you, if they have not already made it mandatory for you to get certified or
audited by a security consultant.
5. Since availability is one of the critical components of information security, you would
have set up adequate business continuity management plans.
6. You may do all of the above things without aiming for a certification, but you may
even get a marketing advantage if you are certified.
7. And finally, you will definitely sleep better.

How to proceed
You can aspire for BS 7799 certification with the following steps.

Step 1: Establish importance of information security in the organization. In the

current scenario, this should not be difficult. However, it will help if you identify
the critical business processes, which are dependent on information, and what is
the business risk if anycheck if the three pillars of information security are
compromised (i.e. confidentiality, integrity and availability).
Step 2: Set up a Security Organization. You will need organizational involvement
to define and implement security measures. A steering committee for BS 7799
project, a security forum with representation of key business and technology
departments, appointment of an Information Security Officer and defining
security responsibilities for protection of various assets will have to be done.
Step 3: Define the Security Policy for the organization. This should be endorsed
by top management and should convey their concern and commitment.
Step 4: Define the scope of Information Security Management System (ISMS).
This could be business specific, location specific or function specific.
Step 5: Undertake risk assessment. Start with business risk assessment. This will
help you in identifying the risk areas for detailed risk evaluation. Identify and
prioritize all the risks.
Step 6: Identify the controls objectives and the control options.
Step 7: Select appropriate controls to fulfill the control objectives. These controls
will be in the form of security policies, procedures and products. Prepare
guidelines on how to implement these controls.
Step 8: Implement and monitor the controls. You should be able to prove
adequacy of the controls in reducing the risks.
Step 9: Make a table of all the 127 controls and map the controls implemented by
you against relevant control objectives. One control may address more than one
control objective. If there are some gaps, find out, whether these are omissions or
there are no requirements of controls. Fill up all the gaps.
Step 10: Make statement of applicability, which justifies the controls in place as
well as those, which really are not required. For all exclusions, you should have a
justification backed by risk assessment.
Step 11: Invite a certification body for pre-assessment. Some of the accredited
certification agencies are DNV, BSI, STQC.
Step 12: Take appropriate measures to comply with all observations.
 Step 13: Get the final assessment done.
Step 14: Acquire the coveted certificate, which is valid for three years. An
external audit will be done once a year.

Q2 . Write short Notes

a) MIS

Definition: Management Information Systems (MIS) is the term given to the

discipline focused on the integration of computer systems with the aims and
objectives on an organization

Applications of MIS

However, there are several specific fields in which MIS has become invaluable.

* Strategy Support
MIS systems can be used to transform data into information useful for decision
making. Computers can provide financial statements and performance reports to
assist in the planning, monitoring and implementation of strategy.

MIS systems provide a valuable function in that they can collate into coherent reports
unmanageable volumes of data that would otherwise be broadly useless to decision
makers. By studying these reports decision-makers can identify patterns and trends
that would have remained unseen if the raw data were consulted manually.

* Data Processing

Not only do MIS systems allow for the collation of vast amounts of business data, but
they also provide a valuable time saving benefit to the workforce. Where in the past
business information had to be manually processed for filing and analysis it can now
be entered quickly and easily onto a computer by a data processor, allowing for faster
decision making and quicker reflexes for the enterprise as a whole.
 b) TPS

Transaction
processing
system (TPS)

A TPS
collects
and stores

information about transactions, and controls some aspects of transactions. A

transaction is an event of interest to the organization. e.g. a sale at a store.
A TPS is a basic business system.
Features of Transaction Processing Systems

The success of commercial enterprises depends on the reliable processing of transactions

to ensure that customer orders are met on time, and that partners and suppliers are paid
and can make payment. The field of transaction processing, therefore, has become a vital
part of effective business management, led by such organisations as the Association for
Work Process Improvement and the Transaction Processing Performance Council.

Transaction processing systems offer enterprises the means to rapidly process

transactions to ensure the smooth flow of data and the progression of processes
throughout the enterprise. Typically, a TPS will exhibit the following characteristics:

Rapid Processing

The rapid processing of transactions is vital to the

success of any enterprise now more than ever, in the face of advancing technology and
customer demand for immediate action. TPS systems are designed to process transactions
virtually instantly to ensure that customer data is available to the processes that require it.

Reliability

Similarly, customers will not tolerate mistakes. TPS systems must be designed to ensure
that not only do transactions never slip past the net, but that the systems themselves
remain operational permanently. TPS systems are therefore designed to incorporate
comprehensive safeguards and disaster recovery systems. These measures keep the
failure rate well within tolerance levels.

Standardisation

Transactions must be processed in the same way each time to maximise efficiency. To
ensure this, TPS interfaces are designed to acquire identical data for each transaction,
regardless of the customer.

Controlled Access

Since TPS systems can be such a powerful business tool, access must be restricted to only
those employees who require their use. Restricted access to the system ensures that
employees who lack the skills and ability to control it cannot influence the transaction
process.

Q3 What is MIS and discuss the role of middle management related to MIS?

Answer

MIS above

Role of middle management related to MIS

 The MIS helps the middle management in short them planning,target setting and
controlling the business functions. It is supported by the use of the management tools of
planning and control.

Q4 . What is closed loop system and explain the function of Information in an

organization

Answer :

Closed Loop System

Closed Loop Systems: A system with the three control elements (objectives, control
mechanism, and feedback loop) is called a closed loop system. A system that is not
connected to its environment is a closed system.

A closed loop control system is a system where the output is fed back to the input so that
the systems output can affect its input. Thus control action is implemented which may be
modified as a result of any difference between the desired value and actual state of a
system

Role of Information in an organization

Businesses and other organizations need information for many purposes:

Planning
Recording
Controlling
Measuring
Decision-making
Planning

To plan properly, a business needs to know what resources it has (e.g. cash,
people, machinery and equipment, property, customers). It also needs
information about the markets in which it operates and the actions of
competitors. At the planning stage, information is important as a key
ingredient in decision-making.
Recording
 Information about each transaction or event is needed. Much of this is
required to be collected by law - e.g. details of financial transactions. Just as
importantly, information needs to be recorded so that the business can be
properly managed.
Controlling

Once a business has produced its plan it needs to monitor progress against
the plan - and control resources to do so. So information is needed to help
identify whether things are going better or worse than expected, and to spot
ways in which corrective action can be taken
Measuring

Performance must be measured for a business to be successful. Information

is used as the main way of measuring performance. For example, this can be
done by collecting and analysing information on sales, costs and profits
Decision-making

Information used for decision-making is often categorised into three types:

1. Strategic information: used to help plan the objectives of the business as a

whole and to measure how well those objectives are being achieved.
Examples of stategic information include:
Profitability of each part of the business
- Size, growth and competitive structure of the markets
in which a business operates
- Investments made by the business and the returns (e.g.
profits, cash inflows) from those investments
(2) Tactical Information: this is used to decide how the resources of the business
should be employed. Examples include:

- Information about business productivity (e.g. units produced per employee; staff
turnover)
- Profit and cash flow forecasts in the short term
- Pricing information from the market

(3) Operational Information: this information is used to make sure that specific
operational tasks are carried out as planned/intended (i.e. things are done properly).
For example, a production manager will want information about the extent and
results of quality control checks that are being carried out in the manufacturing
process.