Pgd Sim Final

8/8/2019 Pgd Sim Final

1/14

MD. Mujibur Rahman 05/05/20101

PGD- Strategic Management & Leadership

STRATEGIC INFORMATION MANAGEMENT

I have read the regulations relating to plagiarism and certify that the above piece of coursework is all my

own work and do not contain any unacknowledged work from any sources.

Signature________________________________

Submission Date:

Name of Student: Md. Mujibur Rahman

College ID: LPC/SBM/CMI/10113- ENR

Section/ Session: 1st

Semester

Subject: STRATEGIC INFORMATION MANAGEMENT


2/14


Task-1


3/14


The impact of management information on decision makingDATA: The term data means groups of information that represent the qualitative or quantitativeattributes of a variable or set of variables. Data (plural of "datum", which is seldom used) are

typically the results of measurements and can be the basis of graphs, images, or observations of a

set of variables. Data are often viewed as the lowest level of abstraction fromwhich information and knowledge are derived.

INFORMATION: Information as a concept has many meanings, from everyday usage totechnical settings. The concept of information is closely related to notions

of constraint, communication, control, data, form, instruction, knowledge, meaning, mentalstimulus, pattern, perception, and representation. In its most restricted technical meaning,

information is an ordered sequence of symbols.

The effectiveness of management information systems (MIS) depends upon their impact on thequality of managerial decision making.

Globalization opportunity: MIS as an input to a management decision production function.

The immergence of the internet into a full blown international communication system hasdrastically reduced the cost of operation on a global scale. Business firms can achieve

extraordinary cost reduction by finding low cost suppliers and managing production facilities inother countries.

Continuous Excellence: Business continuously seeks to improve the efficiency of their in order

to achieve higher profitability. Information system and technology are some of the mostimportant tools available to managers for achieving higher level of efficiency and productivity in

business operations, especially when coupled with changes in business practice of this new era.

Improve Decision making: many business manger operate in an information fog bank, neverreally having the right information at the right time to make an informed decision. Manager with

real time informations on the customer demand and all the other information related to business.Using the information system managers can immediately take all the necessary measures

promptly.

Survival: Business organizations are also investing in information technologies because they arenecessity of doing business. Sometimes these necessities are driven by industry level changes.

For example after introduction of the ATM by the City bank, all other banks are invested inATM system.

Kenneth C.Laudon & Jane P.Laudon, Management Information System Managing the digitalfirm,


4/14


Examine how to Selecting Data and Information to support decision makingThe relationship between data and information is an interconnected one. Data is raw facts such asphone numbers or addresses, and information is the organization of these raw facts into a

meaningful manner.

The information may be well organized on a report or table and yet not always be meaningful to

all people. There are different ways to arrange data to make it meaningful for different people.

For example, one person might be satisfied with information that shows him or her the towns inwhich their customers live in to help him or her determine where the largest volume of customers

are. A different person might want that information expanded to include those customers streetaddresses as well so that they may determine a better shipping route. Both of these examples

contain the same customers and similar data but the first person would have no use for the streetaddresses in his search and the second person would not have enough information to create a

shipping route from just the towns.

The type of data used can also affect the information generated. You can gather a great deal ofdata on the needs of plants to grow but if you do not put the data in the table correctly or put

inaccurate data in you will get information that is basically useless. That is the garbage in/garbage out theory. It is also a good idea when creating a table to group the like characteristics

together to make it easier to gather information from the data.

Computers now make it easier to input data into tables in a meaningful manner to createinformation that might be useful to someone.

It is now easier to manipulate data and examine it in many different ways from many different

points of view quickly. It is in mans nature to gather data and group things together according to

similar data to generate information that is useful for what they are doing. An example would besimilar to one show in the study guide. An employer is looking for an employee that lives in theTrenton area and speaks Spanish. The older way to find this information was to look through

each record and look for the pertinent data that they are looking for. Then they went to cardreaders, which was faster but still time consuming. The employer would input all the employees

cards into a reader and set it to look for those with the right criteria. The card reader would thengenerate information from the data that the employer needs. The computer however is much

more efficient. Provided that all information was put into the computer correctly, the employercan now ask the computer to search for this data and tell it to generate a report. The time is

significantly shorter than waiting for the card reader to look through all though cards.


5/14


Task-2


6/14


Understand the importance of information sharing within the organisationMIS and decision-making

Management Information System (MIS) is basically concerned with the process of collecting,

processing, storing and transmitting relevant information to support the management operationsin any organizations. Thus, the success of decision-making, which is the heart of administrativeprocess, is highly dependent partly on available information, and partly on the functions that are

the components of the process. For example, if managerial objectives are absent or unclear,probably due to inadequate information, there is no basis for a search. Without information

obtained through a search, there are no alternatives to compare, and without a comparison ofalternatives the choice of a particular course of action is unlikely to yield the desired result.

According to Alabi (1997) the search could be through:

i. Undirected viewingthis involves a general exposure to information where. The search could

be that the viewer has no specific purpose in mind.

ii. Conditioned viewingthe directed exposure does not involve active search to a more or lessclearly identified area or type of information.

iii. Informal searchthis is a relatively limited and unstructured effort to obtain specific

information for a specific purpose. The information wanted is actively sought.

iv. Formal searchthis is a deliberate effort, usually following a pre-established plan,procedure or methodology to secure specific information relating to a specific issue.

When informations are readily available or open source then there are possibility of information

manipulation. This is the region we need to have proper security measures.Many information security professionals firmly believe that Accountability should be added as a

core principle of information security. The following measures can be taken for authenticity ofinformations.

Confidentiality

Confidentiality is the term used to prevent the disclosure of information to unauthorizedindividuals or systems. For example, a credit card transaction on the Internet requires the credit

card number to be transmitted from the buyer to the merchant and from the merchant toa transaction processing network. The system attempts to enforce confidentiality by encrypting

the card number during transmission, by limiting the places where it might appear (in databases,log files, backups, printed receipts, and so on), and by restricting access to the places where it is

stored. If an unauthorized party obtains the card number in any way, a breach of confidentialityhas occurred.

Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose

personal information a system holds.


7/14


Integrity

In information security, integrity means that data cannot be modified without authorization. Thisis not the same thing as referential integrity in databases. Integrity is violated when an employee

accidentally or with malicious intent deletes important data files, when a computer virus infects a

computer, when an employee is able to modify his own salary in a payroll database, when anunauthorized user vandalizes a web site, when someone is able to cast a very large number ofvotes in an online poll, and so on.

Availability

For any information system to serve its purpose, the information must be available when it isneeded. This means that the computing systems used to store and process the information, the

security controls used to protect it, and the communication channels used to access it must befunctioning correctly. High availability systems aim to remain available at all times, preventing

service disruptions due to power outages, hardware failures, and system upgrades. Ensuringavailability also involves preventing denial-of-service attacks.

Authenticity

In computing, e-Business and information security it is necessary to ensure that the data,transactions, communications or documents (electronic or physical) are genuine. It is also

important for authenticity to validate that both parties involved are who they claim they are

Non-repudiationIn law, non-repudiation implies one's intention to fulfill their obligations to a contract. It also

implies that one party of a transaction cannot deny having received a transaction nor can theother party deny having sent a transaction.

Electronic commerce uses technology such as digital signatures and encryption to establish

authenticity and non-repudiation.

Risk managementA comprehensive treatment of the topic of risk management is beyond the scope of this article.

However, a useful definition of risk management will be provided as well as some basicterminology and a commonly used process for risk management.

The CISA Review Manual 2006 provides the following definition of risk management: "Risk

management is the process of identifying vulnerabilities and threats to the information resourcesused by an organization in achieving business objectives, and deciding what countermeasures, if

any, to take in reducing risk to an acceptable level, based on the value of the informationresource to the organization."

The ISO/IEC 27002:2005 Code of practice for information security management recommends

the following be examined during a risk assessment:

Security policy, Organization of information security,


8/14


Asset management,

Human resources security,

Physical and environmental security,

Communications and operations management,

Access control,

Information systems acquisition, development and maintenance,Information security incident management,

Business continuity management, and

Regulatory compliance.

ControlsWhen Management chooses to mitigate a risk, they will do so by implementing one or more of

three different types of controls.

AdministrativeAdministrative controls (also called procedural controls) consist of approved written policies,

procedures, standards and guidelines. Administrative controls form the framework for runningthe business and managing people. Administrative controls form the basis for the selection and

implementation of logical and physical controls. Logical and physical controls are manifestationsof administrative controls. Administrative controls are of paramount importance.

Logical

Logical controls (also called technical controls) use software and data to monitor and controlaccess to information and computing systems. For example: passwords, network and host based

firewalls, network intrusion detection systems, access control lists, and data encryption arelogical controls.

An important logical control that is frequently overlooked is the principle of least privilege.

The principle of least privilege requires that an individual, program or system process is notgranted any more access privileges than are necessary to perform the task.

Physical

Physical controls monitor and control the environment of the work place and computingfacilities. They also monitor and control access to and from such facilities. For example: doors,

locks, heating and air conditioning, smoke and fire alarms, fire suppression systems, cameras,barricades, fencing, security guards, cable locks, etc. Separating the network and work place into

functional areas are also physical controls.

Security classification for informationAn important aspect of information security and risk management is recognizing the value of

information and defining appropriate procedures and protection requirements for theinformation. Laws and other regulatory requirements are also important considerations when

classifying information.

The type of information security classification labels selected and used will depend on the natureof the organization, with examples being:


9/14


In the business sector, labels such as: Public, Sensitive, Private and Confidential.In the government sector, labels such as: Unclassified, Sensitive But

Unclassified, Restricted, Confidential, Secret, Top Secret and their non-English equivalents.In cross-spectral formations, the Traffic Light Protocol, this consists of: White, Green,

Amber and Red.

Access controlAccess to protected information must be restricted to people who are authorized to access the

information. The computer programs, and in many cases the computers that process theinformation, must also be authorized. This requires that mechanisms be in place to control the

access to protected information.

Identification is an assertion of who someone is or what something is. If a person makes thestatement "Hello, my name is John Doe." they are making a claim of who they are. However,

their claim may or may not be true. Before John Doe can be granted access to protectedinformation it will be necessary to verify that the person claiming to be John Doe really is John

Doe.

Authentication is the act of verifying a claim of identity. There are three different types ofinformation that can be used for authentication: something you know, something you have, or

something you are.

Examples of something you know include such things as a PIN, a password.

Wikipedia, Management Information System (MIS) Bibliography


10/14


Task-3


11/14


Use information to inform and support strategic decision making.Management Information System is a general name for the academic discipline covering the

application of information technology to business problems. As an area of study it is alsoreferred to as Information Technology Management. The study of information systems is usually

a commerce and business administration discipline, and frequently involves software

engineering, but also distinguishes itself by concentrating on the integration of computer systemswith the aims of the organization. The area of study should not be confused with computerscience which is more theoretical in nature and deals mainly with software creation, and not with

computer engineering, which focuses more on the design of computer hardware. IT servicemanagement is a practitioner-focused discipline centering on the same general domain. In

business, information systems support business processes and operations, decision-making, andcompetitive strategies.

Many now believe that information can be added as a third principal resource. Today's top-levelmanagement faces an imminent and critical problem in dealing with adaptation to the

organizational changes that information technology is generating. In addition to the specificchanges in management and organizational design generated by information technology, the

management of change emerges as the critical function of the contemporary manager. Theimplementation of an innovation is a complex contingent process. Effective implementation is

contingent on the attributes of the innovation, the characteristics of the adoptive unit, the type ofstrategies adopted to negotiate the constraints that affect the innovation, and the politics of the

implementation process. At the most senior levels, it provides the data and information to helpthe board and management make strategic decisions. At other levels, MIS provides the means

through which the institution's activities are monitored and information is distributed tomanagement, employees, and customers. Effective MIS should ensure the appropriate

presentation formats and time frames required by operations and senior management is met. MIScan be maintained and developed by either manual or automated systems or a combination of

both. It should always be sufficient to meet an institution's unique business goals and objectives.The effective deliveries of an institution's products and services are supported by the MIS. These

systems should be accessible and useable at all appropriate levels of the organization. MIS is acritical component of the institution's overall risk management strategy.

Role of Management Information System The role of the MIS in an organisation can becompared to the role of heart in the body. The information is the blood and MIS is the heart. In

the body, the heart plays the role of supplying pure blood to all the elements of the bodyincluding the brain. The heart works faster and supplies more blood when needed. It regulates

and controls the incoming pure blood, processes it and sends it to the destination in the quantityneeded. It fulfils the needs of blood supply to human body in normal course and also in crisis.

The MIS plays exactly the same role in the organisation. The system ensures that an appropriatedata is collected from the various sources, processed, and sent further to all the needy

destinations. The system is expected to fulfil the information needs of an individual, a group ofindividuals, the management functionaries: the managers & the top management. The MIS

satisfies the diverse needs through a variety of systems such as Query Systems, AnalysisSystems, Modelling Systems and Decision Support Systems. The MIS helps in Strategic

Planning, Management Control, Operational Control and Transaction Processing.

http://www.darden.virginia.edu/ &

http://www.cis.temple.edu


12/14


Task-4


13/14


Monitor and review management information. Methods of gathering information and data

The methods of gathering information and data to evaluate the effectiveness of solutions willagain depend on the kind of solutions you have developed.

It is important to ask your employees whether they feel the solutions are having the desired

effect.

You may find it useful to use a mixture of approaches to consult staff, for example:

Set up specific meetings to review progress on major actions;Set up regular sessions to talk with your staff about sources of work-related pressure, for

example, as part of team meetings;Make use of informal contacts with staff to ask about the effectiveness of solutions.

Gather data

Another way to demonstrate the effectiveness of your plan is to collect data on such things asemployee turnover, sickness absence and productivity, and to measure progress against emerging

trends or changes in this data.

Monitor and evaluate the management of data and information1. discuss and agree the aspects of data and information management that require

monitoring and evaluation with colleagues and relevant others

2. establish the required liaison and consultation with colleagues and relevant others3. establish and use suitable methods for monitoring and evaluating the management of

data and information

4. monitor and evaluate the management of data and information in accordance with legaland organizational requirements

5. analyze and record the results of monitoring and evaluation within the required timescale

Recommend improvements to the management of data and information

1. check conformity with national standards and information governance, in accordancewith legislation and organizational requirements

2. base recommendations for improvements to the management of data and information onthe results of monitoring and evaluation

3. identify relevant others who need to be involved in developing recommendations forimprovements

4. present your recommendations for improvements in a form that can lead to effectiveimplementation


14/14


References

o http://www.bestpricecompute rs.co.uko http://www.darden.virginia.edu/ &o http://www.cis.temple.edu o http://www.cis.temple.edu &o Wikipedia, Management Information System (MIS) Bibliographyo http://www.darden.virginia.eduo http://www.cis.temple.edu

Documents

Pgd Sim Final