2. What is Decision Support System? Explain the components, Decision making Phases and Analytical Models of DSS.

The decision support systems can be defined as the interactive information systems,
which are very much dependent on the integrated set of the user friendly hardware and
the software tools, mainly in order to produce the information and then to present the
information that is mainly targeted for providing the much needed support to the
management in the process of the decision making. The decision support systems play a
very defining role in the management decision making with the help of the combination of
the data, sophisticated analytical models and the user friendly software into a single
powerful system. With the help of this combination, semi structured and the unstructured
decision making can be very easily supported to a great extent.
The decision support systems are always under the control of the user, starting from the
early inception to the final implementation and the daily use. The decision support
systems also have a great role in the closing of the information gap that helps the
managers in making the improvement in the quality of their decisions.
The decision support systems involves a particular class of the systems which are used
for providing the much needed support to the process of the decision making, but a very
important point to be kept in mind here is that the decision support systems does not
always give a decision itself.
With the help of the decision support systems the various decisions can be validated with
the help of the sensitivity analysis conduction on the different parameters of the problem.
Components of the Decision Support Systems
1. The data base:
a. Is a collection of the current or the historical data from a number of the applications or
the groups.
b. Very well organized.
c. Provides very easy access for a large variety of the applications needed.
d. Data integrity is to be maintained in a very efficient way.
e. Decision Support System uses data that have been extracted from the relevant
databases both the internal and the external and then stored especially for the
Decision Support System.
2. The Model base:
a. A model represents an abstract representation.
b. Illustrates the different components or the relationships of a phenomenon.
c. Can be a physical model, a mathematical model or the verbal model.
d. Types of the models can be categorized as the follows
A. Behavioral Model
I. Focuses on studying and understanding the different behavior/trends amongst the
variables.
II. Examples of such a model can be trend analysis, co-relation, regression etc.
B. Management Science Model
I. Based upon the principles of the management, the management accounting and the
econometrics.
II. Examples of such a model can include budgetary systems, cost accounting, capital
budgeting, inventory management etc.
C. Operations Research Model
I. Based on the different mathematical formulae.
II. Represent the real life problems depending on the various variables and the
parameters expressed in the algebraic equations form.
III. Examples of such a model can be linear programming, ABC analysis, mathematical
programming techniques, material requirement planning.
3. The Decision Support System software system
a. Allows interaction between the users of the system and the Decision Support System
data base and the model base.
b. Helps in the creation, storage and the retrieval of the models in the model base.
c. Integrates them with the data in the Decision Support System data base.
d. Provides a user interface.


What are the goals of Information System security? Explain IS security Management control and any five tools of security management to overcome
computer crime.
There are various definitions of computer security; each views computer security from a different
standpoint. Security professionals tend to define three interdependent information security goals:
confidentiality, integrity, and availability (CIA) (Solomon & Chapple, 2005).
Confidentiality is the main goal of informa-tion security and refers to preventing confidential
information from falling into the hands of unauthorized users. Access controls and encryption
processes can prevent this. Integrity refers to preventing unauthorized alteration and modification of data,
either by un-authorized users such as hackers, or by authorized users making unauthorized modifications.
Access controls prevent such modification of data by un-authorized users. In addition, to ensure integrity, a
backup policy should be defined to protect against corruption or loss of data.
Availability aims at ensuring that computer resources and information are available for autho-rized users. It
guarantees legitimate users the abil-ity to access data for their intended use whenever they need. Access
controls and intrusion detection.
Management of security risks applies the principles of risk management to the management of security
threats. It consists of identifying threats (or risk causes), assessing the effectiveness of existing controls
to face those threats, determining the risks' consequence(s), prioritising the risks by rating the likelihood
and impact, classifying the type of risk and selecting and appropriate risk option or risk response.
Types of security threats[edit]
External[edit]
Strategic: like competition and customer demand...
Operational: Regulation, suppliers, contracts
Financial: FX, credit
Hazard: Natural disaster, cyber, external criminal act
Compliance: new regulatory or legal requirements are introduced, or existing ones are changed,
exposing the organisation to a non-compliance risk if measures are not taken to ensure compliance
Internal[edit]
Strategic: R&D
Operational: Systems and process (H&R, Payroll)
Financial: Liquidity, cash flow
Hazard: Safety and security; employees and equipment
Compliance: Actual or potential changes in the organisation's systems, processes, suppliers, etc.
may create exposure to a legal or regulatory non-compliance.
Risk options[edit]
Risk avoidance[edit]
The first choice to be considered. The possibility of eliminating the existence of criminal opportunity or
avoiding the creation of such an opportunity is always the best solution, when additional considerations
or factors are not created as a result of this action that would create a greater risk. As an example,
removing all the cash from a retail outlet would eliminate the opportunity for stealing the cashbut it
would also eliminate the ability to conduct business.
Risk reduction[edit]
When avoiding or eliminating the criminal opportunity conflicts with the ability to conduct business, the
next step is the reduction of the opportunity and potential loss to the lowest level consistent with the
function of the business. In the example above, the application of risk reduction might result in the
business keeping only enough cash on hand for one days operation.
Risk spreading[edit]
Assets that remain exposed after the application of reduction and avoidance are the subjects of risk
spreading. This is the concept that limits loss or potential losses by exposing the perpetrator to the
probability of detection and apprehension prior to the consummation of the crime through the application
of perimeter lighting, barred windows and intrusion detection systems. The idea here is to reduce the
time available to steal assets and escape without apprehension.
Risk transfer[edit]
Transferring risks to other alternatives when those risks have not been reduced to acceptable levels.
The two primary methods of accomplishing risk transfer are to insure the assets or raise prices to cover
the loss in the event of a criminal act. Generally speaking, when the first three steps have been properly
applied, the cost of transferring risks are much lower.
Risk acceptance[edit]
All remaining risks must simply be assumed by the business as a risk of doing business. Included with
these accepted losses are deductibles which have been made as part of the insurance coverage.