Sie sind auf Seite 1von 216

qwertyuiopasdfghjklzxcvbnmq

wertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwer
tyuiopasdfghjklzxcvbnmqwerty
uiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
MANAGEMENT INFORMATION SYSTEM
BA7205
asdfghjklzxcvbnmqwertyuiopas
2013 REGULATION
dfghjklzxcvbnmqwertyuiopasdf
DEPARTMENT OF MANAGEMENT STUDIES
ghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzx
cvbnmqwertyuiopasdfghjklzxcv
bnmqwertyuiopasdfghjklzxcvbn
mqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmq
wertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmrtyui
NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

BA7205 INFORMATION MANAGEMENT LT P C 3 0 0 3


COURSE OBJECTIVE
To understand the importance of information in business
To know the technologies and methods used for effective decision making in an
organization.
COURSE OUTCOME
Gains knowledge on effective applications of information systems in business
UNIT I INTRODUCTION 10
Data, Information, Intelligence, Information Technology, Information System, evolution,
types
based on functions and hierarchy, System development methodologies, Functional
Information Systems, DSS, EIS, KMS, GIS, International Information System.
UNIT II SYSTEM ANALYSIS AND DESIGN 10
Case tools - System flow chart, Decision table, Data flow Diagram (DFD), Entity
Relationship (ER), Object Oriented Analysis and Design(OOAD), UML diagram.
UNIT III DATABASE MANAGEMENT SYSTEMS 9
DBMS HDBMS, NDBMS, RDBMS, OODBMS, Query Processing, SQL, Concurrency
Management, Data warehousing and Data Mart
UNIT IV SECURITY, CONTROL AND REPORTING 8
Security, Testing, Error detection, Controls, IS Vulnerability, Disaster Management,
Computer Crimes, Securing the Web, Intranets and Wireless Networks, Software Audit,
Ethics in IT, User Interface and reporting.
UNIT V NEW IT INITIATIVES 8
Role of information management in ERP, e-business, e-governance, Data Mining,
Business
Intelligence, Pervasive Computing, Cloud computing, CMM.
TOTAL: 45 PERIODS
TEXTBOOKS
1. Robert Schultheis and Mary Summer, Management Information Systems The
Managers
View, Tata McGraw Hill, 2008.
2. Kenneth C. Laudon and Jane Price Laudon, Management Information Systems
Managing the
digital firm, PHI Learning / Pearson Education, PHI, Asia, 2012.
REFERENCES
1. Rahul de, MIS in Business, Government and Society, Wiley India Pvt Ltd, 2012
2. Gordon Davis, Management Information System : Conceptual Foundations, Structure
and Development, Tata McGraw Hill, 21st Reprint 2008.
3. Haag, Cummings and Mc Cubbrey, Management Information Systems for the
Information Age, McGraw Hill, 2005. 9th edition, 2013.
4. Turban, McLean and Wetherbe, Information Technology for Management
Transforming Organisations in the Digital Economy, John Wiley, 6th Edition, 2008.
5. Raymond McLeod and Jr. George P. Schell, Management Information Systems,
Pearson Education, 2007.
6. James O Brien, Management Information Systems Managing Information
Technology in the E-business enterprise, Tata McGraw Hill, 2004.
7. Raplh Stair and George Reynolds, Information Systems, Cengage Learning, 10th Edition,
2012
8. Corey Schou and Dan Shoemaker, Information Assurance for the Enterprise A
Roadmap to Information Security, Tata McGraw Hill, 2007.
9. Frederick Gallegor, Sandra Senft, Daniel P. Manson and Carol Gonzales, Information
Technology Control and Audit, Auerbach Publications, 4th Edition, 2013.

DEPARTMENT OF MANAGEMENT STUDIES 1


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

MANAGEEMNT INFORMATION SYSTEM UNIT: I

Introduction

Everyone have instant access to millions of pieces of data. With a few clicks of the
mouse button, you can find anything from current stock prices and video clips of current
movies. You can get product descriptions, pictures, and prices from thousands of companies
across India and around the world. Trying to sell services and products? You can purchase
demographic, economic, consumer buying pattern, and market-analysis data. Your firm will
have internal financial, marketing, production, and employee data for past years. This
tremendous amount of data provides opportunities to managers and consumers who know
how to obtain it and analyze it to make better decisions.
The speed with which Information Technology (IT) and Information Systems (IS)
are changing our lives is amazing. Only 50 years ago communication was almost limited to
the telephone, the first word processors came out in the mid-sixties and the fax entered our
offices in the 1970's. Today information systems are everywhere; from supermarkets to
airline reservations, libraries and banking operations they have become part of our daily
lives.
To create an effective information system, you need to do more than simply
purchase the various components. Quality is an important issue in business today,
particularly as it relates to information systems. The quality of an information system is
measured by its ability to provide exactly the information needed by managers in a timely
manner. The information must be accurate and up-to-date. Users should be able to receive
the information in a variety of formats: tables of data, graphs, summary statistics, or even
pictures or sound: Users have different perspectives and different requirements, and a good
information system must have the flexibility to present information in diverse forms for
each user.
MIS, or management information systems, are used to manage the data created
within the structure of a particular business. These systems store the data and allow the
business to manipulate, analyze and compile the data through the use of software
applications. Reports and analysis pulled from an information system can assist in the
directing, planning and decision making needs of managers.
A computer information system (CIS) consists of related components like
hardware, software, people, procedures, and collections of data. The term information
technology (IT) represents the various types of hardware and software used in an
information system, including computers and networking equipment. The goal of

DEPARTMENT OF MANAGEMENT STUDIES 2


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Information System is to enable managers to make better decisions by providing quality


information.

The physical equipment used in computing is called hardware. The set of


instructions that controls the hardware is known as software. In the early days of
computers, the people directly involved in are tended to be programmers, design analysts,
and a few external users. Today, almost everyone in the firm is involved with the
information system. Procedures are instructions that help people use the systems. They
include items such as user manuals, documentation, and procedures to ensure that backups
are made regularly. Data-bases are collections of related data that can be retrieved easily
and processed by the computers. As you will see in the cases throughout our book, all of
these components are vital tocreating an effective information system.

Information Management
Businesses gather information every day in the form of invoices, proposals, daily
sales figures and time cards. This information can provide a business insight into
their operations, create a platform for decision making and reveal ideas that feed
strategic planning. Gathering the information requires a consistent and reliable
process in order for the information to be useful. Information management requires a
system that supports the business model the information comes from.
Structures
Management information structures provide a central location in which to store and
manage the information from. The structure or system is fed by people (employees,
vendors, suppliers, customers) who input (provide) the data and output the data
(creating reports and disseminating the data). Software and hardware supply the
equipment needed to process, store and control access to the data. Business rules
(how production cost is figured, formulas for vacation time, how accounts payable
are processed for payment) dictate how the software should operate.
Data
Data found in information management systems is gathered by hand or
electronically. Documents can provide data that is then input into the system or data
can be gathered through conversation and input directly into the system via a form.
Data can also be gathered using an electronic device such as a barcode scanner that
is then downloaded into the management system. Delivering data into the system
can occur from outside the system via customers, vendors or suppliers. Access to

DEPARTMENT OF MANAGEMENT STUDIES 3


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

data may be controlled via a separate set of rules implemented by the business.
Tools
Software programs designed to fit the business rules and its required documents are
the entry points for an information system. Hardware is needed to operate the
software and can include large computer networks or a simple single server with a
small number of desktops. Each business department may have a separate software
program that shares its data with other programs or all departments can enter data
through a central software program. Oracle and Microsoft offer management
information system software products for medium to large businesses.
Output
Software applications allow the sorting and analyzing of data. Output typically
comes in the form of reports. Reports can be disseminated electronically or by hand.
A report can provide information about sales figures, production goals or even the
financial value of the business as a whole. Annual reports and quarterly sales figures
are created from data located in a management information system.
Business Perspective of IS

OrganizationsWe must understand the nature, the purpose, and the structure of the
organizations that will use the IS.
ManagementWe must understand how they use the IS, why they use the IS, and it
affects their jobs and daily activities.
Technology (IT)We must understand the capabilities, limitations, and functionality
if the technology that underlies the IS.

Every good organization needs a good manager. Pretty simple, Pretty reasonable.
Take professional cricket coaches. They don't actually play the game; they don't hit the run,
catch the ball for the wicket, or hang every decoration for the celebration party. They stay

DEPARTMENT OF MANAGEMENT STUDIES 4


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

on the sidelines during the game. Their real role is to develop the game plan by analyzing
their team's strengths and weaknesses. But that's not all; they also determine the
competition's strengths and weaknesses. Every good coach has a game plan before the team
even comes out of the dressing room. That plan may change as the game progresses, but
coaches pretty much know what they're going to do if they are losing or if they are winning.
The same is true in workplace organizations.

Data, Information, Knowledge, Wisdom

Let us consider the case of a retail store that is trying to increase sales. Some of the
data available includes sales levels for the last 36 months, advertising expenses, and
customer comments from surveys. By itself, this data may be interesting, but it must be
organized and analyzed to be useful in making a decision. For example, a manager might
use economic and marketing models to forecast patterns and determine relationships among
various advertising expenses and sales.
The resulting information (presented in equations, charts, and tables) would clarify
relationships among the data and would be used to decide how to proceed It requires
knowledge to determine how to analyze data and make decisions.
Education and experience create knowledge in humans. A manager learns which
data to collect, the proper models to apply, and ways to analyze results for making better
decisions. In some cases, this knowledge can be transferred to specialized computer
programs (expert systems).
Wisdom is more difficult to define but represents the ability to learn from
experience and adapt to changing conditions. In this example, wisdom would enable a
manager to spot trends, identify potential problems, and develop new techniques to analyze
the data.

Characteristics of Information

Timeliness: Information must reach the user in a timely manner, just when it is
needed; not too early, because by the time it is used it would be out-of-date; not too
late because the user will not be able to incorporate it into his/her decision-making.
Appropriateness: Information must be relevant to the person who is using it. It
must be within the sphere of his/her activities so that it can be used to reduce
uncertainty in his/her decision-making.
Accuracy: Accuracy costs. We don't always need 100% accurate information so

DEPARTMENT OF MANAGEMENT STUDIES 5


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

long as we know the degree of accuracy it represents (eg: + or - 5%). (Remember


the value of information).
Conciseness: Information should always contain the minimum amount of detail that
is appropriate for the user. Too much detail causes information overload.
Frequency: Frequency is related to timeliness. Too often the information presented
is linked to the calendar (end of the week, beginning of the month); its frequency
should be synchronized with the timing of the decision making of the user.
Understandability: The format and presentation of information are very important.
Some people prefer tabular information, whereas others may need it in a graphical
form. Also the use of colors enhances the understandability of what is presented.
Relevant: It pertains to the particular problem. What data is relevant depends on the
decision-making model used. E.g. university admissions officials may choose to
consider the results of some high-school test irrelevant, if they believe that it does
not improve the chances of some applicant later becoming a successful student.
Complete: All the relevant parts are included. E.g. marketing data about household
incomes may lead to bad decisions, if not accompanied by consumption habits of the
target population.
Current: Decisions are often based on the latest information available
Economical: The costs of gathering information should be justified by the overall
benefits
System

A system is a group of interrelated components working together toward a common


goal by accepting inputs and producing outputs in an organized transformation process.
System will have the following basic interacting components (functions):
1. Input
2. Processing
3. Output
4. Feedback
5. Control
Let me explain the concept of system with an example. The following example will
give you better understanding about System.
Example: Sales Force Automation System (SFAS)
Suppose you are a regional manager who supervises 100 salespersons in Mumbai.
Your company's headquarters are located in Chennai. Your performance is daily evaluated

DEPARTMENT OF MANAGEMENT STUDIES 6


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

by the headquarters. You are compared with managers in other regions such as Delhi,
Kolkata etc. Your company publishes various books: encyclopedia, children's books, etc.
In short, the headquarters are not interested in each salesperson's performance. All
they care about is your performance, i.e. the regional sales results.
In order to save your job, you have to keep increasing sales. You have to motivate,
encourage, help, and discipline salespeople in Mumbai, if they perform, your job is secured.
If they don't perform, you will be fired.
Information System

Now, it is time to see the real meaning and concept of Information Systems. Too
often you hear someone say, "Oh yeah, I know how to use a computer. I can surf the Web
with the best of them and I can play Solitaire for hours. I'm really good at computers."
Okay. So that person can pound a keyboard, use a mouse at lightning speed, and has a list of
favorite Web sites a mile long. But the real question is "Is that person information literate?"
Just because you can pound the keyboard doesn't necessarily mean you can leverage the
technology to your advantage or the advantage of your organization. An organization can
gather and keep all the data on its customers that a hard drive can hold. You can get all the
output reports that one desk can physically hold. You can have the fastest Internet
connection created to date. But if the organization doesn't take advantage of customer data
to create new opportunities, then all it has is useless information. If the output report doesn't
tell the management that it has a serious problem on the factory floor, then all that's been
accomplished is to kill a few more trees. If you don't know how to analyze the information
from a Web site to take advantage of new sales leads, then what have you really done for
yourself today?
Most of us think only of hardware and software when we think of an Information
System. There is another component of the triangle that should be considered, and that's the
people side, or "persware." Think of it this way:

PERSWARE

HARDWARE SOFTWARE

We talk about the input, processing, output and feedback processes. Most important
is the feedback process; unfortunately it's the one most often overlooked. Just as in the
triangle above, the hardware (input and output) and the software (processing) receive the

DEPARTMENT OF MANAGEMENT STUDIES 7


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

most attention. With those two alone, you have computer literacy. But if you don't use the
"persware" side of the triangle to complete the feedback loop, you don't accomplish much.
Add the "persware" angle with good feedback and you have the beginnings of information
literacy.
An information system differs from other kinds of systems in that its objective is to
monitor/document the operations of some other system, which we can call a target system.
An information system cannot exist without such a target system. For example, production
activities would be the target system for a production scheduling system, human resources
in the business operations would be the target system of a human resource information
system, and so on. It is important to recognise that within a vending machine there is a
component/sub-system that can be considered an information system. In some sense, every
reactive system will have a subsystem that can be considered an information system whose
objective is to monitor and control such a reactive system.
Information System Resources

Every Information System is equipped with the following resources. The goals of
information systems can be easily achieved by employing these resources to their optimum
level by keeping in view that the purpose of using IS in an organization.
People Resources
o End users
o IS specialists
Hardware Resources
o Machines
o Media

Software Resources
o Program
Operating Systems (OS)
Examples: Windows, Unix, etc.
Application Software
Examples: Excel, Access, MS-Word, etc.
Application software that makes people buy computers that can run the
software.
Example 1: Lotus 1-2-3 (a spreadsheet program): In early 1980s, personal computer market
was dominated by Apple (about 90% Apple, about 10 % IBM and its compatibles); Lotus 1-

DEPARTMENT OF MANAGEMENT STUDIES 8


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

2-3 was introduced and it could be run on only IBM's MS-DOS operating system;
Companies all over the world were impressed with Lotus 1-2-3, and wish to use the
software. In order to run the software, they had to purchase IBM PC or IBM PC
compatibles that run on MS-DOS. Example 2: email system. To use an email system
(software), people buy computers.
Procedures
Operating instructions for the people who will use an information system.
Examples: Instructions for filling out a paper form or using a software package.
Data Resources
Data vs. Information
Data
Raw facts, observations, business transactions
Objective measurements of the attributes (characteristics) of entities (people, places,
things, events, etc.)
Attributes can be last name, first name, gender, etc. for an entity of "people."
Information
Data that have been converted into a meaningful and useful context for specific end
users.
Processed data placed in a context that gives it value for specific end users.
1. Its form is aggregated, manipulated, and organized.
2. Its content is analyzed and evaluated.
3. It is placed in a proper context for a human user.
Network Resources
Communications media
Communications processors
Network access & control software
Why Information Systems?

Ask managers to describe their most important resources and they'll list money,
equipment, materials, and people - not necessarily in that order. It's very unusual for
managers to consider information an important resource and yet it is. This chapter will help
explain why you need to manage this resource as closely as any other in your organization.
Contemporary Approaches to Information Systems

There are several different approaches to Information Systems: technical,

DEPARTMENT OF MANAGEMENT STUDIES 9


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

behavioral, socio-technical. Think of this analogy: A "techie" looks at most things


associated with computing as a series of zeroes or ones. After all, everything in a computer
is ultimately reduced to a zero or a one. So using the technical approach, you could say that
2 + 2 = 4. The behavioral approach, on the other hand, takes into account the very nature of
human beings. Nothing is totally black and white. Therefore the behavioral approach to the
same equation would be "2 + 2 = maybe 4 or perhaps 3.5 to 5.5, but we'll have to put it
before the committee and see what the next quarter's figures say." Neither approach is better
than the other, depending on the situation. Neither approach is more right than the other,
depending on the situation. An organization can't afford to view its information resources as
belonging to either the techies (technical approach) or the non-techies (behavioral
approach). Responsibility for information belongs to everyone in the organization. This is
the sociotechnical approach, that is, a combination of the two. Everyone has to work
together to ensure that Information Systems serve the entire organization.
To help you understand the importance of viewing Information Systems through the
socio-technical approach, look at what the current trade journals are saying. David Haskin,
writing in the April 1999 issue of Windows Magazine, quotes Steve Roberts, vice president
of information technology for Mind Spring Enterprises, an Atlanta-based Internet service
provider: "The gap in understanding between technical and non technical people is the
biggest challenge I've seen." Haskin goes on to say, "Because technology is the bedrock on
which successful businesses are built, the stakes in making this relationship work are high.
Failing to use the correct technology can put you at a competitive disadvantage, and glitches
in existing technologies can bring a business to a grinding halt."
Information Systems and the use of technology belong to everyone in an
organization. This concept is best carried out through a socio-technical approach, which
allows both the technical and behavioral approaches to be combined for the good of the
organization.

Information System as a Strategic Resource

Information can be exploited as a strategic resource at three different levels:


National
Company
Individual
National Level
Developed nations have adopted the diffusion of information systems and
technologies as a national policy. There appear to be two approaches at the national

DEPARTMENT OF MANAGEMENT STUDIES 10


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

level. Countries like Japan and the United Kingdom have invested in the technical
infrastructure first whereas France has determined educating people on how to use
IS as a priority in order to enable them to leverage the power of information and
communication technologies.
Company Level
Many companies have attained higher product and service quality, shorter product
cycles, lower costs and better responsiveness to customer requirements through the
use of IS. Information systems allow the automation of certain functions (eg:
inventory management or sales order processing), provide critical information for
decision making and integrate business processes. Successful companies leverage
the power of information as a competitive weapon.
Individual Level Managers and Information Systems
You will be exposed to information systems as a business professional in whichever
field you are working in, be it sales, manufacturing, accounting, finance, banking or
consultancy. This is inevitable.
You will not only be users of information systems but you will also be expected to
analyse the system to identify its strengths and weaknesses, recommend changes for
improvement and participate in their implementation.
But don't forget information systems are a means to an end, not an end in
themselves. Information systems are powerful valuable tools but not magic. If you
automate a business process that is a mess, you end up with an automated mess!
Managers must take IS in the context of business activities and purposes and use
information as a resource, like money, equipment or energy.
Managers must use IS to

Access information
Interpreted information
Incorporate information in decision making
Managers must exploit IS because of
Rapid changes in technology
Intense international competition
Faster product life cycles
More complex and specialized markets
Managers
Are responsible for investments in IS
Need to be proactive and selective
DEPARTMENT OF MANAGEMENT STUDIES 11
NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Must understand how IS are used in the functional areas of business.

New Options for Organizational Design: The Networked Enterprise

Many of the job losses of the 1990s occurred because technology allowed
organizations operate efficiently with flatter organizations - with fewer levels of
bureaucracy. One manager can now oversee a larger group of people. More important,
technology increases the span of communication a manager can accomplish with a single
email. You can make information available to a greater number of people much more easily
than ever before.
But wait. You can make that information available to more people, but you have to train
them how to use it, and when it's appropriate to use it and with what latitude they can use it.
Again, it all comes back to the "persware" portion of the triangle. Yes, your hardware
enables more people to connect to the Information System, and the software is becoming
much easier to use and more widespread than ever before. But you still have to concentrate
on the people who are using the software to connect to the hardware.
Technology now allows workers to work from anywhere. It's becoming common for
companies to literally shift their work through time zones. That is, the person in New York
will shift blueprints for a new product to a worker in California. The Californian can then
collaborate on the product for an additional three hours before zipping it to another person
across the ocean who will work on it while the others sleep. Talk about telecommuting!
Technology now allows companies in foreign countries to merge their organizations
in ways never before possible. Think of Daimler from Germany and Chrysler in Michigan.
Opportunities for new products and new production methods exist with this merger.
However, think of the challenges it poses to management information systems and
employees.

DEPARTMENT OF MANAGEMENT STUDIES 12


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

The figure you see depicts the possibilities of virtual organizations. XYZ and ABC
companies can team up, work on a project, and then go their separate ways. ABC could then seek
out LMN Corporation to develop a new technology from which both will gain but which neither
could accomplish on their own. This is happening more and more in technology companies. In
November 1998, America Online purchased Netscape. At the same time AOL announced a
collaboration with Sun Microsystems to develop and deliver enhanced technology that AOL couldn't
produce on its own. A few years ago, virtual organizations were difficult to develop and even more
difficult to manage. New technologies and new management information systems now make such
partnerships easier and more productive than ever before.

The Role of Information Systems in Business Today

Information technology and systems have revolutionized firms and industries,


becoming the largest component of capital investment in the U.S. and many industrialized
societies. Investment in information technology accounts for approximately 50 percent of
all capital invested in the United States.

DEPARTMENT OF MANAGEMENT STUDIES 13


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

FIGURE: INFORMATION TECHNOLOGY CAPITAL INVESTMENT


Information technology capital investment, defined as hardware, software, and
communications equipment, grew from 34% to 50% between 1980 and 2004.
Source: Based on data in U.S. Department of Commerce, Bureau of Economic
Analysis, National Income and Product Accounts, 2006.
Information systems are transforming business and the visible results of this include
the increased use of cell phones and wireless telecommunications devices, a massive shift
toward online news and information, booming e-commerce and Internet advertising, and
new federal security and accounting laws that address issues raised by the exponential
growth of digital information. The Internet has also drastically reduced the costs of
businesses operating on a global scale.
These changes have led to the emergence of the digital firm, a firm in which:

Most of the firm's significant business relationships with customers, suppliers, and
employees are digitally enabled and mediated.
Core business processes, or logically related business tasks, are accomplished
through digital networks.
Key corporate assets (intellectual property, core competencies, and financial and
human assets) are managed through digital means
Business responses to changes in their environment are enhanced through digital
communications, allowing for time shifting (business being conducted 24x7) and
DEPARTMENT OF MANAGEMENT STUDIES 14
NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

space shifting (business being conducted globally or beyond traditional geographic


boundaries).

Information systems are essential for conducting day-to-day business in the U.S. and
most other advanced countries, as well as achieving strategic business objectives. Some
firms, such as Amazon and E-Trade, would be nonexistent without information systems.
Some service industries, such as finance, insurance, and real estate industries, could not
operate without information systems. The ability of a firm to use IT is becoming intertwined
with the firm's ability to implement corporate strategy.

FIGURE: THE INTERDEPENDENCE BETWEEN ORGANIZATIONS AND


INFORMATION SYSTEMS
There is a growing interdependence between a firms information systems and its
business capabilities. Changes in strategy, rules, and business processes increasingly require
changes in hardware, software, databases, and telecommunications. Often, what the
organization would like to do depends on what its systems will permit it to do.
Business firms invest heavily in information systems to achieve six strategic business
objectives:

Operational excellence: Efficiency, productivity, and improved changes in business


practices and management behavior
New products, services, and business models: A business model describes how a
company produces, delivers, and sells a product or service to create wealth.
Information systems and technologies create opportunities for products, services,
and new ways to engage in business.
Customer and supplier intimacy: Improved communication with and service to
customers raises revenues and improved communication with suppliers lowers

DEPARTMENT OF MANAGEMENT STUDIES 15


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

costs.
Improved decision making: Without accurate and timely information, business
managers must make decisions based on forecasts, best guesses, and luck, a process
that results in over and under-production of goods, raising costs, and the loss of
customers.
Competitive advantage: Implementing effective and efficient information systems
can allow a company to charge less for superior products, adding up to higher sales
and profits than their competitors.
Survival: Information systems can also be a necessity of doing business. A
necessity may be driven by industry-level changes, as in the implementation of
ATMs in the retail banking industry. A necessity may also be driven by
governmental regulations, such as federal or state statutes requiring a business to
retain data and report specific information.
Types of Information Systems

Information systems are constantly changing and evolving as technology continues


to grow. Very importantly the information systems described below are not mutually
exclusive and some (especially Expert Systems, Management Information Systems and
Executive Information Systems are can be seen as a subset of Decision Support Systems).
However these examples are not the only overlaps and the division of these information
systems will change over time.
At present there are five main types:

Transaction Processing Systems (TPS)


Decision Support Systems (DSS)
Executive Information Systems (EIS)
Management Information Systems (MIS)
Office Automation Systems (OAS)

Transaction Processing System (TPS)

A Transaction Processing System or Transaction Processing Monitor is a set of


information which processes the data transaction in database system that monitors
transaction programs (a special kind of program). The essence of a transaction program is
that it manages data that must be left in a consistent state. E.g. if an electronic payment is
made, the amount must be either both withdrawn from one account and added to the other,
or none at all. In case of a failure preventing transaction completion, the partially executed

DEPARTMENT OF MANAGEMENT STUDIES 16


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

transaction must be rolled back by the TPS. While this type of integrity must be provided
also for batch transaction processing, it is particularly important for online processing: if
e.g. an airline seat reservation system is accessed by multiple operators, after an empty seat
inquiry, the seat reservation data must be locked until the reservation is made, otherwise
another user may get the impression a seat is still free while it is actually being booked at
the time. Without proper transaction monitoring, double bookings may occur. Other
transaction monitor functions include deadlock (Lock Jam) detection and resolution
(deadlocks may be inevitable in certain cases of cross-dependence on data), and transaction
logging (in journals) for forward recovery in case of massive failures.
Transaction Processing is not limited to application programs. The journaled file
system provided with IBMs AIX Unix operating system employs similar techniques to
maintain file system integrity, including a journal.
Features of TPS
Rapid response

Fast performance with a rapid response time is critical. Businesses cannot afford to
have customers waiting for a TPS to respond, the turnaround time from the input of
the transaction to the production for the output must be a few seconds or less.
Reliability

Many organizations rely heavily on their TPS; a breakdown will disrupt operations
or even stop the business. For a TPS to be effective its failure rate must be very low.
If a TPS does fail, then quick and accurate recovery must be possible. This makes
welldesigned backup and recovery procedures essential.
Inflexibility

A TPS wants every transaction to be processed in the same way regardless of the
user, the customer or the time for day. If a TPS were flexible, there would be too
many opportunities for non-standard operations, for example, a commercial airline
needs to consistently accept airline reservations from a range of travel agents,
accepting different transactions data from different travel agents would be a
problem.

Controlled processing

DEPARTMENT OF MANAGEMENT STUDIES 17


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

The processing in a TPS must support an organizations operations. For example if


an organization allocates roles and responsibilities to particular employees, then the
TPS should enforce and maintain this requirement.
ACID test properties: first definition

Atomicity

A transactions changes to the state are atomic: either all happen or none happen.
These changes include database changes, messages, and actions on transducers.
Consistency

A transaction is a correct transformation of the state. The actions taken as a group do


not violate any of the integrity constraints associated with the state. This requires
that the transaction be a correct program!
Isolation

Even though transactions execute concurrently, it appears to each transaction T that


others executed either before T or after T but not both.

Durability

Once a transaction completes successfully (commits), its changes to the state survive
failures.

Concurrency

Ensures that two users cannot change the same data at the same time. That is, one
user cannot change a piece of data before another user has finished with it. For
example, if an airline ticket agent starts to reserve the last seat on a flight, then
another agent cannot tell another passenger that a seat is available.

Types of back-up procedures

There are two main types of Back-up Procedures: Grandfather-father-son and


Partial backups

Grandfather-father-son

This procedure refers to at least three generations of backup master files. Thus, the
most recent backup is the son, the oldest backup is the grandfather. Its commonly
used for a batch transaction processing system with a magnetic tape. If the system
fails during a batch run, the master file is recreated by using the son backup and then
restarting the batch. However if the son backup fails, is corrupted or destroyed, then

DEPARTMENT OF MANAGEMENT STUDIES 18


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

the next generation up backup (father) is required. Likewise, if that fails, then the
next generation up backup (grandfather) is required. Of course the older the
generation, the more the data may be out of date. Organizations can have up to
twenty generations of backup.

Partial backups

This only occurs when parts of the master file are backed up. The master file is
usually backed up to magnetic tape at regular times, this could be daily, weekly or
monthly. Completed transactions since the last backup are stored separately and are
called journals, or journal files. The master file can be recreated from the journal
files on the backup tape if the system is to fail.

Decision Support System (DSS)

A Decision Support System (DSS) is a class of information systems (including but


not limited to computerized systems) that support business and organizational decision-
making activities. A properly designed DSS is an interactive software-based system
intended to help decision makers compile useful information from a combination of raw
data, documents, personal knowledge, or business models to identify and solve problems
and make decisions.

Typical information that a decision support application might gather and present are:

An inventory of all of your current information assets (including legacy and


relational data sources, cubes, data warehouses, and data marts),
Comparative sales figures between one week and the next,
Projected revenue figures based on new product sales assumptions.

Taxonomies (Classification)

As with the definition, there is no universally-accepted taxonomy of DSS either.


Different authors propose different classifications. Using the relationship with the
user as the criterion, Haettenschwiler differentiates passive, active, and cooperative
DSS. A passive DSS is a system that aids the process of decision making, but that
cannot bring out explicit decision suggestions or solutions. An active DSS can bring
out such decision suggestions or solutions. A cooperative DSS allows the decision
maker (or its advisor) to modify, complete, or refine the decision suggestions

DEPARTMENT OF MANAGEMENT STUDIES 19


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

provided by the system, before sending them back to the system for validation. The
system again improves, completes, and refines the suggestions of the decision maker
and sends them back to her for validation. The whole process then starts again, until
a consolidated solution is generated.
Another taxonomy for DSS has been created by Daniel Power. Using the
mode of assistance as the criterion, Power differentiates communication-driven DSS,
data-driven DSS, document-driven DSS, knowledge-driven DSS, and model-driven
DSS.

A communication-driven DSS supports more than one person working on a shared


task; examples include integrated tools like Microsoft's NetMeeting or Groove.

A data-driven DSS or data-oriented DSS emphasizes access to and manipulation of


a time series of internal company data and, sometimes, external data.

A document-driven DSS manages, retrieves, and manipulates unstructured


information in a variety of electronic formats.

A knowledge-driven DSS provides specialized problem-solving expertise stored as


facts, rules, procedures, or in similar structures.

A model-driven DSS emphasizes access to and manipulation of a statistical,


financial, optimization, or simulation model. Model-driven DSS use data and
parameters provided by users to assist decision makers in analyzing a situation; they
are not necessarily data-intensive. Dicodess is an example of an open source model-
driven DSS generator.

Using scope as the criterion, Power differentiates enterprise-wide DSS and desktop
DSS. An enterprise-wide DSS is linked to large data warehouses and serves many managers
in the company. A desktop, single-user DSS is a small system that runs on an individual
manager's PC.

Classifying DSS

There are several ways to classify DSS applications. Not every DSS fits neatly into one
category, but a mix of two or more architecture in one.
Holsapple and Whinston classify DSS into the following six frameworks: Text-oriented
DSS, Database-oriented DSS, Spreadsheet-oriented DSS, Solver-oriented DSS, Rule-

DEPARTMENT OF MANAGEMENT STUDIES 20


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

oriented DSS, and Compound DSS.


A compound DSS is the most popular classification for a DSS. It is a hybrid system that
includes two or more of the five basic structures described by Holsapple and Whinston.
The support given by DSS can be separated into three distinct, interrelated categories:
Personal Support, Group Support, and Organizational Support.

DSS components may be classified as,

Inputs: Factors, numbers, and characteristics to analyze


User Knowledge and Expertise: Inputs requiring manual analysis by the user
Outputs: Transformed data from which DSS "decisions" are generated
Decisions: Results generated by the DSS based on user criteria

DSSs which perform selected cognitive decision-making functions and are based on
artificial intelligence or intelligent agents technologies are called Intelligent Decision
Support Systems (IDSS).

The nascent field of Decision engineering treats the decision itself as an engineered
object, and applies engineering principles such as Design and Quality assurance to an
explicit representation of the elements that make up a decision.

Applications of DSS

As mentioned above, there are theoretical possibilities of building such systems in any
knowledge domain.
One example is the Clinical decision support system for medical diagnosis. Other examples
include a bank loan officer verifying the credit of a loan applicant or an engineering firm
that has bids on several projects and wants to know if they can be competitive with their
costs.
DSS is extensively used in business and management. Executive dashboard and other
business performance software allow faster decision making, identification of negative
trends, and better allocation of business resources.
A growing area of DSS application, concepts, principles, and techniques is in agricultural
production, marketing for sustainable development. For example, the DSSAT4 package,
developed through financial support of USAID during the 80's and 90's, has allowed rapid
assessment of several agricultural production systems around the world to facilitate
decision-making at the farm and policy levels. There are, however, many constraints to the
successful adoption on DSS in agriculture.

DEPARTMENT OF MANAGEMENT STUDIES 21


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

DSS are also prevalent in forest management where the long planning time frame demands
specific requirements. All aspects of Forest management, from log transportation, harvest
scheduling to sustainability and ecosystem protection have been addressed by modern
DSSs. A comprehensive list and discussion of all available systems in forest management is
being compiled under the COST action Forsys
A specific example concerns the Canadian National Railway system, which tests its
equipment on a regular basis using a decision support system. A problem faced by any
railroad is worn-out or defective rails, which can result in hundreds of derailments per year.
Under a DSS, CN managed to decrease the incidence of derailments at the same time other
companies were experiencing an increase.
DSS has many applications that have already been spoken about. However, it can be used in
any field where organization is necessary. Additionally, a DSS can be designed to help
make decisions on the stock market, or deciding which area or segment to market a product
toward.

CACI has begun integrating simulation and decision support systems.

CACI defines three levels of simulation model maturity. Level 1 models are
traditional desktop simulation models that are executed within the native software package.
These often require a simulation expert to implement modifications, run scenarios, and
analyze results. Level 2 models embed the modeling engine in a web application that
allows the decision maker to make process and parameter changes without the assistance of
an analyst. Level 3 models are also embedded in a web-based application but are tied to
real-time operational data. The execution of level 3 models can be triggered automatically
based on this real-time data and the corresponding results can be displayed on the
managers desktop showing the prevailing trends and predictive analytics given the current
processes and state of the system. The advantage of this approach is that level 1 models
developed for the FDA projects can migrate to level 2 and 3 models in support of decision
support, production/operations management, process/work flow management, and
predictive analytics. This approach involves developing and maintaining reusable models
that allow decision makers to easily define and extract business level information (e.g.,
process metrics). Level 1 models are decomposed into their business objects and stored in
a database. All process information is stored in the database, including activity, resource,
and costing data. The database becomes a template library that users can access to build,
change, and modify their own unique process flows and then use simulation to study their

DEPARTMENT OF MANAGEMENT STUDIES 22


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

performance in an iterative manner.


Benefits of DSS

Improves personal efficiency


Expedites problem solving (speed up the progress of problems solving in an
organization)
Facilitates interpersonal communication
Promotes learning or training
Increases organizational control
Generates new evidence in support of a decision
Creates a competitive advantage over competition
Encourages exploration and discovery on the part of the decision maker
Reveals new approaches to thinking about the problem space
Helps automate the managerial processes.

Executive Information System (EIS)

An Executive Information System (EIS) is a type of management information system


intended to facilitate and support the information and decision-making needs of senior
executives by providing easy access to both internal and external information relevant to
meeting the strategic goals of the organization. It is commonly considered as a specialized
form of a Decision Support System (DSS)
The emphasis of EIS is on graphical displays and easy-to-use user interfaces. They offer
strong reporting and drill-down capabilities. In general, EIS are enterprise-wide DSS that
help top-level executives analyze, compare, and highlight trends in important variables so
that they can monitor performance and identify opportunities and problems. EIS and data
warehousing technologies are converging in the marketplace.
In recent years, the term EIS has lost popularity in favour of Business Intelligence (with
the sub areas of reporting, analytics, and digital dashboards).

Components of EIS
The components of an EIS can typically be classified as:
Hardware
Software
User Interface
Telecommunication

DEPARTMENT OF MANAGEMENT STUDIES 23


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Hardware

When talking about hardware for an EIS environment, we should focus on the
hardware that meet the executives needs. The executive must be put first and the
executives needs must be defined before the hardware can be selected. The basic
computer hardware needed for a typical EIS includes four components:
Input data-entry devices. These devices allow the executive to enter,
verify, and update data immediately;
The central processing unit (CPU), which is the kernel because it
controls the other computer system components;
Data storage files. The executive can use this part to save useful
business information, and this part also help the executive to search
historical business information easily;
Output devices, which provide a visual or permanent record for the
executive to save or read. This device refers to the visual output device
or printer.

In addition, with the advent of local area networks (LAN), several EIS products for
networked workstations became available. These systems require less support and
less expensive computer hardware. They also increase access of the EIS information
to many more users within a company.

Software

Choosing the appropriate software is vital to design an effective EIS. Therefore, the
software components and how they integrate the data into one system are very
important. The basic software needed for a typical EIS includes four components:
Text base software. The most common form of text is probably documents;
Database. Heterogeneous databases residing on a range of vendor-specific and
open computer platforms help executives access both internal and external
data;
Graphic base. Graphics can turn volumes of text and statistics into visual
information for executives. Typical graphic types are: time series charts,
scatter diagrams, maps, motion graphics, sequence charts, and comparison-
oriented graphs (i.e., bar charts);
Model base. The EIS models contain routine and special statistical, financial,
and other quantitative analysis.

DEPARTMENT OF MANAGEMENT STUDIES 24


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Perhaps a more difficult problem for executives is choosing from a range of highly
technical software packages. Ease of use, responsiveness to executives' requests, and
price are all reasonable considerations. Further, it should be considered whether the
package can run on existing hardware.

User Interface

An EIS needs to be efficient to retrieve relevant data for decision makers, so the user
interface is very important. Several types of interfaces can be available to the EIS
structure, such as scheduled reports, questions/answers, menu driven, command
language, natural language, and input/output. It is crucial that the interface must fit
the decision makers decision-making style. If the executive is not comfortable with
the information questions/answers style, the EIS will not be fully utilized. The ideal
interface for an EIS would be simple to use and highly flexible, providing consistent
performance, reflecting the executives world, and containing help information.

Telecommunication

As decentralizing is becoming the current trend in companies, telecommunications


will play a pivotal role in networked information systems. Transmitting data from
one place to another has become crucial for establishing a reliable network. In
addition, telecommunications within an EIS can accelerate the need for access to
distributed data.

Applications of EIS

EIS enables executives to find those data according to user-defined criteria and
promote information-based insight and understanding. Unlike a traditional management
information system presentation, EIS can distinguish between vital and seldom-used data,
and track different key critical activities for executives, both which are helpful in evaluating
if the company is meeting its corporate objectives. After realizing its advantages, people
have applied EIS in many areas, especially, in manufacturing, marketing, and finance areas.

Manufacturing

Basically, manufacturing is the transformation of raw materials into finished goods


for sale, or intermediate processes involving the production or finishing of semi-
manufactures. It is a large branch of industry and of secondary production.
Manufacturing operational control focuses on day-to-day operations, and the central

DEPARTMENT OF MANAGEMENT STUDIES 25


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

idea of this process is effectiveness and efficiency. To produce meaningful


managerial and operational information for controlling manufacturing operations,
the executive has to make changes in the decision processes. EIS provides the
evaluation of vendors and buyers, the evaluation of purchased materials and parts,
and analysis of critical purchasing areas. Therefore, the executive can oversee and
review purchasing operations effectively with EIS. In addition, because production
planning and control depends heavily on the plants data base and its
communications with all manufacturing work centers, EIS also provides an
approach to improve production planning and control.

Marketing

In an organization, marketing executives role is to create the future. Their main


duty is managing available marketing resources to create a more effective future.
For this, they need make judgments about risk and uncertainty of a project and its
impact on the company in short term and long term. To assist marketing executives
in making effective marketing decisions, an EIS can be applied. EIS provides an
approach to sales forecasting, which can allow the market executive to compare
sales forecast with past sales. EIS also offers an approach to product price, which is
found in venture analysis. The market executive can evaluate pricing as related to
competition along with the relationship of product quality with price charged. In
summary, EIS software package enables marketing executives to manipulate the
data by looking for trends, performing audits of the sales data, and calculating totals,
averages, changes, variances, or ratios. All of these sales analysis functions help
marketing executives to make final decisions.
Financial

A financial analysis is one of the most important steps to companies today. The
executive needs to use financial ratios and cash flow analysis to estimate the trends
and make capital investment decisions. An EIS is a responsibility-oriented approach
that integrates planning or budgeting with control of performance reporting, and it
can be extremely helpful to finance executives. Basically, EIS focuses on
accountability of financial performance and it recognizes the importance of cost
standards and flexible budgeting in developing the quality of information provided
for all executive levels. EIS enables executives to focus more on the long-term basis
of current year and beyond, which means that the executive not only can manage a
DEPARTMENT OF MANAGEMENT STUDIES 26
NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

sufficient flow to maintain current operations but also can figure out how to expand
operations that are contemplated over the coming years. Also, the combination of
EIS and EDI environment can help cash managers to review the companys financial
structure so that the best method of financing for an accepted capital project can be
concluded. In addition, the EIS is a good tool to help the executive to review
financial ratios, highlight financial trends and analyze a companys performance and
its competitors.

Advantages of EIS

Easy for upper-level executives to use, extensive computer experience is not


required in operations
Provides timely delivery of company summary information
Information that is provided is better understood
Filters data for management
Improves to tracking information
Offers efficiency to decision makers

Disadvantages of EIS

Limited functionality, by design


Information overload for some managers
Benefits hard to quantify
High implementation costs
System may become slow, large, and hard to manage
Need good internal processes for data management
May lead to less reliable and less secure data
System dependent

Future Trend of EIS

The future of executive info systems will not be bound by mainframe computer
systems. This trend allows executives escaping from learning different computer operating
systems and substantially decreases the implementation costs for companies. Because
utilizing existing software applications lies in this trend, executives will also eliminate the
need to learn a new or special language for the EIS package. Future executive information
systems will not only provide a system that supports senior executives, but also contain the

DEPARTMENT OF MANAGEMENT STUDIES 27


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

information needs for middle managers. The future executive information systems will
become diverse because of integrating potential new applications and technology into the
systems, such as incorporating artificial intelligence (AI) and integrating multimedia
characteristics and ISDN technology into an EIS.
Management Information System (MIS)

An 'MIS' is a planned system of the collecting, processing, storing and


disseminating data in the form of information needed to carry out the functions of
management. In a way it is a documented report of the activities those were planned and
executed. According to Philip Kotler "A marketing information system consists of people,
equipment, and procedures to gather, sort, analyze, evaluate, and distribute needed, timely,
and accurate information to marketing decision makers."
The terms MIS and information system are often confused. Information systems
include systems that are not intended for decision making. The area of study called MIS is
sometimes referred to, in a restrictive sense, as information technology management. That
area of study should not be confused with computer science. IT service management is a
practitioner-focused discipline. MIS has also some differences with Enterprise Resource
Planning (ERP) as ERP incorporates elements that are not necessarily focused on decision
support.
Office Automation System (OAS)

Office automation refers to the varied computer machinery and software used to
digitally create, collect, store, manipulate, and relay office information needed for
accomplishing basic tasks and goals. Raw data storage, electronic transfer, and the
management of electronic business information comprise the basic activities of an office
automation system. Office automation helps in optimizing or automating existing office
procedures.
The backbone of office automation is a LAN, which allows users to transmit data,
mail and even voice across the network. All office functions, including dictation, typing,
filing, copying, fax, Telex, microfilm and records management, telephone and telephone
switchboard operations, fall into this category. Office automation was a popular term in the
1970s and 1980s as the desktop computer exploded onto the scene.
Evolution of Information System

This section will discusses the evolution of information systems, levels of


management decision-making and information systems that enhance the value of

DEPARTMENT OF MANAGEMENT STUDIES 28


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

information. Students are encouraged to understand the reasons for the development of an
information system and its replacement; these will help you identify the benefits and
limitations of each type of information system.

From EDP to MIS


Until the 1960s, the role of most information systems was simple. They were mainly
used for Electronic Data Processing (EDP), purposes such as transactions processing,
record-keeping and accounting. EDP is often defined as the use of computers in recording,
classifying, manipulating, and summarizing data. It is also called transaction processing
systems (TPS), automatic data processing, or information processing.

Transaction processing systems these process data resulting from business


transactions, update operational databases, and produce business
documents. Examples: sales and inventory processing and accounting
systems.

In the 1960s, another role was added to the use of computers: the processing of data
into useful informative reports. The concept of management information systems (MIS) was
born. This new role focused on developing business applications that provided managerial
end users with predefined management reports that would give managers the information
they needed for decision-making purposes.
Management information systems provide information in the form of
prespecified reports and displays to support business decisionmaking.
Examples: sales analysis, production performance and cost trend reporting
systems.

By the 1970s, these pre-defined management reports were not sufficient to meet
many of the decision-making needs of management. In order to satisfy such needs, the
concept of decision support systems (DSS) was born. The new role for information systems
was to provide managerial end users with ad hoc and interactive support of their decision-
making processes.

Decision support systems provide interactive ad hoc support for the


decision-making processes of managers and other business professionals.
Examples: product pricing, profitability forecasting and risk analysis
systems.

In the 1980s, the introduction of microcomputers into the workplace ushered in a

DEPARTMENT OF MANAGEMENT STUDIES 29


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

new era, which led to a profound effect on organizations. The rapid development of
microcomputer processing power (e.g. Intels Pentium microprocessor), application
software packages (e.g. Microsoft Office), and telecommunication networks gave birth to
the phenomenon of end user computing. End users could now use their own computing
resources to support their job requirements instead of waiting for the indirect support of a
centralized corporate information services department. It became evident that most top
executives did not directly use either the MIS reports or the analytical modelling
capabilities of DSS, so the concept of executive information systems (EIS) was developed.
Executive information systems provide critical information from MIS,
DSS and other sources, tailored to the information needs of executives.
Examples: systems for easy access to analysis of business performance,
actions of all competitors, and economic developments to support strategic
planning.

Moreover, breakthroughs occurred in the development and application of artificial


intelligence (AI) techniques to business information systems. With less need for human
intervention, knowledge workers could be freed up to handle more complex tasks. Expert
systems (ES) and other knowledge management systems (KMS) also forged a new role for
information systems. ES can serve as consultants to users by providing expert advice in
limited subject areas.

Expert systems knowledge-based systems that provide expert advice and


act as expert consultants to users. Examples: credit application advisor,
process monitor, and diagnostic maintenance systems.

Knowledge management systems knowledge-based systems that support


the creation, organization and dissemination of business knowledge within
the enterprise. Examples: intranet access to best business practices, sales
proposal strategies and customer problem resolution systems.

The mid- to late 1990s saw the revolutionary emergence of enterprise resource
planning (ERP) systems. This organization-specific form of a strategic information system
integrates all facets of a firm, including its planning, manufacturing, sales, resource
management, customer relations, inventory control, order tracking, financial management,
human resources and marketing virtually every business function. The primary advantage
of these ERP systems lies in their common interface for all computer-based organizational
functions and their tight integration and data sharing needed for flexible strategic decision
making.
DEPARTMENT OF MANAGEMENT STUDIES 30
NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

From MIS to e-commerce

The rapid growth of the Internet, intranets, extranets and other interconnected global
networks in the 1990s dramatically changed the capabilities of information systems in
business. Internet-based and web-enabled enterprise and global electronic business and
commerce systems are becoming commonplace in the operations and management of
todays business enterprises.
Indeed todays information systems are still doing the same basic things that they
began doing over 50 years ago. We still need to process transactions, keep records, provide
management with useful and informative reports, and provide support to the accounting
systems and processes of the organization. However, what has changed is that we now
enjoy a much higher level of integration of system functions across applications, greater
connectivity across both similar and dissimilar system components, and the ability to
reallocate critical computing tasks such as data storage, processing, and presentation to take
maximum advantage of business and strategic opportunities. With increasing capabilities,
future systems will focus on increasing both the speed and reach of our systems to provide
even tighter integration combined with greater flexibility.
The Internet and related technologies and applications have changed the way
businesses operate and people work, and how information systems support business
processes, decision-making and competitive advantage. Today many businesses are using
Internet technologies to web-enable business processes and to create innovative e-business
applications.
E-business is the use of Internet technologies to work and empower business
processes, electronic commerce and enterprise collaboration within a company and with its
customers, suppliers and other business stakeholders. The Internet and Internet-like
networks those inside the enterprise (intranet) and those between an enterprise and its
trading partners (extranet) have become the primary information technology infrastructure
that supports the e-business applications of many companies. These companies rely on e-
business applications to
Reengineer internal business processes,
Implement electronic commerce systems with their customers and suppliers,
and
Promote enterprise collaboration among business teams and workgroups.

DEPARTMENT OF MANAGEMENT STUDIES 31


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Level of management decision-making

Information systems can support a variety of management decision-making levels and


decisions. These include the three levels of management activity: strategic management,
tactical management, and operational management.
Strategic management

It is typical for a board of directors and an executive committee of the CEO and top
executives to develop the overall organization goals, strategies, policies and
objectives as part of a strategic planning process. They also monitor the strategic
performance of the organization and its overall direction in the political, economic
and competitive business environment.
Tactical management

Increasingly, business professionals in self-directed teams as well as business unit


managers develop short- and medium-range plans, schedules and budgets and
specify the policies, procedures and business objectives for their subunits of the
company. They also allocate resources and monitor the performance of their
organizational sub-units, including departments, divisions, process teams and other
workgroups.
Operational management

The members of self-directed teams or operating managers develop short-range


plans such as weekly production schedules. They direct the use of resources and the
performance of tasks according to procedures, and within budgets and schedules
they establish for the teams and other workgroups of the organization.
Information systems that enhance value of information

(i) Data warehouse (DW)

A data warehouse stores data that have been extracted from the various operational,
external and other databases of an organization. It is a central source of the data that have
been cleaned, transformed and catalogued so they can be used by managers and other
business professionals for data mining, online analytical processing and other forms of
business analysis, market research and decision support.

(ii) Data mining (DM)

Data mining is a major use of DW databases and the static data they contain. In data

DEPARTMENT OF MANAGEMENT STUDIES 32


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

mining, the data in a DW are analyzed to reveal hidden patterns and trends in historical
business activity. This can be used to help managers make decisions about strategic changes
in business operations to gain competitive advantages in the marketplace. DM software
analyzes the vast stores of historical business data that have been prepared for analysis in
corporate DW and tries to discover patterns, trends, and correlations hidden in the data that
can help a company improve its business performance.

Data mining analyzes the vast amounts of historical that have been
prepared for analysis in data warehouses.

(iii) Online analytical processing (OLAP)

Online analytical processing enables managers and analysts to interactively examine


and manipulate large amounts of detailed and consolidated data from many perspectives.
OLAP involves analyzing complex relationships among thousands or even millions of data
items stored in data marts, DW and other multi-dimensional databases to discover patterns,
trends and exceptional conditions. An OLAP session takes place online in real time, with
rapid responses to a managers or analysts queries, so that their analytical or decision-
making process is undisturbed.

Online analytical processing interactively analyzes complex relationships


among large amounts of data stored in multidimensional databases.

Systems Analyst Roles and Functions, Alternative Role Name: Business Process
Engineer
Responsibilities (Activities)

1. Assists current or potential application users in identifying and describing problems


or opportunities that might be addressed either:

By implementing a new (automated or manual) system, or


By changing an existing application system.

2. Investigates such problems and opportunities to determine the feasibility of a system


solution and to identify the general kinds of system solution that appear appropriate.

3. Analyzes users business requirements in detail and, where appropriate, prepares


functional specifications1 for a proposed new (or changed) system.

DEPARTMENT OF MANAGEMENT STUDIES 33


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

4. Assists and guides prospective users of a proposed new or changed system in:\

Quantifying the benefits of having the system (or the penalties for not having it), and
Assessing the impact of the system on their organization and on the operation of
their business.
5. Obtains rough estimates of the cost of operating and maintaining a proposed new or
changed system, assuming use of appropriate technology, tools, and methods.

6. Assists the project manager3 in identifying the skills and resources needed to
implement a new system or to modify an existing system, and in preparing rough
estimates of:

The cost of developing or changing the system,


The duration of a project to do so.
7. Assists the sponsoring users in:

Analyzing the costs, benefits, risks, and return-on-investment of the proposed new
system,
Understanding the exact nature of the proposed system,
Deciding whether to proceed with the implementation.
8. Designs and develops users' manuals4 and corresponding training programs for a
system being developed.

9. Prepares, in consultation with users, implementers, and operations representatives, the


acceptance (or parallel) test plan for any new or changed system.

10. Assists the users in preparing for the installation and start-up of any new system
being implemented.

Accountability (or) Results

The Systems Analyst will be performing his or her role satisfactorily, with respect to
assigned projects, when:

1. Post-implementation project reviews show that the estimated benefit/cost ratios are
being met or exceeded by 80% of the systems5 that are eventually installed. (Resp-4, 5,
6)

2. At least 95% of the systems5 that turn out not to be justified are abandoned before
any effort is spent on implementation. (Resp-7a)

3. Users of new or changed systems are fully aware before installation of:

Exactly what the new system will do, (Resp-7b)

DEPARTMENT OF MANAGEMENT STUDIES 34


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Their own responsibilities toward successful implementation, (Resp-9)


Any difficulties or negative effects of the system (Resp-4b).

4. Proposed functional specifications1 are based upon:

A thorough and largely correct understanding of the users' business needs (Resp-3)
All applicable company standards (Resp-3),
Appropriate, up-to-date technology (Resp-2).

5. Non-trivial bugs in systems that have been tested according to agreed-upon test plans
occur no more than once in fifty batch runs or once in 10000 transactions.5 (Resp-9)

6. User management complains that a new system is hard to use or hard to learn in fewer
than one project in ten.5 (Resp-8, 10)

Authority

In order to accomplish his or her functions, the Staff Analyst may, without
additional authorization:
1. Communicate informally and in writing with the sponsoring users and affected
people in the user's organization.

2. Delegate tasks to subordinate members of the project team.

3. Request services from other parts of the company, subject to the limitations of the
project budget.

4. Decline to undertake activities in support of implementing systems that appear to


be infeasible or clearly unjustified (except where management specifically directs
that the work be done on a "best effort" basis).

5. Decline to support implementing systems for which the user does not fully
understand the functional specification, the benefits, and the estimated costs (except
where management specifically directs that the work be done on a "best effort"
basis).

6. Examine relevant materials relating (a) to previous or current systems to be


replaced and (b) to other systems that may have an interface to the proposed system.

7. Obtain and store actual ("live") data for testing.

8. Decline to concur in the production installation of a system for which either no

DEPARTMENT OF MANAGEMENT STUDIES 35


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

adequate test plan exists or the test plan has not been followed.

2 Marks
1. What do you mean by Data? Give one Example
2. What do you mean by Information? Give one Example
3. What do you mean by office automation?
4. What do you mean by Persware?
5. State any four Characteristics of Information
6. Define Management Information System.
7. Distinguish between data and information
8. List down any two merits of computerized information system?
9. Classification of IS
10. Distinguish between DSS & MIS
11. Distinguish between TPS & DSS
12. List down the Features of TPS
13. What is EIS?
14. State any two Responsibility and Authority of System analyst
15. What are the Components of Executive Information System?
16. What do you mean by System?
17. What are the functions of system or Block Diagram of System?
18. What do you mean by Data Warehouse?
19. What do you mean by Data Mining?
16 Marks
1. Explain the types of Information System
2. Discuss the evolution of Information System
3. Explain the Roles and Functions of System Analyst
4. Discuss the role of information system in business today

DEPARTMENT OF MANAGEMENT STUDIES 36


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

MANAGEEMNT INFORMATION SYSTEM UNIT: II

System Development Life Cycle (SDLC)

The systems life cycle (SLC) is a methodology used to describe the process for
building information systems, intended to develop information systems in a
very deliberate, structured and methodical way, reiterating each stage of the life cycle. The
systems development life cycle, according to Elliott & Strachan & Radford (2004),
originated in the 1960s, to develop large scale functional business systems in an age of
large scale business conglomerates. Information systems activities revolved around
heavy data processing and number crunching routines".

Developing Information Systems

There are some fundamentals need to keep in mind while developing information
Systems.

A system is a combination of resources working together to transform inputs into


usable outputs.
An information system is an arrangement of people, data, processes, interfaces,
networks, and technology that interact to support and improve both day-to-day
operations (data processing, transaction processing), as well as support the problem-
solving and decision-making needs of management (information services,
management information systems, executive support).
A computer application is a computer-based solution to one or more business
problems or needs. One or more computer applications are typically contained
within an information system.
DEPARTMENT OF MANAGEMENT STUDIES 37
NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Systems Analysis and Design is a systematic approach to identifying problems,


opportunities, and objectives; analyzing the information flows in organizations; and
designing computerized information systems to solve a problem. Systems Analysts
act as outside consultants to businesses, as supporting experts within a business, and
as change agents. Analysts are problem solvers, and require good communication
skills.
A problem is an undesirable situation that prevents the organization from fully
achieving its purpose, goals, and objectives. An opportunity is the chance to
improve the organization even in the absence of specific problems. (Some might
argue that any unexploited opportunity is, in reality, a problem.) A directive is a
new requirement imposed by management, government, or some external influence.
(Some might argue that a directive until it is fully complied with is, in reality, a
problem.)

Introduction to System Analysis and Design

Systems are created to solve problems. One can think of the systems approach as an
organized way of dealing with a problem. In this dynamic world, the subject System
Analysis and Design (SAD) mainly deals with the software development activities.
Defining a system
A collection of components that work together to realize some objectives forms a
system. Basically there are three major components in every system, namely input,
processing and output.

The objective of the system demands that some output is produced as a result of
processing the suitable inputs. A well-designed system also includes an additional element
referred to as control that provides a feedback to achieve desired objectives of the system.
System Life Cycle
System life cycle is an organizational process of developing and maintaining
systems. It helps in establishing a system project plan, because it gives overall list of
processes and sub-processes required for developing a system.

DEPARTMENT OF MANAGEMENT STUDIES 38


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

System development life cycle means combination of various activities. In other


words we can say that various activities put together are referred as system development life
cycle. In the System Analysis and Design terminology, the system development life cycle
also means software development life cycle.
Different phases of system development life cycle
Following are the different phases of system development life cycle:

1. Preliminary study
2. Feasibility study
3. Detailed system study
4. System analysis
5. System design
6. Coding
7. Testing
8. Implementation
9. Maintenance

Picture: Phases of System Development Life Cycle

Preliminary System Study

Preliminary system study is the first stage of system development life cycle. This is
a brief investigation of the system under consideration and gives a clear picture of
what actually the physical system is? In practice, the initial system study involves
the preparation of a System Proposal which lists the Problem Definition,
Objectives of the Study, Terms of reference for Study, Constraints, and Expected
benefits of the new system, etc. in the light of the user requirements. The system
proposal is prepared by the System Analyst (who studies the system) and places it
DEPARTMENT OF MANAGEMENT STUDIES 39
NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

before the user management. The management may accept the proposal and the
cycle proceeds to the next stage. The management may also reject the proposal or
request some modifications in the proposal. In summary, we would say that system
study phase passes through the following steps:
Problem identification and project initiation
Background analysis
Inference or findings (system proposal)

Feasibility (likelihood) Study

In case the system proposal is acceptable to the management, the next phase is to
examine the feasibility of the system. The feasibility study is basically the test of the
proposed system in the light of its workability, meeting users requirements,
effective use of resources and of course, the cost effectiveness. These are
categorized as technical, operational, economic and schedule feasibility. The main
goal of feasibility study is not to solve the problem but to achieve the scope. In the
process of feasibility study, the cost and benefits are estimated with greater accuracy
to find the Return on Investment (ROI). This also defines the resources needed to
complete the detailed investigation. The result is a feasibility report submitted to the
management. This may be accepted or accepted with modifications or rejected. The
system cycle proceeds only if the management accepts it.

Detailed System Study

The detailed investigation of the system is carried out in accordance with the
objectives of the proposed system. This involves detailed study of various operations
performed by a system and their relationships within and outside the system. During
this process, data are collected on the available files, decision points and transactions
handled by the present system. Interviews, on-site observation and questionnaire are
the tools used for detailed system study. Using the following steps it becomes easy
to draw the exact boundary of the new system under consideration: l keeping in view
the problems and new requirements l Workout the pros and cons including new
areas of the system All the data and the findings must be documented in the form of
detailed data flow diagrams (DFDs), data dictionary, logical data structures and
miniature specification. The main points to be discussed in this stage are:
Specification of what the new system is to accomplish based on the user
requirements.
DEPARTMENT OF MANAGEMENT STUDIES 40
NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Functional hierarchy showing the functions to be performed by the new


system and their relationship with each other.
Functional network, which are similar to function hierarchy but they
highlight the functions which are common to more than one procedure.
List of attributes of the entities these are the data items which need to be
held about each entity (record)
System Analysis

Systems analysis is a process of collecting factual data, understand the processes


involved, identifying problems and recommending feasible suggestions for
improving the system functioning. This involves studying the business processes,
gathering operational data, understand the information flow, finding out bottlenecks
and evolving solutions for overcoming the weaknesses of the system so as to
achieve the organizational goals. System Analysis also includes subdividing of
complex process involving the entire system, identification of data store and manual
processes.The major objectives of systems analysis are to find answers for each
business process: What is being done, How is it being done, Who is doing it, When
is he doing it, Why is it being done and How can it be improved? It is more of a
thinking process and involves the creative skills of the System Analyst. It attempts
to give birth to a new efficient system that satisfies the current needs of the user and
has scope for future growth within the organizational constraints. The result of this
process is a logical system design. Systems analysis is an iterative process that
continues until a preferred and acceptable solution emerges.
System Design

Based on the user requirements and the detailed analysis of the existing system, the
new system must be designed. This is the phase of system designing. It is the most
crucial phase in the developments of a system. The logical system design arrived at
as a result of systems analysis is converted into physical system design. Normally,
the design proceeds in two stages:
Preliminary or General Design

Preliminary or General Design: In the preliminary or general design, the


features of the new system are specified. The costs of implementing these
features and the benefits to be derived are estimated. If the project is still
considered to be feasible, we move to the detailed design stage.

DEPARTMENT OF MANAGEMENT STUDIES 41


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Structured or Detailed Design

Structured or Detailed Design: In the detailed design stage, computer


oriented work begins in earnest. At this stage, the design of the system
becomes more structured. Structure design is a blue print of a computer
system solution to a given problem having the same components and inter-
relationships among the same components as the original problem. Input,
output, databases, forms, codification schemes and processing specifications
are drawn up in detail.
In the design stage, the programming language and the hardware and software
platform in which the new system will run are also decided.
There are several tools and techniques used for describing the system design of the
system. These tools and techniques are:

Flowchart
Data flow diagram (DFD)
Data dictionary
Structured English
Decision table
Decision tree
The system design involves

Defining precisely the required system output


Determining the data requirement for producing the output
Determining the medium and format of files and databases
Devising processing methods and use of software to produce output
Determine the methods of data capture and data input
Designing Input forms
Designing Codification Schemes
Detailed manual procedures
Documenting the Design
Coding

The system design needs to be implemented to make it a workable system. This


demands the coding of design into computer understandable language, i.e.,
programming language. This is also called the programming phase in which the
programmer converts the program specifications into computer instructions, which

DEPARTMENT OF MANAGEMENT STUDIES 42


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

we refer to as programs. It is an important stage where the defined procedures


aretransformed into control specifications by the help of a computer language. The
programs coordinate the data movements and control the entire process in a system.
It is generally felt that the programs must be modular in nature. This helps in fast
development, maintenance and future changes, if required.
Testing

Before actually implementing the new system into operation, a test run of the system
is done for removing the bugs, if any. It is an important phase of a successful
system. After codifying the whole programs of the system, a test plan should be
developed and run on a given set of test data. The output of the test run should
match the expected results. Sometimes, system testing is considered a part of
implementation process. Using the test data following test run are carried out:
Program test:When the programs have been coded, compiled and brought to
working conditions, they must be individually tested with the prepared test data.
Any undesirable happening must be noted and debugged (error corrections)
System Test:After carrying out the program test for each of the programs of the
system and errors removed, then system test is done. At this stage the test is done on
actual data. The complete system is executed on the actual data. At each stage of the
execution, the results or output of the system is analysed. During the result analysis,
it may be found that the outputs are not matching the expected output of the system.
In such case, the errors in the particular programs are identified and are fixed and
further tested for the expected output. When it is ensured that the system is running
error-free, the users are called with their own actual data so that the system could be
shown running as per their requirements.
Implementation

Implementation is the stage of a project during which theory is turned into practice.
The major steps involved in this phase are:
Acquisition and Installation of Hardware and Software

Conversion
User Training
Documentation

The hardware and the relevant software required for running the system must be
made fully operational before implementation. The conversion is also one of the
most critical and expensive activities in the system development life cycle. The data
from the old system needs to be converted to operate in the new format of the new
DEPARTMENT OF MANAGEMENT STUDIES 43
NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

system.
The database needs to be setup with security and recovery procedures fully defined.
During this phase, all the programs of the system are loaded onto the users
computer. After loading the system, training of the user starts. Main topics of such
type of training are:

How to execute the package


How to enter the data
How to process the data (processing details)
How to take out the reports

After the users are trained about the computerized system, working has to shift from
manual to computerized working. The process is called Changeover. The
following strategies are followed for changeover of the system.
Direct Changeover: This is the complete replacement of the old system by
the new system. It is a risky approach and requires comprehensive system
testing and training.
Parallel run: In parallel run both the systems, i.e., computerized and manual,
are executed simultaneously for certain defined period. The same data is
processed by both the systems. This strategy is less risky but more expensive
because of the following:
a. Manual results can be compared with the results of the computerized system.
b. The operational work is doubled.
c. Failure of the computerized system at the early stage does not affect the
working of the organization, because the manual system continues to work, as it
used to do.
Pilot run: In this type of run, the new system is run with the data from one or
more of the previous periods for the whole or part of the system. The results
are compared with the old system results. It is less expensive and risky than
parallel run approach. This strategy builds the confidence and the errors are
traced easily without affecting the operations.
The documentation of the system is also one of the most important activities
in the system development life cycle. This ensures the continuity of the
system. There are generally two types of documentation prepared for any
system. These are:

a) The user documentation is a complete description of the system

DEPARTMENT OF MANAGEMENT STUDIES 44


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

from the users point of view detailing how to use or operate the
system. It also includes the major error messages likely to be
encountered by the users.
b) The system documentation contains the details of system design,
programs, their coding, system flow, data dictionary, process
description, etc. This helps to understand the system and permit
changes to be made in the existing system to satisfy new user needs.
Maintenance

Maintenance is necessary to eliminate errors in the system during its working


life and to tune the system to any variations in its working environments. It has
been seen that there are always some errors found in the systems that must be
noted and corrected. It also means the review of the system from time to time.
The review of the system is done for:
Knowing the full capabilities of the system
Knowing the required changes or the additional requirements
Studying the performance.

If a major change to a system is needed, a new project may have to be set up to


carry out the change. The new project will then proceed through all the above
life cycle phases.

Data Flow Diagram (DFD)

A data-flow diagram (DFD) is a graphical representation of the "flow" of data


through an information system. DFDs can also be used for the visualization of data
processing (structured design).
Data Flow Diagramming is a means of representing a system at any level of detail
with a graphic network of symbols showing data flows, data stores, data processes, and data
sources/destinations.
A DFD provides no information about the timing or ordering of processes, or about
whether processes will operate in sequence or in parallel. It is therefore quite different from
a flowchart, which shows the flow of control through an algorithm, allowing a reader to
determine what operations will be performed, in what order, and under what circumstances,
but not what kinds of data will be input to and output from the system, nor where the data
will come from and go to, nor where the data will be stored (all of which are shown on a
DFD).

DEPARTMENT OF MANAGEMENT STUDIES 45


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

DFDs show the flow of data from external entities into the system, showed how the
data moved from one process to another, as well as its logical storage.

There are only four symbols:

Squares representing external entities, which are sources or destinations of data.


Rounded rectangles representing processes, which take data as input, do something
to it, and output it.
Arrows representing the data flows, which can either be electronic data or physical
items.
Open-ended rectangles representing data stores, including electronic stores such as
databases or XML files and physical stores such as or filing cabinets or stacks of
paper.

There are several common modeling rules that follow when creating DFDs:

All processes must have at least one data flow in and one data flow out.
All processes should modify the incoming data, producing new forms of outgoing
data.
Each data store must be involved with at least one data flow.
Each external entity must be involved with at least one data flow.
A data flow must be attached to at least one process.

Advantages of data flow diagrams

It gives further understanding of the interestedness of the system and sub-systems


It is useful from communicating current system knowledge to the user

DEPARTMENT OF MANAGEMENT STUDIES 46


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Used as part of the system documentation files


Dataflow diagram helps to substantiate the logic underlining the dataflow of the
organization
It gives the summary of the system
DFD is very easy to follow errors and it is also useful for quick reference to the
development team for locating and controlling errors

Disadvantages of data flow diagram

DFD is likely to take many alteration before agreement with the user
Physical consideration are usually left out
It is difficult to understand because it ambiguous to the user who have little or no
knowledge

Purpose/Objective:
The purpose of data flow diagrams is to provide a semantic bridge between users and
systems developers. The diagrams are:

Graphical, eliminating thousands of words;


Logical representations, modeling WHAT a system does, rather than physical
models showing HOW it does it;
Hierarchical, showing systems at any level of detail; and
Jargon (language) less, allowing user understanding and reviewing.

Goal of data flow diagramming


The goal of data flow diagramming is to have a commonly understood model of a
system. The diagrams are the basis of structured systems analysis. Data flow diagrams are
supported by other techniques of structured systems analysis such as data structure
diagrams, data dictionaries, and procedure-representing techniques such as decision tables,
decision trees, and structured English.
Data flow diagrams have the objective of avoiding the cost of:
User/developer misunderstanding of a system, resulting in a need to redo systems or
in not using the system.
Having to start documentation from scratch when the physical system changes since
the logical system, WHAT gets done, often remains the same when technology
changes.
Systems inefficiencies because a system gets "computerized" before it gets

DEPARTMENT OF MANAGEMENT STUDIES 47


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

"systematized".
Being unable to evaluate system project boundaries or degree of automation,
resulting in a project of inappropriate scope.
Elements of DFD
External Entities

Are named with appropriate name.


Can be duplicated, one or more times, on the diagram to avoid line crossing.
Determine the system boundary. They are external to the system being studied.
They are often beyond the area of influence of the developer.
Can represent another system or subsystem.
Go on margins/edges of data flow diagram.
Data Flows
Are represented with a line with an arrowhead on one end. A fork in a data
flow means that the same data goes to two separate destinations. The same
data coming from several locations can also be joined.
Should only represent data, not control.
Are ALWAYS named. Name is not to include the word "data".
Are referenced by a combination of the identifiers of the constructs that the data
flow connects. (14-A references a data flow from process 14 to external entity A)
Data Stores
Are generic for physical files (index cards, desk drawers, magnetic disk,
magnetic tape, shirt pocket, human memory, etc.)
Are named with an appropriate name, not to include the word "file", and
numbered with a number preceded with a capital letter D
Can be duplicated, one or more times, to avoid line crossing.
Can show two or more systems that share a data store. This is done by adding a
solid stripe on the left boundary. (Figure 5.34) This can occur in the case of
one system updating the data store, while the other system only accesses the
data. For ex ample, the data store could be a freight rate book that one system
builds and maintains, but is used by the represented system.
Are detailed in the data dictionary or with data description diagrams.
Processes
Show data transformation or change. Data coming into a process must be
"worked on" or transformed in some way. Thus, all processes must have inputs
and outputs. In some (rare) cases, data inputs or outputs will only be shown at

DEPARTMENT OF MANAGEMENT STUDIES 48


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

more detailed levels of the diagrams. Each process in always "running" and
ready to accept data.
Are represented by a rounded corner rectangle
Are named with one carefully chosen verb and an object of the verb. There is
no subject. Name is not to include the word "process". Each process should
represent one function or action. If there is an "and" in the name, you likely
have more than one function (and process).
Have physical location shown only for existing physical systems or a physical
design is being represented.
Are numbered within the diagram as convenient. Levels of detail are shown by
decimal notation. For example, top level process would be Process 14, next
level of detail Processes 14.1-14.4, and next level with Processes 14.3.1-
14.3.6.
Should generally move from top to bottom and left to right.
Procedure
The procedure for producing a data flow diagram is to:
Identify and list external entities providing inputs/receiving outputs from system;
Identify and list inputs from/outputs to external entities;
Create a context diagram with system at center and external entities sending and
receiving data flows;
Identify the business functions included within the system boundary;
Identify the data connections between business functions;
Confirm through personal contact sent data is received and vice-versa;
Trace and record what happens to each of the data flows entering the system (data
movement, data storage, data transformation/processing)
Attempt to connect any diagram segments into a rough draft;
Verify all data flows have a source and destination;
Verify data coming out of a data store goes in;
Redraw to simplify--ponder and question result;
Review with "informed";
Explode and repeat above steps as needed.

The Emerging Symbols in DFD


Data Flow Diagrams Symbols
There are some symbols that are used in the drawing of business process diagrams

DEPARTMENT OF MANAGEMENT STUDIES 49


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

(data flow diagrams). These are now explained, together with the rules that apply to them.

Flow diagrams in general are usually designed using simple symbols such as a
rectangle, an oval or a circle depicting a processes, data stored or an external entity, and
arrows are generally used to depict the data flow from one step to another.

A DFD usually comprises of four components. These four components can be


represented by four simple symbols. These symbols can be explained in detail as follows:
External entities (source/destination of data) are represented by squares; Processes (input-
processing-output) are represented by rectangles with rounded corners; Data Flows
(physical or electronic data) are represented by arrows; and finally, Data Stores (physical or
electronic like XML files) are represented by open-ended rectangles.

Data flow diagrams present the logical flow of information through a system in
graphical or pictorial form. Data flow diagrams have only four symbols, which makes
useful for communication between analysts and users. Data flow diagrams (DFDs) show the
data used and provided by processes within a system. DFDs make use of four basic
symbols.
Create structured analysis, information flow, process-oriented, data-oriented, and
data process diagrams as well as data flowcharts.

DEPARTMENT OF MANAGEMENT STUDIES 50


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

External Entity
An external entity is a source or destination of a data flow which is outside the area
of study. Only those entities which originate or receive data are represented on a
business process diagram. The symbol used is an oval containing a meaningful and
unique identifier.

Process
A process shows a transformation or manipulation of data flows within the system.
The symbol used is a rectangular box which contains 3 descriptive elements:

Firstly an identification number appears in the upper left hand corner. This is
allocated arbitrarily at the top level and serves as a unique reference.

Secondly, a location appears to the right of the identifier and describes where in the
system the process takes place. This may, for example, be a department or a piece of
hardware. Finally, a descriptive title is placed in the centre of the box. This should
be a simple imperative sentence with a specific verb, for example 'maintain
customer records' or 'find driver'.

Data Flow
A data flow shows the flow of information from its source to its destination. A data
flow is represented by a line, with arrowheads showing the direction of flow.
Information always flows to or from a process and may be written, verbal or
electronic. Each data flow may be referenced by the processes or data stores at its
head and tail, or by a description of its contents.

Data Store
A data store is a holding place for information within the system:
It is represented by an open ended narrow rectangle. Data stores may be long-term
files such as sales ledgers, or may be short-term accumulations: for example batches
of documents that are waiting to be processed. Each data store should be given a
reference followed by an arbitrary number.

Resource Flow
A resource flow shows the flow of any physical material from its source to its
destination. For this reason they are sometimes referred to as physical flows.

The physical material in question should be given a meaningful name. Resource


flows are usually restricted to early, high-level diagrams and are used when a

DEPARTMENT OF MANAGEMENT STUDIES 51


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

description of the physical flow of materials is considered to be important to help the


analysis.

External Entities

It is normal for all the information represented within a system to have been
obtained from, and/or to be passed onto, an external source or recipient. These
external entities may be duplicated on a diagram, to avoid crossing data flow lines.
Where they are duplicated a stripe is drawn across the left hand corner, like this.

The addition of a lowercase letter to each entity on the diagram is a good way to
uniquely identify them.

Processes

When naming processes, avoid glossing over them, without really understanding
their role. Indications that this has been done are the use of vague terms in the
descriptive title area - like 'process' or 'update'.

The most important thing to remember is that the description must be meaningful to
whoever will be using the diagram.

Data Flows

Double headed arrows can be used (to show two-way flows) on all but bottom level
diagrams. Furthermore, in common with most of the other symbols used, a data flow
at a particular level of a diagram may be decomposed to multiple data flows at lower
levels.

Data Stores
Each store should be given a reference letter, followed by an arbitrary number.
These reference letters are allocated as follows:

'D' - indicates a permanent computer file


'M' - indicates a manual file
'T' - indicates a transient store, one that is deleted after processing.
In order to avoid complex flows, the same data store may be drawn several times on
a diagram. Multiple instances of the same data store are indicated by a double
vertical bar on their left hand edge.

Examples

DEPARTMENT OF MANAGEMENT STUDIES 52


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

DEPARTMENT OF MANAGEMENT STUDIES 53


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Thus for developing system this dataflow diagram is used by the analyst to easily
understand the concept of the overall process. It will act as a blue print for any process. This
diagram not only used for software but also we can use this for any process in our day-to-
day life.

Entity Relationship (ER) DIAGRAM - Intro


An entity-relationship (ER) diagram is a specialized graphic that illustrates the
interrelationships between entities in a database. ER diagrams often use symbols to
represent three different types of information. Boxes are commonly used to represent
entities. Diamonds are normally used to represent relationships and ovals are used to
represent attributes.

ER Diagram Overview

The first stage of information system design uses these models during the
requirements analysis to describe information needs or the type of information that is to be
stored in a database. The data modeling technique can be used to describe any ontology (i.e.
an overview and classifications of used terms and their relationships) for a certain area of
interest. In the case of the design of an information system that is based on a database, the
conceptual data model is, at a later stage (usually called logical design), mapped to a logical
data model, such as the relational model; this in turn is mapped to a physical model during
physical design. Note that sometimes, both of these phases are referred to as "physical
design".
There are a number of conventions for entity-relationship diagrams (ERDs). The
classical notation mainly relates to conceptual modeling. There are a range of notations
employed in logical and physical database design, such as IDEF1X.

DEPARTMENT OF MANAGEMENT STUDIES 54


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Entity Relationship Model


In software engineering, an entity-relationship model (ERM) is an abstract and
conceptual representation of data. Entity-relationship modeling is a database modeling
method, used to produce a type of conceptual schema or semantic data model of a system,
often a relational database, and its requirements in a top-down fashion. Diagrams created by
this process are called entity-relationship diagrams, ER diagrams, or ERDs.
The building blocks: entities, relationships, and attributes

Two related entities

An entity with an attribute

A relationship with an attribute

Primary key

Entity
An entity is an object or concept about which you want to store information.

An entity may be defined as a thing which is recognized as being capable of an


independent existence and which can be uniquely identified. An entity is an
abstraction from the complexities of some domain. When we speak of an entity we
normally speak of some aspect of the real world which can be distinguished from
other aspects of the real world.
An entity may be a physical object such as a house or a car, an event such as a house
sale or a car service, or a concept such as a customer transaction or order. Although
the term entity is the one most commonly used, following Chen we should really

DEPARTMENT OF MANAGEMENT STUDIES 55


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

distinguish between an entity and an entity-type. An entity-type is a category. An


entity, strictly speaking, is an instance of a given entity-type. There are usually many
instances of an entity-type. Because the term entity-type is somewhat cumbersome,
most people tend to use the term entity as a synonym for this term.
Entities can be thought of as nouns. Examples: a computer, an employee, a song, a
mathematical theorem. Entities are represented as rectangles.
Weak Entity
A weak entity is an entity that must defined by a foreign key(which refer the
Primary Key) relationship with another entity as it cannot be uniquely identified by
its own attributes alone.

Key attribute
A key attribute is the unique, distinguishing characteristic of the entity. For example,
an employee's social security number might be the employee's key attribute.

Multi valued attribute


A multi valued attribute can have more than one value. For example, an employee
entity can have multiple skill values.

Derived attribute
A derived attribute is based on another attribute. For example, an employee's
monthly salary is based on the employee's annual salary.

Relationships
Relationships illustrate how two entities share information in the database structure.

DEPARTMENT OF MANAGEMENT STUDIES 56


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Cardinality

Cardinality specifies how many instances of an entity relate to one instance of


another entity. Cardinality is also closely linked to cardinality. While cardinality
specifies the occurrences of a relationship, cordinality describes the relationship as
either mandatory or optional. In other words, cardinality specifies the maximum
number of relationships and ordinality specifies the absolute minimum number of
relationships.

Recursive relationship
In some cases, entities can be self-linked. For example, employees can supervise
other employees.

Cardinality Notations
Cardinality specifies how many instances of an entity relate to one instance of
another entity. Cardinality is also closely linked to cardinality. While cardinality
specifies the occurrences of a relationship, ordinality describes the relationship as
either mandatory or optional. In other words, cardinality specifies the maximum
number of relationships and ordinality specifies the absolute minimum number of
relationships. When the minimum number is zero, the relationship is usually called
optional and when the minimum number is one or more, the relationship is usually
called mandatory.

DEPARTMENT OF MANAGEMENT STUDIES 57


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Styles of ER Diagrams

A relationship captures how two or more entities are related to one another.
Relationships can be thought of as verbs, linking two or more nouns. Examples: an owns
relationship between a company and a computer, a supervises relationship between an
employee and a department, a performs relationship between an artist and a song, a proved
relationship between a mathematician and a theorem. Relationships are represented as
diamonds, connected by lines to each of the entities in the relationship.
Examples
Consider the example of a database that contains information on the residents of a city. The
ER digram shown in the image above contains two entities -- people and cities. There is a single
"Lives In" relationship. In our example, due to space constraints, there is only one attribute

DEPARTMENT OF MANAGEMENT STUDIES 58


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

associated with each entity. People have names and cities have populations. In a real-world example,
each one of these would likely have many different attributes.

An ER Diagram

DEPARTMENT OF MANAGEMENT STUDIES 59


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Key things to consider while ER diagrams:-


Make sure that each entity only appears once per diagram.
Name every entity, relationship, and attribute on your diagram.
Examine relationships between entities closely. Are they necessary? Are there any
relationships missing? Eliminate any redundant relationships. Don't connect
relationships to each other.

To develop any system (it may be software system), if the manager follow the structured
design, it is very easy to communication with his/her subordinate as well as superior.The
main purpose of design is to cut down the cost of repair and implementation.
Three concepts are critical to understanding object models. They are:

Data abstraction
Encapsulation
Inheritance

DEPARTMENT OF MANAGEMENT STUDIES 60


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

See the related content below for more information.

Object Modeling Technique (OMT)


The Object Modeling Technique (OMT) software engineering methodology is
another well-known example of a software engineering methodology. The OMT software
engineering methodology deals with object-oriented development in the analysis and design
phases.
The analysis phase starts with a problem statement which includes a list of goals and
a definitive enumeration of key concepts within a domain. This problem statement is then
expanded into three views, or models: an object model, a dynamic model, and a functional
model. The object model represents the artifacts of the system. The dynamic model
represents the interaction between these artifacts represented as events, states, and
transitions. The functional model represents the methods of the system from the perspective
of data flow. The analysis phase generates object-model diagrams, state diagrams, event-
flow diagrams, and data-flow diagrams. The analysis phase is now complete.
The system design phase follows the analysis phase. Here the overall architecture is
established. First the system is organized into subsystems which are then allocated to
processes and tasks, taking into account concurrency and collaboration. Then persistent data
storage is established along with a strategy to manage shared-global information. Next,
boundary situations are examined to help guide trade-off priorities.
The object design phase follows the system design phase. Here the implementation
plan is established. Object classes are established along with their algorithms with special
attention to the optimization of the path to persistent data. Issues of inheritance,
associations, aggregation, and default values are examined.
The OMT software engineering methodology is sequential in the sense that first
comes analysis, followed by design. In each phase, a cyclical approach is taken among the
smaller steps. The OMT is very much like the Booch methodology where emphasis is
placed on the analysis and design phases for initial product delivery. Both the OMT and
Booch do not emphasize implementation, testing, or other life cycle stages.
Database Management System
A Database is a structured collection of data that is managed to meet the needs of a
community of users. The structure is achieved by organizing the data according to a
database model. The model in most common use today is the relational model. Other
models such as the hierarchical model and the network model use a more explicit

DEPARTMENT OF MANAGEMENT STUDIES 61


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

representation of relationships (see below for explanation of the various database models).

A computer database relies upon software to organize the storage of data.


This software is known as a database management system (DBMS). Databases
management systems are categorized according to the database model that they
support. The model tends to determine the query languages that are available to
access the database. A great deal of the internal engineering of a DBMS, however, is
independent of the data model, and is concerned with managing factors such as
performance, concurrency, integrity, and recovery from hardware failures. In these
areas there are large differences between products.

Foundations of Database Terms


A file is an ordered arrangement of records in which each record isstored in a
unique identifiable location. The sequence of the record isthen the means by which
the record will be located. In most computersystems, the sequence of records is
either alphabetic or numeric basedon field common to all records such as name or
number.
Records
A record or tuple is a complete set of related fields. For example, theTable 1
below shows a set of related fields, which is a record. In otherwords, if this
were to be a part of a table then we would call it a row ofdata. Therefore, a
row of data is also a record.
Table:
S.No I code Order No Order Date Product qty
1 RKST T 0083/99 3/3/2008 120

Field

A field is a property or a characteristic that holds some piece ofinformation about an


entity. Also, it is a category of information withina set of records. For example, the
first names, or address or phonenumbers of people listed in address book.
Relations
In the relational data model, the data in a database is organized inrelations. A
relation is synonymous with a table. A table consists ofcolumns and rows, which

DEPARTMENT OF MANAGEMENT STUDIES 62


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

are referred as field and records in DBMSterms, and attributes and tuples in
Relational DBMS terms.
Attributes
An attribute is a property or characteristics that hold some informationabout an
entity. A Customer for example, has attributes such as aname, and an address.

Table 2: DBMS and Relational DBMS Terms in Comparison

RDBMS
Common Term DBMS Terminology Terminology
Database
DATABASE TABLE DATABASE
TABLE TABLE RELATION
COLUMN FIELD ATTRIBUTE
ROW RECORD TUPLE

Overview
Database servers are dedicated computers that hold the actual databases and run only
the DBMS and related software. Database servers are usually multiprocessor computers,
with generous memory and RAID disk arrays used for stable storage. Hardware database
accelerators, connected to one or more servers via a high-speed channel, are also used in
large volume transaction processing environments. DBMSs are found at the heart of
most database applications. DBMSs may be built around a custom multitasking kernel with
built-in networking support, but modern DBMSs typically rely on a standard operating
system to provide these functions.

History

The earliest known use of the term database was in November 1963, when the System
Development Corporation sponsored a symposium under the title Development and
Management of a Computer-centeredData Base. Database as a single word became
common in Europe in the early 1970s and by the end of the decade it was being used in
major.
American newspapers. (The abbreviation DB, however, survives.)
The first database management systems were developed in the 1960s. A pioneer in
the field was Charles Bachman. Bachman's early papers show that his aim was to make

DEPARTMENT OF MANAGEMENT STUDIES 63


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

more effective use of the new direct access storage devices becoming available: until then,
data processing had been based on punched cards and magnetic tape, so that serial
processing was the dominant activity. Two key data models arose at this time: CODASYL
developed the network model based on Bachman's ideas, and (apparently independently)
the hierarchical model was used in a system developed by North American Rockwell later
adopted by IBM as the cornerstone of their IMS product. While IMS along with the
CODASYL IDMS were the big, high visibility databases developed in the 1960s, several
others were also born in that decade, some of which have a significant installed base today.
The relational model was proposed by E. F. Codd in 1970. He criticized existing models for
confusing the abstract description of information structure with descriptions of physical
access mechanisms. For a long while, however, the relational model remained of academic
interest only. While CODASYL products (IDMS) and network model products (IMS) were
conceived as practical engineering solutions taking account of the technology as it existed at
the time, the relational model took a much more theoretical perspective, arguing (correctly)
that hardware and software technology would catch up in time. Among the first
implementations were Michael Stonebraker's Ingres at Berkeley, and the System R project
at IBM. Both of these were research prototypes, announced during 1976. The first
commercial products, Oracle and DB2, did not appear until around 1980.
During the 1980s, research activity focused on distributed database systems and
database machines. Another important theoretical idea was the Functional Data Model, but
apart from some specialized applications in genetics, molecular biology, and fraud
investigation, the world took little notice.
In the 1990s, attention shifted to object-oriented databases. These had some success
in fields where it was necessary to handle more complex data than relational systems could
easily cope with, such as spatial databases, engineering data (including software
repositories), and multimedia data.
In the 2000s, the fashionable area for innovation is the XML database. As with
object databases, this has spawned a new collection of start-up companies, but at the same
time the key ideas are being integrated into the established relational products.
Database Types
Considering development in information technology and businessapplications, these
have resulted in the evolution of several major typesof databases. Figure 1 illustrates several
major conceptual categories ofdatabases that may be found in many organizations.
Operational Database

DEPARTMENT OF MANAGEMENT STUDIES 64


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

These databases store detailed data needed to support the businessprocesses and
operations of the e-business enterprise. They are alsocalled subject area databases
(SDDB), transaction database andproduction databases. Examples are a customer
database, humanresources databases, inventory databases, and other databases
containingdata generated by business operations. This includes databases onInternet
and e-commerce activity such as click stream data, describingthe online behaviour
of customers or visitors to a company website.

Distributed Databases
Many organizations replicate and distribute copies or parts of databasesto network
servers at a variety of sites. They can also reside in networkservers at a variety of
sites. These distributed databases can reside onnetwork servers on the World Wide
Web, on corporate intranets orextranets or on any other company networks.
Distributed databases maybe copies of operational or analytic databases, hypermedia
or discussiondatabases, or any other type of database. Replication and distribution
ofdatabases is done to improve database performance and security.Ensuring that all
of the data in an organizations distributed databasesare consistently and currently
updated is a major challenge of distributeddatabase management.
Figure 1: Examples of the major types of databases used by organizations and end
users.

External
Database
Client PCor NC
ontheInternet
andonline
services
Network
Server
Distributed
Databaseson
OnIntranets Operational
andother Databasesof
Networks theOrg

EndUser
Databases Data Data
Warehouse Marts

DEPARTMENT OF MANAGEMENT STUDIES 65


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

External Databases
Access to wealth of information from external databases is available for a fee from
conventional online services, and with or without charges from many sources on the Internet,
especially the world wide web. Websites provide an endless variety of hyperlinked pages of
multimedia documents in hypermedia databases for you to access. Data are available in the
form of statistics in economics and demographic activity from statistical data banks. Or you
can view or download abstracts or complete copies of newspapers, magazines, newsletters,
research papers, and other published materials and other periodicals from bibliographic and
full text databases.
Database Storage Structures
Database tables/indexes are typically stored in memory or on hard disk in one
of many forms, ordered/unordered Flat files, ISAM, Heaps, Hash buckets or B+ Trees.
These have various advantages and disadvantages discussed in this topic. The most
commonly used are B+trees and ISAM.
The Methods of Database Storage Structure has been Followed.,
Flat Files

A flat file database describes any of various means to encode a data model
(most commonly a table) as a plain text file.
A flat file is a file that contains records, and in which each record is specified in a
single line. Fields from each record may simply have a fixed width with padding, or may
be delimited by whitespace, tabs, commas (CSV) or other characters. Extra formatting
may be needed to avoid delimiter collision. There are no structural relationships. The data
are "flat" as in a sheet of paper, in contrast to more complex models such as a relational
database.
The classic example of a flat file database is a basic name-and-address list,
where the database consists of a small, fixed number of fields: Name, Address, and
Phone Number. Another example is a simpleHTML table, consisting of rows and
columns. This type of database is routinely encountered, although often not expressly
recognized as a database.

Implementation: It is possible to write out by hand, on a sheet of paper,a list

DEPARTMENT OF MANAGEMENT STUDIES 66


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

of names, addresses, and phone numbers; this is a flat file database. This can also be
done with any typewriter or word processor. But many pieces of computer software
are designed to implement flat file databases.
Unordered storage typically stores the records in the order they areinserted,
while having good insertion efficiency, it may seem that it would have inefficient
retrieval times, but this is usually never the case as most databases use indexes on the
primary keys, resulting in efficient retrieval times.

Ordered or Linked list storage typically stores the records in order andmay
have to rearrange or increase the file size in the case a record is inserted, this is very
inefficient. However is better for retrieval as the records are pre-sorted (Complexity
O(log(n))).
Structured files
Simplest and most basic method
insert efficient, records added at end of file chronological order
Retrieval inefficient as searching has to be linear
Deletion deleted records marked
Requires periodic reorganization if file is very volatile

Advantages
Good for bulk loading data
Good for relatively small relations as indexing overheads are
Avoided
Good when retrievals involve large proportion of records

Disadvantages
Not efficient for selective retrieval using key values, especially if
Large
Sorting may be time-consuming
Not suitable for volatile tables

Hash Buckets

DEPARTMENT OF MANAGEMENT STUDIES 67


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Hash functions calculate the address of the page in which the record is to be stored
based on one or more fields in the record

Hashing functions chosen to ensure that addresses are spread evenly across the
address space
occupancy is generally 40% 60% of total file size
unique address not guaranteed so collision detection and collision resolution
mechanisms are required

Open addressing

Chained/unchained overflow

Pros and cons

Efficient for exact matches on key field


Not suitable for range retrieval, which requires sequential storage
Calculates where the record is stored based on fields in the record
Hash functions ensure even spread of data
Collisions are possible, so collision detection and restoration is required

B+ Trees

These are the most used in practice.

The time taken to access any tuple is the same because same numberof nodes searched

Index is a full index so data file does not have to be ordered

Pros and cons

versatile data structure sequential as well as random access


access is fast
supports exact, range, part key and pattern matches efficiently
volatile files are handled efficiently because index is dynamic
expands and contracts as table grows and shrinks
Less well suited to relatively stable files in this case, ISAM is more efficient.

Database Servers

DEPARTMENT OF MANAGEMENT STUDIES 68


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

A database server is a computer program that provides database services to other


computer programs or computers, as defined by the client-server model. The term may also
refer to a computer dedicated to running such a program. Database management systems
frequently provide database server functionality, and some DBMS's (e.g., MySQL) rely
exclusively on the client-server model for database access.
In a master-slave model, database master servers are central and primary locations of
data while database slave servers are synchronized backups of the master acting as proxies.

Database Replication
Database replication can be used on many database management systems, usually
with a master/slave relationship between the original and the copies. The master logs the
updates, which then ripple through to the slaves. The slave outputs a message stating that it
has received the update successfully, thus allowing the sending (and potentially resending
until successfully applied) of subsequent updates.
Multi-master replication, where updates can be submitted to any database node, and
then ripple through to other servers, is often desired, but introduces substantially increased
costs and complexity which may make it impractical in some situations. The most common
challenge that exists in multi-master replication is transactional conflict prevention or
resolution.
Most synchronous or eager replication solutions do conflict prevention, while
asynchronous solutions have to do conflict resolution. For instance, if a record is changed on
two nodes simultaneously, an eager replication system would detect the conflict before
confirming the commit and abort one of the transactions. A lazy replication system would
allow both transactions to commit and run a conflict resolution during resynchronization.
Database replication becomes difficult when it scales up. Usually, the scale up goes
with two dimensions, horizontal and vertical: horizontal scale up has more data replicas,
vertical scale up has data replicas located further away in distance. Problems raised by
horizontal scale up can be alleviated by a multi-layer multi-view access protocol. Vertical
scale up runs into less trouble when the Internet reliability and performance are improving.
Relational Database

A relational database is a database that conforms to the relational model, and refers to
a database's data and schema (the database's structure of how those data are arranged). The
term "relational database" is sometimes informally used to refer to a relational database
management system, which is the software that is used to create and use a relational database.

DEPARTMENT OF MANAGEMENT STUDIES 69


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

The term relational database was originally defined and coined by Edgar Codd at
IBM Almaden Research Center in 1970Contents. Strictly, a relational database is a collection
of relations (frequently called tables). Other items are frequently considered part of the
database, as they help to organize and structure the data, in addition to forcing the database to
conform to a set of requirements.
Terminology

Relational database terminology.Relational database theory uses a different set of


mathematical-based terms, which are equivalent, or roughly equivalent, to SQL database
terminology. The table below summarizes some of the most important relational database
terms and their SQL database equivalents.

Relationalterm SQL equivalent


relation,base relvar table
derivedrelvar view,queryresult, resultset
tuple row
attribute column

Relationsor Tables

A relationis defined asaset of tuples that have the same attributes a tuple usually
represents an object and information about that object.
Objectsaretypicallyphysicalobjectsorconcepts.Arelationisusuallydescribedasatable,whichisorg
anizedintorowsandcolumns.Allthe
datareferencedbyanattributeareinthesamedomainandconformto thesameconstraints.
The relational model specifies that the tuples of arelationhave no specific order
and that the tuples, in turn, impose no order on the attributes.Applicationsaccessdataby
specifyingqueries,whichuse operationssuchasselecttoidentifytuples,projecttoidentifyattributes,
and jointocombinerelations. Relations canbemodifiedusingtheinsert, delete, andupdate
operators. New tuplescansupplyexplicit
valuesorbederivedfromaquery.Similarly,queriesidentifytuplesfor updating ordeleting.

Baseand Derived Relations

Inarelationaldatabase,alldataarestoredandaccessedviarelations. Relations that store


data are called "base relations", andin implementationsare
called"tables".Otherrelationsdonotstoredata, butarecomputedbyapplyingrelational

DEPARTMENT OF MANAGEMENT STUDIES 70


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

operationstootherrelations. These relations are sometimes called "derived relations". In


implementationsthesearecalled"views"or"queries".Derivedrelations
areconvenientinthatthoughtheymaygrabinformationfrom several
relations,theyactasasinglerelation.Also,derivedrelationscanbe usedas an abstraction layer.
Keys

Auniquekeyisakindofconstraintthatensuresthatanobject,or criticalinformation
abouttheobject,occursinatmostonetupleina
givenrelation.Forexample,aschoolmightwanteachstudenttohavea
separatelocker.Toensurethis,thedatabasedesignercreatesakeyon
thelockerattributeofthestudentrelation.Keyscanincludemorethan one
attribute,forexample,anationmayimposearestrictionthatno province
canhavetwocitieswiththesamename. The keywould includeprovinceandcityname.This
wouldstillallowtwodifferent provincestohaveatowncalledSpringfieldbecausetheir provinceis
different.Akeyover more thanone attributeis calleda compoundkey.
Foreign Keys

Aforeignkeyisareferencetoakeyinanotherrelation,meaningthat
thereferencingtuplehas,asoneofitsattributes,thevaluesofakeyin
thereferencedtuple.Foreignkeys neednothaveuniquevaluesinthe
referencingrelation.Foreignkeyseffectivelyusethevaluesofattributes
inthereferencedrelationtorestrictthedomainofoneormoreattributes inthe referencing relation.
Aforeignkeycouldbedescribedformallyas:"Foralltuplesinthe
referencingrelationprojectedoverthereferencingattributes,theremust exist a tuple in the
referenced relation projected over those same
attributessuchthatthevaluesineachofthereferencingattributesmatch thecorrespondingvalues
inthereferencedattributes."

Databaseapplicationsareusedtostoreandmanipulatedata.Adatabase
applicationcanbeusedinmanybusinessfunctionsincludingsalesand
inventorytracking,accounting, employeebenefits,payroll,production
andmore.Databaseprogramsforpersonalcomputerscomeinvarious shapeand sizes.
Adatabaseremainsfundamentalfor theimplementation of anydatabase managementsystem.

Keys

DEPARTMENT OF MANAGEMENT STUDIES 71


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Foreign Key
In the context of relational databases, a foreign key is a referential
constraintbetweentwotables.Theforeignkeyidentifiesacolumnora
setofcolumnsinone(referencing)tablethatreferstoacolumnorsetof
columnsinanother(referenced)table.Thecolumnsinthe referencing
tablemustbetheprimarykeyorothercandidatekeyinthereferenced
table.Thevaluesinonerowofthereferencingcolumnsmustoccurina
singlerowinthereferencedtable.Thus,arowinthereferencingtable
cannotcontainvaluesthatdon'texist inthereferencedtable(except
potentiallyNULL).Thiswayreferencescanbemadetolink information
togetheranditisanessentialpartofdatabasenormalization.Multiple
rowsinthereferencingtablemayrefertothesamerowinthereferenced
table.Mostofthetime,itreflectstheone(mastertable,orreferenced table) tomany(child table, or
referencingtable)relationship.

Thereferencingandreferencedtablemaybethesametable,i.e.the
foreignkeyrefersbacktothesametable.Suchaforeignkeyisknown inSQL:2003 as self-
referencingor recursive foreignkey.

Atablemayhavemultipleforeignkeys, andeach foreignkeycanhavea differentreferenced


table.Eachforeignkeyisenforcedindependently by the database system. Therefore,cascading
relationships between tablescanbeestablishedusingforeignkeys.

Improperforeignkey/primarykeyrelationshipsornotenforcingthose
relationshipsareoftenthesourceofmanydatabaseanddatamodeling problems.

Referential Actions

BecausetheDBMSenforcesreferentialconstraints,itmustensuredata
integrityifrowsinareferencedtablearetobedeleted(orupdated).If
dependentrowsinreferencingtablesstillexist,thosereferenceshaveto
beconsidered.SQL:2003specifies5differentreferentialactionsthat shalltake
placeinsuchoccurrences:

Cascade
Restrict
Noaction

DEPARTMENT OF MANAGEMENT STUDIES 72


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Setnull
Setdefault

Cascade

Whenever rows in the master (referenced) table are deleted, the


respectiverowsofthechild(referencing)tablewithamatchingforeign
keycolumnwillgetdeletedaswell.Aforeignkeywithacascadedelete means that if a
record in the parent table is deleted, then the
correspondingrecordsinthechildtablewillautomaticallybedeleted. Thisis calleda
cascade delete.
Example Tables: Customer(customer_id,cname,caddress)andOrder
(customer_id,products,payment)

Customer is the master table and Order is the child table, where
'customer_id'istheforeignkeyinOrderandrepresentsthecustomer whoplacedtheorder.
WhenarowofCustomerisdeleted,anyOrder
rowmatchingthedeletedCustomer'scustomer_idwillalsobedeleted. The
valuesaredeletedintherowlikeifwedeleteonerowintheparent tablethenthesame
rowinthechild tablewill beautomaticallydeleted.
Restrict
Arowinthereferencedtablecannotbeupdatedordeletedifdependent rowsstillexist.In
thatcase,nodatachangeisevenattemptedand shouldnotbe allowed.
NoAction
TheUPDATEorDELETESQLstatementisexecutedonthereferenced
table.TheDBMSverifiesattheendofthestatementexecutionifnone of the referential
relationshipsis violated. The major difference to
RESTRICTisthattriggersorthestatementsemanticsitselfmaygivea result in which no
foreign key relationships is violated. Then, the statementcanbeexecuted successfully.

SetDefault
SimilarlytoSETNULL,theforeignkeyvaluesinthereferencingrow aresettothe
columndefaultwhenthereferencedrowisupdatedor deleted.
CandidateKey
Intherelationalmodel,acandidatekeyofarelvar(relationvariable)is a setofattributesof

DEPARTMENT OF MANAGEMENT STUDIES 73


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

thatrelvarsuchthatatalltimesitholdsinthe relationassignedtothatvariablethatthere
arenotwodistinctturples withthesamevaluesfortheseattributesandthereisnotapropersubset of
thissetof attributesfor which (1) holds.
Sinceasuperkeyisdefinedasasetofattributesforwhich(1)holds,we can
alsodefineacandidatekeyasaminimalsuperkey,i.e.asuperkeyof whichnoproper subsetis alsoa
superkey.

The importance of candidate keys is that they tell us how we can


identifyindividualtuplesinarelation.Assuchtheyareoneofthemost
importanttypesofdatabaseconstraint thatshouldbespecifiedwhen
designingadatabaseschema.Sincearelationisaset(no duplicate
elements),itholdsthateveryrelationwillhaveatleastonecandidate key (because
theentireheadingisalwaysasuperkey).Sinceinsome RDBMSs tables may also represent
multisets(which strictly means
theseDBMSsarenotrelational),itisanimportantdesignruletospecify explicitly at least one
candidate key for each relation. For practical reasons RDBMSs usually require that for
each relation one of its candidatekeysisdeclaredastheprimarykey,whichmeansthatitis
consideredasthe preferredwaytoidentifyindividualtuples.Foreign
keys,forexample,areusuallyrequiredtoreferencesuchaprimarykey andnot anyof theother
candidatekeys.

DeterminingCandidateKeys

Thepreviousexampleonlyillustratesthedefinitionofcandidatekey
andnothowtheseareinpracticedetermined.Sincemostrelationshave
alargenumberoreveninfinitelymanyinstancesitwouldbeimpossible
todetermineallthesetsofattributeswiththeuniqueness propertyfor each instance. Instead it is
easier to consider the sets of real-world entities that are represented by the relation and
determine which attributesoftheentitiesuniquelyidentifythem.Forexamplearelation
Employee(Name, Address, Dept) probably represents employees and
thesearelikelytobeuniquelyidentifiedbyacombinationofNameand
Addresswhichisthereforeasuperkey,andunlessthesameholdsfor onlyName
oronlyAddress,thenthiscombinationisalsoacandidate key.
Inordertodeterminecorrectlythecandidatekeysitisimportantto determine all superkeys,
whichis especially difficult if the relation representsa setofrelationshipsratherthana

DEPARTMENT OF MANAGEMENT STUDIES 74


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

setofentities.
Unique key

In relational database design, a unique key or primary key is a


candidatekeytouniquelyidentifyeachrowinatable.Auniquekeyor primary keycomprises a
singlecolumn or set of columns. No two distinctrowsinatablecanhavethesamevalue(or
combinationof values)inthosecolumns.Dependingonitsdesign,atablemayhave arbitrarily
manyuniquekeys but atmostoneprimarykey.

Auniquekeymustuniquelyidentifyallpossiblerowsthatexistina
tableandnotonlythecurrentlyexistingrows.Examplesofuniquekeys are Social Securitynumbers
(associated with a specific person) or ISBNs (associated with a specific book).
Telephone books and dictionaries cannot use names or words or Dewey Decimal system
numbers as candidate keys because they do not uniquely identify telephonenumbers or
words.

A primarykeyisaspecialcaseofuniquekeys.Themajordifferenceis that f o r unique keys


theimplicit NOT NULL constraint is not
automaticallyenforced,whileforprimarykeysitis.Thus,thevaluesin
auniquekeycolumnmayormaynotbeNULL.Anotherdifferenceis thatprimarykeys
mustbedefinedusing another syntax.

The relational model, as expressed through relational calculus and


relationalalgebra,doesnotdistinguishbetweenprimarykeysandother
kindsofkeys.PrimarykeyswereaddedtotheSQLstandardmainlyasa convenience
totheapplication programmer.

Uniquekeys as wellas primarykeyscanbereferencedbyform.


Superkey
Asuperkeyisdefinedintherelationalmodelofdatabaseorganization
asasetofattributesofarelationvariable(relvar)forwhichitholdsthat
inallrelationsassignedtothatvariabletherearenotwodistincttuples (rows) that have the same
values for the attributes in this set.
Equivalentlyasuperkeycanalsobedefinedasasetofattributesofa relvar uponwhichall
attributesoftherelvarare functionallydependent.

DEPARTMENT OF MANAGEMENT STUDIES 75


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

NotethatifattributesetKisasuperkeyofrelvarR,and thenatalltimesitis
thecasethattheprojectionofRoverKhasthesamecardinalityasR itself.
Informally,asuperkeyisasetofcolumnswithinatablewhosevalues
canbeusedtouniquelyidentifyarow.Acandidatekeyisaminimalset
ofcolumnsnecessarytoidentifya row,thisisalsocalledaminimal superkey. For example, given an
employee table, consisting of the columnsemployee ID,name,job,anddepartment
ID,wecouldusethe employee IDincombinationwithanyorallothercolumnsofthistable
touniquelyidentify arowinthetable.Examplesofsuperkeysinthis tablewouldbe{employee
ID,Name}, {employee ID,Name,job},and {employee ID, Name, job, department ID}.

Inarealdatabasewedon'tneedvaluesforallofthosecolumnsto
identifyarow.Weonlyneed,perourexample,theset{employeeID}. Thisisaminimalsuperkey
thatis,aminimalsetofcolumnsthatcan be usedtoidentifyasinglerow.So, employeeIDis a
candidatekey.

Example - English Monarchs

MonarchName MonarchNumber RoyalHouse


Edward II Plantagenet
Edward III PlantagenetPla
Richard II ntagenetLanca
Henry IV ster

Inthisexample, thepossiblesuperkeysare:

{MonarchName,MonarchNumber}
{MonarchName,MonarchNumber, RoyalHouse}

Surrogatekey
Asurrogatekeyinadatabaseisauniqueidentifierforeitheranentity
inthemodeledworldoranobjectinthedatabase.Thesurrogatekeyis notderivedfrom application
data.
Thereappeartobetwodefinitionsofasurrogateintheliterature.We
shallcallthesesurrogate(1) andsurrogate(2):

Surrogate(1)
ThisdefinitionisbasedonthatgivenbyHall,OwlettandTodd(1976).
Hereasurrogaterepresentsanentityintheoutsideworld.Thesurrogate

DEPARTMENT OF MANAGEMENT STUDIES 76


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

isinternallygeneratedbythesystembutisneverthelessvisiblebythe useror application.


Surrogate(2)

ThisdefinitionisbasedonthatgivenbyWieringaanddeJung(1991). Here a surrogate


represents anobj ectinthedatabaseitself . The surrogateisinternallygeneratedbythe
systemandisinvisibletothe useror application.
We shall adopt thesurrogat e (1) definitionthroughoutthisarticle
largelybecauseitismoredatamodelrather thanstoragemodeloriented. See Date (1998).
Animportantdistinctionexistsbetweenasurrogateandaprimarykey,
dependingonwhetherthedatabaseisacurrentdatabaseoratemporal
database.Acurrentdatabasestoresonlycurrentlyvaliddata,therefore there is a one-to-one
correspondence between a surrogate in the
modelledworldandtheprimarykeyofsomeobjectinthedatabase;in
thiscasethesurrogatemaybeusedasaprimarykey,resultinginthe
termsurrogatekey.However,inatemporaldatabasethereisamany-to-
onerelationshipbetweenprimarykeys andthesurrogate.Sincethere may be several objects in
the database corresponding to a single surrogate, we cannot use the surrogate as a primary
key; another attributeis required,inadditiontothesurrogate,touniquelyidentify eachobject.

AlthoughHalletalia(1976)saynothingaboutthis,otherauthorshave arguedthata
surrogateshouldhavethe following constraints:
Thevalueisuniquesystem-wide,hence neverreused;
Thevalueissystemgenerated;
Thevalueisnotmanipulablebytheuser or application;
Thevaluecontains nosemanticmeaning;
Thevalueisnotvisibletotheuser or application;
Thevalueisnotcomposedofseveralvalues fromdifferentdomains.

Surrogates in Practice

In a current database, the surrogate key can be the primary key,


generatedbythedatabasemanagementsystemandnotderivedfromany
applicationdatainthedatabase.Theonlysignificanceofthesurrogate
keyistoactastheprimarykey.Itisalsopossiblethatthesurrogatekey
existsinadditiontothedatabase-generatedUUID,e.g.aHRnumberfor each employee
besidestheUUIDof eachemployee.

DEPARTMENT OF MANAGEMENT STUDIES 77


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Asurrogatekeyisfrequentlyasequentialnumber(e.g.aSybaseorSQL
Server"identitycolumn",aPostgreSQLserial,anOracleSEQUENCE
oracolumndefinedwithAUTO_INCREMENTinMySQL)butdoesn't
havetobe.Havingthekeyindependentofallothercolumnsinsulates the database
relationshipsfrom changes in data values or database design (makingthedatabasemore agile)
andguaranteesuniqueness.
In a temporal database, it is necessary to distinguish between the surrogatekeyand
theprimarykey.Typically,everyrowwouldhave
bothaprimarykeyandasurrogatekey.Theprimarykeyidentifiesthe
uniquerowinthedatabase,thesurrogatekeyidentifiestheuniqueentity
inthemodelledworld;thesetwokeysarenotthesame.Forexample, table
Staffmaycontaintworowsfor"JohnSmith",onerowwhenhe was employed between 1990 and
1999, another row when he was
employedbetween2001and2006.Thesurrogatekeyisidentical(non- unique) inbothrows
however theprimarykeywill beunique.

Somedatabasedesignersusesurrogatekeysreligiouslyregardlessofthe
suitabilityofothercandidatekeys,whileotherswilluseakeyalready presentinthedata, if there is
one.

Asurrogatemay alsobe calleda:

Surrogatekey, entityidentifier, system-generatedkey, database sequencenumber,


synthetickey, technicalkey, or arbitraryuniqueidentifier.

Some of these terms describe the way of generating new surrogate


valuesrather thanthenatureof thesurrogateconcept.
DatabaseModels
HierarchicalModel
In a hierarchical model, data is organized into an inverted tree-like
structure,implyingamultipledownwardlinkineachnodetodescribe
thenesting,andasortfieldtokeeptherecordsinaparticularorderin eachsame-
levellist.Thisstructurearrangesthevariousdataelementsin a hierarchyand helps to
establish logical relationships among data
elementsofmultiplefiles.Eachunitinthemodelisarecordwhichis
alsoknownasanode.Insuchamodel,eachrecordononelevelcanbe

DEPARTMENT OF MANAGEMENT STUDIES 78


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

relatedtomultiplerecordsonthenextlowerlevel.Arecordthathas
subsidiaryrecordsiscalleda parent andthesubsidiaryrecordsarecalled children.Data
elementsinthismodelarewellsuitedforone-to-many relationshipswithother dataelements
inthedatabase.

Figure1: AHierarchicalStructure

Department
DataElement

Project AData Project B Data


Element Element

Employee1 EmployeeB
DataElement DataElement

This model is advantageous when the data elements are inherently


hierarchical.Thedisadvantageisthatinordertopreparethedatabaseit
becomesnecessarytoidentifytherequisitegroupsoffilesthataretobe
logicallyintegrated.Hence,ahierarchicaldatamodelmaynotalwaysbe
flexibleenoughtoaccommodatethedynamicneeds of anorganization.

Example

Anexampleofahierarchicaldatamodelwouldbeifanorganization
hadrecordsofemployeesinatable(entitytype)called"Employees".In thetabletherewouldbe
attributes/columnssuchasFirstName,Last Name, JobName and Wage. Thecompany alsohas data about
the employeeschildreninaseparatetablecalled"Children"withattributes
suchasFirstName,LastName,anddateofbirth.TheEmployeetable represents
aparentsegmentandtheChildrentablerepresentsaChild
segment.Thesetwosegmentsformahierarchywhereanemployeemay have many children, buteachchild
mayonlyhave one parent.

Consider the following structure:

EmpNo Designation ReportsTo

DEPARTMENT OF MANAGEMENT STUDIES 79


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

10 Director
20 Senior Manager 10
30 Typist 20
40 Programmer 20

Inthis,the"child"isthesametypeasthe"parent".Thehierarchystating
EmpNo10isbossof20,and30and40eachreportto20isrepresented
bythe"ReportsTo"column.InRelationaldatabaseterms,theReportsto
columnisaforeignkeyreferencingtheEmpNocolumn.Ifthe"child"
datatypeweredifferent,itwouldbeinadifferenttable,buttherewould
stillbeaforeignkeyreferencingtheEmpNocolumnoftheemployees table.
Thissimplemodeliscommonlyknownastheadjacencylistmodel,and wasintroducedby
Dr.EdgarF.Coddafterinitialcriticismssurfaced
thattherelationalmodelcouldnotmodelhierarchicaldata.
NetworkModel
Inthenetworkmodel,recordscanparticipateinanynumberofnamed
relationships.Each relationshipassociatesarecordofonetype(called
theowner)withmultiplerecordsofanothertype(calledthemember).
Theserelationships(somewhat confusingly) arecalledsets. Forexample
astudentmightbeamemberofonesetwhoseowneristhecoursethey
arestudying,andamemberofanothersetwhoseowneristhecollege
theybelongto.Atthesametimethestudentmightbetheownerofaset
ofemailaddresses,andownerofanothersetcontainingphonenumbers.
Themaindifferencebetweenthenetworkmodelandhierarchicalmodel
isthatinanetworkmodel,a child canhaveanumberof parentswhereas in a
hierarchicalmodel, a child can have only one parent. The hierarchicalmodelis
thereforea subsetof thenetworkmodel.

DEPARTMENT OF MANAGEMENT STUDIES 80


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Figure2: Network Structure

Department ADepartmentB

StudentA StudentB StudentC

ProjectAProjectB

Programmaticaccesstonetworkdatabasesistraditionallybymeansofa navigational
data manipulation language, in which programmers
navigatefromacurrentrecordtootherrelatedrecordsusingverbssuch
asfindowner,findnext,andfindprior.Themostcommonexampleof suchaninterfaceistheCOBOL-
based DataManipulationLanguage definedby CODASYL. Network databasesaretraditionally
implemented byusingchains of
pointersbetweenrelatedrecords.Thesepointerscanbenodenumbersor diskaddresses.
Thenetworkmodelbecamepopularbecauseitprovidedconsiderable flexibility in modeling
complex data relationships, and also offered highperformancebyvirtueofthe
factthattheaccessverbsusedby programmers mapped directly to pointer-following in
the implementation.

Thenetworkmodelprovidesgreateradvantagethanthehierarchical
modelinthatitpromotesgreaterflexibilityanddataaccessibility,since
recordsatalowerlevelcanbeaccessedwithoutaccessingtherecords
abovethem.Thismodelismoreefficientthanhierarchicalmodel,easier
tounderstandandcanbeappliedtomanyrealworldproblems
thatrequireroutinetransactions.Thedisadvantagesarethat:Itisacomplex
processtodesignanddevelopanetworkdatabase;ithastoberefined frequently;Itrequiresthatthe

DEPARTMENT OF MANAGEMENT STUDIES 81


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

relationshipsamongalltherecordsbe definedbeforedevelopmentstarts,andchanges
oftendemandmajor programmingefforts;Operationandmaintenanceofthenetworkmodel is
expensiveandtimeconsuming.

Examplesofdatabaseenginesthathavenetworkmodelcapabilitiesare RDM
EmbeddedandRDM Server.

However,themodelhadseveraldisadvantages.Networkprogramming provederror-prone
asdatamodelsbecamemorecomplex,andsmall
changestothedatastructurecouldrequirechangestomanyprograms. Also, because of the use of
physical pointers, operations such as database loadingandrestructuring couldbe verytime-
consuming.

Concept and History: The network model is a d a t a b a s e m o d e l conceived as a


flexible way of representing objects and their relationships.Itsoriginalinventor
wasCharlesBachman,anditwas developed into a standard specification publishedin1969
bytheCODASYLConsortium.Wherethehierarchicalmodelstructuresdata asa treeof
records,with eachrecordhavingoneparentrecord andmany
children,thenetworkmodelallowseachrecordtohavemultipleparent andchild records, forming
alattice structure.

Thechiefargumentinfavourofthenetworkmodel,incomparisonto thehierarchicmodel,
wasthatitallowedamorenaturalmodelingof relationships between entities. Although the
model was widely implemented and used, it failed to become dominant for two
main reasons.Firstly,IBMchosetosticktothehierarchicalmodelwithsemi-
networkextensionsintheirestablishedproductssuchasIMSandDL/I.
Secondly,itwaseventuallydisplacedbytherelationalmodel,which offeredahigher-
level,moredeclarativeinterface.Untiltheearly1980s theperformancebenefitsofthelow-
levelnavigationalinterfacesoffered
byhierarchicalandnetworkdatabaseswerepersuasiveformanylarge-
scaleapplications,butashardwarebecamefaster,theextraproductivity
andflexibilityoftherelationalmodelledtothegradualobsolescenceof thenetworkmodelin
corporateenterpriseusage.

Object-Relational Database

DEPARTMENT OF MANAGEMENT STUDIES 82


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

An object-relational database (ORD) or object-relational database management


system (ORDBMS) is a database management system (DBMS)similartoarelational
database,butwithanobject-oriented databasemodel:objects,classesandinheritanceare
directlysupported indatabaseschemasandinthequerylanguage.Inaddition,itsupports
extensionof thedatamodelwith custom data-types andmethods.

Oneaimforthistypeofsystemistobridgethegapbetweenconceptual datamodeling
techniquessuchasEntity-relationshipdiagram(ERD) and object-relational mapping (ORM),
which often use classes and inheritance, and relational databases, which do not directly
support them.

Another,related,aimistobridgethegapbetweenrelationaldatabases and the object-


oriented modeling techniques used in
programminglanguagessuchasJava,C++orC#However,amorepopularalternative for
achieving such abridgeis touse astandard relational database systems with
someformof ORM software.
WhereastraditionalRDBMSorSQL-DBMSproductsfocusedonthe efficient
managementofdatadrawnfromalimitedsetofdata-types
(definedbytherelevantlanguagestandards),anobject-relationalDBMS allowssoftware-
developerstointegratetheirowntypesandthemethods
thatapplytothemintotheDBMS.ORDBMStechnologyaimstoallow developers to raise the level
of abstraction at which they view the problem domain. This goal isnot universally shared;
proponents of relationaldatabasesoftenarguethatobject-orientedspecificationlowers
theabstraction level.

Anobject-relationaldatabasecanbesaidtoprovideamiddleground between relational


databases and object-oriented databases (OODBMS).Inobject-relational
databases,theapproachisessentially that of relational databases: the data resides in the
database and is manipulatedcollectivelywithqueriesinaquerylanguage;attheother extreme
areOODBMSesinwhichthedatabaseisessentiallyapersistent object store for software written in
an object-oriented programming language,withaprogrammingAPI for
storingandretrievingobjects, andlittle or nospecificsupportfor querying.

ManySQLORDBMSsonthemarkettodayareextensiblewithuser- defined types (UDT)


and custom-written functions (e.g. stored

DEPARTMENT OF MANAGEMENT STUDIES 83


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

procedures.Some(e.g.SQLServer)allowsuchfunctionstobewritten in object-oriented
programming languages, but this by itself doesn't makethemobject-orienteddatabases; in
anobject-orienteddatabase, objectorientation isa feature of thedatamodel.

Object Database

Inanobjectdatabase(alsoobjectorienteddatabase),informationis represented in the


form of objects as used in object-oriented programming. When database capabilities are
combined with object programming language capabilities, the result is an object database
managementsystem(ODBMS).AnODBMSmakesdatabase objects appear as programming
language objects in one or more object programming languages. AnODBMS extends the
programming language withtransparentlypersistentdata,concurrencycontrol,data recovery,
associativequeries,andothercapabilities.
Someobject-orienteddatabasesaredesignedtoworkwellwithobject-
orientedprogramminglanguagessuchasPython,Java,C#,VisualBasic .NET, C++, Objective-C
and Smalltalk. Others have their own
programminglanguages.AnODBMSsuseexactlythesamemodelas object-
orientedprogramming languages.
Objectdatabasesaregenerallyrecommendedwhenthereisabusiness need for
highperformanceprocessingoncomplexdata.
Adoptionof Object Databases

Objectdatabasesbasedonpersistentprogrammingacquiredanichein application areas such as


engineering and spatial databases,
telecommunications,andscientificareassuchashighenergyphysics andmolecular
biology.Theyhavemadelittleimpactonmainstream
commercialdataprocessing,thoughthereissomeusageinspecialized

areasoffinancialservice].Itisalsoworthnotingthatobjectdatabases
heldtherecordfortheWorld'slargestdatabase(beingfirsttoholdover1000TerabytesatStanfordLin
earAcceleratorCenter"LessonsLearned from Managing
aPetabyte")andthehighestingestrateeverrecorded for a commercialdatabase atover
oneTerabyteper hour.
Anothergroupofobjectdatabasesfocusesonembeddeduseindevices, packagedsoftware,and
real-timesystems.
Advantagesand Disadvantages

DEPARTMENT OF MANAGEMENT STUDIES 84


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Benchmarks betweenODBMSsandRDBMSshaveshownthatan ODBMScanbe


clearlysuperiorforcertainkindsoftasks.Themain
reasonforthisisthatmanyoperationsareperformedusingnavigational rather thandeclarative
interfaces, and navigational access to data is usuallyimplementedveryefficiently
byfollowingpointers.
Critics of navigational database-based technologies like ODBMS suggestthat
pointer-basedtechniquesareoptimizedforveryspecific
"searchroutes"orviewpoints.However,forgeneral-purposequerieson
thesameinformation,pointer-basedtechniques willtendtobeslower
andmoredifficulttoformulatethanrelational.Thus,navigationappears
tosimplifyspecificknownusesattheexpenseofgeneral,unforeseen,
andvariedfutureuses.However,withsuitablelanguagesupport,direct
objectreferencesmaybemaintainedinadditiontonormalised,indexed
aggregations,allowingbothkindsofaccess; furthermore,apersistent language may index
aggregations on whatever is returned by some arbitrary object access method, rather than
only on attribute value, whichcansimplifysomequeries.
Otherthings that work against an ODBMS seem to be the lack of
interoperabilitywithagreatnumberoftools/featuresthataretakenfor
grantedintheSQLworldincludingbutnotlimitedtoindustrystandard connectivity, reporting
tools, OLAP tools, and backup and recovery standards.
Additionally,objectdatabaseslackaformalmathematical foundation, unlikethe relational
model, andt h i s i n t u r n l e a d s to
weaknessesintheirquerysupport.However,thisobjectionisoffsetby the fact that some
ODBMSs fully support S Q L i n addition to
navigationalaccess,e.g.Objectivity/SQL++,Matisse,andInter Systems CACH. Effective
use may require compromises to keep both paradigmsinsync.
Infactthereisanintrinsictensionbetweenthenotionofencapsulation,
whichhidesdataandmakesitavailableonlythroughapublishedsetof interface methods, and the
assumption underlying much database
technology,whichisthatdatashouldbeaccessibletoqueriesbasedon data content rather than
predefined access paths. Database-centric
thinkingtendstoviewtheworldthroughadeclarativeandattribute- driven viewpoint, while OOP
tends to view the world through a behavioral viewpoint, maintaining entity-identity

DEPARTMENT OF MANAGEMENT STUDIES 85


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

independently of changingattributes.Thisisoneofthemanyimpedancemismatchissues
surroundingOOP anddatabases.
Although some commentators have written off object database
technologyasafailure,theessentialargumentsinitsfavorremainvalid,
andattemptstointegratedatabasefunctionalitymorecloselyintoobject
programminglanguagescontinueinboththeresearchandtheindustrial communities.
AssociativeModel ofData

Theassociativemodelofdataisanalternativedatamodelfordatabase
systems.Otherdatamodels,suchastherelationalmodelandtheobject data m o del , a r ere cord -
based. These models involve encompassing attributes about a thing, such as a car, in a record
structure. Such attributes m i g h t b e r e g i st r a t i o n , c o l o r , m a k e , m o d e l , e t c . In
t he associative model, everything which has discrete independent
existenceismodeledasanentity,andrelationshipsbetweenthemare
modeledasassociations.Thegranularityatwhichdataisrepresentedis similar
t o s c h e m e s presentedb y C h e n ( Entity-relationship m o d e l );
Bracchi,PaoliniandPelagatti(BinaryRelations);andSenko(TheEntity SetModel).

Column-Oriented DBMS
Acolumn-orientedDBMSisadatabasemanagementsystem(DBMS) which
s t ores i t s cont ent b yc o l um n ratherthan b yr o w . This has advantages for databases such
as data warehouses and library catalogues, where
a g g r e g a t e s a r e c o m p u t e d o v e r l argenum bers o f similar dataitems.
Benefits

Comparisonsbetweenrow-orientedandcolumn-orientedsystemsare
typicallyconcernedwiththeefficiencyofhard-diskaccessforagiven
workload,asseektimeisincrediblylongcomparedtotheotherdelays
incomputers.Further,becauseseektimeisimproving ataslowrate
relativetocpupower(seeMoore'sLaw),thisfocuswilllikelycontinue onsystemsreliantonhard-
disksforstorage.Followingisasetofover-
simplifiedobservationswhichattempttopaintapictureofthetrade-offs betweencolumn and
roworientedorganizations.
Column-oriented s ys t e m s a r e m o r e e f f i c i e n t w h e n a n a g g r e g a t e
needstobecomputedovermanyrowsbutonlyforanotablysmaller

DEPARTMENT OF MANAGEMENT STUDIES 86


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

subsetofallcolumnsofdata,becausereadingthatsmallersubsetof datacanbe faster than


readingall data.
Column-orientedsystemsaremoreefficientwhennewvaluesofa
columnaresuppliedforallrowsatonce,becausethatcolumndata can be written efficiently and
replace old column data without touchinganyothercolumns for the rows.
Row-orientedsystemsaremoreefficientwhenmanycolumnsofa single row are required
at the same time, and when row-size is
relativelysmall,astheentirerowcanberetrievedwithasingledisk seek.
Row-orientedsystemsaremoreefficientwhenwritinganewrowif
allofthecolumndataissuppliedatthesametime,astheentirerow canbe
writtenwithasinglediskseek.
Inpractice,roworientedarchitecturesarewell-suitedforOLTP-like
workloadswhicharemoreheavilyloadedwithinteractivetransactions. Column stores are well-
suited for OLAP-like workloads (e.g., data warehouses) which typically involve a smaller
number of highly complexqueries overall data(possibly terabytes).

StorageEfficiencyvs.Random Access
Columndataisofuniformtype;therefore,therearesomeopportunities
forstoragesizeoptimizationsavailableincolumnorienteddatathatare
notavailableinroworienteddata.Forexample,manypopularmodern compression schemes,
such as LZW, make use of the similarity of
adjacentdatatocompress.Whilethesametechniquesmaybeusedon row-
orienteddata,atypicalimplementationwillachievelesseffective results. Further, this behavior
becomes more dramatic when a large percentageofadjacentcolumndatais
eitherthesameornot-present, suchasinasparsecolumn(similartoasparsematrix).The opposing
tradeoffisRandomAccess.Retrievingalldatafromasinglerowis
moreefficientwhenthatdataislocatedinasinglelocation,suchasina row-oriented
architecture. Further,
thegreateradjacentcompression achieved,themoredifficultrandom-
accessmaybecome,asdatamight needtobeuncompressedtoberead.
Implementations

Formanyyears,onlytheSybaseIQproductwascommonlyavailablein thecolumn-
orientedDBMSclass.However,thathaschangedrapidlyin the last few years with many open

DEPARTMENT OF MANAGEMENT STUDIES 87


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

source and commercial implementations.


Navigational Database
Navigationaldatabasesarecharacterizedbythefactthatobjectsinthe
databasearefoundprimarilybyfollowingreferencesfromotherobjects.
Traditionallynavigationalinterfacesare procedural,thoughonecould
characterizesomemodernsystemslikeXPathasbeingsimultaneously
navigationalanddeclarative.
Navigationalaccessistraditionallyassociatedwiththenetworkmodel
andhierarchicalmodelofdatabaseinterfacesandhasevolvedintoSet-
orientedsystems.Navigationaltechniquesuse"pointers"and"paths"to
navigateamongdatarecords(alsoknownas"nodes").Thisisin contrast totherelationalmodel
(implementedinrelationaldatabases), which
strivestouse"declarative"orlogicprogrammingtechniquesinwhich youaskthesystem for
whatyouwantinsteadofhow tonavigatetoit.
Forexample,togivedirectionstoahouse,thenavigationalapproach wouldresemble
somethinglike,"Getonhighway25for8miles,turn
ontoHorseRoad,leftattheredbarn,thenstopatthe3rdhousedown
theroad".Whereas,thedeclarativeapproachwouldresemble,"Visitthe greenhouse(s) within the
following coordinates...."
Hierarchical models arealso considered navigational because one
"goes"up(toparent),down(toleaves),andthereare"paths",suchas thefamiliarfile/folderpathsin
hierarchicalfilesystems.Ingeneral, navigationalsystemswillusecombinationsofpaths
andprepositions suchas "next","previous", "first","last", "up","down",etc.
Distributed Database

Adistributeddatabaseisadatabasethatisunderthecontrolofa
centraldatabasemanagementsystem(DBMS)inwhichstoragedevices
arenotallattachedtoacommon CPU.Itmaybestoredinmultiple
computerslocatedinthesamephysicallocation,ormay bedispersed over a networkof
interconnectedcomputers.
Collectionsofdata(e.g.inadatabase)canbedistributedacrossmultiple physicallocations.
A distributeddatabaseisdistributedintoseparate partitions/fragments.Each
partition/fragmentofadistributeddatabase maybereplicated (i.e.redundantfail-
overs,RAIDlike).

DEPARTMENT OF MANAGEMENT STUDIES 88


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Besides distributed database replication andfragmentation, thereare


manyotherdistributeddatabasedesigntechnologies.Forexample,local autonomy,synchronous
and asynchronous distributed database
technologies.Thesetechnologies'implementationcananddoesdepend ontheneedsofthe
businessandthesensitivity/confidentialityofthe datatobestoredinthedatabase,and
hencethepricethebusinessis willing tospendonensuringdatasecurity, consistency andintegrity.

Importantconsiderations

Care with a distributeddatabase mustbe takento ensurethefollowing:

Thedistributionistransparentusersmustbeabletointeractwith thesystem as if it

were one logical system. This appliesto the system'sperformance, andmethods of

access amongstother things. Transactions are transparent-

eachtransactionmustmaintain

databaseintegrityacrossmultipledatabases.Transactionsmustalso bedividedintosub-

transactions,eachsub-transactionaffectingone database system.

Advantagesof DistributedDatabases
Reflects organizational structure database fragments are locatedinthedepartments
theyrelateto.
Localautonomyadepartmentcancontrolthedataaboutthem
(as theyaretheonesfamiliarwith it.)
Improvedavailabilityafaultinonedatabasesystemwillonly
affectonefragment,insteadof theentire database.
Improvedperformancedataislocatednearthesiteofgreatest demand,andthe
databasesystemsthemselvesareparallelized,
allowingloadonthedatabasestobebalancedamongservers.(A high load on one module
of the database won't affect other modules of thedatabase ina distributeddatabase.)
Economics it costs less to create a network of smaller computers with thepowerof
a singlelarge computer.
Modularitysystems canbe modified, addedand removed from the distributed
database without affecting othermodules (systems).

DEPARTMENT OF MANAGEMENT STUDIES 89


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

DisadvantagesofDistributed Databases

ComplexityextraworkmustbedonebytheDBAstoensure thatthedistributednature of
thesystemis transparent. Extrawork
mustalsobedonetomaintainmultipledisparatesystems,instead
ofonebigone.Extradatabasedesignworkmustalsobedoneto account for the disconnected
nature of the database for
example,joinsbecomeprohibitivelyexpensivewhenperformed acrossmultiplesystems.
Economics increased complexity and a more extensive infrastructuremeans extra
labourcosts.
Securityremotedatabasefragmentsmustbesecured,andthey
arenotcentralizedsotheremotesitesmustbesecuredaswell. Theinfrastructuremustalsobe
secured (e.g.,byencryptingthe networklinksbetween remotesites).
Difficult to maintain integrity in a distributed database,
enforcingintegrityoveranetworkmayrequiretoomuchofthe network'sresourcestobefeasible.
Inexperiencedistributeddatabasesaredifficulttoworkwith, and as a y o u n g field there is
not much readily available experience onproper practice.
Lackofstandardstherearenotoolsormethodologiesyetto helpusers converta
centralizedDBMS into a distributedDBMS.
Database design more complex besides of the normal
difficulties,thedesignofadistributeddatabasehastoconsider fragmentationof
data,allocationoffragmentstospecificsites anddata replication.
Real TimeDatabase

A real-time database isaprocessings y s t e m d e s i g n e d t o handle


workloadswhosestateisconstantlychanging(Buchmann).Thisdiffers
fromtraditionaldatabasescontainingpersistentdata,mostlyunaffected by time. For example, a
stockmarketchangesveryrapidlyandis
dynamic.Thegraphsofthedifferentmarketsappeartobeveryunstable and
yetadatabasehastokeeptrackofcurrentvaluesforallofthe markets o f t h e N e w York
S t o c k E x c h a n g e ( Kanitkar). Real-time processingmeansthatatransactionis
processedfastenoughforthe resulttocomebackandbeactedonrightaway(Capron). Real-time
databases areusefulforaccounting, banking, law, medicalrecords, multi-
media,processcontrol,reservationsystems,andscientificdata analysis(Snodgrass).
Ascomputersincreaseinpowerandcanstore more data, they are integrating themselves into our

DEPARTMENT OF MANAGEMENT STUDIES 90


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

society and are employedinmany applications.

Overview

Real-timedatabasesaretraditionaldatabasesthatuseanextensionto givetheadditional
powertoyieldreliableresponses.Theyusetiming
constraintsthatrepresentacertainrangeofvaluesforwhichthedataare
valid.Thisrangeiscalledtemporalvalidity.Aconventional database cannot work under these
circumstances becausetheinconsistencies
betweentherealworldobjectsandthedatathatrepresentsthemaretoo
severeforsimplemodifications.Aneffectivesystemneedstobeableto handletime-
sensitivequeries,return onlytemporally validdata,and
supportpriorityscheduling.Toenterthedatainthe records,oftena
sensororaninputdevicemonitorsthestateofthephysicalsystemand
updatesthedatabasewithnewinformationtoreflectthephysicalsystem
moreaccurately(Abbot).Whendesigningareal-timedatabasesystem, one should consider how
to represent valid time, how facts are associated with real-time system. Also, consider
h o w t o r e p r e s e n t attributevaluesinthedatabasesothatprocesstransactionsanddata
consistencyhavenoviolations(Abbot).

Whendesigningasystem,itisimportanttoconsiderwhatthesystem should dowhen deadlines


are not met. For example, an air-traffic control system constantly monitors hundreds of
aircraft and makes decisionsaboutincomingflightpathsanddeterminestheorderinwhich
aircraftshouldlandbasedondatasuchasfuel,altitude,andspeed.If any of this information is late,
the result could be devastating (Sivasankaran).To
addressissuesofobsoletedata,thetimestampcan supporttransactionsbyproviding clear
timereferences(Sivasankaran).
SQLDBMS

IBMstartedworkingonaprototypesystemlooselybasedonCodd'sconceptsasSyste
m Rintheearly1970sunfortunately,SystemR

DEPARTMENT OF MANAGEMENT STUDIES 91


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

wasconceivedasawayofprovingCodd'sideasunimplementable,and
thustheprojectwasdeliveredtoagroupofprogrammerswhowerenot
underCodd'ssupervision,neverunderstoodhisideasfullyandendedup violating
severalfundamentals of the relational model. The first
"quickie"versionwasreadyin1974/5,andworkthenstartedonmulti-
tablesystemsinwhichthedatacouldbebrokendownsothatallofthe
dataforarecord(muchofwhichisoftenoptional)didnothavetobe
storedinasinglelarge"chunk".Subsequentmulti-userversionswere tested
bycustomersin1978and1979,bywhichtimeastandardized querylanguage,SQL,had
beenadded.Codd'sideaswereestablishing
themselvesasbothworkableandsuperiortoCodasyl,pushingIBMto
developatrueproductionversionofSystemR,knownasSQL/DS,and, later,
Database2(DB2).

ManyofthepeopleinvolvedwithINGRESbecameconvincedofthe future
commercial success of such systems, and formed their own companies to
commercialize the work but with an SQL interface.
Sybase,Informix,NonStopSQLandeventuallyIngresitself wereall
beingsoldasoffshootstotheoriginalINGRESproductinthe1980s.
EvenMicrosoftSQLServerisactuallyare-builtversionofSybase,and thus, INGRES.
Only Larry Ellisons Oraclestartedfrom adifferent
chain,basedonIBM'spapersonSystem R, andbeatIBMtomarket
whenthefirstversionwas releasedin1978.

StonebrakerwentontoapplythelessonsfromINGREStodevelopa new database,


Postgres, which is now known as PostgreSQL.
PostgreSQLisprimarilyusedforglobalmissioncriticalapplications (the.organd.info
domainnameregistriesuseitastheirprimarydata
store,asdomanylargecompaniesandfinancialinstitutions).

InSweden,Codd'spaperwasalsoreadandMimerSQLwasdeveloped from themid-


70s atUppsala University. In 1984,

DEPARTMENT OF MANAGEMENT STUDIES 92


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

thisprojectwasconsolidatedintoanindependententerprise.Intheearly1980s,Mimer
introducedtransactionhandlingforhighrobustnessin applications,an idea thatwas
subsequentlyimplementedonmostother DBMS.
Theevolutionofdatabasemodelsiscontinuousuntilatimeanideal
modelwillemergethatwillmeetalltherequirementsofendusers.This
soundimpossiblebecausetherecanneverbeasystemthatiscompletely fault-free.
Thuswewillyetseemoreofmodelsofdatabase.Theflat
andhierarchicalmodelshadsetthetune for emergingmodels.

Relational Database Management


Introduction
A Relational database management system (RDBMS) is a databasemanagement
system (DBMS) that is based on the relational model asintroduced by E. F. Codd. Most
popular commercial and open sourcedatabases currently in use are based on the relational
model.
A short definition of an RDBMS may be a DBMS in which data isstored in the form
of tables and the relationship among the data is also stored in the form of tables.
History oftheTerm

E. F. Codd introduced the term in his seminal paper "A Relational


ModelofDataforLargeSharedDataBanks",publishedin1970.Inthis
paperandlaterpapershedefined whathemeantbyrelational.One well-
knowndefinitionofwhatconstitutesarelationaldatabasesystemis
Codd's12rules.However,manyoftheearlyimplementationsofthe
relationalmodeldidnotconformtoallofCodd'srules,sotheterm graduallycameto
describeabroaderclassofdatabasesystems.Ata minimum,these systems: presented the data to
the user as relations (a presentation in tabular form, i.e. as acollection of tables with each
table consisting of a setofrowsandcolumns, cansatisfythisproperty)
providedrelationaloperatorstomanipulatethe dataintabular form.
Thefirstsystemsthatwererelativelyfaithfulimplementationsofthe relationalmodel
werefromtheUniversityofMichigan;MicroDBMS
(1969)andfromIBMUKScientificCentreatPeterlee;IS1(197072) anditsfollowonPRTV(1973
79).ThefirstsystemsoldasanRDBMS

DEPARTMENT OF MANAGEMENT STUDIES 93


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

wasMulticsRelationalDataStore,firstsoldin1978.Othershavebeen BerkeleyIngres QUEL and


IBMBS12.
ThemostpopulardefinitionofanRDBMSisaproductthatpresentsa
viewofdataasacollectionofrowsandcolumns,evenifitisnotbased strictly uponrelational theory.
By thisdefinition, RDBMSproducts typicallyimplementsomebutnotall of Codd's 12rules.
Asecond,theory-basedschoolofthoughtarguesthatifadatabasedoes
notimplementallofCodd'srules(orthecurrentunderstandingonthe
relationalmodel,asexpressedbyChristopherJDate,HughDarwenand
others),itisnotrelational.Thisview,sharedby manytheoristsand other strictadherents to
Codd'sprinciples, would disqualify most
DBMSsasnotrelational.Forclarification,theyoftenrefertosome RDBMSs as Truly-Relational
Database Management Systems (TRDBMS),namingothersPseudo-
RelationalDatabaseManagement Systems (PRDBMS).
AlmostallcommercialrelationalDBMSsemploySQLastheirquery language.
Alternative query languages have been proposed and
implemented,butveryfewhavebecomecommercialproducts.
MarketStructure
GivenbelowisalistoftopRDBMSvendorsin2006withfiguresin millionsof
UnitedStatesDollarspublishedinan IDCstudy.

Vendor GlobalRevenue
Oracle 7,912
IBM 3,483
Microsoft 3,052
Sybase 5240
Teradata 457
Others 1,624
Total 16,452

Lowadoptioncostsassociatedwithopen-sourceRDBMSproductssuch
asMySQLandPostgreSQLhavebeguninfluencingvendorpricingand licensing
strategies.
Features and Responsibilitiesofan RDBMS

DEPARTMENT OF MANAGEMENT STUDIES 94


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Asmentionedearlier,anRDBMSissoftwarethatisusedforcreating
andmaintainingadatabase.Maintaininginvolvesseveraltasksthatan RDBMS takescare
of.These tasksareasfollow:
ControlDataRedundancy
SincedatainanRDBMSisspreadacrossseveraltables,repetitionor redundancyisreduced.
Redundantdatacanbeextractedandstoredin
anothertable,alongwithafieldthatiscommontoboththetables.Data canthenbeextracted
fromthetwotablesbyusingthecommon field.
DataAbstraction
ThiswouldimplythattheRDBMShidestheactualway,inwhichdata isstored,while
providingtheuserwithaconceptualrepresentationof thedata.
Supportfor MultipleUsers
AtrueRDBMSallowseffectivesharingofdata.Thatis,itensuresthat severaluserscan
concurrentlyaccessthedatainthedatabasewithout affectingthespeedof thedataaccess.
In a database application, which can be used by several users
concurrently,thereisthepossibilitythattwousersmaytrytomodifya particular record at the
same time. This could lead to one persons
changesbeingmadewhiletheothersareoverwritten.To
avoidsuchconfusion,mostRDBMSsprovidearecord-lockingmechanism.This
mechanismensuresthatnotwouserscouldmodifyaparticularrecordat thesametime.A
recordisasitwerelockedwhileoneusermakes
changestoit.Anotheruseristhereforenotallowedtomodifyittillthe changes
arecompleteandtherecordissaved. The lock isthenreleased,andthe recordavailable for
editingagain.

MultipleWays of InterferingtotheSystem
Thiswouldrequirethedatabasetobeabletobeaccessiblethrough
differentquerylanguagesaswellasprogramminglanguages.Itwould alsomeanthatavarietyof
front-endtoolsshouldbeabletousethe databaseasaback-end.Forexampledatastored
inMicrosoftAccess canbedisplayedandmanipulatedusingformscreatedinsoftwaresuch as
VisualBasicor FrontPage 2000.
RestrictingUnauthorized Access

AnRDBMSprovidesasecuritymechanismthatensuresthatdatainthe

DEPARTMENT OF MANAGEMENT STUDIES 95


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

databaseisprotectedfromunauthorizedaccessandmalicioususe.The
securitythatisimplementedinmostRDBMSsisreferredtoasUser-
levelsecurity,whereinthevarioususersofthe databaseareassigned usernames and passwords.,
only when the user enters the correct
usernameandpasswordisheabletoaccessthedatainthedatabase.
Inadditiontothis,aparticularusercouldberestrictedtoonlyviewthe
data,whileanothercouldhavetherightstomodifythedata.Athirduser couldhave right s to change
thestructureof sometableitself, inaddition tothe rightsthattheother twohave.
Whensecurityisimplementedproperly,dataissecureandcannotbe tamperedwith.
Enforcing IntegrityConstraints

RDBMSprovideasetofrulesthatensurethatdataenteredintoatable is valid . These


rul es must remaintrue foradat abase topreserve
integrity.Integrityconstraintsarespecifiedatthetimeofcreatingthe database,and
areenforcedbytheRDBMS.
ForexampleinaMarkstable,aconstraintcanbeaddedtoensurethat themarksineach
subjectbebetween0and100.Suchaconstraintis calledaCheckconstraint.Itisarule
thatcanbesetbytheusertoensurethatonlydatathatmeetsthecriteriaspecifiedthereisallowedto
enter thedatabase. The givenexampleensuresthatonlyanumber
between0and100canbeenteredintothemarkscolumn.
Backup and Recovery
Inspiteof ensuringthatthedatabaseissecurefromunauthorized access/
useraswellasinvalidentries,thereisalwaysadangerthatthedatain thedatabasecouldgetlost.They
couldhappenduetosomehardware
problemsorsystemcrash.Itcouldthereforeresultinalossofalldata.
Toguardthedatabasefromthis,most RDBMSshaveinbuilt backup and
recoverytechniquesthatensurethatthedatabaseisprotectedfromthese kinds of fatalitiestoo.

ComparisonofRelational Database ManagementSystems


Thefollowingtablescomparegeneralandtechnicalinformationfora numberofrelational
databasemanagementsystems.Comparisonsare basedonthestableversionswithoutanyadd-
ons,extensionsorexternal programs.

DEPARTMENT OF MANAGEMENT STUDIES 96


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

2 Marks
20. Stages of SDLC
21. What do you mean by System Analysis?
22. What do you mean by System Design?
23. What do you mean by SLC?
24. What do you mean by DFD?
25. What are the Advantages of DFD?
26. What are the Disadvantages of DFD?
27. Give the Symbol for the Following:
External Entity, Data Flow, Data Store, Process, External Indicator, Object
28. State Elements of DFD
29. Define Entity Relationship Model (ER)
30. Give the Symbol for the Following:
Entity, Weak Entity, Key Attribute, Multi valued Attribute, Derived Attribute,
Relationships, Cardinality, Recursive Relationship, Cardinality Notations,
31. What do you mean by Object Modeling Technique?
32. What is database?
33. What is DBMS?
34. What is a Database system?
35. Advantages of DBMS?
36. Disadvantage in File Processing System?
37. Define the "integrity rules"
38. What is Data Independence?
39. What is Data Model?
40. What is an Entity?
41. What is an Entity type?
42. What is an Entity set?
43. What is an Extension of entity type?
44. What is Weak Entity set?
45. What is an attribute?

DEPARTMENT OF MANAGEMENT STUDIES 97


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

46. What is a Relation Schema and a Relation?


47. What is degree of a Relation?
48. What is Relationship?
49. What is Relationship set?
50. What is Relationship type?
51. What is degree of Relationship type?
52. Name the sub-systems of a RDBMS
53. How do you communicate with an RDBMS?
16 Marks
1. Explain about the System Development Life Cycle (SDLC)
2. Discuss the Emerging Symbols in DFD
3. Explain the Types of Keys
4. Discuss the models of DBMS
5. Explain about the ER Diagram with Suitable Example as Banking Sector
6. Discuss the RDBMS and its Contents

DEPARTMENT OF MANAGEMENT STUDIES 98


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

MANAGEEMNT INFORMATION SYSTEM UNIT: III

Finance Management Information System

Employee Records

Marketing Records

Finance Records

Production Records

Profit & Loss System Competitor Data

Auditing Government Data

Budgeting Market Data


PROCESSING
Portfolio Management Society Data

Info.Info.

Support to

Marketing Subsystem

Production Subsystem

Human Resource Subsystem

Profit and Loss System


This predicts the profit and loss status of the organization. It is based on all the
Accounting Subsystem
transactions that happen within the organization. It is calculated based on past records
and recent information. Competitor data provides data on how profit and loss is
calculated in their organization. Government data provides regulation information on
transaction management. Marketing Subsystem provides information on marketing
such as product details, price of the product, and distribution of the product and

DEPARTMENT OF MANAGEMENT STUDIES 99


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

promotion measures for the product. Production Subsystem provides information on


cost of production, which includes purchase, inventory management and quality
management. Human Resource subsystem provides information on cost of labour,
which includes recruitment cost, training cost, wages and administration. Accounts
subsystem provides information on payroll, accounts liable. Based on all the above, a
decision on profit and loss is taken by the finance subsystem.

Auditing
All the transactions that happen in the organization are subject to auditing to ensure
reliability of transactions.

Budgeting
It is calculated based on past records and recent information. Competitor data
provides data on competitor budget. Market data provides details on product demand.
Greater the demand, greater should be the promotion in order to keep up the market
leadership and hence the budget provision should be allotted accordingly.
Government data provides regulation information on budget such as tax holidays and
exemptions, etc. Society data provides information on buying power of the society.
Marketing Subsystem provides information on marketing such as product details,
price of the product, and distribution of the product and promotion measures for the
product. Production Subsystem provides information on cost of production, which
includes purchase, inventory management and quality management. Human Resource
subsystem provides information on cost of labor, which includes recruitment cost,
training cost, wages and administration. Accounts subsystem provides information on
payroll, accounts liable. Based on all the above, a decision on budget is taken by the
finance subsystem.

Portfolio Management
It is calculated based on past records and recent information. Competitor data
provides data on competitor investment practices. Government data provides
regulation information on investments. The government encourages investment on
infrastructure development. Marketing Subsystem provides information on expected
sales. Production Subsystem provides information on cost savings. Human Resource
subsystem provides information on savings from common fund of the employees.
Accounts subsystem provides information on payroll, accounts liable. Based on all the
above, a decision on portfolio management is taken by the finance subsystem

DEPARTMENT OF MANAGEMENT STUDIES 100


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Introduction - Marketing Information Systems (MKIS)

MKIS is a computerized system that is designed to provide an organized flow of information


to enable and support the marketing activities of an organization.The MKIS addresses operational
needs through customer management systems that focus on the day-to-day processing of customer
transactions from the initial sale through customer service. MKIS systems are designed to be
comprehensive and flexible in nature and to integrate with each other functionally. They are formal,
forward looking and essential to the organizations ability to create competitive advantage.

The Strategic Role of the Marketing Information System

Marketing is a strategic function in that marketing activities enable organizations to


identify and adapt to changes in the market environment. The strategic function of marketing
is further emphasized as Internet-based technologies have enabled radically new approaches
to selling where information technology for the first time touches customers and provides
new means for collecting marketing information. In a knowledge-intensive economy, the
ability to collect, analyze and act upon marketing information more rapidly than the
competition is the core competency from which competitive advantage flows. Marketing
information systems provide the information technology backbone for the marketing
organizations strategic operations.

In a broader sense, the MkIS creates an organized and timely flow of information
required by marketing decision makers. It involves the equipment, software, databases, and
also the procedures, methodologies and people necessary for the system to meet its
organizational objectives. MkIS encompasses a broad spectrum of activities from simple
transaction processing complex marketing strategy decision making

DEPARTMENT OF MANAGEMENT STUDIES 101


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

The Interface of MKIS

The rapidly growing field of marketing automation encompasses customer


management functions to support e-commerce. As depicted in the above Figure, customer
management applications include marketing decision support systems, customer relationship
management, sales force automation, and customer service and e-commerce activities. These
activities are often described as front office customer-oriented activities. Back office
enterprise resource planning (ERP) activities include manufacturing, finance and human
resources. Supply chain management (SCM) activities encompass electronic procurement,
inventory management, quality management and logistics systems to link an organization
with its suppliers. These three elements comprise the enterprise information system.

Benefits of Marketing Information System

The MKIS increases the number of options available to decision-makers and supports
everyelement of marketing strategy.
Market Monitoring
Through the use of market research and marketing intelligence activities the MkIS can
enable the identification of emerging market segments, and the monitoring of the
market environment for changes in consumer behavior, competitor activities, new
technologies, economic conditions and governmental policies. There are three major
sources of market information.

The first is syndicated (grouped) data published by market research companies


and industry associations.
Company-sponsored primary research is another option. It is much more
focused since you ask specific questions of respondents within your markets.
But, it is considerably more expensive and time consuming.

DEPARTMENT OF MANAGEMENT STUDIES 102


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Perhaps the best data available are your own customers behavior captured
from web site viewing, point of sale (POS) transactions, and systematic
feedback from the sales force.
Strategy Development
The MkIS provides the information necessary to develop marketing strategy. It
supports strategy development for new products, product positioning, marketing
communications (advertising, public relations, and sales promotion), pricing, personal
selling, distribution, customer service and partnerships and alliances. The MkIS
provides the foundation for the development information system-dependent e-
commerce strategies.
Strategy Implementation

The MkIS provides support for product launches, enables the coordination of
marketing strategies, and is an integral part of sales force automation (SFA), customer
relationship management (CRM), and customer service systems implementations. The
MkIS enables decision makers to more effectively manage the sales force as well as
customer relationships. Some customer management software companies are
extending their CRM applications to include partner relationship management (PRM)
capabilities. This has become increasingly important as many marketers are choosing
to outsource important marketing functions and form strategic alliances to address
new markets.
Functional integration

The MKIS enables the coordination of activities within the marketing department and
between marketing and other organizational functions such as engineering,
production, product management, finance, manufacturing, logistics, and customer
service.

Functional Components of Marketing Information System

MKIS consists of four major components:

User interfaces,
Applications software,
Databases,
Systems support.

DEPARTMENT OF MANAGEMENT STUDIES 103


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

User Interfaces
The essential element of the MkIS is the managers who will use the system and the
interfaces they need to effectively analyze and use marketing information. The design
of the system will depend on what type of decisions managers need to make. The
interface includes the type of hardware that will be used, the way information is
analyzed, formatted and displayed, and how reports are to be compiled and
distributed. Issues to resolve are ease of use, security, cost, and access.

Applications Software
These are the programs that marketing decision makers use to collect, analyze, and
manage data for the purpose of developing the information necessary for marketing
decisions. Examples include the marketing decisions support software (MDSS) and
customer management software for on-line sales and customer service.

Marketing Databases
A marketing database is a system in which marketing data files are organized d
stored. Data may be collected from internal and external sources. Internal sources
largely result from transactions. They provide data from e-commerce sites, sales
results, shipping data, inventories, and product profitability. External sources include
market research, competitor intelligence, credit bureaus, and financial institutions.
Data can be organized in a flat file (Text file with one data record per line) or a
relational database (Data is stored in tabular form where each row represents one
entity and each column represents one characteristic of that entity). For instance, each

DEPARTMENT OF MANAGEMENT STUDIES 104


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

row could represent a customer with the columns providing name, identification
number, and purchase information.
System Support
This component consists of system managers who manage and maintain the systems
assets including software and hardware network, monitor its activities and ensure
compliance with organizational policies. This function may also include a help desk
for system users.

Marketing decision support systems (MDSS)


It Constitute a set of core applications of the MKIS. The MDSS provides computer-
based tools, models, and techniques to support the marketing managers decision process. In
the general case, MDSS is optimized for queries of historical data. MDSS data typically are
derived from both internal and external market sources. The MDSS features inquiry and
report generation functions where the manager can access marketing data, analyze it
statistically, and use the results to determine an optimal course of action.
Functions of Marketing Decision Support Systems (MDSS)
Sensitivity analysis
Decision-makers can explore changes in a strategic variable such as price and model
its impact on demand or competitive behavior.
What-if analysis
It can be easily accomplished with a spreadsheet. Revenues and costs can be
manipulated to show the impact of each variable on profits and cash flows.
Goal setting
Analysis focuses on the desired result and builds the resource base necessary to
accomplish the goal.
Exception reporting
Analysis looks for results that exceed or fall short of stated goals or benchmarks.
Which products or segments exceeded sales forecasts? It sometimes called gap-
analysis.
Pareto analysis
Analysis looks for activities that generate disproportionate results. For instance, the
top 20 percent of customers may account for 80 percent of sales revenues.
Forecasting models

DEPARTMENT OF MANAGEMENT STUDIES 105


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Econometric models are used to analyze time series data for the purpose of predicting
future sales and market share levels.
Simulation models
Monte Carlo simulations address marketing decision making under conditions of
uncertainty. Variables such as the market price, unit variable cost, and quantity sold
are not known ahead of the product investment decision. Simulation models allow the
marketer to analyze risk and assess the probabilities of likely outcomes of their
decisions.
Scorecards and dashboards
Scorecard systems can present a consistent framework for tracking the effectiveness
of marketing activities. They often have different modules for senior executives,
marketing managers, product managers, and customer service managers. Scorecard
systems allow the user to drill down on an analytic and workflow basis to determine
the status of any strategic initiative. Dashboards allow frontline managers to monitor
their critical performance indicators. These systems are often used in conjunction with
best practice standards for call-center-based customer support.
Marketing Decision Support System Analyses

Market segment analysis


Use of modeling techniques to, identify segments and analyze economic trends,
demographics and behavior.
Market share analysis
Analyze trends and determinants of market share.
Competitor analysis
Analysis of competitors market positions, economics customer base, and marketing
strategies.
Pricing analysis
Identifies and analyzes the factors that influence a firms ability to set prices including
price elasticity and demand analysis. Includes internal economics and market related
factors.
Cost analysis Studies a firms overall cost structure and its impact on product cost.
Margin analysis combines cost analysis with pricing analysis. Variance analysis looks
for explanations of costs overages and underage.
Sales analysis

DEPARTMENT OF MANAGEMENT STUDIES 106


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Studies the distribution of a firms sales by region, product, brand, sales territory, etc.
Sales forecasting
Develops estimates of sales potential by product, region, sales territory, brand, etc.
Sales force productivity
Studies sales force effectiveness and efficiency and contributing factors.
Advertising analysis
Analyzes advertising effectiveness, media choices and brand awareness.
Distribution
Analyzes channel decisions from economic and strategic perspectives.
Simulation
Simulates decision making under various strategic scenarios.
Customer satisfaction
Analyzes issues concerning the customers expectations and outcomes with the
product.
Customer Relationship Management (CRM) Functions

E-commerce support
Sales force automation
Telesales and call center automation
Direct mail and catalog sales
Email and e-newsletter response
Web sales and personalization
Analysis of Web generated data
Traditional customer support and service
On-line support and customer service
Mobile support through laptops, handheld devices.
Training
The rapid adoption of Internet-based technologies and the attendant development of e-
business and e-commerce applications are having a revolutionary impact on the marketing
discipline. Marketing information systems, in particular, are being transformed as these new
technologies are enabling the integration of marketing, sales and customer service activities.
The primary drivers of this shift are the promises of delivering increased value to the
customer more rapidly and at less cost. Future implementations of MkIS will increasingly

DEPARTMENT OF MANAGEMENT STUDIES 107


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

involve the customer in the value creation process and work to more effectively align the
enterprise and its supply chain on rapidly changing market opportunities.

Human Resource Management Information System

Employee Records

Marketing Records

Finance Records

Production Records

Recruitment Competitor Data

Selection Government Data


PROCESSING
Training Market Data

Wage Administration Society Data


Info. Info
Work Schedule
Support to

Finance Subsystem

Production Subsystem

Marketing Subsystem

Accounting Subsystem
Recruitment
It is calculated based on past records and recent information. Competitor data
provides data on recruitment practices adopted by the competitor. Market data
provides details on product demand. Greater the demand, greater is the need for
human resource. Government data provides regulation information on recruitment.
Society data provides information on rechability of the society. Finance Subsystem
provides information on available budget. Production Subsystem provides
information on labour requirement for production. Marketing subsystem provides
information on labour requirement for distribution coverage and promotion measures.
Accounts subsystem provides information on payroll, accounts liable. Based on all the
above, a decision on recruitment is taken by the human resource subsystem.

DEPARTMENT OF MANAGEMENT STUDIES 108


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Selection
It is calculated based on past records and recent information. Competitor data
provides data on selection practices adopted by the competitor. Market data provides
details on product demand. Greater the demand, greater is the need for human
resource. Hence more critical should be the selection process. Government data
provides regulation information on selection. Finance Subsystem provides
information on available budget. Production Subsystem provides information on
labour requirement for production. Marketing subsystem provides information on
distribution coverage and promotion measures. Accounts subsystem provides
information on payroll, accounts liable. Based on all the above, a decision on
recruitment is taken by the human resource subsystem.

Training
It is calculated based on past records and recent information. Competitor data
provides data on training practices adopted by the competitor. Market data provides
details on product demand. Greater the demand, greater is the need for human
resource and training related to the concerned product. Government data provides
regulation information on training measures. Society data provides information on
skill set of the society. Finance Subsystem provides information on available budget.
Production Subsystem provides information on skill requirement for production.
Marketing subsystem provides information on skill requirement for distribution
coverage and promotion. Accounts subsystem provides information on payroll,
accounts liable. Based on all the above, a decision on recruitment is taken by the
human resource subsystem.

Wage Administration
It is calculated based on past records and recent information. Competitor data
provides data on Wage Administration practices adopted by the competitor. Market
data provides details on product demand. Greater the demand, greater is the need for
human resource and hence appropriate wages. Government data provides regulation
information on Wages. Society data provides information on living condition of the
society. Finance Subsystem provides information on available budget. Production
Subsystem provides information on labor requirement for production. Marketing
subsystem provides information on distribution coverage and promotion measures.

DEPARTMENT OF MANAGEMENT STUDIES 109


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Accounts subsystem provides information on payroll, accounts liable. Based on all the
above, a decision on recruitment is taken by the human resource subsystem.

Work Schedule
It is calculated based on past records and recent information. Competitor data
provides data on Work Schedule practices adopted by the competitor. Market data
provides details on product demand. Greater the demand, greater is the need for
human resource and hence appropriate work schedule. Government data provides
regulation information on work schedule. Society data provides information on
adaptability of the society to the work schedule. Finance Subsystem provides
information on available budget. Production Subsystem provides information on skill
requirement for production work. Marketing subsystem provides skill requirement for
distribution coverage and promotion measures. Accounts subsystem provides
information on payroll, accounts liable. Based on all the above, a decision on
recruitment is taken by the human resource subsystem.

Production Management Information System

Employee Records

Marketing Records

Finance Records

Production Records

Purchase
Competitor Data
Capacity
Government Data
Management
PROCESSING Market Data
Inventory
Society Data
TQM
Info.Info.
Job Schedule
Support to

Finance Subsystem

Marketing Subsystem

Human Resource Subsystem

Accounting Subsystem

DEPARTMENT OF MANAGEMENT STUDIES 110


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Purchase
It is calculated based on past records and recent information. Competitor data
provides data on competitor purchase policies. Market data provides details on
product demand. Greater the demand, greater is the need for the purchase of raw
materials pertaining to the product. Government data provides regulation information
on purchase and its retail price. Finance Subsystem provides information on budget
availability. Marketing Subsystem provides information on product demand. Human
Resource subsystem provides information on availability of labor to initiate purchase
or to outsource purchasing process. Accounts subsystem provides information on
payroll, accounts liable. Based on all the above, a decision on purchase is taken by the
production subsystem.

Capacity Management
It is calculated based on past records and recent information. Competitor data
provides data on competitor production plant capacity and its utilisation. Market data
provides details on product demand. Greater the demand, greater should be the
production schedule with respect to the product. Government data provides regulation
information on capacity management. Finance Subsystem provides information on
available budget. Marketing Subsystem provides information on possible quantity of
products to be produced. Human Resource subsystem provides information on
available human resource to facilitate production. Accounts subsystem provides
information on payroll, accounts liable. Based on all the above, a decision on capacity
management is taken by the production subsystem.

Inventory
It is calculated based on past records and recent information. Competitor data
provides data on competitor Inventory policies. Market data provides details on
product demand. Greater the demand, greater should be the inventory in order to keep
up the demand of the product. Government data provides regulation information on
inventory measures. Finance Subsystem provides information on available budget for
inventory. Marketing Subsystem provides information on demand of product in order
to maintain inventory. Human Resource subsystem provides information on
availability of labour to carry out inventory operations. Accounts subsystem provides
information on payroll, accounts liable. Based on all the above, a decision on
inventory is taken by the production subsystem.

DEPARTMENT OF MANAGEMENT STUDIES 111


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Total Quality Management


It is calculated based on past records and recent information. Competitor data
provides data on their TQM practices. Market data provides details on TQM practises
preferred in general by the customers. Government data provides regulation
information on TQM. The government encourages ISO certification. Society data
provides information on preference of TQM among the society. Finance Subsystem
provides information on available budget. Marketing Subsystem provides information
on product quality expected. Human Resource subsystem provides information on
availability of labor to carry out TQM. Accounts subsystem provides information on
payroll, accounts liable. Based on all the above, a decision on TQM is taken by the
production subsystem.

Job Schedule
It is calculated based on past records and recent information. Competitor data
provides data on Job Schedule practices adopted by the competitor. Market data
provides details on product demand. Greater the demand, greater is the need for
human resource and hence appropriate job schedule. Government data provides
regulation information on job schedule. Society data provides information on
adaptability of the society to the job schedule. Finance Subsystem provides
information on available budget. Marketing Subsystem provides information on skill
requirement for marketing job. Human Resource subsystem provides job requirements
for various task and performance measures. Accounts subsystem provides information
on payroll, accounts liable. Based on all the above, a decision on job schedule is taken
by the production subsystem.

DEPARTMENT OF MANAGEMENT STUDIES 112


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Accounting Management Information System

Employee Records

Marketing Records

Finance Records

Production Records

Accounts Competitor Data


Payable
Government Data
Accounts
Receivable PROCESSING Market Data

Payroll Society Data

Info.Info.

Support to

Finance Subsystem

Production Subsystem

Human Resource Subsystem

Marketing Subsystem
Accounts Payable
It is calculated based on past records and recent information. Competitor data
provides data on how competitor manages Accounts Payable. Market data provides
details on product demand. Greater the demand, greater is the transaction and hence
more accounts payable. Government data provides regulation information on accounts
payable. Society data provides information on transaction practices of the society.
Finance Subsystem provides information on liablity. Production Subsystem provides
information on purchases. Human Resource subsystem provides information on
salary. Marketing subsystem provides information on payables with respect to dealers
commission, gifts etc. Based on all the above, a decision on accounts payable is taken
by the accounting subsystem.

Accounts Receivable
It is calculated based on past records and recent information. Competitor data
provides data on how competitor manages Accounts Receivable. Market data

DEPARTMENT OF MANAGEMENT STUDIES 113


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

provides details on product demand. Greater the demand, greater is the transaction
and hence more accounts receivable due to increased sales. Government data provides
regulation information on accounts receivable. Society data provides information on
transaction practices of the society. Finance Subsystem provides information on
current assets. Production Subsystem provides information on finished products
inventory. Human Resource subsystem provides information on common fund
collection. Marketing subsystem provides information on revenue generation based on
sales. Based on all the above, a decision on accounts receivable is taken by the
accounting subsystem.

Payroll
It is calculated based on past records and recent information. Competitor data
provides data on competitor payroll policies. Market data provides details on product
demand. Greater the demand, greater should be the pay in order to keep up the sales
force. Government data provides regulation information on payroll such as bonus
allowances etc. Society data provides information on living condition of the society.
Finance Subsystem provides information on available budget. Production Subsystem
provides information on role of labor in production. Human Resource subsystem
provides information on wages of different categories of labour. Marketing subsystem
provides information on incentives to sales force for achieving targets. Based on all
the above, a decision on payroll is taken by the accounting subsystem.

Material Management Information System

The hospital materials management function--ensuring that goods and services get
from a source to an end user--encompasses many areas of the hospital and can significantly
affect hospital costs. Performing this function in a manner that will keep costs down and
ensure adequate cash flow requires effective management of a large amount of information
from a variety of sources. To effectively coordinate such information, most hospitals have
implemented some form of materials management information system (MMIS). These
systems can be used to automate or facilitate functions such as purchasing, accounting,
inventory management, and patient supply charges. In this study, we evaluated seven MMISs
from seven vendors, focusing on the functional capabilities of each system and the quality of
the service and support provided by the vendor.

This Evaluation is intended to (1) assist hospitals purchasing an MMIS by educating


materials managers about the capabilities, benefits, and limitations of MMISs and (2) educate

DEPARTMENT OF MANAGEMENT STUDIES 114


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

clinical engineers and information system managers about the scope of materials
management within a healthcare facility. Because software products cannot be evaluated in
the same manner as most devices typically included in Health Devices Evaluations, our
standard Evaluation protocol was not applicable for this technology. Instead, we based our
ratings on our observations (e.g., during site visits), interviews we conducted with current
users of each system, and information provided by the vendor (e.g., in response to a request
for information [RFI]).

We divided the Evaluation into the following sections: Section 1. Responsibilities and
Information Requirements of Materials Management: Provides an overview of typical
materials management functions and describes the capabilities, benefits, and limitations of
MMISs. Also includes the supplementary article, "Inventory Cost and Reimbursement
Issues" and the glossary, "Materials Management Terminology." Section 2. The MMIS
Selection Process: Outlines steps to follow and describes factors to consider when selecting
an MMIS. Also includes our Materials Management Process Evaluation and Needs
Assessment Worksheet (which is also available online through ECRInet(TM)) and a list of
suggested interview questions to be used when gathering user experience information for
systems under consideration. Section 3A. MMIS Vendor Profiles: Presents information for
the evaluated systems in a standardized, easy-to-compare format. Profiles include an
Executive Summary describing our findings, a discussion of user comments, a listing of
MMIS specifications, and information on the vendor's business background.

Section 3B. Discussion of Vendor Profile Conclusions and Ratings: Presents our
ratings and summarizes our rationale for all evaluated systems. Also includes a blank Vendor
Profile Template to be used when gathering information on other vendors and systems. We
found that, in general, all of the evaluated systems are able to meet most of the functional
needs of a materials management department.

However, we did uncover significant differences in the quality of service and support
provided by each vendor, and our ratings reflect these differences: we rated two of the
systems Acceptable--Preferred and four of the systems Acceptable. We have not yet rated the
seventh system because our user experience information may not reflect the vendor's new
ownership and management. When this vendor provides the references we requested, we will
interview users and supply a rating. We caution readers against basing purchasing decisions
solely on our ratings. Each hospital must consider the unique needs of its users and its overall
strategic plans--a process that can be aided by using our Process Evaluation and Needs

DEPARTMENT OF MANAGEMENT STUDIES 115


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Assessment Worksheet. Our conclusions can then be used to narrow down the number of
vendors under consideration.
Introduction

Decision Support Systems (DSS) help executives make better decisions by using
historical and current data from internal Information Systems and external sources. By
combining massive amounts of data with sophisticated analytical models and tools, and by
making the system easy to use, they provide a much better source of information to use in the
decision-making process.
Decision Support Systems (DSS) are a class of computerized information systems
that support decision-making activities. DSS are interactive computer-based systems and
subsystems intended to help decision makers use communications technologies, data,
documents, knowledge and/or models to successfully complete decision process tasks.
Characteristics of MIS

Structured Decisions
General Control of Organization
Presentation in the form of reports

Characteristics of DSS

Semi-structured, unstructured decisions


Focused of specific decisions
Presentation in the form of graphics
Develop through prototype(example), iterative process

Types of DSS

Data-Driven DSS

Data-Driven DSS take the massive (huge) amounts of data available through the
company's TPS and MIS systems and cull from it useful information which
executives can use to make more informed decisions. They don't have to have a
theory or model but can "free-flow" the data.
The first generic type of Decision Support System is a Data-Driven DSS. These
systems include file drawer and management reporting systems, data warehousing and
analysis systems, Executive Information Systems (EIS). Business Intelligence
Systems are also examples of Data-Driven DSS. Data- Driven DSS emphasize
(highlights) access to and manipulation of large databases of structured data and
especially a time-series of internal company data and sometimes external data. Simple

DEPARTMENT OF MANAGEMENT STUDIES 116


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

file systems accessed by query and retrieval tools provide the most elementary level
of functionality. Data warehouse systems that allow the manipulation of data by
computerized tools tailored to a specific task and setting or by more general tools and
operators provide additional functionality. Data-Driven DSS with Online Analytical
Processing (OLAP) provide the highest level of functionality and decision support
that is linked to analysis of large collections of historical data.
Model-Driven DSS

A second category, Model-Driven DSS, includes systems that use accounting and
financial models, representational models, and optimization models. Model-Driven
DSS emphasize access to and manipulation of a model. Simple statistical and
analytical tools provide the most elementary level of functionality. Model-Driven
DSS use data and parameters provided by decision-makers to aid (help) them in
analyzing a situation, but they are not usually data intensive (severe). Very large
databases are usually not needed for Model-Driven DSS.
Model-Driven DSS were isolated from the main Information Systems of the
organization and were primarily used for the typical "what-if" analysis. That is, "What
if we increase production of our products and decrease the shipment time?" These
systems rely heavily on models to help executives understand the impact of their
decisions on the organization, its suppliers, and its customers.
Knowledge-Driven DSS

Knowledge-Driven DSS can suggest or recommend actions to managers. These DSS


are person computer systems with specialized problem-solving expertise. The
"expertise" consists of knowledge about a particular domain, understanding of
problems within that domain, and "skill" at solving some of these problems. A related
concept is Data Mining. It refers to a class of analytical applications that search for
hidden patterns in a database. Data mining is the process of sifting through large
amounts of data to produce data content relationships.
Document-Driven DSS

A new type of DSS, a Document-Driven DSS or Knowledge Management System, is


evolving to help managers retrieve and manage unstructured documents and Web
pages. A Document-Driven DSS integrates a variety of storage and processing
technologies to provide complete document retrieval and analysis. The Web provides
access to large document databases including databases of hypertext documents,

DEPARTMENT OF MANAGEMENT STUDIES 117


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

images, sounds and video. Examples of documents that would be accessed by a


Document-Based DSS are policies and procedures, product specifications, catalogs,
and corporate historical documents, including minutes of meetings, corporate records,
and important correspondence. A search engine is a powerful decision aiding tool
associated with a Document-Driven DSS.
Communications-Driven and Group DSS

Group Decision Support Systems (GDSS) came first, but now a broader category of
Communications-Driven DSS or groupware can be identified. This fifth generic type
of Decision Support System includes communication, collaboration and decision
support technologies that do not fit within those DSS types identified. Therefore, we
need to identify these systems as a specific category of DSS. A Group DSS is a hybrid
(cross) Decision Support System that emphasizes both the use of communications and
decision models. A Group Decision Support System is an interactive computer-based
system intended to facilitate the solution of problems by decision-makers working
together as a group. Groupware supports electronic communication, scheduling,
document sharing, and other group productivity and decision support enhancing
activities We have a number of technologies and capabilities in this category in the
framework Group DSS, two-way interactive video, White Boards, Bulletin Boards,
and Email.
Inter-Organizational or Intra-Organizational DSS

A relatively new targeted user group for DSS made possible by new technologies and
the rapid growth of the Internet is customers and suppliers. We can call DSS targeted
for external users an Inter-organizational DSS. The public Internet is creating
communication links for many types of inter-organizational systems, including DSS.
An Inter-Organizational DSS provides stakeholders with access to a companys
intranet and authority or privileges to use specific DSS capabilities. Companies can
make a Data-Driven DSS available to suppliers or a Model-Driven DSS available to
customers to design a product or choose a product. Most DSS are Intra-
Organizational DSS that are designed for use by individuals in a company as
"standalone DSS" or for use by a group of managers in a company as a Group or
Enterprise-Wide DSS.
Function-Specific or General Purpose DSS

DEPARTMENT OF MANAGEMENT STUDIES 118


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Many DSS are designed to support specific business functions or types of businesses
and industries. We can call such a Decision Support System a function-specific or
industry- specific DSS. A Function-Specific DSS like a budgeting system may be
purchased from a vendor or customized in-house using a more general-purpose
development package. A task-specific DSS has an important purpose in solving a
routine or recurring decision task. Function or task-specific DSS can be further
classified and understood in terms of the dominant DSS component that is as a
Model-Driven, Data-Driven or Suggestion DSS. A function or task-specific DSS
holds and derives knowledge relevant for a decision about some function that an
organization performs (e.g., a marketing function or a production function). This type
of DSS is categorized by purpose; function-specific DSS help a person or group
accomplish a specific decision task. General-purpose DSS software helps support
broad tasks like project management, decision analysis, or business planning.

Components of DSS
Traditionally, academics and MIS staffs have discussed building Decision Support
Systems in terms of four major components:

The user interface


The database
The models and analytical tools and
The DSS architecture and network

Data-Driven, Document-Driven and Knowledge-Driven DSS need specialized


database components.
A Model- Driven DSS may use a simple flat-file database with fewer than
1,000 records, but the model component is very important. Experience and some
empirical evidence indicate that design and implementation issues vary for Data-
Driven, Document-Driven, Model-Driven and Knowledge-Driven DSS.
Multi-participant systems like Group and Inter- Organizational DSS also
create complex implementation issues. For instance, when implementing a Data-
Driven DSS a designer should be especially concerned about the user's interest in
applying the DSS in unanticipated or novel situations. Despite the significant
differences created by the specific task and scope of a DSS, all Decision Support

DEPARTMENT OF MANAGEMENT STUDIES 119


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Systems have similar technical components and share a common purpose, supporting
decision- making.
A Data-Driven DSS database is a collection of current and historical
structured data from a number of sources that have been organized for easy access and
analysis.
We are expanding the data component to include unstructured documents in
Document-Driven DSS and "knowledge" in the form of rules or frames in
Knowledge-Driven DSS. Supporting management decision-making means that
computerized tools are used to make sense of the structured data or documents in a
database.

Overview of DSS

CDSS (Customer Decision Support System) linked with Internet

DEPARTMENT OF MANAGEMENT STUDIES 120


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Here's an example: You decide to purchase a new home and use the Web to search real estate
sites. You find the perfect house in a good neighborhood but it seems a little pricey. You don't know
the down payment you'll need. You also need to find out how much your monthly payments will be
based on the interest rate you can get. Luckily the real estate Web site has several helpful calculators
(customer decision support systems) you can use to determine the down payment, current interest
rates available, and the monthly payment. Some customer decision support systems will even provide
an amortization schedule. You can make your decision about the purchase of the home or know
instantly that you need to find another house.

Introduction - Executive Information System (EIS)


An Executive Information System (EIS) is a type of management information
system intended to facilitate and support the information and decision-making needs of senior
executives by providing easy access to both internal and external information relevant to
meeting the strategic goals of the organization. It is commonly considered as a specialized
form of a Decision Support System (DSS)
The emphasis (weight) of EIS is on graphical displays and easy-to-use user interfaces.
They offer strong reporting and drill-down capabilities. In general, EIS are enterprise-wide
DSS that help top-level executives analyze, compare, and highlight trends in important
variables so that they can monitor performance and identify opportunities and problems. EIS
and data warehousing technologies are converging in the marketplace.

DEPARTMENT OF MANAGEMENT STUDIES 121


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

In recent years, the term EIS has lost popularity in favor of Business Intelligence (with the
sub areas of reporting, analytics, and digital dashboards).
History of Executing Information Systems
Traditionally, executive information systems were developed as mainframe computer-
based programs. The purpose was to package a companys data and to provide sales
performance or market research statistics for decision makers, such as financial officers,
marketing directors, and chief executive officers, who were not necessarily well acquainted
with computers. The objective was to develop computer applications that would highlight
information to satisfy senior executives needs. Typically, an EIS provides data that would
only need to support executive level decisions instead of the data for all the company.
Today, the application of EIS is not only in typical corporate hierarchies, but also at
personal computers on a local area network. EIS now cross computer hardware platforms and
integrate information stored on mainframes, personal computer systems, and minicomputers.
As some client service companies adopt the latest enterprise information systems, employees
can use their personal computers to get access to the companys data and decide which data
are relevant for their decision makings. This arrangement makes all users able to customize
their access to the proper companys data and provide relevant information to both upper and
lower levels in companies.

Components of Executive Information System


The components of an EIS can typically be classified as:

Hardware
When talking about hardware for an EIS environment, we should focus on the hardware that
meet the executives needs. The executive must be put first and the executives needs must be
defined before the hardware can be selected. The basic computer hardware needed for a
typical EIS includes four components:

1. Input data-entry devices. These devices allow the executive to enter, verify, and
update data immediately;
2. The central processing unit (CPU), which is the kernel because it controls the other
computer system components;
3. Data storage files. The executive can use this part to save useful business information,
and this part also help the executive to search historical business information easily;

DEPARTMENT OF MANAGEMENT STUDIES 122


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

4. Output devices, which provide a visual or permanent record for the executive to save
or read. This device refers to the visual output device or printer.

In addition, with the advent of local area networks (LAN), several EIS products for
networked workstations became available. These systems require less support and less
expensive computer hardware. They also increase access of the EIS information to many
more users within a company.

Software
Choosing the appropriate software is vital to design an effective EIS. Therefore, the software
components and how they integrate the data into one system are very important. The basic
software needed for a typical EIS includes four components:

1. Text base software. The most common form of text are probably documents;
2. Database. Heterogeneous databases residing on a range of vendor-specific and open
computer platforms help executives access both internal and external data;
3. Graphic base. Graphics can turn volumes of text and statistics into visual information
for executives. Typical graphic types are: time series charts, scatter diagrams, maps,
motion graphics, sequence charts, and comparison-oriented graphs (i.e., bar charts);
4. Model base. The EIS models contain routine and special statistical, financial, and
other quantitative analysis.

Perhaps a more difficult problem for executives is choosing from a range of highly
technical software packages. Ease of use, responsiveness to executives' requests, and price
are all reasonable considerations. Further, it should be considered whether the package can
run on existing hardware.

User Interface
An EIS needs to be efficient to retrieve relevant data for decision makers, so the user
interface is very important. Several types of interfaces can be available to the EIS structure,
such as scheduled reports, questions/answers, menu driven, command language, natural
language, and input/output. It is crucial that the interface must fit the decision makers
decision-making style. If the executive is not comfortable with the information
questions/answers style, the EIS will not be fully utilized. The ideal interface for an EIS

DEPARTMENT OF MANAGEMENT STUDIES 123


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

would be simple to use and highly flexible, providing consistent performance, reflecting the
executives world, and containing help information.

Telecommunication
As decentralizing is becoming the current trend in companies, telecommunications will play a
pivotal (essential) role in networked information systems. Transmitting data from one place
to another has become crucial for establishing a reliable network. In addition,
telecommunications within an EIS can accelerate the need for access to distributed data.
Applications
EIS enables executives to find those data according to user-defined criteria and promote
information-based insight and understanding. Unlike a traditional management information
system presentation, EIS can distinguish between vital and seldom-used data, and track
different key critical activities for executives, both which are helpful in evaluating if the
company is meeting its corporate objectives. After realizing its advantages, people have
applied EIS in many areas, especially, in manufacturing, marketing, and finance areas.

Manufacturing
Basically, manufacturing is the transformation of raw materials into finished goods for sale,
or intermediate processes involving the production or finishing of semi-manufactures. It is a
large branch of industry and of secondary production. Manufacturing operational control
focuses on day-to-day operations, and the central idea of this process is effectiveness and
efficiency. To produce meaningful managerial and operational information for controlling
manufacturing operations, the executive has to make changes in the decision processes. EIS
provides the evaluation of vendors and buyers, the evaluation of purchased materials and
parts, and analysis of critical purchasing areas. Therefore, the executive can oversee and
review purchasing operations effectively with EIS. In addition, because production planning
and control depends heavily on the plants data base and its communications with all
manufacturing work centers, EIS also provides an approach to improve production planning
and control.

Marketing
In an organization, marketing executives role is to create the future. Their main duty is
managing available marketing resources to create a more effective future. For this, they need
make judgments about risk and uncertainty of a project and its impact on the company in
short term and long term. To assist marketing executives in making effective marketing

DEPARTMENT OF MANAGEMENT STUDIES 124


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

decisions, an EIS can be applied. EIS provides an approach to sales forecasting, which can
allow the market executive to compare sales forecast with past sales. EIS also offers an
approach to product price, which is found in venture analysis. The market executive can
evaluate pricing as related to competition along with the relationship of product quality with
price charged. In summary, EIS software package enables marketing executives to
manipulate the data by looking for trends, performing audits of the sales data, and calculating
totals, averages, changes, variances, or ratios. All of these sales analysis functions help
marketing executives to make final decisions.

Financial
A financial analysis is one of the most important steps to companies today. The executive
needs to use financial ratios and cash flow analysis to estimate the trends and make capital
investment decisions. An EIS is a responsibility-oriented approach that integrates planning or
budgeting with control of performance reporting, and it can be extremely helpful to finance
executives. Basically, EIS focuses on accountability of financial performance and it
recognizes the importance of cost standards and flexible budgeting in developing the quality
of information provided for all executive levels. EIS enables executives to focus more on the
long-term basis of current year and beyond, which means that the executive not only can
manage a sufficient flow to maintain current operations but also can figure out how to expand
operations that are contemplated over the coming years. Also, the combination of EIS and
EDI environment can help cash managers to review the companys financial structure so that
the best method of financing for an accepted capital project can be concluded. In addition, the
EIS is a good tool to help the executive to review financial ratios, highlight financial trends
and analyze a companys performance and its competitors.

Advantages of EIS

Easy for upper-level executives to use, extensive computer experience is not required
in operations
Provides timely delivery of company summary information
Information that is provided is better understood
Filters data for management
Improves to tracking information
Offers efficiency to decision makers

Disadvantages of EIS

System dependent

DEPARTMENT OF MANAGEMENT STUDIES 125


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Limited functionality, by design


Information overload for some managers
Benefits hard to quantify
High implementation costs
System may become slow, large, and hard to manage
Need good internal processes for data management
May lead to less reliable and less secure data

Future Trends of EIS


The future of executive info systems will not be bound by mainframe computer
systems. This trend allows executives escaping from learning different computer operating
systems and substantially decreases the implementation costs for companies. Because
utilizing existing software applications lies in this trend, executives will also eliminate the
need to learn a new or special language for the EIS package. Future executive information
systems will not only provide a system that supports senior executives, but also contain the
information needs for middle managers. The future executive information systems will
become diverse because of integrating potential new applications and technology into the
systems, such as incorporating artificial intelligence technology into an EIS.
Knowledge Management and Information Systems
Introduction
Information systems (IS) and management of knowledge are often discussed either as
separate entities or alternatively as analogies. But what is the gap between information
processed with IS and human information or knowledge? Is the gap insurmountable, or can
the subspecies be analysed and selected, so that section of these two sets will be found or so
that the union of information and knowledge complete each other? IS and users share
information, which is why it is in this context more important than data, as the basis for
systems, but human knowledge is the final aim.
As a background there is a philosophical classification of knowledge. Positivism,
post-positivism and critical theory are briefly presented. This presentation is assuming
constructivism as the most appropriate viewpoint to knowledge. There are various species of
information, which are analysed more deeply. ICT consists of information processing and
communication technologies. From philosophy, there can be the same main streams found.
Information theory gives us quantitative classes based on probability. Semantics leads us to
qualitative information categories.
Information and communication theory live along with systems theory. Systems
analysis is an engineering discipline based on this theory of the nature of systems. This

DEPARTMENT OF MANAGEMENT STUDIES 126


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

analysis framework for studying and modifying the world is used for the examples about
engineering, that are mainly from a project WISE - Web-enabled Information Services for
Engineering. WISE is concerned with knowledge management (KM) in participatory design
processes of complex products, putting the engineer in the centre of the overall picture.
Main objective of the project is not on developing new specific KM tools and
methods but rather to integrate and exploit existing state-of-the art approaches oriented
towards the needs of industrial users. This research project will prototype a meta-system for
different kinds of information sources. In this context, WISE can be an example to show what
findings are observed from engineering knowledge.

Information and Knowledge


Most definitions of KM share the perspective of collection and dissemination of
knowledge to benefitorganisation and its individuals. Typically knowledge is defined like
information that is relevant,actionable, and based at least partially on experience. We must
take a look at paradigms ofphilosophy and species of information to find out what is
meaningful for KM.
Paradigms from Philosophy
The paradigms from philosophy can be distinguished by ontology, which (in
philosophy) concerns beliefs about the form and nature of reality, and epistemology, which
concerns the nature ofknowledge and the relationship between those who know and knowing.
Four main paradigms are 1)positivism, 2) post-positivism, 3) critical theory with a)
postmodernism and b) post-structuralism, and4) constructivism.
For positivistic ontology the reality can be apprehended, and there are observer
independent data as facts. The positivistic epistemology is based on objectivity, a possibility
to find universal truths.Positivism is a simple belief in science in Western industrial history.
The results are mechanisticscience extended to behaviourism in psychology and nave
systemic thinking. Post-positivistic ontology finds an objective reality that is apprehended
imperfectly andprobabilistically. The epistemology is confessing that only an approximate
image of reality ispossible. As an "engineering view" the observers can have their own
perspective that can influencethe way they see things. Observers have consciousness that (in
extension to simple behaviourism) isseen to be a set of engineering processes converting
information acquired as observation from"outside" into information implemented. People can

DEPARTMENT OF MANAGEMENT STUDIES 127


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

be better or worse at this engineering process,and at least fuzzy optimisation becomes


relevant. Mind is biased machine, reality is actually out there,and knowledge is objective.
The critical theory is based on the ontology that reality is virtual. Social, political,
economic, ethnic, and other factors shape reality. The epistemology is subjectivist. Findings
are value laden withrespect to the worldview of an inquirer. Inquiry is value determined in
both postmodernism and post structuralism.This presentation is on the level of
constructivism, according to which there exists both local andspecifically constructed
realities. Ontology says that reality is relative phenomenon, andepistemological knowledge is
created in interaction between inquirers and its participants in asituation. Subjectivist
epistemology relates to created findings.
There are no observers, only viewers. Views, like behaviours are derived from
worldview. Interaction of different worldviews occurs through a semantic communication
process or interaction occurs in aframework, "lifeworld". Cognitive oriented constructivist
theories emphasize the exploration anddiscovery on the part of each learner as explaining the
learning process. Knowledge is still very mucha symbolic, mental representation in the mind
of the individual. In socially oriented theory the contextis part of the knowledge. Knowledge
is based on experience through worldviews, which are relative tothe institutions that one is
attached to in a given society, and they change as the institutional realitieschange.
Knowledge is not explicit. To derive knowledge from information means that much of
knowledge is based on sensory or perceptual experience (a posteriori) but such knowledge
can be used tounderstand new things (a priori). Knowledge by acquaintance is based on
experience, but we can alsorecognise things without sensual experiences, which leads to a
distinction between direct and indirectknowledge. Propositional knowledge tells us that earth
goes around the sun and one plus one is two.
What then is explicit? Even IS functions, such as search, retrieval and filtering are
effective as long as they are processing data. They are working when applied to appropriate
tasks, such as sorting,comparing, or visualising data, but their capabilities are rather limited
when applied to processing ofany interpretation. The interpretation of information is always
constructivist.

Information Species based on Probability


As the data, information and knowledge are separated, the middle layer remains
crucial. The probability interpretation of information is giving us three categories of physical,
syntactic andsemantic information. Physical information is the orientation degree of systems,

DEPARTMENT OF MANAGEMENT STUDIES 128


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

opposite to entropy. It is the commondenominator that can bring matter, energy and time into
a single, unified framework of analysis. Allmatter-energy transformations are change of state
information. Animate and inanimate objects -information condensations of matter-energy,
e.g. DNA, atom, galaxy - are including the moreinformation the more complicated they are.
Actually, its impossible to say confidently of anythingthat it could not be information.
Physical information can further be classified as natural and manmadeartefacts.
Syntactic information is attached to communication in any channel where messages
are sent and received using some notation system. The amount of information is depending
from the rarity of eachnotation string. The theory of syntax is very close to the statistical-
mathematical information theory.However, when someone is creating or utilising syntactic
information, there is always interpretation even with completely automatic IS. Semantics is
the branch of semiotics, the philosophy of signs that deals with meaning. The other
twobranches are syntax and pragmatics. Its basically the study of the relationship between
what an objectis representing, and the object itself. Semantic information is attached to
declarative sentences aboutstates of affairs that have a linguistic meaning. Information is
therefore eliminating ambivalence. Theprobability of a sentence is inversely proportional to
its information. That is because information isthe amount of ambivalence, which disappears
when we get to know that the sentence is true.Pragmatic information, however, belong to
qualitative interpretation.

GIS - INTRODUCTION
A geographic information system (GIS), or geographical information system, is
any system that captures, stores, analyzes, manages, and presents data that are linked to
location.
Technically, a GIS is a system that includes mapping software and its application to
cartography, remote sensing, land surveying, mathematics, photogrammetry, geography, and
tools that can be implemented with GIS software. Still, many refer to "Geographic
Information System" as "GIS" even though it doesn't cover all tools connected to topology.
Applications of GIS

GIS technology can be used for

Scientific investigations,
Resource management,

DEPARTMENT OF MANAGEMENT STUDIES 129


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Asset management,
Archaeology,
Environmental impact assessment,
Urban planning,
Cartography,
Criminology,
Geographic History,
Marketing,
Logistics,
ProspectivityMapping, and other purposes.

For example, GIS might allow emergency planners to easily calculate emergency response
times (i.e. logistics) in the event of a natural disaster, GIS might be used to find wetlands that
need protection from pollution, or GIS can be used by a company to site a new business
location to take advantage of a previously under-served market.
A typical GIS can be understood by the help of various definitions given below:-

A geographic information system (GIS) is a computer-based tool for mapping and


analyzing things that exist and events that happen on Earth
Burrough in 1986 defined GIS as, "Set of tools for collecting, storing, retrieving at
will, transforming and displaying spatial data from the real world for a particular set
of purposes"
Arnoff in 1989 defines GIS as, "a computer based system that provides four sets of
capabilities to handle geo-referenced data :
data input
data management (data storage and retrieval)
manipulation and analysis
data output. "

GIS and Business Processes applications

Geographic Information Systems (GIS) are becoming a part of mainstream business


and management operations around the world in organizations as diverse as cities, state
government, utilities, telecommunications, railroads, civil engineering, petroleum
exploration, retailing, etc. in private and public sectors. This array of institutional types is

DEPARTMENT OF MANAGEMENT STUDIES 130


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

integrating GIS into their daily operations, and the applications associated with these systems
are equally broad from infrastructure management, to vehicle routing, to site selection, to
research and analysis.

Much Geographical Information (GI) data already exists, most often collected by
public organizations in the framework of their mandated management activities, focused on
the needs of GI users and potential users, better understand and demonstrate the potential of
multimedia GI content for economic development and for the improvement of commercial
and public services to the citizen. Many of these organizations are beginning to explore the
use of Geographic Information Systems (GIS) in their decision making processes by
generating maps that convey information gleaned from their respective databases. Spatial
display and analysis will be important in many workflow scenarios.

Economic slowdowns around the world are forcing organizations to rethink how they
operate. Many are realizing they need to find a way to do business smarter using in-house
resources. Now is the time to invest in geographic information systems (GIS), a solution that
has helped many organizations overcome their operational challenges and deliver improved
profitability.

Retailers, realtors, insurers, asset managers, and others seeking to understand markets
better than ever before find that GIS assists in many ways: marketing, optimizing business
openings and closings, segmenting consumer data, and managing fleets. GIS can visualize,
manage, and analyze any business asset (employees, customers, and facilities, all the way to
the supply chain network) because it has a place in the world.
Discover what more than 300,000 ESRI customers around the world have known for years
using GIS software and data allows them to make better, more informed business decisions.
Introduction to International Information System

We are living in the information age. Information and IT are governing every aspect
of our lives. The ever-growing reach of the Internet and the World Wide Web has brought
together individuals and public and private organizations as at no other time in human
civilization. The Internet, as a decentralized global network of computers, has become the de
facto standard medium to transfer data, voice, and video anywhere and anytime.

DEPARTMENT OF MANAGEMENT STUDIES 131


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

An organizations MIS is a system for obtaining, processing, and delivering


information that can be used in managing the organization The mission of IS is to improve
the performance of people in the organization through the use of IT. Before the advent of
computers, due to technologicallimitations, the bulk of MIS consisted of paper reports
generated by functional areas, such as accounting, manufacturing, and marketing. Accessing
this information was very slow and time-consuming. There was a time lag between the
generation of information and its use. Depending on the physical distance between the source
and the user of information, the time lag ranged from a few hours to weeks. As a result of the
limitation in information management, greater geographical distances from the headquarters
implied a higher degree of autonomy for the subsidiaries.
Today, IT comprises computers and telecommunication networks that allow
instantaneousaccess to information regardless of the physical distance between the source and
the user of the information. The newfound MIS capability not only allows more timely
decision making, it also enables better control of distant operations. Such a capability is
especially beneficial to MNCs. IT affectsMNCs in two different ways. First, it provides a
coordination mechanism for geographically dispersed activities, thereby facilitating
globalization. Second, it provides a mechanism for building a coalition among separate
organizations, making global operation more cost-effective.
Computer-Based Information Systems

CBIS play a vital role in todays businesses. The many benefits organizations seek to achieve
through CBIS may be classified as follows: (1) efficiency gains, (2) effectiveness gains, and
(3) competitive advantage. Efficiency gains are concerned with doing more with the same or
fewer resources. CBIS can bring about efficiency gains by automating tasks in the factory as
well as in the workplace. Effectiveness gains are concerned with doing the right things and
achieving the established goals. CBIS can bring about effectiveness gains by improving
internal as well as external communications and by facilitating superior managerial decision
making. Competitive advantage is concerned with providing the organization with a
significant and long-term benefit vis--vis the competition. CBIS can bring about competitive
advantage by allowing the firm to differentiate itself from its competitors, become the lowest-
cost/price producer in the marketplace, or carve market niches for itself through innovative
services and/or products. It is precisely because of the major impact that IS can have on
corporate strategy that todays managers must be not only computer literate but also IS
literate. Computer literacy is the knowledge of computer technology. IS literacy encompasses

DEPARTMENT OF MANAGEMENT STUDIES 132


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

how and why IT is applied in organizations. A knowledge of organizations, managerial


levels, information needs, and decisionmaking approaches is an important aspect of IS
literacy. Today, no company of even modest size can operate without support from IS. But at
a time when business is increasing its dependence on IT, technology is changing so rapidly
that businesses are threatened by its pace. New developments arise before older ones can be
assimilated, and systems purchased today are, at times, outdated even before they are put into
use. It is, however, too late to stop. The use of any tool creates dependence, and computers
the most enabling tool created by manare heavily usedalready. By the same account, nearly
half of all capital investment in the United States is being put into IT.9 To cease to invest, or
even invest slowly, is to accept the premise that new operations and opportunities can be
developed without IT support, when the old ones cannot be sustained without it! Therefore,
management of IT investment has become a critical concern, because there are real risks
associated with an inept organizational response to the rapid pace of developments in IT.
Information Architecture (IT)
The solution that emerged in the late 1980s to deal effectively with the rapid pace of change
in IT was to build an information architecturethat is, to create a framework within which
current as well as future organizational needs for information could be met with impunity
from changing technology. The IS architect, however, must often pay dearly for the mistakes
of the past. IS, like buildings and streets, have a tendency to grow haphazardly. As in a
building, we do not like to break down an outside wall, but if we cannot modify the inside
walls to make the architecture useful for todays context (i.e., information needs), then there
is no other choice. A well-planned information architecture should, as much as possible,
obviate the need for the demolition of outside walls.10 Figure 10.1 depicts a model
information architecture. It is based on providing infrastructures for communication
integration as well as data integration on which the IT portfolio (i.e., the various application
systems ranging from purchase order entry to research and development planning) would be
developed.11 Together, communication integration and data integration ensure that data are
stored in a nonredundant fashion and that every authorized user can gain access to and update
the required information from anywhere. These infrastructures must be provided to support
the tactical deployment of IT, ensure that developing problems and opportunities can be
addressed, and guarantee that catch-up time would be short and, thereby, little ground would
be lost to a competitor who leads with an innovative business idea based on IT. In addition,
the above model emphasizes four application portfolios that mature IS would comprise:

DEPARTMENT OF MANAGEMENT STUDIES 133


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Institutional portfolio
IS applications are directed at recording and reporting on business activities.
Examples include transaction processing systems such as payroll, order entry,
purchasing, productionscheduling, and accounting IS.

Professional support portfolio


IS applications are directed at managerial problem solving and decision making,
competitive intelligence, and personal productivity. Examples include critical success
factor reporting systems, decision support systems, expert systems, and such tools as
are used for document preparation, computer-based messaging, electronic meetings,
and workgroup computing.
Physical automation portfolio
IS applications are directed at replacing manual work with IT, on the factory floor as
well as in offices. Examples include computer-aided design and engineering, robotics,
automated response units, and workflow automation.
External portfolio
IS applications are directed at linking the firm with its suppliers, customers, or other
firms for the purpose of creating astrategic alliance. Examples include ERP, SCM,
EDI, and interorganizationalsystems.
Communication

Data
Strategic
External portfolio

Physical portfolio

Professional portfolio

Institutional portfolio

It is important to note that while the above model acknowledges that the application
portfolios must address the information requirements at all levels ofmanagement, it neither
assumes a particular hardware or software architecturalplatform nor advocates a centralized
or decentralized approach to buildingthe architecture. These choices are left to the eventual

DEPARTMENT OF MANAGEMENT STUDIES 134


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

architect, who must fitthe suggested architectural form to the specific context of the
organization. Theremainder of this chapter will use this model architecture as a backdrop
toexamine the ramifications of internationalization on IS architecture. However,because of
the significant role that SCM, ERP, and EDI play in helping MNCsmanage their worldwide
operations, they are discussed subsequently.
Supply Chain Management

Supply chain management can be defined as the way a company finds the raw components it
needs to make products or services, produces those products or services, and delivers them to
customers. To have better SCM, most companies implement the following five basic steps.
Plan:Establish a plan to manage all the resources that go towardmeeting customer
demand for products or services.
Source:Choose the suppliers that will deliver the required components,materials,
parts, or services. Also, develop a set of pricing, delivery, and payment processes
with suppliers and create measurements for moni-toring and improving relationships
with them. Then, put together processes for managing the inventory of goods and
services that are received from suppliers, verifying them, transferring them to the
man-ufacturing facilities, and authorizing payments.
Make: Schedule the activities necessary for production, testing, package ing, and
preparation for delivery of the goods or provision of the services.
Deliver:Coordinate the receipt of orders from customers, developa network of
warehouses, select carriers to deliver the products to cus-tomers, and set up an
invoicing system to receive payments.
Return:Create a network for receiving defective and excess productsreturned by
customers and supporting customers who have problems with the delivered products
(www.cio.com/research/scm/).
As an example, Wal-Mart has implemented a global SCM system. This system gives its
major suppliers a complete view of the inventory position of their own products in each of
Wal-Marts stores. Therefore, Procter & Gamble can make Tide detergents and ship them to
Wal-Marts distribution centers based on the actual sales performance in stores. Or, similarly,
a sup-plier in Taiwan can make DVD players and ship them to Wal-Mart as needed in what
amounts to a vendor-managed inventory.
Enterprise Resource Planning

ERPs main objective is to attempt to integrate all departments and functions across a

DEPARTMENT OF MANAGEMENT STUDIES 135


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

company onto a single computer system that can serve all those departments particular
needsfor example, building a single soft-ware program that serves the needs of people in
the finance department as well as those of the human resources (HR) department and in
warehousing. ERP creates a single, integrated system that runs on an enterprise-wide
database, so that the various departments can more easily share information and
communicate with each other. The integrated approach can have a tremendous payback once
the organization adopts and adapts to the business processes implemented by the ERP
software.
Each department typically has its own computer system optimized for the particular
ways that the department operates. For instance, when a customer places an order, that order
begins a mostly paper-based journey from one in-basket to another around the company,
often being entered and reentered into different departments computer systems. As a conse-
quence, the repetition of the in-basket process and data entry causes delays and lost orders.
All the data being entered into different computer systems invites errors. Meanwhile, no one
in the company truly knows the status of the order at any given point, because there is no way
for the financedepartment, for example, to get into the warehousing departments com-puter
system to see whether or not the item has been shipped.
ERP replaces the old stand-alone computer systems in different departments with a
single unified software system. The finance, manufacturing, and ware-housing departments
still have their own software, but now they are all linked together by an enterprise-wide
integrated database. Consequently, people in the finance department can look into the
warehousing records to see if an order has been shipped
(www.erpcentral.com/,www.erpfans.com/).General Motors, for example, uses ERP software
to connect all its worldwide operations as well as its suppliers and dealers in a global net-
work that permits sharing of up-to-the-minute information. An assembly plant in Atlanta,
Georgia, for instance, knows exactly when it will receive body parts from the plant in
Mexico and leather seat covers from China. It can also make adjustments if one of the
suppliers runs into problems and faces delays.
Ramifications of Internationalization for the IS Function
The expansion of a company from a domestic corporation to a multinational one brings with
it special challenges for the IS function. Consider the following ramifications of
internationalization for the IS function:

Although it is highly desirable to have common computer (e.g., PC) standards, local

DEPARTMENT OF MANAGEMENT STUDIES 136


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

service issues and the level of support vary so widely that this seemingly
straightforward issue becomes a complex one. The support and service issue
notwithstanding, it may simply be over-whelmingly advantageous to improve
government relationships by choosing a local brand even at the expense of the system
integration problems that this may cause.
Although it is highly desirable to have system developers located physically close to
the end users of the system being developed, the wide disparity between salaries
abroad vis--vis the United States may make it overwhelmingly attractive to move
portions of large development efforts overseas and risk coordination problems.
Expansion overseas also causes problems with scheduling and coordination. A
business that crosses four time zones has 5 business hours that are supported in
common by all portions of its operation, while one spanning more than eight time
zones would have no common business hours at all. This shift in schedules can result
in increased reliance on background transfers of information (such as e-mail), which
do not require human interaction in real time.
Due to technological advances and the use of the Internet, communication costs are
continuously decreasing. In general, however, communication costs increase with
distance; this will hold true until the use of the Internet becomes universal. This
creates an incentive to disperse data to reduce transmission costs, a strategy that can
result in the loss of information control and increased security risks.
The use of personal data generates a wide range of sensitivities in different countries.
What is seen as a consumer micromarketing information system in one country may
be regarded as quite intrusive in another. Moreover, existing legislation regarding
computer privacy, computer security, software licensing, and copyrights remains
substantially fragmented among countries. The Internet, however, is rapidly forcing
the international community to develop uniform standards.

Expansion into other countries also causes problems with language. Global IS must
be designed to support people speaking different languages. Also, data entry as well
as reporting programs must be writ-ten to accommodate different alphabets, printing
directions (e.g., from right to left instead of left to right), and collating sequences.
Thus, in some countries, pages are sequenced and numbered from right to left.
In some countries, the installation of new telephone lines still requires a lead time of
more than a year, making the planning and implementation of an adequately

DEPARTMENT OF MANAGEMENT STUDIES 137


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

redundant (fault-tolerant) communication infrastructure a time-consuming ordeal.


Great disparities in local technical support exist between one country and another.
This can lead to considerable reliance on the parent company for troubleshooting, for
system development efforts, and for scanning emerging technologies that might affect
the firms operations.
As can be seen from the items listed above, the IT function, like all other functional areas,
is considerably affected by internationalization. And like all other functional areas, its
response to internationalization will be affected by country variables as well as company
variables.
The IS Function within the Multinational Corporation
Not surprisingly, MNCs have adopted different approaches for their IS functions. Some are
centralized, some are decentralized, and some are distributed. Some are integrated but most
are not.There are several classifications of international IS. The following pro-vides a useful
starting categorization.
Multinational information systems: This most prevalent model is characterized by
essentially autonomous data-processing centers in each nation-state in which the
MNC operates. This approach suffers from problems of redundancy and duplication
in data, applications, and operations. However, it historically represents the easiest
solu-tion available to the MNC given the conditions of national markets (i.e.,
regulations, language problems, facilities problems, etc., as we have discussed in
previous chapters) that have encouraged the autonomy of business operations in each
country.
International information systems: This model is characterized by a computer
network that operates in more than one nation-state and in which data across
international borders in the process of completing a transaction. This model is now
increasingly based on the Internet as its medium of data transfer.
Global information systems: This relatively new model is fundamentally
characterized by the integration of data. Support for manufacturing operations that
must coordinate inputs and outputs of plants located in different countries on a real-
time basis has been one of several driving forces leading to the establishment of such
systems.
Another impetus has been the desire to present a consistent face to a customer that
may have dealings with the MNC in several countries in which it operates. However,

DEPARTMENT OF MANAGEMENT STUDIES 138


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

only the recent advances in distributed database management and communication


technologies have made this model a viable alternative.

2 Marks
1. What do you mean by Financial Management Information System? Give one Example
2. State the Process of Financial Management Information System.
3. What do you mean by Budgeting?
4. What do you mean by Auditing?
5. What do you mean by Profit and Loss Account?
6. What do you mean by Marketing Information System? Give one Example
7. State the Process of Marketing Information System.
8. State the functional components of Marketing Information System
9. State the Benefits of Marketing Information System
10. What do you mean by Marketing Decision support system?
11. State the functions of CRM
12. What do you mean by Human Resources Management Information System? Give one
Example
13. State the Process of Human Resources Management Information System.
14. What do you mean by Recruitment?
15. What do you mean by Selection?
16. What do you mean by Training?
17. What do you mean by Work Schedule?
18. What do you mean by Wage Administration?
19. State any four Characteristics of Information
20. Define Management Information System.
21. What do you mean by Production Management Information System? Give one Example
22. State the Process of Production Management Information System.
23. What do you mean by Purchase?
24. What do you mean by Capacity management?
25. What do you mean by Inventory?
26. What do you mean by TQM?
27. What do you mean by Job Schedule?
28. What do you mean by Accounting Management Information System? Give one Example
29. State the Process of Accounting Management Information System.
30. What do you mean by Account payable?

DEPARTMENT OF MANAGEMENT STUDIES 139


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

31. What do you mean by Account Receivables?


32. What do you mean by Payroll?
33. What do you mean by DSS?
34. What do you mean by EIS?
35. What do you mean by KMS?
36. What do you mean by GIS?
37. State the Characteristics of DSS
38. State the Types of DSS
39. State the Advantages of EIS
40. State the Disadvantages of EIS
41. Future Trends of EIS
42. State the Technologies used in GIS
43. What do you mean by Information Architecture?
44. What do you mean by Supply Chain Management? State its Process
45. What do you mean by ERP?
16 Marks
1. Explain the Process of Financial Management Information System
2. Explain the Process of Accounting Management Information System
3. Explain the Process of Human Resources Management Information System
4. Explain the Process of Production Management Information System
5. Explain the Material Management Information System
6. Explain the Process of Marketing Management Information System
7. Explain the types of Decision Support System
8. Explain what is EIS and its Components
9. Explain the Knowledge Management and Information System
10. Discuss the Geographical Information System (GIS)
11. Discuss the International Information System (GIS)

DEPARTMENT OF MANAGEMENT STUDIES 140


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

MANAGEEMNT INFORMATION SYSTEM UNIT: IV

Introduction - Software Security


Software security is the idea of engineering software so that it continues to function
correctly under malicious attack. Most technologists acknowledge this undertakings
importance, but they need some help in understanding how to tackle it.
Application Security vs. Software Security

Application security means many different things to many different people. In IEEE
Security & Privacy magazine, it has come to mean the protection of software after its
already built. Although the notion of protecting software is an important one, its just plain
easier to protect something that is defect-free than something riddled with vulnerabilities.
Pondering the question, What is the most effective way to protect software? can help
untangle software security and application security. On one hand, software security is about
building secure software: designing software to be secure, making sure that software is
secure, and educating software developers, architects, and users about how to build secure
things. On the other hand, application security is about protecting software and the systems
that software runs in a post facto way, after development is complete. Issues critical to this
subfield include sandboxing code (as the Java virtual machine does), protecting against
malicious code, obfuscating code, locking down executables, monitoring programs as they
run (especially their input), enforcing the software use policy with technology, and dealing
with extensible systems.

Application security follows naturally from a network-centric approach to security, by


embracing standard approaches such as penetrate and patch4 and input filtering (trying to
block malicious input) and by providing value in a reactive way. Put succinctly, application
security is based primarily on finding and fixing known security problems after theyve been
exploited in fielded systems.

Software securitythe process of designing, building, and testing software for


securityidentifies and expunges problems in the software itself. In this way, software
security practitioners attempt to build software that can withstand attack proactively.

DEPARTMENT OF MANAGEMENT STUDIES 141


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

SOFTWARE TESTING (in Software Development Life Cycle)

Figure 1 specifies one set of best practices and shows how software practitioners can apply
them to the various software artifacts produced during software development.

Security should be explicitly at the requirements level. Security requirements must cover both
overt (clear) functional security (say, the use of applied cryptography) and emergent characteristics.
One great way to cover the emergent security space is to build abuse cases. Similar to use cases,
abuse cases describe the systems behavior under attack; building them requires explicit coverage of
what should be protected, from whom, and for how long.

At the design and architecture level, a system must be coherent and present a unified security
architecture that takes into account security principles (such as the principle of least privilege).
Designers, architects, and analysts must clearly document assumptions and identify possible attacks.

At both the specifications based architecture stage and at the class-hierarchy design stage, risk
analysis is a necessitysecurity analysts should uncover and rank risks so that mitigation can begin.
External review (outside the design team) is often necessary.

At the code level, we should focus on implementation flaws, especially those that static
analysis toolstools that scan source code for common vulnerabilitiescan discover. Several
vendors now address this space, and tools should see market-driven improvement and rapid maturity
later this year.

As stated earlier, code review is a necessary, but not sufficient, practice for achieving secure
software. Security bugs can be deadly, but architectural flaws are just as big a problem.

Security testing must encompass two strategies: testing security functionality with standard functional
testing techniques, and risk-based security testing based on attack patterns and threat models. A good

DEPARTMENT OF MANAGEMENT STUDIES 142


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

security test plan (with traceability back to requirements) uses both strategies. Security problems
arent always apparent, even when we probe a system directly, so standard-issue quality assurance is
unlikely to uncover all the pressing security issues.

Penetration testing is also useful, especially if an architectural risk analysis is specifically


driving the tests. The advantage of penetration testing is that it gives a good understanding of fielded
software in its real environment. However, any black-box penetration testing that doesnt take the
software architecture into account probably wont uncover anything deeply interesting about software
risk.

Software that falls prey to canned black-box testing which simplistic application security
testing tools on the market today practiceis truly bad. This means that passing a cursory penetration
test reveals very little about your real security posture, but failing an easy canned penetration test tells
you that youre in very deep trouble indeed.

Operations people should carefully monitor fielded systems during use for security breaks.
Simply put, attacks will happen, regardless of the strength of design and implementation, so
monitoring software behavior is an excellent defensive technique. Knowledge gained by
understanding attacks and exploits should be cycled back into the development organization, and
security practitioners should explicitly track both threat models and attack patterns. Note that risks
crop up during all stages of the software life cycle, so a constant risk analysis thread, with recurring
risk tracking and monitoring activities, is highly recommended.

Software testing is an investigation conducted to provide stakeholders with


information about the quality of the product or service under test. Software Testing also
provides an objective, independent view of the software to allow the business to appreciate
and understand the risks at implementation of the software. Test techniques include, but are
not limited to, the process of executing a program or application with the intent of finding
software bugs.

Software Testing can also be stated as the process of validating and verifying that a software
program/application/product:

Meets the business and technical requirements that guided its design and development;

Works as expected; and Can be implemented with the same characteristics.

Testing can never completely identify all the defects within software. Instead, it
furnishes a criticism or comparison that compares the state and behavior of the product
against oraclesprinciples or mechanisms by which someone might recognize a problem.

DEPARTMENT OF MANAGEMENT STUDIES 143


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

These oracles may include (but are not limited to) specifications, contracts, comparable
products, past versions of the same product, inferences about intended or expected purpose,
user or customer expectations, relevant standards, applicable laws, or other criteria.

Software testing is the process of attempting to make this assessment.

Software Vulnerability (weakness) to Attack

What makes it so easy for attackers to target software is the virtually guaranteed
presence of vulnerabilities, which can be exploited to violate one or more of the softwares
security properties. According to CERT, most successful attacks result from targeting and
exploiting known, non-patched software vulnerabilities and insecure software configurations,
many of which are introduced during design and code.

Software development is not yet a science or a rigorous discipline, and the


development process by and large is not controlled to minimize the vulnerabilities that
attackers exploit. Today, as with cancer, vulnerable software can be invaded and modified to
cause damage to previously healthy software, and infected software can replicate itself and be
carried across networks to cause damage in other systems. Like cancer, these damaging
processes may be invisible to the lay person even though experts recognize that their threat is
growing. And as in cancer, both preventive actions and research are critical, the former to
minimize damage today and the latter to establish a foundation of knowledge and capabilities
that will assist the cyber security professionals of tomorrow reduce risk and minimize
damage for the long term.

The security of software is threatened at various points throughout its life cycle, both
by inadvertent and intentional choices and actions taken by insidersindividuals closely
affiliated with the organization that is producing, deploying, operating, or maintaining the
software, and thus trusted by that organizationand by outsiders who have no affiliation
with the organization. The softwares security can be threatenedduring its development: A
developer may corrupt the softwareintentionally or unintentionallyin ways that will
compromise the softwares dependability and trustworthiness when it is operational.

During its deployment (distribution and installation): If those responsible


for distributing the software fail to tamperproof the software before shipping
or uploading, or transmit it over easily intercepted communications channels,
they leave the software vulnerable to intentional or unintentional corruption.

DEPARTMENT OF MANAGEMENT STUDIES 144


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Similarly, if the softwares installer fails to lock down the host platform, or
configures the software insecurely, the software is left vulnerable to access by
attackers.
During its operation: Once COTS and open source software has gone
operational, vulnerabilities may be discovered and publicized; unless security
patches and updates are applied and newer supported versions (from which the
root causes of vulnerabilities have been eliminated) are adopted, such software
will become increasingly vulnerable. Non-commercial software and open
source software (OSS) may also be vulnerable, especially as it may manifest
untrustworthy behaviors over time due to changes in its environment that
stress the software in ways that were not anticipated and simulated during its
testing. Any software system that runs on a network-connected platform has
its vulnerabilities exposed during its operation. The level of exposure will vary
depending on whether the network is public or private, Internet-connected or
not, and whether the softwares environment has been configured to minimize
its exposure. But even in highly controlled networks and locked down
environments, the software may be threatened by malicious insiders (users,
administrators, etc.).
During its sustainment (maintenance): If those responsible for addressing
discovered vulnerabilities in released software fail to issue patches or updates
in a timely manner, or fail to seek out and eliminate the root causes of the
vulnerabilities to prevent their perpetuation in future releases of the software,
the software will become increasingly vulnerable to threats over time. Also,
the softwares maintainer may prove to be a malicious insider, and may embed
malicious code, exploitable flaws, etc., in updated versions of the code.

Both research and real-world experience indicate that correcting weaknesses and
vulnerabilities as early as possible in the softwares life cycle is far more cost-effective over
the lifetime of the software than developing and releasing frequent security patches for
deployed software.

To Build Quality Software

To be considered secure, software must exhibit three properties:

DEPARTMENT OF MANAGEMENT STUDIES 145


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Dependability:Dependable software executes predictably and operates correctly under all


conditions, including hostile conditions, including when the software comes under attack or
runs on a malicious host.

Trustworthiness:Trustworthy software contains few if any vulnerabilities or weaknesses that


can be intentionally exploited to subvert or sabotage the softwares dependability. In addition,
to be considered trustworthy, the software must contain no malicious logic that causes it to
behave in a malicious manner.

Survivability (also referred to as Resilience):Survivableor resilientsoftware is


software that is resilient enough to (1) either resist (i.e., protect itself against) or tolerate (i.e.,
continue operating dependably in spite of) most known attacks plus as many novel attacks as
possible, and (2) recover as quickly as possible, and with as little damage as possible, from
those attacks that it can neither resist nor tolerate.

Scope of software testing

A primary purpose for testing is to detect software failures so that defects may be uncovered
and corrected. This is a non-trivial pursuit. Testing cannot establish that a product functions
properly under all conditions but can only establish that it does not function properly under
specific conditions.

The scope of software testing often includes examination of code as well as execution of that
code in various environments and conditions as well as examining the aspects of code: does it
do what it is supposed to do and do what it needs to do. In the current culture of software
development, a testing organization may be separate from the development team. There are
various roles for testing team members. Information derived from software testing may be
used to correct the process by which software is developed.

Functional Vs Non-functional testing

Functional testing refers to tests that verify a specific action or function of the code.
These are usually found in the code requirements documentation, although some
development methodologies work from use cases or user stories. Functional tests tend to
answer the question of "can the user do this" or "does this particular feature work".

DEPARTMENT OF MANAGEMENT STUDIES 146


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Non-functional testing refers to aspects of the software that may not be related to a
specific function or user action, such as scalability or security. Non-functional testing tends to
answer such questions as "how many people can log in at once", or "how easy is it to hack
this software".

Defects and failures

Not all software defects are caused by coding errors. One common source of expensive
defects is caused by requirement gaps, e.g., unrecognized requirements that result in errors of
omission by the program designer. A common source of requirements gaps is non-functional
requirements such as testability, scalability, maintainability, usability, performance, and
security.

Software faults occur through the following processes. A programmer makes an error
(mistake), which results in a defect (fault, bug) in the software source code. If this defect is
executed, in certain situations the system will produce wrong results, causing a failure.

Compatibility

A common cause of software failure (real or perceived) is a lack of compatibility with other
application software, operating systems (or operating system versions, old or new), or target
environments that differ greatly from the original (such as a terminal or GUI application
intended to be run on the desktop now being required to become a Web application, which
must render in a Web browser).

Input combinations and preconditions

A very fundamental problem with software testing is that testing under all combinations of
inputs and preconditions (initial state) is not feasible, even with a simple product. This means
that the number of defects in a software product can be very large and defects that occur
infrequently are difficult to find in testing. More significantly, non-functional dimensions of
quality (how it is supposed to be versus what it is supposed to do)usability, scalability,
performance, compatibility, reliabilitycan be highly subjective; something that constitutes
sufficient value to one person may be intolerable to another.

Static vs. dynamic testing

There are many approaches to software testing. Reviews, walkthroughs, or


inspections are considered as static testing, whereas actually executing programmed code

DEPARTMENT OF MANAGEMENT STUDIES 147


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

with a given set of test cases is referred to as dynamic testing. Static testing can be (and
unfortunately in practice often is) omitted. Dynamic testing takes place when the program
itself is used for the first time (which is generally considered the beginning of the testing
stage). Dynamic testing may begin before the program is 100% complete in order to test
particular sections of code (modules or discrete functions). Typical techniques for this are
either using stubs/drivers or execution from a debugger environment. For example,
Spreadsheet programs are, by their very nature, tested to a large extent interactively ("on the
fly"), with results displayed immediately after each calculation or text manipulation.

Software verification and validation

Software testing is used in association with verification and validation:

Verification: Have we built the software right? (i.e., does it match the specification).
Validation: Have we built the right software? (i.e., is this what the customer wants).

The terms verification and validation are commonly used interchangeably in the industry; it is
also common to see these two terms incorrectly defined. According to the IEEE Standard
Glossary of Software Engineering Terminology:

Verification is the process of evaluating a system or component to determine whether


the products of a given development phase satisfy the conditions imposed at the start
of that phase.
Validation is the process of evaluating a system or component during or at the end of
the development process to determine whether it satisfies specified requirements.

The software testing team

Software testing can be done by software testers. Until the 1980s the term "software
tester" was used generally, but later it was also seen as a separate profession. Regarding the
periods and the different goals in software testing,[20] different roles have been established:
manager, test lead, test designer, tester, automation developer, and test administrator.

Software Quality Assurance (SQA)

Though controversial, software testing may be viewed as an important part of the software
quality assurance (SQA) process. In SQA, software process specialists and auditors take a
broader view on software and its development. They examine and change the software

DEPARTMENT OF MANAGEMENT STUDIES 148


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

engineering process itself to reduce the amount of faults that end up in the delivered software:
the so-called defect rate.

What constitutes an "acceptable defect rate" depends on the nature of the software. For
example, an arcade video game designed to simulate flying an airplane would presumably
have a much higher tolerance for defects than mission critical software such as that used to
control the functions of an airliner that really is flying!

Although there are close links with SQA, testing departments often exist independently, and
there may be no SQA function in some companies.

Software Testing is a task intended to detect defects in software by contrasting a computer


program's expected results with its actual results for a given set of inputs. By contrast, QA
(Quality Assurance) is the implementation of policies and procedures intended to prevent
defects from occurring in the first place.

Testing Methods

The box approach

Software testing methods are traditionally divided into

Black box testing


White box testing.

These two approaches are used to describe the point of view that a test engineer takes when
designing test cases.

Black box testing

Black box testing treats the software as a "black box"without any knowledge of internal
implementation.

Specification-based testing: Specification-based testing aims to test the functionality of


software according to the applicable requirements. Thus, the tester inputs data into, and only
sees the output from, the test object. This level of testing usually requires thorough test cases
to be provided to the tester, who then can simply verify that for a given input, the output
value (or behavior), either "is" or "is not" the same as the expected value specified in the test
case.

Specification-based testing is necessary, but it is insufficient to guard against certain risks.

DEPARTMENT OF MANAGEMENT STUDIES 149


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Advantages and disadvantages: The black box tester has no "bonds" with the code,
and a tester's perception is very simple: a code must have bugs. Using the principle, "Ask and
you shall receive," black box testers find bugs where programmers do not. But, on the other
hand, black box testing has been said to be "like a walk in a dark labyrinth without a
flashlight," because the tester doesn't know how the software being tested was actually
constructed. As a result, there are situations when (1) a tester writes many test cases to check
something that could have been tested by only one test case, and/or (2) some parts of the
back-end are not tested at all.

White box testing

White box testing is when the tester has access to the internal data structures and algorithms
including the code that implement these.

Types of white box testing

The following types of white box testing exist:

API testing (application programming interface) - Testing of the application using


Public and Private APIs
Code coverage - creating tests to satisfy some criteria of code coverage (e.g., the test
designer can create tests to cause all statements in the program to be executed at least
once)
Fault injection methods - improving the coverage of a test by introducing faults to test
code paths
Mutation testing methods
Static testing - White box testing includes all static testing

Grey Box Testing

Grey box testing (American spelling: Gray box testing) involves having access to
internal data structures and algorithms for purposes of designing the test cases, but testing at
the user, or black-box level. Manipulating input data and formatting output do not qualify as
grey box, because the input and output are clearly outside of the "black-box" that we are
calling the system under test. This distinction is particularly important when conducting
integration testing between two modules of code written by two different developers, where
only the interfaces are exposed for test. However, modifying a data repository does qualify as

DEPARTMENT OF MANAGEMENT STUDIES 150


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

grey box, as the user would not normally be able to change the data outside of the system
under test. Grey box testing may also include reverse engineering to determine, for instance,
boundary values or error messages.

Testing levels

Tests are frequently grouped by where they are added in the software development process,
or by the level of specificity of the test.

Unit testing refers to tests that verify the functionality of a specific section of code, usually at
the function level. In an object-oriented environment, this is usually at the class level, and the
minimal unit tests include the constructors and destructors.

These type of tests are usually written by developers as they work on code (white-box style),
to ensure that the specific function is working as expected. One function might have multiple
tests, to catch corner cases or other branches in the code. Unit testing alone cannot verify the
functionality of a piece of software, but rather is used to assure that the building blocks the
software uses work independently of each other.

Unit testing is also called Component Testing.

Integration testing is any type of software testing that seeks to verify the interfaces between
components against a software design. Software components may be integrated in an iterative
way or all together ("big bang"). Normally the former is considered a better practice since it
allows interface issues to be localized more quickly and fixed.

System testing tests a completely integrated system to verify that it meets its requirements.

System Integration TestingSystem integration testing verifies that a system is integrated to


any external or third party systems defined in the system requirements.

Regression testingfocuses on finding defects after a major code change has occurred.
Specifically, it seeks to uncover software regressions, or old bugs that have come back. Such
regressions occur whenever software functionality that was previously working correctly
stops working as intended. Typically, regressions occur as an unintended consequence of
program changes, when the newly developed part of the software collides with the previously
existing code. Common methods of regression testing include re-running previously run tests
and checking whether previously fixed faults have re-emerged. The depth of testing depends

DEPARTMENT OF MANAGEMENT STUDIES 151


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

on the phase in the release process and the risk of the added features. They can either be
complete, for changes added late in the release or deemed to be risky, to very shallow,
consisting of positive tests on each feature, if the changes are early in the release or deemed
to be of low risk.

Acceptance testing can mean one of two things:

A smoke test is used as an acceptance test prior to introducing a new build to the main testing
process, i.e. before integration or regression.

Acceptance testing performed by the customer, often in their lab environment on their own
HW, is known as user acceptance testing (UAT). Acceptance testing may be performed as
part of the hand-off process between any two phases of development.

Alpha testing

Alpha testing is simulated or actual operational testing by potential users/customers or an


independent test team at the developers' site. Alpha testing is often employed for off-the-shelf
software as a form of internal acceptance testing, before the software goes to beta testing.

Beta testing

Beta testing comes after alpha testing. Versions of the software, known as beta versions, are
released to a limited audience outside of the programming team. The software is released to
groups of people so that further testing can ensure the product has few faults or bugs.
Sometimes, beta versions are made available to the open public to increase the feedback field
to a maximal number of future users.

Non Functional Software Testing

Special methods exist to test non-functional aspects of software. In contrast to functional


testing, which establishes the correct operation of the software (correct in that it matches the
expected behavior defined in the design requirements), non-functional testing verifies that the
software functions properly even when it receives invalid or unexpected inputs. Software
fault injection, in the form of fuzzing, is an example of non-functional testing. Non-functional
testing, especially for software, is designed to establish whether the device under test can
tolerate invalid or unexpected inputs, thereby establishing the robustness of input validation
routines as well as error-handling routines. Various commercial non-functional testing tools

DEPARTMENT OF MANAGEMENT STUDIES 152


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

are linked from the Software fault injection page; there are also numerous open-source and
free software tools available that perform non-functional testing.

Software performance testing and load testing

Performance testing is executed to determine how fast a system or sub-system


performs under a particular workload. It can also serve to validate and verify other quality
attributes of the system, such as scalability, reliability and resource usage. Load testing is
primarily concerned with testing that can continue to operate under a specific load, whether
that is large quantities of data or a large number of users. This is generally referred to as
software scalability. The related load testing activity of when performed as a non-functional
activity is often referred to as Endurance Testing.

Volume testing is a way to test functionality. Stress testing is a way to test reliability. Load
testing is a way to test performance. There is little agreement on what the specific goals of
load testing are. The terms load testing, performance testing, reliability testing, and volume
testing, are often used interchangeably.

Stability testing

Stability testing checks to see if the software can continuously function well in or above an
acceptable period. This activity of Non Functional Software Testing is oftentimes referred to
as load (or endurance) testing.

Usability testing

Usability testing is needed to check if the user interface is easy to use and understand.

Security testing

Security testing is essential for software that processes confidential data to prevent
system intrusion by hackers.

Internationalization and localization

Internationalization and localization is needed to test these aspects of software, for


which a pseudolocalization method can be used. It will verify that the application still works,
even after it has been translated into a new language or adapted for a new culture (such as
different currencies or time zones).

DEPARTMENT OF MANAGEMENT STUDIES 153


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Destructive testing

Destructive testing attempts to cause the software or a sub-system to fail, in order to


test its robustness.

Error Detection and Correction

In information theory and coding theory with applications in computer


science and telecommunication, error detection and correction or error control are
techniques that enable reliable delivery of digital data over unreliable communication
channels. Many communication channels are subject to channel noise, and thus errors may be
introduced during transmission from the source to a receiver. Error detection techniques
allow detecting such errors, while error correction enables reconstruction of the original data.

Error detection is the detection of errors caused by noise or other impairments during
transmission from the transmitter to the receiver.
Error correction is the detection of errors and reconstruction of the original, error-
free data.
Error control refers to mechanisms to detect and correct errors that occur in the transmission
of frames. The most common techniques for error control are based on some or all of the
following:
Error detection
Positive acknowledgement
Retransmission after time-out
Negative acknowledgement and retransmission.
These mechanisms are also referred as automatic repeat request (ARC).
Error detection schemes
Error detection is most commonly realized using a suitable hash
function (or checksum algorithm). A hash function adds a fixed-length tag to a message,
which enables receivers to verify the delivered message by recomputing the tag and
comparing it with the one provided.

There exists a vast variety of different hash function designs. However, some are of
particularly widespread use because of either their simplicity or their suitability for detecting
certain kinds of errors (e.g., the cyclic redundancy check's performance in detecting burst
errors).

DEPARTMENT OF MANAGEMENT STUDIES 154


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Random-error-correcting codes based on minimum distance coding can provide a


suitable alternative to hash functions when a strict guarantee on the minimum number of
errors to be detected is desired. Repetition codes, described below, are special cases of error-
correcting codes: although rather inefficient, they find applications for both error correction
and detection due to their simplicity.

Repetition codes
A repetition code is a coding scheme that repeats the bits across a channel to achieve
error-free communication. Given a stream of data to be transmitted, the data is
divided into blocks of bits. Each block is transmitted some predetermined number of
times. For example, to send the bit pattern "1011", the four-bit block can be repeated
three times, thus producing "1011 1011 1011". However, if this twelve-bit pattern was
received as "1010 1011 1011" where the first block is unlike the other two it
can be determined that an error has occurred.

Repetition codes are very inefficient, and can be susceptible to problems if the error
occurs in exactly the same place for each group (e.g., "1010 1010 1010" in the
previous example would be detected as correct). The advantage of repetition codes is
that they are extremely simple, and are in fact used in some transmissions of numbers
stations.

Parity bits
A parity bit is a bit that is added to a group of source bits to ensure that the number of
set bits (i.e., bits with value 1) in the outcome is even or odd. It is a very simple scheme that
can be used to detect single or any other odd number (i.e., three, five, etc.) of errors in the
output. An even number of flipped bits will make the parity bit appear correct even though
the data is erroneous.

Extensions and variations on the parity bit mechanism are horizontal redundancy
checks, vertical redundancy checks, and "double," "dual," or "diagonal" parity (used
in RAID-DP).

Checksums
A checksum of a message is a modular arithmetic sum of message code words of a
fixed word length (e.g., byte values). The sum may be negated by means of a ones'-
complement operation prior to transmission to detect errors resulting in all-zero
messages.

DEPARTMENT OF MANAGEMENT STUDIES 155


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Checksum schemes include parity bits, check digits, and longitudinal redundancy
checks. Some checksum schemes, such as the Damm algorithm, the Luhn algorithm,
and the Verhoeff algorithm, are specifically designed to detect errors commonly
introduced by humans in writing down or remembering identification numbers.

Cyclic redundancy checks (CRCs)


A cyclic redundancy check (CRC) is a single-burst-error-detecting cyclic code and
non-secure hash function designed to detect accidental changes to digital data in
computer networks. It is not suitable for detecting maliciously introduced errors. It is
characterized by specification of a so-called generator polynomial, which is used as
the divisor in a polynomial long division over a finite field, taking the input data as
the dividend, and where the remainder becomes the result.

Cyclic codes have favorable properties in that they are well suited for detecting burst
errors. CRCs are particularly easy to implement in hardware, and are therefore
commonly used in digital networks and storage devices such as hard disk drives.

Even parity is a special case of a cyclic redundancy check, where the single-bit CRC
is generated by the divisor x + 1.

Cryptographic hash functions


The output of a cryptographic hash function, also known as a message digest, can
provide strong assurances about data integrity, whether changes of the data are
accidental (e.g., due to transmission errors) or maliciously introduced. Any
modification to the data will likely be detected through a mismatching hash value.
Furthermore, given some hash value, it is infeasible to find some input data (other
than the one given) that will yield the same hash value. If an attacker can change not
only the message but also the hash value, then a keyed hash or message authentication
code (MAC) can be used for additional security. Without knowing the key, it is
infeasible for the attacker to calculate the correct keyed hash value for a modified
message.

Error-correcting codes
Any error-correcting code can be used for error detection. A code
with minimum Hamming distance, d, can detect up to d 1 errors in a code word.
Using minimum-distance-based error-correcting codes for error detection can be
suitable if a strict limit on the minimum number of errors to be detected is desired.

DEPARTMENT OF MANAGEMENT STUDIES 156


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Codes with minimum Hamming distance d = 2 are degenerate cases of error-


correcting codes, and can be used to detect single errors. The parity bit is an example
of a single-error-detecting code.

The Berger code is an early example of a unidirectional error(-correcting) code that


can detect any number of errors on an asymmetric channel, provided that only
transitions of cleared bits to set bits or set bits to cleared bits can occur. A constant-
weight code is another kind of unidirectional error-detecting code.

Error correction
Automatic repeat request
Automatic Repeat reQuest (ARQ) is an error control method for data transmission
that makes use of error-detection codes, acknowledgment and/or negative
acknowledgment messages, and timeouts to achieve reliable data transmission.
An acknowledgment is a message sent by the receiver to indicate that it has correctly
received a data frame.

Usually, when the transmitter does not receive the acknowledgment before the
timeout occurs (i.e., within a reasonable amount of time after sending the data frame),
it retransmits the frame until it is either correctly received or the error persists beyond
a predetermined number of retransmissions.

Three types of ARQ protocols are Stop-and-wait ARQ, Go-Back-N ARQ,


and Selective Repeat ARQ.

ARQ is appropriate if the communication channel has varying or unknown capacity,


such as is the case on the Internet. However, ARQ requires the availability of a back
channel, results in possibly increased latency due to retransmissions, and requires the
maintenance of buffers and timers for retransmissions, which in the case of network
congestion can put a strain on the server and overall network capacity.

Error-correcting code
An error-correcting code (ECC) or forward error correction (FEC) code is a system of
adding redundant data, or parity data, to a message, such that it can be recovered by a
receiver even when a number of errors (up to the capability of the code being used)
were introduced, either during the process of transmission, or on storage. Since the
receiver does not have to ask the sender for retransmission of the data, a back-
channel is not required in forward error correction, and it is therefore suitable

DEPARTMENT OF MANAGEMENT STUDIES 157


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

for simplex communication such as broadcasting. Error-correcting codes are


frequently used in lower-layer communication, as well as for reliable storage in media
such as CDs, DVDs, hard disks, and RAM.

Error-correcting codes are usually distinguished between convolutional


codes and block codes:

Convolutional codes are processed on a bit-by-bit basis. They are particularly


suitable for implementation in hardware, and the Viterbi
decoder allows optimal decoding.

Block codes are processed on a block-by-block basis. Early examples of block


codes are repetition codes, Hamming codes and multidimensional parity-check
codes. They were followed by a number of efficient codes, Reed Solomon
codes being the most notable due to their current widespread use. Turbo
codes and low-density parity-check codes (LDPC) are relatively new
constructions that can provide almost optimal efficiency.

Shannon's theorem is an important theorem in forward error correction, and describes


the maximum information rate at which reliable communication is possible over a
channel that has a certain error probability or signal-to-noise ratio (SNR). This strict
upper limit is expressed in terms of the channel capacity. More specifically, the
theorem says that there exist codes such that with increasing encoding length the
probability of error on a discrete memory less channel can be made arbitrarily small,
provided that the code rate is smaller than the channel capacity. The code rate is
defined as the fraction k/n of k source symbols and n encoded symbols.

The actual maximum code rate allowed depends on the error-correcting code used,
and may be lower. This is because Shannon's proof was only of existential nature, and
did not show how to construct codes which are both optimal and
have efficient encoding and decoding algorithms.

Hybrid schemes
Hybrid ARQ is a combination of ARQ and forward error correction. There are two
basic approaches:

DEPARTMENT OF MANAGEMENT STUDIES 158


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Messages are always transmitted with FEC parity data (and error-detection
redundancy). A receiver decodes a message using the parity information, and
requests retransmission using ARQ only if the parity data was not sufficient
for successful decoding (identified through a failed integrity check).
Messages are transmitted without parity data (only with error-detection
information). If a receiver detects an error, it requests FEC information from
the transmitter using ARQ, and uses it to reconstruct the original message.

The latter approach is particularly attractive on an erasure channel when using


a rate less erasure code.

Applications
Applications that require low latency (such as telephone conversations) cannot
use Automatic Repeat reQuest (ARQ); they must use Forward Error Correction (FEC). By
the time an ARQ system discovers an error and re-transmits it, the re-sent data will arrive too
late to be any good.

Applications where the transmitter immediately forgets the information as soon as it is


sent (such as most television cameras) cannot use ARQ; they must use FEC because when an
error occurs, the original data is no longer available. (This is also why FEC is used in data
storage systems such as RAID and distributed data store).

Applications that use ARQ must have a return channel. Applications that have no
return channel cannot use ARQ.

Applications that require extremely low error rates (such as digital money transfers)
must use ARQ.

Internet
In a typical TCP/IP stack, error control is performed at multiple levels:

Each Ethernet frame carries a CRC-32 checksum. Frames received with


incorrect checksums are discarded by the receiver hardware.
The IPv4 header contains a checksum protecting the contents of the
header. Packets with mismatching checksums are dropped within the network
or at the receiver.

DEPARTMENT OF MANAGEMENT STUDIES 159


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

The checksum was omitted from the IPv6 header in order to minimize
processing costs in network routing and because current link layer technology
is assumed to provide sufficient error detection (see also RFC 3819).
UDP has an optional checksum covering the payload and addressing
information from the UDP and IP headers. Packets with incorrect checksums
are discarded by the operating system network stack. The checksum is
optional under IPv4, only, because the Data-Link layer checksum may already
provide the desired level of error protection.
TCP provides a checksum for protecting the payload and addressing
information from the TCP and IP headers. Packets with incorrect checksums
are discarded within the network stack, and eventually get retransmitted using
ARQ, either explicitly (such as through triple-ack) or implicitly due to
a timeout.
Deep-space telecommunications
Development of error-correction codes was tightly coupled with the history of deep-
space missions due to the extreme dilution of signal power over interplanetary
distances, and the limited power availability aboard space probes. Whereas early
missions sent their data uncoded, starting from 1968 digital error correction was
implemented in the form of (sub-optimally decoded) convolutional codes and Reed
Muller codes. The Reed Muller code was well suited to the noise the
spacecraft was subject to (approximately matching a bell curve), and was
implemented at the Mariner spacecraft for missions between 1969 and 1977.

The Voyager 1 and Voyager 2 missions, which started in 1977, were designed to
deliver color imaging amongst scientific information of Jupiter and Saturn.[9] This
resulted in increased coding requirements, and thus the spacecraft were supported by
(optimally Viterbi-decoded) convolutional codes that could be concatenated with an
outer Golay (24,12,8) code. The Voyager 2 probe additionally supported an
implementation of a ReedSolomon code: the concatenated
ReedSolomonViterbi (RSV) code allowed for very powerful error correction,
and enabled the spacecraft's extended journey to Uranus and Neptune.

The CCSDS currently recommends usage of error correction codes with performance
similar to the Voyager 2 RSV code as a minimum. Concatenated codes are

DEPARTMENT OF MANAGEMENT STUDIES 160


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

increasingly falling out of favor with space missions, and are replaced by more
powerful codes such as Turbo codes or LDPC codes.

The different kinds of deep space and orbital missions that are conducted suggest that
trying to find a "one size fits all" error correction system will be an ongoing problem
for some time to come. For missions close to earth the nature of the channel noise is
different from that of a spacecraft on an interplanetary mission experiences.
Additionally, as a spacecraft increases its distance from earth, the problem of
correcting for noise gets larger.

Satellite broadcasting (DVB)


The demand for satellite transponder bandwidth continues to grow, fueled by the
desire to deliver television (including new channels and High Definition TV) and IP
data. Transponder availability and bandwidth constraints have limited this growth,
because transponder capacity is determined by the selected modulation scheme
and Forward error correction (FEC) rate.

Overview

QPSK coupled with traditional Reed Solomon and Viterbi codes have been
used for nearly 20 years for the delivery of digital satellite TV.
Higher order modulation schemes such as 8PSK, 16QAM and 32QAM have
enabled the satellite industry to increase transponder efficiency by several
orders of magnitude.
This increase in the information rate in a transponder comes at the expense of
an increase in the carrier power to meet the threshold requirement for existing
antennas.
Tests conducted using the latest chipsets demonstrate that the performance
achieved by using Turbo Codes may be even lower than the 0.8 dB figure
assumed in early designs.
Data storage

Error detection and correction codes are often used to improve the reliability of data
storage media.

DEPARTMENT OF MANAGEMENT STUDIES 161


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

A "parity track" was present on the first magnetic tape data storage in 1951. The
"Optimal Rectangular Code" used in group code recording tapes not only detects but
also corrects single-bit errors.

Some file formats, particularly archive formats, include a checksum (most


often CRC32) to detect corruption and truncation and can employ redundancy
and/or parity files to recover portions of corrupted data.

Reed Solomon codes are used in compact discs to correct errors caused by scratches.

Modern hard drives use CRC codes to detect and ReedSolomon codes to correct
minor errors in sector reads, and to recover data from sectors that have "gone bad"
and store that data in the spare sectors.

RAID systems use a variety of error correction techniques, to correct errors when a
hard drive completely fails.

Systems such as ZFS and some RAID support data scrubbing and resilvering, which
allows bad blocks to be detected and (hopefully) recovered before they are used. The
recovered data may be re-written to exactly the same physical location, to spare
blocks elsewhere on the same piece of hardware, or to replacement hardware.

Error-correcting memory
DRAM memory may provide increased protection against soft errors by relying on
error correcting codes. Such error-correcting memory, known as ECC or EDAC-
protected memory, is particularly desirable for high fault-tolerant applications, such
as servers, as well as deep-space applications due to increased radiation.

Error-correcting memory controllers traditionally use Hamming codes, although some


use triple modular redundancy.

Interleaving allows distributing the effect of a single cosmic ray potentially upsetting
multiple physically neighboring bits across multiple words by associating neighboring
bits to different words. As long as a single event upset (SEU) does not exceed the
error threshold (e.g., a single error) in any particular word between accesses, it can be
corrected (e.g., by a single-bit error correcting code), and the illusion of an error-free
memory system may be maintained.

A few systems support memory scrubbing.

Vulnerability

DEPARTMENT OF MANAGEMENT STUDIES 162


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Vulnerability in this context can be defined as the diminished capacity of an


individual or group to anticipate, cope with, resist and recover from the impact of a natural or
man-made hazard. The concept is relative and dynamic. Vulnerability is most often
associated with poverty, but it can also arise when people are isolated, insecure and
defenceless in the face of risk, shock or stress.

In computer security, a vulnerability is a weakness which allows an attacker to


reduce a system's information assurance.

Vulnerability is the intersection of three elements: a system susceptibility or flaw,


attacker access to the flaw, and attacker capability to exploit the flaw.[1] To exploit a
vulnerability, an attacker must have at least one applicable tool or technique that can connect
to a system weakness. In this frame, vulnerability is also known as the attack surface.

Vulnerability management is the cyclical practice of identifying, classifying,


remediating, and mitigating vulnerabilities" This practice generally refers to software
vulnerabilities in computing systems.

A security risk may be classified as vulnerability. The usage of vulnerability with the
same meaning of risk can lead to confusion. The risk is tied to the potential of a significant
loss. Then there are vulnerabilities without risk: for example when the affected asset has no
value. A vulnerability with one or more known instances of working and fully implemented
attacks is classified as an exploitable vulnerability a vulnerability for which
an exploit exists. The window of vulnerability is the time from when the security hole was
introduced or manifested in deployed software, to when access was removed, a security fix
was available/deployed, or the attacker was disabledsee zero-day attack.

Security bug (security defect) is a narrower concept: there are vulnerabilities that are
not related to software: hardware, site, personnel vulnerabilities are examples of
vulnerabilities that are not software security bugs.

Constructs in programming languages that are difficult to use properly can be a large
source of vulnerabilities.

Phenomenology
The term "vulnerability" relates to some other basic security terms as shown in the following
diagram:

DEPARTMENT OF MANAGEMENT STUDIES 163


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+
| An Attack: | |Counter- | | A System Resource: |
| i.e., A Threat Action | | measure | | Target of the Attack |
| +----------+ | | | | +-----------------+ |
| | Attacker |<==================||<========= | |
| | i.e., | Passive | | | | | Vulnerability | |
| | A Threat |<=================>||<========>| |
| | Agent | or Active | | | | +-------|||-------+ |
| +----------+ Attack | | | | VVV |
| | | | | Threat Consequences |
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+

A resource (either physical or logical) may have one or more vulnerabilities that can
be exploited by a threat agent in a threat action. The result can potentially compromise
the confidentiality, integrity or availability of resources (not necessarily the vulnerable one)
belonging to an organization and/or others parties involved(customers, suppliers).
The so-called CIA triad is the basis of Information Security.

The attack can be active when it attempts to alter system resources or affect their
operation: so it compromises integrity or availability. A "passive attack" attempts to learn or
make use of information from the system but does not affect system resources: so it
compromises Confidentiality.

OWASP (see figure) depicts the same phenomenon in slightly different terms: a threat
agent through an attack vector exploits a weakness (vulnerability) of the system and the
related security controls causing a technical impact on an IT resource (asset) connected to a
business impact.

A set of policies concerned with information security management, the information


security management system (ISMS), has been developed to manage, according to Risk
management principles, the countermeasures in order to accomplish to a security strategy set
up following rules and regulations applicable in a country. Countermeasures are also
called Security controls; when applied to the transmission of information are named security
services. The overall picture represents the risk factors of the risk scenario.

Classification
Vulnerabilities are classified according to the asset class they are related to:
Hardware

DEPARTMENT OF MANAGEMENT STUDIES 164


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Susceptibility to humidity
Susceptibility to dust
Susceptibility to soiling
Susceptibility to unprotected storage

Software

Insufficient testing
Lack of audit trail

Network

Unprotected communication lines


Insecure network architecture

Personnel

Inadequate recruiting process


Inadequate security awareness

Site

Area subject to flood


Unreliable power source

Organizational

Lack of regular audits


Lack of continuity plans
Lack of security
Causes

Complexity: Large, complex systems increase the probability of flaws and unintended
access points.
Familiarity: Using common, well-known code, software, operating systems, and/or
hardware increases the probability an attacker has or can find the knowledge and tools to
exploit the flaw
Connectivity: More physical connections, privileges, ports, protocols, and services and
time each of those are accessible increase vulnerability

DEPARTMENT OF MANAGEMENT STUDIES 165


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Password management flaws: The computer user uses weak passwords that could be
discovered by brute force. The computer user stores the password on the computer where
a program can access it. Users re-use passwords between many programs and websites.
Fundamental operating system design flaws: The operating system designer chooses to
enforce suboptimal policies on user/program management. For example operating
systems with policies such as default permit grant every program and every user full
access to the entire computer. This operating system flaw allows viruses and malware to
execute commands on behalf of the administrator.
Internet Website Browsing: Some internet websites may contain
harmful Spyware or Adware that can be installed automatically on the computer systems.
After visiting those websites, the computer systems become infected and personal
information will be collected and passed on to third party individuals.
Software bugs: The programmer leaves an exploitable bug in a software program. The
software bug may allow an attacker to misuse an application.

Unchecked user input: The program assumes that all user input is safe. Programs that do
not check user input can allow unintended direct execution of commands or SQL
statements (known as Buffer overflows, SQL injection or other non-validated inputs).
Not learning from past mistakes: for example most vulnerabilities discovered
in IPv4 protocol software were discovered in the new IPv6 implementations

The research has shown that the most vulnerable point in most information systems is the
human user, operator, designer, or other human: so humans should be considered in their
different roles as asset, threat, information resources. Social engineering is an increasing
security concern.

Vulnerability consequences

The impact of a security breach can be very high. The fact that IT managers, or upper
management, can (easily) know that IT systems and applications have vulnerabilities and do
not perform any action to manage the IT risk is seen as a misconduct in most
legislations. Privacy law forces managers to act to reduce the impact or likelihood that
security risk. Information technology security audit is a way to let other independent people
certify that the IT environment is managed properly and lessen the responsibilities, at least
having demonstrated the good faith. Penetration test is a form of verification of the weakness
and countermeasures adopted by an organization: a White hat hacker tries to attack an

DEPARTMENT OF MANAGEMENT STUDIES 166


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

organization information technology assets, to find out how is easy or difficult to compromise
the IT security. The proper way to professionally manage the IT risk is to adopt
an Information Security Management System, such as ISO/IEC 27002 or Risk IT and follow
them, according to the security strategy set forth by the upper management.

One of the key concept of information security is the principle of defence in depth: i.e. to
set up a multilayer defence system that can:

Prevent the exploit


Detect and intercept the attack
Find out the threat agents and prosecute them

Intrusion detection system is an example of a class of systems used to detect attacks.

Physical security is a set of measures to protect physically the information asset: if


somebody can get physical access to the information asset is quite easy to made resources
unavailable to its legitimate users.

Some set of criteria to be satisfied by a computer, its operating system and applications in
order to meet a good security level have been developed: ITSEC and Common criteria are
two examples.

Identifying and removing vulnerabilities


Many software tools exist that can aid in the discovery (and sometimes removal) of
vulnerabilities in a computer system. Though these tools can provide an auditor with a good
overview of possible vulnerabilities present, they cannot replace human judgment. Relying
solely on scanners will yield false positives and a limited-scope view of the problems present
in the system.

Vulnerabilities have been found in every major operating


system including Windows, Mac OS, various forms of Unix and Linux, OpenVMS, and
others. The only way to reduce the chance of a vulnerability being used against a system is
through constant vigilance, including careful system maintenance (e.g. applying software
patches), best practices in deployment (e.g. the use of firewalls and access controls) and
auditing (both during development and throughout the deployment lifecycle).

Examples of vulnerabilities
Vulnerabilities are related to:

DEPARTMENT OF MANAGEMENT STUDIES 167


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Physical environment of the system


The personnel
Management
Administration procedures and security measures within the organization
Business operation and service delivery
Hardware
Software
Communication equipment and facilities
And their combinations.

It is evident that a pure technical approach cannot even protect physical assets: you
should have administrative procedure to let maintenance personnel to enter the facilities and
people with adequate knowledge of the procedures, motivated to follow it with proper care.
See Social engineering (security).

Four examples of vulnerability exploits:

An attacker finds and uses an overflow weakness to install malware to export


sensitive data;
An attacker convinces a user to open an email message with attached malware;
An insider copies a hardened, encrypted program onto a thumb drive and cracks it at
home;
A flood damages your computer systems installed at ground floor.
Computer Crime

Throughout the past several decades there have been numerous advances in electronic
resources. Technologies such as cellular phones, pagers, home computers, the Internet,
websites, and palm pilots have added another dimension to crime. That dimension involves
increased methods at criminals disposal to commit certain crimes along with increased
locations in which crimes can occur. For example, property crimes no longer have to involve
face-to-face contact between the criminal and the victim. In the past, property crimes usually
involved a criminal breaking into a victims house or grabbing a purse from a person on the
street. Today, criminals can commit property crimes from the comfort of their own homes
against people who live on the other side of the world through the use of computers.
Computer crime poses a daunting task for law enforcement agencies because they are
highly technical crimes. Law enforcement agencies must have individuals trained in

DEPARTMENT OF MANAGEMENT STUDIES 168


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

computer science or computer forensics in order to properly investigate computer crimes.


Additionally, states must update and create legislation, which prohibits computer crimes and
outlines appropriate punishments for those crimes. Computer crimes will likely become more
frequent with the advent of further technologies. It is important that civilians, law
enforcement officials, and other members of the criminal justice system are knowledgeable
about computer crimes in order to reduce the threat they pose.
Recognizing the emerging problems resulting from computer crime, the Montgomery
County Criminal Justice Coordinating Commission requested the following study in order to
gain a detailed understanding of the harms caused by this modern crime form. Specifically,
the Commission asked that we research: the definitions of computer crime, the different types
of computer crime, the scope of the national and local problem, the legislation that was
created to punish offenders, the professional organizations that combat computer crime, the
resources that are available to educate the public about computer crimes, and the underlying
reasons for law enforcement agencies successes in combating computer crime. In addition,
we have been asked to furnish a list of recommendations for the Commission on how they
should act in regards to combating computer crime.
The general heading of computer crime can potentially cover an array of offenses. By
examining several existing definitions of computer crime, as well as elements suggested as
essential to a uniform definition, a better understanding of what computer crime entails will be
created. Some have defined computer crime as any offense that uses or somehow involves a
computer. The Department of Justice has defined computer crime as any violation of the
criminal law that involves the knowledge of computer technology for its perpetration,
investigation, or prosecution. Understandably, critics have been quick to indicate that while this
definition may encompass computer crimes, it doesnt necessarily exclude other forms of crime
(Goodman, 2001). Similarly, definitions such as the one utilized by the Business Software
Alliance, a public education and awareness organization, may be too restrictive. They classify
computer crime as illegal activities that make use of electronic systems as a means to affect the
security of computer systems and computer data. The organization delineates this from
computer-related offenses, which simply use or are related to computer resources.
Computer Fraud

Computer fraud can be described as a subset of computer crime. Computer fraud uses
electronic resources to present fraudulent or misrepresented information as a means of
deception. According to the Department of Justice, the fraudulent activities currently taking
place that use electronic resources are largely an extension of traditional existing fraud

DEPARTMENT OF MANAGEMENT STUDIES 169


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

activities exploiting a new medium (National White Collar Crime Center, 2002).
Computer Crime Types

There exists a constantly expanding list of the forms computer crime and computer
fraud can take. Fortunately, these crime types fall into overarching groups of criminal
actions. Many traditional crimes, such as fraud, theft, organized crime rings, prostitution,
stalking, and child pornography have been incorporated into the digital world. Offenders
may find new opportunities to perpetrate their crimes using this new digital medium. The
National White Collar Crime Center notes, computers can be used as tools to commit
traditional offenses. This means that the functions specific to computers, such as software
programs and Internet capabilities, can be manipulated to conduct criminal activity.
(National White Collar Crime Center, 2002) Additionally, as explained previously, computer
crimes can also be grouped into categories in which computers themselves are either the
target or victim of an offense, or simply incidental to the act itself. Aside from traditional
crimes that have been adapted to utilize electronic resources, there are also a number of
offenses that exist specifically due to the accessibility of computer resources.
Traditional Crime Types

Some of the traditional crimes now taking place on computers include fraud, theft,
harassment, and child pornography. Computer fraud consists of crimes such as online
auction fraud, identity theft, financial and telecommunications fraud, credit card
fraud, and various other schemes. Theft crimes, as related to computer crime, include
categories such as monetary, service and data theft, and piracy. Harassment offenses
include online harassment and cyberstalking. Child pornography crimes include both
the transmission of media that exploits children, as well as solicitation to commit
sexual crimes against minors.
Computer Fraud

Computer fraud is one of the most rapidly increasing forms of computer crime.
Computer fraud is also commonly referred to as Internet fraud. Essentially,
computer/ Internet fraud is any type of fraud scheme that uses one or more
components of the Internet-such as chat rooms, e-mail, message boards, or Web
sites to present fraudulent transactions, or to transmit the proceeds of fraud to
financial institutions or to others connected with the scheme (Department of
Justice, 2001). There are multiple forms of Internet fraud.

DEPARTMENT OF MANAGEMENT STUDIES 170


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

One type of Internet Fraud is the Nigerian e-mail fraud. In this particular crime, the
victim receives e-mail from an alleged son of a deceased Nigerian head of state, who
happens to be the heir to millions of dollars that are hidden in accounts all over the world.
The e-mail recipient is lead to believe that they are to receive some of the fortune. All
that is asked in exchange is a lawyers fee of several thousand dollars in order to claim
the money. The people who fall prey to this crime send their money and never receive
their expected fortunes (Koinange, 2002). An example of this form of fraud can be found
in the appendix. Be sure to notice that the example isnt the Nigerian e-mail fraud as the
e-mail has apparently been sent from someone of Asian descent. The Nigerian e-mail
fraud seems to be spreading to different parts of the world.
Phishing

The Anti-Phishing Working Group defines Phishing as a form of online


identity theft that uses spoofed emails designed to lure recipients to fraudulent
websites which attempt to trick them into divulging personal financial data such
as credit card numbers, account usernames and passwords, social security
numbers, etc. (Anti-Phishing Working Group, 2004). An example of a phishing
website can be seen in Figure 1. In this particular phishing incident, an
unsuspecting person would receive an e-mail with a link to a website. Upon
clicking on the link, the victim would enter a site, such as the one below that
appears to be a legitimate e-bay website. However, upon closer review, the URL
is different. This victim, failing to notice the generic URL, would supply the
Phisher with their e-bay username, password and e-mail address.

DEPARTMENT OF MANAGEMENT STUDIES 171


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Theft Computer Crimes

Computer crimes involving theft are very diverse. The gaining of access and removal
of property through the use of electronic resources generally defines theft computer
crimes. This property may include money, service, programs, data, or computer
output, and computer time (Rushinek&Rushinek, 1993), (Haugen &Selin, 1999). In
addition, altering computer input or output without authorization, destroying or
misusing proprietary information, and the unauthorized use of computer resources
(theft of computer time) can be considered theft-related computer crimes.
Internet piracy is a more prominent form of theft in a digital medium. Piracy is the act
of duplicating copyrighted material without authorization (Business Software
Alliance, 2004). For the past few years, private and law enforcement organizations
have been putting a concentrated effort on stopping this offense. Organizations such
as the Recording Industry Association of America (RIAA) and the Motion Picture
Association of America (MPAA) routinely engage in both civil as well as criminal
lawsuits to curb piracy. The MPAA alone estimate their potential revenue lost
because of piracy to be over three billion dollars a year. (Motion Picture Association
of America, 2004).
Unauthorized Access

Unauthorized access is a prerequisite to many forms of computer crimes and


computer fraud. This form of crime amounts to electronic intrusion, or gaining access
to resources via a computer resource without permission. Unauthorized access may
occur both on individuals personal computers, as well as in the workplace. One
major form of unauthorized access is known as hacking. Hacking is the act of
gaining unauthorized access to a computer system or network and in some cases
making unauthorized use of this access. (Rushinek&Rushinek, 1993) As stated
previously, unauthorized access may be a gateway to commit other offenses.
An instance of unauthorized access recently investigated by the Federal Bureau of
Investigation involves Alexey V. Ivanov, who was charged with computer intrusion,

DEPARTMENT OF MANAGEMENT STUDIES 172


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

computer fraud, and extortion, among other things.


Denial of Service

A denial of service attack is a targeted effort to disrupt a legitimate user of a service


from having access to the service. This may be accomplished through a number of
methods. Offenders can limit or prevent access to services by overloading the
available resources, changing the configuration of the services data, or physically
destroying the available connections to the information (CERT, 2001).
Crimes of this type have been perpetrated against major online entities, such as

Yahoo.com, eBay.com, CNN.com, and Buy.com. In these crimes, offenders most


often attempt to overload the sites with electronic connections in order to disrupt
service to legitimate users (CNNMoney, 2000).

What Has Been Done to Combat Computer Crime

Legislation

Perhaps the biggest efforts that have been taken to combat computer crime come in
the form of state legislation that outlines different computer crimes and punishments.
Crimes outlined in state legislation are similar to the crimes listed above in the types
of computer crimes. Crimes such as: cyberstalking, computer fraud, spam, and
unauthorized access are proscribed in multiple states legislature. A number of state
laws on computer crime can be found in Appendix B. In addition to the state
legislation, there have been a number of federal laws created to battle computer crime.
For example, the Computer Fraud and Abuse Act established in 1986, defines the
federal punishments for certain types of crimes involving the use of a computer.
The USA PATRIOT Act passed in October 2001 provided several sections which
expanded the capabilities of law enforcement officials in investigating computer
crime. Section 217 allows victims of computer trespassing to have law enforcement
officials monitor the computer trespasser(s). Section 220 allows law enforcement
officials to seek nationwide warrants for e-mail. Section 814 provides penalties for
cyberterrorism. Finally, section 816 calls for the development of computer forensics
laboratories and training for law enforcement officers in computer-crime related
investigations. The full text version of the aforementioned sections of the USA
Patriot Act can be found in appendix C.

DEPARTMENT OF MANAGEMENT STUDIES 173


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Internet Crime Complaint Center

In May of 2000, the FBI with the assistance of the White Collar Crime Center opened the
Internet Crime Complaint Center or as it was formerly known, the Internet Fraud
Complaint Center. Since its inception, the ICCC has developed in to the main
collection center for Internet fraud complaints (Online Fraud and Crime: Are
Consumers Safe? 6). When complaints are made online to the ICCC, supervisory
Special Agents, along with Internet fraud specialists review those complaints when
they come in and they link those complaints with others that may have been
previously received. (Online Fraud and Crime: Are Consumers Safe? 7).
Subsequently, the ICCC disseminates all pertinent information to the appropriate law
enforcement agencies on the Federal, State, and local level (Online Fraud and Crime:
Are Consumers Safe? 7).
During its first year, the ICCC received roughly 30,500 valid criminal complaints
concerning computer/Internet fraud (Online Fraud and Crime: Are Consumers Safe?
11). Of these complaints, the ICCC was able to submit 545 investigative reports
encompassing over 3,000 complaints to 51 of 56 FBI field divisions and 1,507 local
and state law enforcement agencies. ICCC has also referred 41 cases encompassing
over 200 complaints to international law enforcement agencies. The ICCC has
received complaints of victims from 89 different countries (Online Fraud and
Crime: Are Consumers Safe? 11). The ICCC has continued to help law enforcement
over the past couple of years. Those who are victims of Internet fraud can file a
complaint at the ICCCs website.
Professional Organizations

There exists a number of professional law enforcement organizations designed to


provide training and investigative resources for computer crime and computer fraud. These
agencies work independently, as well as with regional law enforcement. Many of these
organizations are elements of federal law enforcement agencies.
The Department of Justices Computer Crime and Intellectual Property Section
maintains the National Cybercrime Training Partnership. This purpose of this group is to
provide guidance and assistance to local, state, and federal law enforcement agencies in
an effort to ensure that the law enforcement community is properly trained to address
electronic and high technology crimes. (National White Collar Crime Center, 2002) This
consortium is made up of law enforcement members from federal, state, and local agencies,

DEPARTMENT OF MANAGEMENT STUDIES 174


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

and aims to improve the ability of law enforcement agencies to address computer crimes.
They have designed a number of training programs for officers and prosecutors related to
computer crime and computer fraud. The major areas of focus of these training courses are
electronic crime scene investigation, data recovery and analysis, use of the Internet as an
investigative tool, and training for instructors (Williams).
Security Policy for Wireless Networking

The University of Wolverhampton uses a wireless (WiFi) network across the separate
campus locations to provide greater flexibility and convenience for both staff and students
when accessing the University network and IT services.

In all WiFi networks there are certain inherent security issues. This page outlines the
known security issues for WiFi and provides guidance on security procedures for making best
use of your WiFi connection.

The University seeks to keep your data and information both confidential and secure;
this guidance explains how.

WiFi Vulnerabilities

The three main vulnerabilities of WiFi are:

The WiFi broadcasts the Access Point name and location beyond the boundaries of the
University campus. This allows external malicious users to see and recognise the
University network.
WiFi is vulnerable to spoofing, i.e. rogue networks mimicking a real Access Point and
establishing connections to intercept data and files.
Data transmitted via WiFi can be vulnerable to interception and monitoring, creating
security risks for the user.

Reducing the risk access restrictions

The University IT network is provided in partnership with several external agencies,


which include the JANET network that provides the link to the Web. As part of the
University contractual agreement with JANET there are certain policies which the University
must comply with.

Below are four examples of how you can connect to the WiFi network. Each provides
a different degree of security and you should select the connection method which matches

DEPARTMENT OF MANAGEMENT STUDIES 175


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

your role at the University (staff, student or guest) and provides suitable security for the data
you are processing.

1. Wolfradiolan unencrypted WiFi for staff and students


To ensure only current students and staff access the WiFi network each user is required
to provide both a user name and password to authenticate their identity. To do this, start a
web browser and go to your home page. The access will be redirected to the Network
Authorisation page.

Users should be aware that this is an unencrypted WiFi network and as such your
data could be monitored. Extreme caution should be used when sending confidential or
sensitive information. Both staff and students are recommended to use the Eduroam
facility when transmitting confidential or sensitive data.

The University network is divided between the Intranet and the external Internet. The
WiFi connection operates across the Internet and is totally separate from the University
Intranet system which retains the critical business systems.Users should be aware that
unencrypted WiFi connections pose a potentially serious security risk to a usersconfidential
and sensitive information. It is recommended that users ensure the web browser they are
using displays the secure padlock symbol in the web page address bar when they are
accessing web sites with sensitive data.

2. UoWGuest unencrypted WiFi for visitors


Visitors to the University who are neither staff nor students may access WiFi through
the UoWGuestWiFi service. This provides Internet access only and requires a guest account
to be established prior to the visit to the University. Prospective users must contact IT
Services Admin Team via the IT Service Desk on 01902-322000 or ext. 2000 in order to
create an account prior to arrival. Users should be aware that this WiFi access is unencrypted
and should not be used for confidential or sensitive information.

3. Wlvstaff - Secure Intranet WiFi


The University also operates a secure WiFi connection for staff called wlvstaff, which
is intended for staff wishing to access business systems within the University. The
authentication for this WiFi access is based upon the user name and password of the user and
has enhanced encryption to ensure data integrity and confidentiality. Access is limited to

DEPARTMENT OF MANAGEMENT STUDIES 176


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

those laptops which form part of the managed laptop estate and access to the network will be
configured when the laptop is initially prepared for delivery to the member of staff.

If you have any questions concerning installation or configuration of this facility on


an IT Services managed staff laptop contact the IT Service Desk on ext. 2000 (01902-
322000).

4. Eduroam Secure WiFi on and away from campus


Both personal laptops and University managed laptops for staff and students may use the
Eduroam service. This service provides WiFi access across a number of academic institutions
and forms part of the University agreement with JANET our service provider.

Staff managed laptops are configured with the necessary setting. Personal laptops will
need to install a certificate to authenticate and authorise access to the service.

Advice on connecting a laptop and configuration of settings is available from the


University's Eduroam - Roaming Serviceweb page or for an overview of participating
locations both within the UK and Worldwide visit Eduroam.

Advice on connecting and certificate installation can be obtained from the IT Service
Desk on ext. 2000 (01902-322000).

Key points for WiFi installation and use


The key objective of the University is to maintain a safe and secure WiFi network, which
maintains the integrity of your data. The five points below outline the operating guidelines
for the service to maintain this standard:

1. IT Services retain authority to approve access points, type and specification approval,
based on current practice and best advice, prior to installation of any equipment on the
network.
2. Installation of an access point which has not been approved by IT Services prior to
installation will be a breach of the ICT Acceptable Use Policy and may lead to
disciplinary action or possible prosecution under the Misuse of Computers Act 1990.
3. All authorised access points will be installed under the supervision of IT Services.
Checks will be made to verify the inter-operability and compatibility of the new device
with the existing infrastructure. Any operational issues caused by installation of new

DEPARTMENT OF MANAGEMENT STUDIES 177


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

equipment which adversely affects the existing network performance will result in
withdrawal of approval for the new equipment.
4. The University will ensure that all access points will operate with the highest security
settings available for the infrastructure at the specific location. Users must ensure the
security setting of the WiFi connection is compatible with the data classification of the
information they are transmitting. The user is responsible for the safe transmission of
sensitive data and breaches of confidentiality due to transmission of sensitive data over
unencrypted WiFi may lead to a prosecution under the Data Protection Act 1998.
5. The operation of peer to peer WiFi, allowing data transmission without authentication
or authorization, between devices is a breach of the ICT Acceptable Use Policy.
Establishing such a connection may lead to disciplinary action for both staff and
students. It is recommended that users disable all WiFi and Bluetooth capabilities on
devices when the facility is not required for transmission. All WiFi network
connections must operate in infrastructure mode to comply with the Personal
Network Rules.
Securing a Website

To secure a website or a web application, one has to first understand the target
application, how it works and the scope behind it. Ideally, the penetration tester should have
some basic knowledge of programming and scripting languages, and also web security.

A website security audit usually consists of two steps. Most of the time, the first step
usually is to launch an automated scan. Afterwards, depending on the results and the
websites complexity, a manual penetration test follows. To properly complete both the
automated and manual audits, a number of tools are available, to simplify the process and
make it efficient from the business point of view. Automated tools help the user making sure
the whole website is properly crawled, and that no input or parameter is left unchecked.
Automated web vulnerability scanners also help in finding a high percentage of the technical
vulnerabilities, and give you a very good overview of the websites structure, and security
status. Thanks to automated scanners, you can have a better overview and understanding of
the target website, which eases the manual penetration process.

For the manual security audit, one should also have a number of tools to ease the
process, such as tools to launch fuzzing tests, tools to edit HTTP requests and review HTTP
responses, proxy to analyse the traffic and so on.

DEPARTMENT OF MANAGEMENT STUDIES 178


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

In this white paper we explain in detail how to do a complete website security audit
and focus on using the right approach and tools. We describe the whole process of securing a
website in an easy to read step by step format; what needs to be done prior to launching an
automated website vulnerability scan up till the manual penetration testing phase.

Manual Assessment of target website or web application


Get familiar with the software
Configuring the automated black box scanner
Protect your data
Launching the scan
After the scan Analysing the results
Manual penetration test

As we can see from the above, web security is very different from network security. As a
concept, network security can be simplified to allow good guys in and block the bad guys.
Web security is different; it is much more than that. Though never give up. There are tools
available out there which will automate most of the job for you, assist you and make the
whole process easier and faster.

Securing the Intranet

Many companies have set up an intranet that provides Web-style company information for
employees. Procedure manuals and online knowledge sharing can be made possible through
the intranet. However, having information on the intranet can also present some security
risks. The following examines some of the risks involved:

Information is shared on the intranet from various servers located within the
organization. The network administrator should make sure that proper security
permissions are assigned to the folders so that users who will be accessing the
information can get to it. In some instances, depending on the information being
presented, the users can be allowed to copy the files onto their hard drives but not
allowed to copy back on to the server.
All shared folders should be hidden to prevent any user from being tempted to scan
through the folders.
Information available to the intranet is for the company's employees at large. Before
any information is posted, the confidentiality of such information should be

DEPARTMENT OF MANAGEMENT STUDIES 179


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

investigated. If information with a certain level of confidentiality should be posted,


then passwords to the page should be assigned.
The server that is hosting the Web page should have the latest security service packs
installed, especially where IIS is concerned.
If CGI scripting is to be used, the network administrator should ensure that proper
security.
Software Audit
If your company is facing a software audit, Scott & Scott, LLP can help. Software
audits by software publishers and their trade groups are on the rise. Many companies are
paying substantial fines and suffering negative publicity resulting from license compliance
investigations. If your business runs software published by Microsoft, Adobe, Autodesk,
IBM, Oracle you may be at risk for a software audit.
Scott & Scott, LLP has developed a comprehensive solution to respond to software
audit matters including technology to perform a software inventory and analysis, IT
professionals that understand the technology used in a variety of businesses, and experienced
attorneys to handle the legal process.
Software audits initiated by the Business Software Alliance (BSA) and the Software
Information Industry Association (SIIA)
Software asset management engagements & SPLA license reviews initiated by
Microsoft
License compliance reviews by Oracle and IBM
Audit requests from Adobe, Autodesk, and other software publishers
Federal Copyright Infringement Litigation Involving Autodesk & the SIIA.
Arbitration of Copyright Infringement Claims before the American Arbitration
Association.
Ethical and Social Issues
Consumer Privacy
Organizations collect (and sometimes sell) huge amounts of data on
individuals.
Employee Privacy
IT supports remote monitoring of employees, violating privacy and creating
stress.
Freedom of Speech

DEPARTMENT OF MANAGEMENT STUDIES 180


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

IT increases opportunities for pornography, hate speech, intellectual property


crime, and other intrusions; prevention may abridge free speech.
IT Professionalism
No mandatory or enforced code of ethics for IT professionals--unlike other
professions.
Social Inequality
Less than 20% of the worlds population has ever used a PC; less than 3%
have Internet access.

DEPARTMENT OF MANAGEMENT STUDIES 181


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

2 Marks
1. What do you mean by Software Security?
2. State the difference between Application security and Software Security.
3. What do you mean by Software Testing?
4. State the difference between Static Testing and Dynamic Testing.
5. What do you mean by Software Verification?
6. What do you mean by Software quality assurance?
7. State the Software quality assurance Methods.
8. What do you mean by Black box Testing? Mention the Advantages.
9. What do you mean by White box Testing and its Types?
10. What do you mean by Grey Box Testing
11. State the types or levels of Testings
12. What do you mean by Error Detection?
13. What do you mean by Error Correction?
14. What do you mean by Error Control?
15. What do you mean by Vulnerability?
16. State theClassification of Vulnerability?
17. State theCauses of Vulnerability?
18. What do you mean by Computer Crimes? Give one Example
19. State the types of Computer Crimes.
20. What do you mean by Computer Fraud?
21. What do you mean by Web Security?
22. What do you mean by Intranet Security?
23. What do you mean by Wireless Network?
24. What do you mean by Software Audit?
25. What do you mean by Ethics in IT?
16 Marks
1. Explain the Software Testing life Cycle
2. Explain the Software Testing Methods and Testing Types or Levels
3. Explain the Error Detection and Correction Schemes
4. Explain the types of Computer Crime
5. Explain about web, intranet, wireless Securities

DEPARTMENT OF MANAGEMENT STUDIES 182


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

6. Explain the Software Audit and Ethics


MANAGEEMNT INFORMATION SYSTEM UNIT: V

E-BUSINESS
Electronic business, commonly referred to as "eBusiness" or "e-business", may be
defined as the application of information and communication technologies (ICT) in support
of all the activities of business. Commerce constitutes the exchange of products and services
between businesses, groups and individuals and can be seen as one of the essential activities
of any business. Electronic commerce focuses on the use of ICT to enable the external
activities and relationships of the business with individuals, groups and other
businesses.Louis Gerstner, the former CEO of IBM, in his book, Who Says Elephants Can't
Dance?attributes the term "e-Business" to IBM's marketing and Internet teams in
1996.Electronic business methods enable companies to link their internal and external data
processing systems more efficiently and flexibly, to work more closely with suppliers and
partners, and to better satisfy the needs and expectations of their customers.
In practice, e-business is more than just e-commerce. While e-business refers to more
strategic focus with an emphasis on the functions that occur using electronic capabilities, e-
commerce is a subset of an overall e-business strategy. E-commerce seeks to add revenue
streams using the World Wide Web or the Internet to build and enhance relationships with
clients and partners and to improve efficiency using the Empty Vessel strategy. Often, e-
commerce involves the application of knowledge management systems.
E-business involves business processes spanning the entire value chain: electronic
purchasing and supply chain management, processing orders electronically, handling
customer service, and cooperating with business partners. Special technical standards for e-
business facilitate the exchange of data between companies. E-business software solutions
allow the integration of intra and inter firm business processes. E-business can be conducted
using the Web, the Internet, intranets, extranets, or some combination of these.
Basically, electronic commerce (EC) is the process of buying, transferring, or
exchanging products, services, and/or information via computer networks, including the
internet. EC can also be benefited from many perspective including business process, service,
learning, collaborative, community. EC is often confused with e-business.

DEPARTMENT OF MANAGEMENT STUDIES 183


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Subsets of e-Business
Applications can be divided into three categories:

1. Internal business systems

Customer relationship management


Enterprise resource planning
Document management systems
human resources management

2. Enterprise communication and collaboration

VoIP
content management system
e-mail
voice mail
Web conferencing
Digital work flows (or business process management)

3. Electronic commerce - business-to-business electronic commerce (B2B) or business-


to-consumer electronic commerce (B2C)

Internet shop
Supply chain management
online marketing
Offline marketing
Models of e-Business
When organizations go online, they have to decide which e-business models best suit
their goals. A business model is defined as the organization of product, service and
information flows, and the source of revenues and benefits for suppliers and customers. The
concept of e-business model is the same but used in the online presence. The following is a
list of the currently most adopted e-business models such as:

E-shops
E-commerce
E-procurement

DEPARTMENT OF MANAGEMENT STUDIES 184


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

E-malls
E-auctions
Virtual Communities
Collaboration Platforms
Third-party Marketplaces
Value-chain Integrators
Value-chain Service Providers
Information Brokerage
Telecommunication

Classification by provider and consumer


Roughly dividing the world into providers/producers and consumers/clients one can classify
e-businesses into the following categories
Business-to-business (B2B)
Business-to-consumer (B2C)
Business-to-employee (B2E)
Business-to-government (B2G)
Government-to-business (G2B)
Government-to-government (G2G)
Government-to-citizen (G2C)
Consumer-to-consumer (C2C)
Consumer-to-business (C2B)
It is notable that there are comparably less connections pointing "upwards" than
"downwards" (few employee/consumer/citizen-to-X models).

PERVASIVE COMPUTING
Ubiquitous computing (ubicomp) is a post-desktop model of human-computer
interaction in which information processing has been thoroughly integrated into everyday
objects and activities. In the course of ordinary activities, someone "using" ubiquitous
computing engages many computational devices and systems simultaneously, and may not
necessarily even be aware that they are doing so. This model is usually considered
advancement from the desktop paradigm.
This paradigm is also described as pervasive computing, ambient intelligence. When
primarily concerning the objects involved, it is also physical computing, the Internet of
Things, haptic computing, and things that think. Rather than propose a single definition for

DEPARTMENT OF MANAGEMENT STUDIES 185


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

ubiquitous computing and for these related terms, a taxonomy of properties for ubiquitous
computing has been proposed, from which different kinds or flavours of ubiquitous systems
and applications can be described Core Concept.
At their core, all models of ubiquitous computing (also called pervasive computing)
share a vision of small, inexpensive, robust networked processing devices, distributed at all
scales throughout everyday life and generally turned to distinctly common-place ends. For
example, a domestic ubiquitous computing environment might interconnect lighting and
environmental controls with personal biometric monitors woven into clothing so that
illumination and heating conditions in a room might be modulated, continuously and
imperceptibly. Another common scenario posits refrigerators "aware" of their suitably-tagged
contents, able to both plan a variety of menus from the food actually on hand, and warn users
of stale or spoiled food.
Ubiquitous computing presents challenges across computer science: in systems design
and engineering, in systems modeling, and in user interface design. Contemporary human-
computer interaction models, whether command-line, menu-driven, or GUI-based, are
inappropriate and inadequate to the ubiquitous case. This suggests that the "natural"
interaction paradigm appropriate to a fully robust ubiquitous computing has yet to emerge -
although there is also recognition in the field that in many ways we are already living in an
ubicomp world. Contemporary devices that lend some support to this latter idea include
mobile phones, digital audio players, radio-frequency identification tags, GPS, and interactive
whiteboards.
Mark Weiser proposed three basic forms for ubiquitous system devices, see also
Smart device: tabs, pads and boards.

Tabs: wearable centimetre sized devices


Pads: hand-held decimetre-sized devices
Boards: meter sized interactive display devices.

These three forms proposed by Weiser are characterized by being macro-sized, having a
planar form and on incorporating visual output displays. If we relax each of these three
characteristics we can expand this range into a much more diverse and potentially more
useful range of Ubiquitous Computing devices. Hence, three additional forms for ubiquitous
systems have been proposed:

DEPARTMENT OF MANAGEMENT STUDIES 186


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Dust: miniaturised devices can be without visual output displays, e.g., Micro Electro-
Mechanical Systems (MEMS), ranging from nanometres through micrometers to
millimetres. See also Smart dust.
Skin: fabrics based upon light emitting and conductive polymers, organic computer
devices, can be formed into more flexible non-planar display surfaces and products
such as clothes and curtains, see OLED display. MEMS device can also be painted
onto various surfaces so that a variety of physical world structures can act as
networked surfaces of MEMS.
Clay: ensembles of MEMS can be formed into arbitrary three dimensional shapes as
artefacts resembling many different kinds of physical object (see also Tangible
interface).
In his book The Rise of the Network Society, Manuel Castells suggests that there is an
ongoing shift from already-decentralised, stand-alone microcomputers and mainframes
towards entirely pervasive computing. In his model of a pervasive computing system,
Castells uses the example of the Internet as the start of a pervasive computing system. The
logical progression from that paradigm is a system where that networking logic becomes
applicable in every realm of daily activity, in every location and every context. Castells
envisages a system where billions of miniature, ubiquitous inter-communication devices will
be spread worldwide, "like pigment in the wall paint".

INTRODUCTION - ECRM
E-CRM Electronic CRM concerns all forms of managing relationships with
customers making use of Information Technology (IT).
The Essence of CRM for Business
The exact meaning of CRM is still subject of heavy discussions. However, the overall goal
can be seen as effectively managing differentiated relationships with all customers and
communicating with them on an individual basis. Underlying thought is that companies
realize that they can supercharge profits by acknowledging that different groups of customers
vary widely in their behavior, desires, and responsiveness to marketing.

E-CRM
As the internet is becoming more and more important in business life, many
companies consider it as an opportunity to reduce customer-service costs, tighten customer
relationships and most important, further personalize marketing messages and enable mass
customization.[6] Together with the creation of Sales Force Automation (SFA), where

DEPARTMENT OF MANAGEMENT STUDIES 187


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

electronic methods were used to gather data and analyze customer information, the trend of
the upcoming Internet can be seen as the foundation of what we know as eCRM today. We
can define eCRM as activities to manage customer relationships by using the Internet, web
browsers or other electronic touch points. The challenge hereby is to offer communication
and information on the right topic, in the right amount, and at the right time that fits the
customers specific needs.
Channels through which companies can communicate with its customers, are growing by the
day, and as a result, getting their time and attention has turned into a major challenge. One of
the reasons eCRM is so popular nowadays is that digital channels can create unique and
positive experiences not just transactions for customers. An extreme, but ever growing in
popularity, example of the creation of experiences in order to establish customer service is
the use of Virtual Worlds, such as Second Life. Furthermore, Information Technology has
helped companies to even further differentiate between customers and address a personal
message or service. Some examples of tools used in e-CRM:
Personalized Web Pages where customers are recognized and their preferences are
shown.
Customized products or services (Dell).
CRM programs should be directed towards customer value that competitors cannot
[12]
match. However, in a world where almost every company is connected to the Internet,
eCRM has become a requirement for survival, not just a competitive advantage.

Different Levels of eCRM


In defining the scope of eCRM, three different levels can be distinguished:
Foundational services
This includes the minimum necessary services such as web site effectiveness and
responsiveness as well as order fulfillment.
Customer-centered services
These services include order tracking, product configuration and customization as
well as security/trust.
Value-added services
These are extra services such as online auctions and online training and education.
Self-services are becoming increasingly important in CRM activities. The rise of the
Internet and eCRM has boosted the options for self-service activities. A critical success factor
is the integration of such activities into traditional channels. An example was Fords plan to
sell cars directly to customers via its Web Site, which provoked an outcry among its dealers

DEPARTMENT OF MANAGEMENT STUDIES 188


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

network. CRM activities are mainly of two different types. Reactive service is where the
customer has a problem and contacts the company. Proactive service is where the manager
has decided not to wait for the customer to contact the firm, but to be aggressive a contact the
customer himself in order to establish a dialogue and solve problems

Implementing and integrating CRM solutions


Several CRM software packages exist that can help companies in deploying CRM
activities. Besides choosing one of these packages, companies can also choose to design and
build their own solutions. In order to implement CRM in an effective way, one needs to
consider the following factors:
Create a customer-based culture in the organization.
Adopt customer-based managers to assess satisfaction.
Develop an end-to-end process to serve customers.
Recommend questions to be asked to help a customer solve a problem.
Track all aspects of selling to customers, as well as prospects.
Furthermore, CRM solutions are more effective once they are being implemented in
other information systems used by the company. Examples are Transaction Processing
System (TPS) to process data real-time, which can than be send to the sales and finance
departments in order to recalculate inventory and financial position quick and accurate. Once
this information is transferred back to the CRM software and services it could prevent
customers from placing an order in the belief that an item is in stock while it is not.

Failures of eCRM
Designing, creating and implementing IT projects has always been risky. Not only
because of the amount of money that is involved, but also because of the high chances of
failure. However, a positive trend can be seen, indicating that CRM failures dropped from a
failure rate of 80% in 1998, to about 40% in 2003.[22] Some of the major issues relating to
CRM failure are the following:
Difficulty in measuring and valuing intangible benefits.
Failure to identify and focus on specific business problems.
Lack of active senior management sponsorship.
Poor user acceptance.
Trying to automate a poorly defined process

DEPARTMENT OF MANAGEMENT STUDIES 189


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Data Mining and CRM


The first task, identifying market segments, requires significant data about prospective
customers and their buying behaviors. In theory, the more data the better. In practice,
however, massive data stores often impede marketers, who struggle to sift through the
minutiae to find the nuggets of valuable information.
Recently, marketers have added a new class of software to their targeting arsenal.
Data mining applications automate the process of searching the mountains of data to find
patterns that are good predictors of purchasing behaviors.
After mining the data, marketers must feed the results into campaign management
software that, as the name implies, manages the campaign directed at the defined market
segments. In the past, the link between data mining and campaign management software was
mostly manual. In the worst cases, it involved "sneaker net," creating a physical file on tape
or disk, which someone then carried to another computer and loaded into the marketing
database. This separation of the data mining and campaign management software introduces
considerable inefficiency and opens the door for human errors. Tightly integrating the two
disciplines presents an opportunity for companies to gain competitive advantage.

BUSINESS INTELLIGENCE
Business Intelligence (BI) refers to computer-based techniques used in spotting, digging-out,
and analyzing business data, such as sales revenue by products or departments or associated
costs and incomes.
BI technologies provide historical, current, and predictive views of business operations.
Common functions of Business Intelligence technologies are reporting, online analytical
processing, analytics, data mining, business performance management, benchmarking, text
mining, and predictive analytics.
Business Intelligence often aims to support better business decision-making. Thus a BI
system can be called a decision support system (DSS). Though the term business intelligence
is often used as a synonym for competitive intelligence, because they both support decision
making, BI uses technologies, processes, and applications to analyze mostly internal,
structured data and business processes while competitive intelligence, is done by gathering,
analyzing and disseminating information with or without support from technology and
applications, and focuses on all-source information and data (unstructured or structured),
mostly external to, but also internal to a company, to support decision making.
The following are the critical success factors for business intelligence implementation:

DEPARTMENT OF MANAGEMENT STUDIES 190


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Business-driven methodology & project management


Clear vision & planning
Committed management support & sponsorship
Data management & quality
Mapping solutions to user requirements
Performance considerations of the BI system
Robust & expandable framework

Capability Maturity Model


The Capability Maturity Model (CMM) is a service mark owned by Carnegie
Mellon University (CMU) and refers to a development model elicited from actual data. The
data were collected from organizations that contracted with the U.S. Department of Defense,
who funded the research, and they became the foundation from which CMU created the
Software Engineering Institute (SEI). Like any model it is an abstraction of an existing
system. Unlike many that are derived in academia, this model is based on observation rather
than on theory.
When it is applied to an existing organization's software development processes, it
allows an effective approach toward improving them. Eventually it became clear that the
model could be applied to other processes. This gave rise to a more general concept that is
applied to business processes and to developing people.
Overview - CMM
The Capability Maturity Model (CMM) was originally developed as a tool for
objectively assessing the ability of government contractors' processes to perform a contracted
software project. The CMM is based on the process maturity framework first described in the
1989 book Managing the Software Process by Watts Humphrey. It was later published in a
report in 1993 (Technical Report CMU/SEI-93-TR-024 ESC-TR-93-177 February 1993,
Capability Maturity Model SM for Software, Version 1.1) and as a book by the same authors
in 1995.
Though the CMM comes from the field of software development, it is used as a
general model to aid in improving organizational business processes in diverse areas; for
example in software engineering, system engineering, project management, software
maintenance, risk management, system acquisition, information technology (IT), services,
business processes generally, and human capital management. The CMM has been used
extensively worldwide in government, commerce, industry and software development
organizations.
CMM is superseded by CMMI

DEPARTMENT OF MANAGEMENT STUDIES 191


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

The CMM model proved useful to many organizations, but its application in software
development has sometimes been problematic. Applying multiple models that are not
integrated within and across an organization could be costly in terms of training, appraisals,
and improvement activities. The Capability Maturity Model Integration (CMMI) project was
formed to sort out the problem of using multiple CMMs.
For software development processes, the CMM has been superseded by Capability
Maturity Model Integration (CMMI), though the CMM continues to be a general theoretical
process capability model used in the public domain.
CMM is adapted to processes other than software development
The CMM was originally intended as a tool to evaluate the ability of government
contractors to perform a contracted software project. Though it comes from the area of
software development, it can be, has been, and continues to be widely applied as a general
model of the maturity of processes (e.g., IT Service Management processes) in IS/IT (and
other) organizations.
Maturity model
A maturity model can be described as a structured collection of elements that describe
certain aspects of maturity in an organization. A maturity model may provide, for example :

A place to start
The benefit of a communitys prior experiences
A common language and a shared vision
A framework for prioritizing actions
A way to define what improvement means for your organization.

A maturity model can be used as a benchmark for comparison and as an aid to understanding
- for example, for comparative assessment of different organizations where there is
something in common that can be used as a basis for comparison. In the case of the CMM,
for example, the basis for comparison would be the organizations' software development
processes.
Capability Maturity Model structure
The Capability Maturity Model involves the following aspects:
Maturity Levels: a 5-Level process maturity continuum - where the uppermost (5th)
level is a notional ideal state where processes would be systematically managed by a
combination of process optimization and continuous process improvement.

DEPARTMENT OF MANAGEMENT STUDIES 192


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Key Process Areas: a Key Process Area (KPA) identifies a cluster of related activities
that, when performed collectively, achieve a set of goals considered important.
Goals: the goals of a key process area summarize the states that must exist for that
key process area to have been implemented in an effective and lasting way. The
extent to which the goals have been accomplished is an indicator of how much
capability the organization has established at that maturity level. The goals signify the
scope, boundaries, and intent of each key process area.
Common Features: common features include practices that implement and
institutionalize a key process area. There are five types of common features:
commitment to Perform, Ability to Perform, Activities Performed, Measurement and
Analysis, and Verifying Implementation.
Key Practices: The key practices describe the elements of infrastructure and practice
that contribute most effectively to the implementation and institutionalization of the
KPAs.

Levels of the Capability Maturity Model


There are five levels defined along the continuum of the CMM,[8] and, according to the
SEI: "Predictability, effectiveness, and control of an organization's software processes are
believed to improve as the organization moves up these five levels. While not rigorous, the
empirical evidence to date supports this belief."
Initial (chaotic, ad hoc, individual heroics) - the starting point for use of a new
process.
Managed - the process is managed according to the metrics described in the Defined
stage.
Defined - the process is defined/confirmed as a standard business process, and
decomposed to levels 0, 1 and 2 (the latter being Work Instructions).
Quantitatively managed
Optimized - process management includes deliberate process
optimization/improvement.
Within each of these maturity levels are Key Process Areas (KPAs) which characterise
that level, and for each KPA there are five definitions identified:
Goals
Commitment
Ability

DEPARTMENT OF MANAGEMENT STUDIES 193


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Measurement
Verification
The KPAs are not necessarily unique to CMM, representing as they do the stages
that organizations must go through on the way to becoming mature.
The CMM provides a theoretical continuum along which process maturity can be
developed incrementally from one level to the next. Skipping levels is not allowed/feasible.
The CMM was originally intended as a tool to evaluate the ability of government
contractors to perform a contracted software project. It has been used for and may be suited
to that purpose, but critics pointed out that process maturity according to the CMM was not
necessarily mandatory for successful software development. There were/are real-life
examples where the CMM was arguably irrelevant to successful software development, and
these examples include many Shrinkwrap companies (also called commercial-off-the-shelf or
"COTS" firms or software package firms). Such firms would have included, for example,
Claris, Apple, Symantec, Microsoft, and Lotus. Though these companies may have
successfully developed their software, they would not necessarily have considered or defined
or managed their processes as the CMM described as level 3 or above, and so would have
fitted level 1 or 2 of the model. This did not - on the face of it - frustrate the successful
development of their software.
Level 1 - Initial (Chaotic)
It is characteristic of processes at this level that they are (typically) undocumented and
in a state of dynamic change, tending to be driven in an ad hoc, uncontrolled and
reactive manner by users or events. This provides a chaotic or unstable environment
for the processes.

Level 2 - Repeatable
It is characteristic of processes at this level that some processes are repeatable,
possibly with consistent results. Process discipline is unlikely to be rigorous, but
where it exists it may help to ensure that existing processes are maintained during
times of stress.

Level 3 - Defined
It is characteristic of processes at this level that there are sets of defined and
documented standard processes established and subject to some degree of
improvement over time. These standard processes are in place (i.e., they are the AS-IS

DEPARTMENT OF MANAGEMENT STUDIES 194


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

processes) and used to establish consistency of process performance across the


organization.

Level 4 - Managed
It is characteristic of processes at this level that, using process metrics, management
can effectively control the AS-IS process (e.g., for software development ). In
particular, management can identify ways to adjust and adapt the process to particular
projects without measurable losses of quality or deviations from specifications.
Process Capability is established from this level.

Level 5 - Optimized
It is a characteristic of processes at this level that the focus is on continually
improving process performance through both incremental and innovative
technological changes/improvements.

At maturity level 5, processes are concerned with addressing statistical common


causes of process variation and changing the process (for example, to shift the mean of the
process performance) to improve process performance. This would be done at the same time
as maintaining the likelihood of achieving the established quantitative process-improvement
objectives.

Software process framework for Capability Maturity Model


The software process framework documented is intended to guide those wishing to
assess an organization/projects consistency with the CMM. For each maturity level there are
five checklist types:

TypeSD Description

Policy Describes the policy contents and KPA goals recommended by the CMM.

Standard Describes the recommended content of select work products described in the CMM.

Describes the process information content recommended by the CMM. The process
Process checklists are further refined into checklists for:

roles

DEPARTMENT OF MANAGEMENT STUDIES 195


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

entry criteria
inputs
activities
outputs
exit criteria
reviews and audits
work products managed and controlled
measurements
documented procedures
training
tools

Procedure Describes the recommended content of documented procedures described in the CMM.

An Introduction to Data Mining


Discovering hidden value in your data warehouse
Overview
Data mining, the extraction of hidden predictive information from large databases, is
a powerful new technology with great potential to help companies focus on the most
important information in their data warehouses. Data mining tools predict future trends and
behaviors, allowing businesses to make proactive, knowledge-driven decisions. The
automated, prospective analyses offered by data mining move beyond the analyses of past
events provided by retrospective tools typical of decision support systems. Data mining tools
can answer business questions that traditionally were too time consuming to resolve. They
scour databases for hidden patterns, finding predictive information that experts may miss
because it lies outside their expectations.

The Foundations of Data Mining


Data mining techniques are the result of a long process of research and product
development. This evolution began when business data was first stored on computers,
continued with improvements in data access, and more recently, generated technologies that
allow users to navigate through their data in real time. Data mining takes this evolutionary
process beyond retrospective data access and navigation to prospective and proactive
information delivery. Data mining is ready for application in the business community because
it is supported by three technologies that are now sufficiently mature:
Massive data collection

DEPARTMENT OF MANAGEMENT STUDIES 196


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Powerful multiprocessor computers


Data mining algorithms
In the evolution from business data to business information, each new step has built upon
the previous one. For example, dynamic data access is critical for drill-through in data
navigation applications, and the ability to store large databases is critical to data mining.
From the users point of view, the four steps listed in Table 1 were revolutionary because
they allowed new business questions to be answered accurately and quickly.

Evolutionary Step Business Question Enabling Technologies Product Characteristics


Providers

Data Collection "What was my total revenue Computers, tapes, disks IBM, CDC Retrospective,
in the last five years?" static data
(1960s) delivery

Data Access "What were unit sales in Relational databases Oracle, Sybase, Retrospective,
New England last March?" (RDBMS), Structured Informix, IBM, dynamic data
(1980s) Query Language (SQL), Microsoft delivery at
ODBC record level

Data Warehousing "What were unit sales in On-line analytic Pilot, Comshare, Retrospective,
& New England last March? processing (OLAP), Arbor, Cognos, dynamic data
Drill down to Boston." multidimensional Microstrategy delivery at
Decision Support databases, data multiple levels
(1990s) warehouses

Data Mining "Whats likely to happen to Advanced algorithms, Pilot, Lockheed, Prospective,
Boston unit sales next multiprocessor IBM, SGI, proactive
(Emerging Today) month? Why?" computers, massive numerous startups information
databases (nascent industry) delivery

Table 1.Steps in the Evolution of Data Mining.

The Scope of Data Mining


Data mining derives its name from the similarities between searching for valuable
business information in a large database for example, finding linked products in gigabytes
of store scanner data and mining a mountain for a vein of valuable ore. Both processes
require either sifting through an immense amount of material, or intelligently probing it to
find exactly where the value resides. Given databases of sufficient size and quality, data
mining technology can generate new business opportunities by providing these capabilities:

DEPARTMENT OF MANAGEMENT STUDIES 197


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Automated prediction of trends and behaviors. Data mining automates the process
of finding predictive information in large databases. Questions that traditionally
required extensive hands-on analysis can now be answered directly from the data
quickly. A typical example of a predictive problem is targeted marketing. Data mining
uses data on past promotional mailings to identify the targets most likely to maximize
return on investment in future mailings. Other predictive problems include forecasting
bankruptcy and other forms of default, and identifying segments of a population likely
to respond similarly to given events.
Automated discovery of previously unknown patterns. Data mining tools sweep
through databases and identify previously hidden patterns in one step. An example of
pattern discovery is the analysis of retail sales data to identify seemingly unrelated
products that are often purchased together. Other pattern discovery problems include
detecting fraudulent credit card transactions and identifying anomalous data that could
represent data entry keying errors.
Data mining techniques can yield the benefits of automation on existing software and
hardware platforms, and can be implemented on new systems as existing platforms are
upgraded and new products developed. When data mining tools are implemented on high
performance parallel processing systems, they can analyze massive databases in minutes.
Faster processing means that users can automatically experiment with more models to
understand complex data. High speed makes it practical for users to analyze huge quantities
of data. Larger databases, in turn, yield improved predictions.
Databases can be larger in both depth and breadth:
More columns. Analysts must often limit the number of variables they examine when
doing hands-on analysis due to time constraints. Yet variables that are discarded
because they seem unimportant may carry information about unknown patterns. High
performance data mining allows users to explore the full depth of a database, without
preselecting a subset of variables.
More rows. Larger samples yield lower estimation errors and variance, and allow
users to make inferences about small but important segments of a population.
The most commonly used techniques in data mining are:
Artificial neural networks: Non-linear predictive models that learn through training
and resemble biological neural networks in structure.

DEPARTMENT OF MANAGEMENT STUDIES 198


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Decision trees: Tree-shaped structures that represent sets of decisions. These


decisions generate rules for the classification of a dataset. Specific decision tree
methods include Classification and Regression Trees (CART) and Chi Square
Automatic Interaction Detection (CHAID) .
Genetic algorithms: Optimization techniques that use processes such as genetic
combination, mutation, and natural selection in a design based on the concepts of
evolution.
Nearest neighbor method: A technique that classifies each record in a dataset based
on a combination of the classes of the k record(s) most similar to it in a historical
dataset (where k 1). Sometimes called the k-nearest neighbor technique.
Rule induction: The extraction of useful if-then rules from data based on statistical
significance.
Many of these technologies have been in use for more than a decade in specialized
analysis tools that work with relatively small volumes of data. These capabilities are now
evolving to integrate directly with industry-standard data warehouse and OLAP platforms.
The appendix to this white paper provides a glossary of data mining terms.

How Data Mining Works


How exactly is data mining able to tell you important things that you didn't know or
what is going to happen next? The technique that is used to perform these feats in data
mining is called modeling. Modeling is simply the act of building a model in one situation
where you know the answer and then applying it to another situation that you don't. For
instance, if you were looking for a sunken Spanish galleon on the high seas the first thing you
might do is to research the times when Spanish treasure had been found by others in the past.
You might note that these ships often tend to be found off the coast of Bermuda and that there
are certain characteristics to the ocean currents, and certain routes that have likely been taken
by the ships captains in that era. You note these similarities and build a model that includes
the characteristics that are common to the locations of these sunken treasures. With these
models in hand you sail off looking for treasure where your model indicates it most likely
might be given a similar situation in the past. Hopefully, if you've got a good model, you find
your treasure.

DEPARTMENT OF MANAGEMENT STUDIES 199


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

This act of model building is thus something that people have been doing for a long
time, certainly before the advent of computers or data mining technology. What happens on
computers, however, is not much different than the way people build models. Computers are
loaded up with lots of information about a variety of situations where an answer is known and
then the data mining software on the computer must run through that data and distill the
characteristics of the data that should go into the model. Once the model is built it can then be
used in similar situations where you don't know the answer. For example, say that you are the
director of marketing for a telecommunications company and you'd like to acquire some new
long distance phone customers. You could just randomly go out and mail coupons to the
general population - just as you could randomly sail the seas looking for sunken treasure. In
neither case would you achieve the results you desired and of course you have the
opportunity to do much better than random - you could use your business experience stored
in your database to build a model.
As the marketing director you have access to a lot of information about all of your
customers: their age, sex, credit history and long distance calling usage. The good news is
that you also have a lot of information about your prospective customers: their age, sex,
credit history etc. Your problem is that you don't know the long distance calling usage of
these prospects (since they are most likely now customers of your competition). You'd like to
concentrate on those prospects who have large amounts of long distance usage. You can
accomplish this by building a model. Table 2 illustrates the data used for building a model for
new customer prospecting in a data warehouse.

Customers Prospects

General information (e.g. demographic data) Known Known

Proprietary information (e.g. customer Known Target


transactions)

Table 2 - Data Mining for Prospecting

The goal in prospecting is to make some calculated guesses about the information in the
lower right hand quadrant based on the model that we build going from Customer General
Information to Customer Proprietary Information. For instance, a simple model for a
telecommunications company might be:

DEPARTMENT OF MANAGEMENT STUDIES 200


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

98% of my customers who make more than $60,000/year spend more than $80/month
on long distance
This model could then be applied to the prospect data to try to tell something about the
proprietary information that this telecommunications company does not currently have access
to. With this model in hand new customers can be selectively targeted.
Test marketing is an excellent source of data for this kind of modeling. Mining the results
of a test market representing a broad but relatively small sample of prospects can provide a
foundation for identifying good prospects in the overall market. Table 3 shows another
common scenario for building models: predict what is going to happen in the future.

Yesterday Today Tomorrow

Static information and current plans (e.g. Known Known Known


demographic data, marketing plans)

Dynamic information (e.g. customer Known Known Target


transactions)

Table 3 - Data Mining for Predictions

If someone told you that he had a model that could predict customer usage how would
you know if he really had a good model? The first thing you might try would be to ask him to
apply his model to your customer base - where you already knew the answer. With data
mining, the best way to accomplish this is by setting aside some of your data in a vault to
isolate it from the mining process. Once the mining is complete, the results can be tested
against the data held in the vault to confirm the models validity. If the model works, its
observations should hold for the vaulted data.

Architecture for Data Mining


To best apply these advanced techniques, they must be fully integrated with a data
warehouse as well as flexible interactive business analysis tools. Many data mining tools
currently operate outside of the warehouse, requiring extra steps for extracting, importing,
and analyzing the data. Furthermore, when new insights require operational implementation,
integration with the warehouse simplifies the application of results from data mining. The
resulting analytic data warehouse can be applied to improve business processes throughout
the organization, in areas such as promotional campaign management, fraud detection, new

DEPARTMENT OF MANAGEMENT STUDIES 201


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

product rollout, and so on. Figure 1 illustrates an architecture for advanced analysis in a large
data warehouse.

Figure 1 - Integrated Data Mining Architecture


The ideal starting point is a data warehouse containing a combination of internal data
tracking all customer contact coupled with external market data about competitor activity.
Background information on potential customers also provides an excellent basis for
prospecting. This warehouse can be implemented in a variety of relational database systems:
Sybase, Oracle, Redbrick, and so on, and should be optimized for flexible and fast data
access.
An OLAP (On-Line Analytical Processing) server enables a more sophisticated end-
user business model to be applied when navigating the data warehouse. The multidimensional
structures allow the user to analyze the data as they want to view their business
summarizing by product line, region, and other key perspectives of their business. The Data
Mining Server must be integrated with the data warehouse and the OLAP server to embed
ROI-focused business analysis directly into this infrastructure. An advanced, process-centric
metadata template defines the data mining objectives for specific business issues like
campaign management, prospecting, and promotion optimization. Integration with the data
warehouse enables operational decisions to be directly implemented and tracked. As the
warehouse grows with new decisions and results, the organization can continually mine the
best practices and apply them to future decisions.
This design represents a fundamental shift from conventional decision support
systems. Rather than simply delivering data to the end user through query and reporting
software, the Advanced Analysis Server applies users business models directly to the
warehouse and returns a proactive analysis of the most relevant information. These results
enhance the metadata in the OLAP Server by providing a dynamic metadata layer that

DEPARTMENT OF MANAGEMENT STUDIES 202


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

represents a distilled view of the data. Reporting, visualization, and other analysis tools can
then be applied to plan future actions and confirm the impact of those plans.

Profitable Applications
A wide range of companies have deployed successful applications of data mining.
While early adopters of this technology have tended to be in information-intensive industries
such as financial services and direct mail marketing, the technology is applicable to any
company looking to leverage a large data warehouse to better manage their customer
relationships. Two critical factors for success with data mining are: a large, well-integrated
data warehouse and a well-defined understanding of the business process within which data
mining is to be applied (such as customer prospecting, retention, campaign management, and
so on).
Some successful application areas include:
A pharmaceutical company can analyze its recent sales force activity and their results
to improve targeting of high-value physicians and determine which marketing
activities will have the greatest impact in the next few months. The data needs to
include competitor market activity as well as information about the local health care
systems. The results can be distributed to the sales force via a wide-area network that
enables the representatives to review the recommendations from the perspective of the
key attributes in the decision process. The ongoing, dynamic analysis of the data
warehouse allows best practices from throughout the organization to be applied in
specific sales situations.
A credit card company can leverage its vast warehouse of customer transaction data to
identify customers most likely to be interested in a new credit product. Using a small
test mailing, the attributes of customers with an affinity for the product can be
identified. Recent projects have indicated more than a 20-fold decrease in costs for
targeted mailing campaigns over conventional approaches.
A diversified transportation company with a large direct sales force can apply data
mining to identify the best prospects for its services. Using data mining to analyze its
own customer experience, this company can build a unique segmentation identifying
the attributes of high-value prospects. Applying this segmentation to a general
business database such as those provided by Dun & Bradstreet can yield a prioritized
list of prospects by region.

DEPARTMENT OF MANAGEMENT STUDIES 203


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

A large consumer package goods company can apply data mining to improve its sales
process to retailers. Data from consumer panels, shipments, and competitor activity
can be applied to understand the reasons for brand and store switching. Through this
analysis, the manufacturer can select promotional strategies that best reach their target
customer segments.
Each of these examples have a clear common ground. They leverage the knowledge about
customers implicit in a data warehouse to reduce costs and improve the value of customer
relationships. These organizations can now focus their efforts on the most important
(profitable) customers and prospects, and design targeted marketing strategies to best reach
them.
Comprehensive data warehouses that integrate operational data with customer, supplier,
and market information have resulted in an explosion of information. Competition requires
timely and sophisticated analysis on an integrated view of the data. However, there is a
growing gap between more powerful storage and retrieval systems and the users ability to
effectively analyze and act on the information they contain. Both relational and OLAP
technologies have tremendous capabilities for navigating massive data warehouses, but brute
force navigation of data is not enough.
Data warehousing
A data warehousing is repository or archive the information gathered from wide multiple
sources, stored under a unified scheme, at a single site. This data is stored generally for a long time
permitting access to historical data. In this way, data warehouse are useful by providing the user a
single consolidated interface to data, making decision support queries easier to attend. By accessing
information for decision supports from a data warehouse, the decision maker is assured that on-line
TPS are not affected by decision support workload.
Below shows the figure the architecture of a typical data warehouse, covering (i) the
gathering of data (ii) the storage of data and (iii) the querying and data analysis support.
Data Source
Data Source
Data Source
5

Data Source
4 Data Source
6

Data Source 3
Data Source
7

Data Source Data Source


2 8

1
Data Loaders n

DEPARTMENT OF MANAGEMENT STUDIES


DBMS 204
NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Data Warehouse Architecture

In building a warehouse, the following issues are to be addressed:

When and how to gather data?


What scheme is to be used?
How to propagate updates?
What data to summarize?
Big companies have innumerable number of branches, each of which may generate a
large volume of data, eg: large retail chains, insurance companies have many branches, each
of which data have. They also have a complex internal organization structure resulting in a
data in different location, on different operational systems, under different schemas.eg:
maintenance problem and customer servicing data may be stored different database systems.
Hence corporate decision makers require access to information from all sources. Further,
setting up queries on individual sources in cumbersome and inefficient, as many a times the
sources store only current data and decision makers need the past data also. Data warehouse
on such occasions provide a solution to these problems.

E-Governance
Several dimension and factors influence the definition of e-Governance. The word
electronic in the term e-Governance implies technology driven governance. E-Governance
is the application of Information and Communication Technology (ICT) for delivering
government services, exchange of information communication transactions, integration of
various stand-alone systems and services between Government-to-Citizens (G2C),
Government-to-Business(G2B),Government-to-Government( G2G) as well as back office

DEPARTMENT OF MANAGEMENT STUDIES 205


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

processes and interactions within the entire government frame work. [1] Through the e-
Governance, the government services will be made available to the citizens in a convenient,
efficient and transparent manner. The three main target groups that can be distinguished in
governance concepts are Government, citizens and businesses/interest groups. In
eGovernance there are no distinct boundaries.

Generally four basic models are available-Government to Customer (Citizen),


Government to Employees, Government to Government and Government to Business;

Difference between e-governance and e-government


Both the terms are treated to be the same, however, there is some difference between
the two. "E-government" is the use of the ICTs in public administrations- combined with
organisational change and new skills- to improve public services and democratic processes
and to strengthen support to public". The problem in this definition to be congruent with the
definition of e-governance is that there is no provision for governance of ICTs. As a matter of
fact, the governance of ICTs requires most probably a substantial increase in regulation and
policy- making capabilities,with all the expertise and opinion-shaping processes among the
various social stakeholders of these concerns. So, the perspective of the e-governance is "the
use of the technologies that both help governing and have to be governed".

E-Governance is the future, many countries are looking forward to for a corruption free
government. E-government is one-way communication protocol whereas E-governance is
two-way communication protocol. The essence of E-governance is to reach the beneficiary
and ensure that the services intended to reach the desired individual has been met with. There
should be an auto-response system to support the essence of E-governance, whereby the
Government realizes the efficacy of its governance. E-governance is by the governed, for the
governed and of the governed.

Establishing the identity of the end beneficiary is a true challenge in all citizen-centric
services. Statistical information published by governments and world bodies do not always
reveal the facts. Best form of E-governance cuts down on unwanted interference of too many
layers while delivering governmental services. It depends on good infrastructural setup with
the support of local processes and parameters for governments to reach their citizens or end
beneficiaries. Budget for planning, development and growth can be derived from well laid
out E-governance systems.

ERP is short for Enterprise Resource Planning.

DEPARTMENT OF MANAGEMENT STUDIES 206


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

This system integrates internal and external management information across an entire
organizationembracing finance/accounting, manufacturing, sales and service, customer
relationship management, etc. ERP systems automate this activity with an
integrated software application. The purpose of ERP is to facilitate the flow of information
between all business functions inside the boundaries of the organization and manage the
connections to outside stakeholders.

Enterprise resource planning (ERP) is business management software that allows an


organization to use a system of integrated applications to manage the business. ERP software
integrates all facets of an operation, including development, manufacturing, sales and
marketing.
Origin of "ERP"
In 1990 Gartner Group first employed the acronym ERP as an extension of material
requirements planning (MRP), later manufacturing resource planning and computer-
integrated manufacturing. Without supplanting these terms, ERP came to represent a larger
whole, reflecting the evolution of application integration beyond manufacturing. Not all ERP
packages were developed from a manufacturing core. Vendors variously began with
accounting, maintenance and human resources. By the mid1990s ERP systems addressed all
core functions of an enterprise. Beyond corporations, governments and nonprofit
organizations also began to employ ERP systems.

Expansion
ERP systems experienced rapid growth in the 1990s because the year 2000
problem and introduction of the Euro disrupted legacy systems. Many companies took this
opportunity to replace such systems with ERP.

ERP systems initially focused on automating back office functions that did not
directly affect customers and the general public. Front office functions such as customer
relationship management (CRM) dealt directly with customers, or ebusiness systems such as
ecommerce, egovernment, etelecom, and efinance, or supplier relationship
management (SRM) became integrated later, when the Internet simplified communicating
with external parties.

"ERP II" was coined in the early 2000s. It describes webbased software that allows
both employees and partners (such as suppliers and customers) realtime access to the
systems. The role of ERP II expands from the resource optimization and transaction

DEPARTMENT OF MANAGEMENT STUDIES 207


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

processing of traditional ERP to leveraging the information involving those resources in the
enterprises efforts to collaborate with other enterprises, not just to conduct e-commerce
buying and selling.[9] ERP II is more flexible than the first generation ERP. Rather than
confine ERP system capabilities within the organization, it goes beyond the corporate walls
to interact with other systems. Enterprise application suite is an alternate name for such
systems.

Two-tier enterprise resource planning


Two-tier ERP comprises software and hardware that allows these companies to run
the equivalent of two ERP systems at once: one at the corporate level and one at the division
or subsidiary level. For example, a manufacturing company uses an ERP system to manage
the company across the organization. This company uses global or regional suppliers,
production centers, and service providers to support the manufacturing companys customers.

These suppliers, production centers, and service providers are independent companies
that maintain their own brand and business model. These companies also have their own
workflows and processes. Given the realities of globalization, enterprises continuously
evaluate how to optimize their regional, divisional and product-based manufacturing
strategies to support strategic goals and reduce time-to-market while increasing profitability
and delivering value.With two-tier ERP, these companies continue operating under their own
business model separate from the manufacturing company. Since these companies' processes
and workflows are not tied to manufacturing company's processes and workflows, they can
respond to local business requirements in multiple locations.

Factors affecting enterprises adopting two-tier ERP systems are the globalization of
manufacturing or the economics of sourcing in emerging economies. Two-tier ERP strategies
give enterprises agility in responding to market demands and in aligning IT systems at a
corporate level.

Characteristics
ERP (Enterprise Resource Planning) systems typically include the following
characteristics:

An integrated system that operates in real time (or next to real time), without relying
on periodic updates.

A common database, which supports all applications.

A consistent look and feel throughout each module.

DEPARTMENT OF MANAGEMENT STUDIES 208


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Installation of the system without elaborate application/data integration by the


Information Technology (IT) department.

Functional areas
The following are common functional areas covered in an ERP System. In many ERP
Systems these are called and grouped together as ERP Modules:

Financial Accounting
General Ledger, Fixed Asset, Payables, Receivables, Cash Management, Financial
Consolidation
Management Accounting
Budgeting, Costing, Cost Management, Activity Based Costing
Human Resources
Recruiting, Training, Payroll, Benefits, 401K, Diversity
Management, Retirement, Separation
Manufacturing
Engineering, Bill of Materials, Work Orders, Scheduling, Capacity, Workflow
Management, Quality Control, Manufacturing Process, Manufacturing Projects,
Manufacturing Flow, Product Life Cycle Management
Supply Chain Management
Supply Chain Planning, Supplier Scheduling, Order to
Cash, Purchasing, Inventory, Product Configurator, Claim Processing
Project Management
Project Planning, Resource Planning, Project Costing, Work Break Down
Structure, Billing, Time and Expense, Performance Units, Activity Management
Customer Relationship Management
Sales and Marketing, Commissions, Service, Customer Contact, Call Center Support -
CRM systems are not always considered part of ERP systems but rather BSS systems
. Specifically in Telecom scenario
Data Services
Various "selfservice" interfaces for customers, suppliers and/or employees
Access Control
Management of user privileges for various processes
Components
Transactional database

DEPARTMENT OF MANAGEMENT STUDIES 209


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Management portal/dashboard
Business intelligence system
Customizable reporting
External access via technology such as web services
Search
Document management
Messaging/chat/wiki
Workflow management
Advantages
The fundamental advantage of ERP is that integrating myriad businesses processes saves time
and expense. Management can make decisions faster, and with fewer errors. Data becomes
visible across the organization. Tasks that benefit from this integration include:

Sales forecasting, which allows inventory optimization?

Chronological history of every transaction through relevant data compilation in every


area of operation.
Order tracking, from acceptance through fulfillment
Revenue tracking, from invoice through cash receipt
Matching purchase orders (what was ordered), inventory receipts (what arrived),
and costing (what the vendor invoiced)

ERP systems centralize business data, bringing the following benefits:

They eliminate the need to synchronize changes between multiple systems


consolidation of finance, marketing and sales, human resource, and manufacturing
applications
They bring legitimacy and transparency in each bit of statistical data.
They enable standard product naming/coding.
They provide a comprehensive enterprise view (no "islands of information"). They
make realtime information available to management anywhere, any time to make
proper decisions.
They protect sensitive data by consolidating multiple security systems into a single
structure.

DEPARTMENT OF MANAGEMENT STUDIES 210


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Benefits

ERP can greatly improve the quality and efficiency of a business. By keeping a
company's internal business process running smoothly, ERP can lead to better outputs
that benefit the company such as customer service, and manufacturing.
ERP provides support to upper level management to provide them with critical
decision making information. This decision support allows the upper level
management to make managerial choices that enhance the business down the road.
ERP also creates a more agile company that can better adapt to situations and
changes. ERP makes the company more flexible and less rigidly structured in an
effort to allow the different parts of an organization to become more cohesive, in turn,
enhancing the business both internally and externally.
Disadvantages

Customization is problematic.
Re-engineering business processes to fit the ERP system may damage
competitiveness or divert focus from other critical activities.
ERP can cost more than less integrated or less comprehensive solutions.
High ERP switching costs can increase the ERP vendor's negotiating power, which
can result in higher support, maintenance, and upgrade expenses.
Overcoming resistance to sharing sensitive information between departments can
divert management attention.
Integration of truly independent businesses can create unnecessary dependencies.
Extensive training requirements take resources from daily operations.
Due to ERP's architecture (OLTP, On-Line Transaction Processing) ERP systems are
not well suited for production planning and supply chain management (SCM)
Harmonization of ERP systems can be a mammoth task (especially for big
companies) and requires a lot of time, planning and money.

Recognized ERP limitations have sparked new trends in ERP application development.
Development is taking place in four significant areas: more flexible ERP, Web-enable ERP,
inter-enterprise ERP, and e-business suites. Each of these potentially addresses current ERP
failings.

DEPARTMENT OF MANAGEMENT STUDIES 211


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

2 Marks
1. What do you mean by E-Business?
2. State the Models of E-Business
3. State the Subsets of E-Business
4. State the classification of Provider and Consumer in E-Business
5. What do you mean by Pervasive Computing?
6. What do you mean by E-CRM
7. State the Levels of E-CRM
8. Failure of E-CRM
9. Data Mining and E-CRM
10. Acronym of E-Business, E-CRM, CMM, ERP
11. What do you mean by CMM?
12. What do you mean by Maturity Model?
13. State theLevels of capability maturity model
14. What do you mean by Data Mining?
15. State the scope of Data mining.
16. What do you mean by Data warehousing?
17. Describe the architecture of data warehousing?
18. What do you mean by e-governance?
19. What do you mean by SCM in IS?
20. State theDifference between E-Governance and E-Government
21. What do you mean by ERP?
22. State theAdvantages and Disadvantages of ERP
23. What are the components of ERP?

DEPARTMENT OF MANAGEMENT STUDIES 212


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

16 Marks
1. Briefly elaborate the E-Business
2. Explain the Pervasive Computing
3. Explain the E-Customer relationship management
4. Briefly elaborate the Business Intelligence (BI)
5. Briefly elaborate the Capability Maturity Model
6. Explain the Data mining and data warehousing
7. Briefly elaborate the architecture of data warehousing
8. Briefly elaborate the Supply chain management information system
9. Briefly elaborate the E-Governance
10. Briefly elaborate the ERP

DEPARTMENT OF MANAGEMENT STUDIES 213


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

Reference/ Wibliography
http://en.wikipedia.org/wiki/Management_information_system
http://www.mu.ac.in/mis.pdf
http://www.google.co.in/url?sa=t&rct=j&q=management+information+system&source=web
&cd=5&cad=rja&ved=0CEkQFjAE&url=http%3A%2F%2Fwww.csus.edu%2Findiv%2Fe%
2Featonr%2Fmis%2520175%2520notes%2Fch01a.ppt&ei=yizIULrFIsTwrQfmu4HAAg&us
g=AFQjCNF8Vr3sPYm8MZ1NduwGrEtPj_8geA&bvm=bv.1354675689,d.bmk
http://en.wikipedia.org/wiki/Systems_development_life-cycle
http://www.slideshare.net/BalaMurugan12/savedfiles?s_title=chapter-5-mis-software-
development-life-cycle&user_login=bsetm
http://www.google.co.in/url?sa=t&rct=j&q=SDLC+in+MIS&source=web&cd=5&cad=rja&v
ed=0CFIQFjAE&url=http%3A%2F%2Fclasses.bus.oregonstate.edu%2Fspring05%2Fba378
%2FLectures%2FS05_18_SDLC.ppt&ei=FujKUJbnIYWPrgeXi4DQCw&usg=AFQjCNF9g7
SICK6UisCmIHXUjpMCcOvjxg&bvm=bv.1355325884,d.bmk
http://www.google.co.in/url?sa=t&rct=j&q=SDLC+in+MIS&source=web&cd=7&cad=rja&v
ed=0CF4QFjAG&url=http%3A%2F%2Fwww.csus.edu%2Findiv%2Fe%2Featonr%2FMIS%
2520175%2520Notes%2Fsysdev.ppt&ei=FujKUJbnIYWPrgeXi4DQCw&usg=AFQjCNEJU
HKrA1ajj72lo_HXXCG4joZlZg&bvm=bv.1355325884,d.bmk
http://bajobs.hubpages.com/hub/what-is-SDLC-System-development-life-cycle
https://sites.google.com/site/svmstudies/study-materials/ba925---mis---materials
http://www.sagepub.com/upm-
data/19325_entire_chapter_devoted_to_information_systems.pdf
http://www.slideshare.net/BalaMurugan12/savedfiles?s_title=laudon-mis9-
ch16&user_login=drmus
http://www.google.co.in/url?sa=t&rct=j&q=international+information+system&source=web
&cd=5&cad=rja&ved=0CEgQFjAE&url=http%3A%2F%2Fwww.uop.edu.jo%2Fissa%2Fmis
%2FMIS8Ch15.ppt&ei=9vDKUJ3UDdHqrQeGxIA4&usg=AFQjCNHBL-
6xJiv5u7Dw6loRx0tLaXR69A&bvm=bv.1355325884,d.bmk
http://en.wikipedia.org/wiki/Database_management_system
http://www.nou.edu.ng/noun/NOUN_OCL/pdf/pdf2/MBA%20758%20Database%20Manage
ment%20System.pdf
https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&ved=0C
EIQFjAD&url=http%3A%2F%2Fwww.knowledgeboard.com%2Fdownload%2F630%2FKM
_IS_publ.pdf&ei=bajzUMycOoSxkgXxioDICw&usg=AFQjCNGBkcLr4_93ewydENzLTFG
A0B_-jg&bvm=bv.1357700187,d.dGI

DEPARTMENT OF MANAGEMENT STUDIES 214


NPR COLLEGE OF ENGINEERING & TECHNOLOGY
NPR. Nagar, Natham - 624 401, Tamil Nadu, India.
Phone No. : 04544 - 305500, 501 & Fax No: 04544-305562
Website: www.nprcolleges.org E-Mail: nprgi@nprcolleges.org

http://en.wikipedia.org/wiki/Knowledge_management
https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0C
DYQFjAA&url=http%3A%2F%2Fwww.isaca.org%2FJournal%2FPast-
Issues%2F2006%2FVolume-2%2FDocuments%2Fjpdf0601-generalized-audit-
software.pdf&ei=fO_zUJ7CH8OlkAXanYHQBA&usg=AFQjCNF7mNKD6uE8Y4oxYbXz3
vmdR3qJcQ&bvm=bv.1357700187,d.bmk
https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&ved=0C
DwQFjAB&url=http%3A%2F%2Fwww.auditsoftware.net%2Fdocuments%2Fgeneralizedaud
itsoftware.pdf&ei=fO_zUJ7CH8OlkAXanYHQBA&usg=AFQjCNHZQSc2ZW4dSQwsjL3V
8LFAgnz0Eg&bvm=bv.1357700187,d.bmk
http://en.wikipedia.org/wiki/Error_detection_and_correction
https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&ved=0C
EUQFjAD&url=http%3A%2F%2Fwww.cis.upenn.edu%2F~palsetia%2Fcit595s08%2FLectu
res08%2FErrorCD.pdf&ei=4fDzUKmpOYe7kQWQ6oHYCw&usg=AFQjCNFfDUujjl9EjBk
TS-GZOzl0iF9_bA&bvm=bv.1357700187,d.bmk
https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0C
C4QFjAA&url=http%3A%2F%2Fwww.montgomerycountymd.gov%2Fcontent%2Fcjcc%2F
pdf%2Fcomputer_crime_study.pdf&ei=jPHzUPP3I83ckgWs4oDQCQ&usg=AFQjCNEPUw
OkVZvoS2y6_rzgwD0KZZ-qEA&bvm=bv.1357700187,d.bmk
http://ptucse.loremate.com/cn/node/8
http://en.wikipedia.org/wiki/Vulnerability_(computing)
http://en.wikipedia.org/wiki/Vulnerability
http://www.wlv.ac.uk/its/default.aspx?page=7019
http://www.acunetix.com/websitesecurity/website-auditing-wp/
https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=6&cad=rja&ved=0C
E4QFjAF&url=http%3A%2F%2Fwww.f5.com%2Fpdf%2Fwhite-papers%2Fsecuringaccess-
wp.pdf&ei=BKL1UJC8D4uXkQXWl4HoAg&usg=AFQjCNH1JPpm9Fz59JjRaWZ3CeA4c
EHc3w&bvm=bv.41018144,d.bmk
http://searchsecurity.techtarget.com/tip/Securing-the-intranet
http://en.wikipedia.org/wiki/Software_audit_review
http://en.wikipedia.org/wki/E-Governance
http://en.wikipedia.org/wiki/Enterprise_resource_planning
http://www.webopedia.com/TERM/E/ERP.html

DEPARTMENT OF MANAGEMENT STUDIES 215