MBA

INFORMATION SYSTEMS
MANAGEMENT INFORMATION SYSTEM

Assignment
Enrolment number: MBISMCT13727119

Self Declaration
I declare that the assignment submitted by me is not a verbatim/photo static
copy from the website/books/journals/manuscripts.

Signature of the student

Signature of the faculty concerned

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

1.Strategic security concept is hype" - Discuss with suitable

examples.
Answer:
Strategic security concept covers the following important areas:
Network Security consists of the provisions and policies adopted by a
network administrator to prevent and monitor unauthorized access, misuse,
modification, or denial of a computer network and network-accessible
resources.
A network security system typically relies on layers of protection and
consists of multiple components including networking monitoring and
security software in addition to hardware and appliances. All components
work together to increase the overall security of the computer network.
What Is Network Security and How Does It Protect business?
Many network security threats are spread over the Internet. Some of them
are:
Viruses, worms, and Trojan horses
Spyware and adware
Zero-day attacks, also called zero-hour attacks
Hacker attacks
Denial of service attacks
Data interception and theft
Identity theft
How Does Network Security Work?
No single solution protects the business from a variety of threats. We need
multiple layers of security. If one fails, others still stand. Network security is
accomplished through hardware and software. The software must be
constantly updated and managed to protect from emerging threats.
A network security system usually consists of many components. Ideally, all
components work together, which minimizes maintenance and improves
security.
Network security components often include:
Anti-virus and anti-spyware
Firewall, to block unauthorized access to your network
Intrusion prevention systems (IPS), to identify fast-spreading threats,
such as zero-day or zero-hour attacks
May 2015

Page 2 of 17

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

Virtual Private Networks (VPNs), to provide secure remote access

What are the Business Benefits of Network Security?
Company is protected against business disruption, which helps keep
employees productive.
It helps the company to meet mandatory regulatory Compliance.
It helps to protect the customers' data
It reduces the risk of legal action from data theft
Helps to protect a business's reputation, which is most important
assets.
Website Security: Web application security is mainly deals with security
of websites, web applications and web services.
Security threats: The majority of web application attacks occur through
cross-site scripting (XSS) and SQL injection attacks which typically result
from flawed coding. These are ranked in the 2009 CWE/SANS Top 25 Most
Dangerous Programming Errors. The top vulnerabilities in March 2012
include, Example:
Security threat
Cross Site Scripting
SQL Injection
Path Disclosure
Denial of Service
Code Execution
Memory Corruption
Other (PHP Injection, JavaScript

%
Security threat
37%
Cross Site Request Forgery
16%
Information Disclosure
5%
Arbitrary File
5%
Local File Include
4%
Remote File Include
4%
Buffer overflow
Injection, etc.

%
4%
3%
3%
2%
1%
1%
15%

Security technology: While security is fundamentally based on people and

processes, there are a number of technical solutions to consider when
designing, building and testing secure web applications. At a high level,
these solutions include:
Black Box testing tools such as Web application security scanners,
vulnerability scanners and penetration testing software
White Box testing tools such as static source code analyzers
Fizzing Tools used for input testing
Web application firewalls (WAF) used to provide firewall-type protection
at the web application layer
Password cracking tools for testing password strength and
implementation
May 2015

Page 3 of 17

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

Transaction Security: The SSL (Secure Socket Layer) technology is used

secure the transaction. SSL works encrypting all communications between
Client computer and Web server so the information cannot be intercepted.
Secure Electronic Transaction (SET) was another communications
protocol standard for securing credit card transactions over insecure
networks, specifically, the Internet. SET has been endorsed by virtually all
the major players in the electronic commerce arena, including Microsoft,
Netscape, Visa, and MasterCard.
Key features:
To meet the business requirements, SET incorporates the following features:
Confidentiality of information
Integrity of data
Cardholder account authentication
Merchant authentication
Data protection: Businesses are more and more concerned about
business data protection. A company's data is the lifeblood of the business.
Customer data, financial and legal records and just day-to-day business
transactions are examples of what make up all the vital information required
to run a company successfully. That's why data protection is so critical for
anyone that is responsible for keeping it safe.

Many companies keep sensitive personal information about customers or

employees in the files or on the company network. Sound security plan
should be in place to keep it safe, and dispose of it securely can help to meet
the legal obligations to protect that sensitive data.

Data Security controls:- Security controls are safeguards or

countermeasures to avoid, counteract or minimize security risks relating to
personal property, or any company property. For business-to-business facing
companies whose service may affect the financial statements of the other
company, the prospect may require successful audit reports of policy
controls
To help review or design security controls, they can be classified by several
criteria, for example:
May 2015

Page 4 of 17

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

Before the event, preventive controls are intended to prevent an

incident from occurring e.g. by locking out unauthorized intruders
During the event, detective controls are intended to identify and
characterize an incident in progress e.g. by sounding the intruder
alarm and alerting the security guards or police
After the event, corrective controls are intended to limit the extent of
any damage caused by the incident e.g. by recovering the organization
to normal working status as efficiently as possible
Security controls can also be categorized according to their nature,
example:
Physical controls e.g. fences, doors, locks and fire extinguishers
Procedural controls e.g. incident response processes, management
oversight, security awareness and training
Technical controls e.g. user authentication (login) and logical access
controls, antivirus software, firewalls
Legal and regulatory or compliance controls e.g. privacy laws, policies
and clauses
Information security controls protect the confidentiality, integrity and/or
availability of information
E- Security: E-commerce Security is applied to the components that
affect e-commerce that include Computer Security, Data security and other
wider realms of the Information Security framework.
The internet provides great opportunities for business to reach new markets
and more customers than ever before, but unfortunately, with those
opportunities come some e-security risks. When online, unwanted intruders
can:
Install malicious software such as spyware and viruses, which can steal
sensitive business information as well as slow down the computer.
Intercept financial transactions, steal credit card details and access
customer information.
Steal the download limit without knowledge and at clients cost.
Take over clients website and modify it.
Steal sensitive business information from clients business by using a
portable device such as a USB.
E-security or internet security covers a range of activities to keep electronic
information secure.

May 2015

Page 5 of 17

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

E-security measures provide protection from unwanted intentional and

unintentional intrusion into computers, file corruption and data loss. Poor esecurity or internet security can result in the corruption of files and can
enable criminals and others to access personal and financial information.
E-security risks include:
Viruses, worms and Trojans
Spyware and Adware
Scams, spam and phishing
Pop-ups.
Example: The increase in e-commerce and the rapid rise of the mobile
device usage in e-commerce is not only bringing business benefit, but also
increasing the threat of cyber crime as criminal organizations are exploiting
its vulnerabilities for financial gain. The numbers are staggering but are
reportedly more than $388 billion globally per year attributed to cyber
crime in general; and a large portion of that would be related to e-commerce.
Verzion has published that in 2011 over 174 million records where
compromised with 95% of them involving personal information
Firewall concept: A firewall is a software program or piece of hardware that
helps screen out hackers, viruses, and worms that try to reach Client
computer over the Internet.
Firewall tries to prevent computer viruses from spreading to Client computer
and to prevent unauthorized users from accessing Client computer.

Benefits of internet Firewall:

A Firewall can protect both individual computers and corporate networks
from security threats such as worms, which attempt to exploit networking
protocol to access a remote PC.
A firewall can also log all attempts to enter private network or an
individual computer and set an alarm when suspicious or hostile activity is
attempted.
Some firewalls can also monitor and log all outbound data traffic and
prevent unauthorized access to resources on external networks.
Firewalls are a great way of protecting the computer against internet
viruses.
Firewalls can even protect multiple systems simultaneously.
Enterprise wide Security Framework:
May 2015

Page 6 of 17

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

The enterprise wide security shall be established by combining People,

Policy, & Technology. The security process is a mixture of these three
elements.
People: It is the most important. It comprises the people and their various
roles and responsibilities within the organization. These are the people that
are put in place to execute and support the process. A few key roles include
senior management, security administrators, system and IT administrators,
end users, and auditors.
Policy: This comprises the security vision statement, security policy &
standards, and control documentation. This is basically the written security
environment, the bible that the security process will refer to for direction &
guidance.
Technology: This includes tools, methods, and mechanisms in place to
support the process. These are core technologies the operating systems, the
databases, the applications, the security tools embraced by the organization.
The technology then is the enforcement, monitoring, and operational tool
that will facilitate the process.
Key elements, also referred to as the "Four Pillars" to Information Security,
include:
Solid Senior Management Commitment
An overall Security Vision and Strategy
A comprehensive Training and Awareness Program
A solid Information Security Management Structure including key skill
sets and documented responsibilities
Security Audit: An information security audit is an audit on the level of
information security in an organization.
Audit planning & preparation: The points for consideration are
Meet with IT management to determine possible areas of audit
Review the current IT processes within audit scope
Review all operating systems, software applications within audit scope
Review the companys IT policies and procedures
Review the companys IT data backup and disaster recovery plan

May 2015

Page 7 of 17

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

Establishing audit objectives: The lists of objectives the auditor shall

review are
Personnel procedures and responsibilities including systems and crossfunctional training
Change management processes are in place and followed by IT and
management personnel
Appropriate back up procedures are in place to minimize downtime and
prevent loss of important data
Security controls to prevent unauthorized access to the data center
Environmental controls in place to ensure equipment is protected from
fire and flooding
Performing the audit review: The following review procedures should be
conducted to satisfy the pre-determined audit objectives:
Data Base Administrator: The auditor shall interview, ask for evidences
for the selective cases from data center employees to satisfy their
routine objectives.
Equipment Verify the proper working of equipment. Check Equipment
utilization reports, system downtime records etc. They may also ask for
preventative maintenance policies which are in place and performed.
Policies and Procedures All data center policies and procedures
documents should be verified and clarified with responsible people.
Physical security / environmental controls The Physical and
environmental conditions should be checked along with uninterruptible
power supply status.
Backup procedures The auditor should verify that the client has
backup procedures in place in the case of system failure. Clients may
maintain a backup data center at a separate location that allows them
to instantaneously continue operations in the instance of system
failure
Prepare the audit review report: The audit report should summarize the
auditors findings. The review report should be submitted immediately at the
shortest possible time. The NCRs should be raised for non compliance audit
findings.
Security management: Various ways to strengthen Security
measures are: Install security software and keep up to date validity
Protect from SQL Injection and XSS: Cross site scripting by strong
firewall
Analyze Error messages and take appropriate actions asap
May 2015

Page 8 of 17

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

Ensure Server side validation and form validation

Adopt robust Password policy with 90 days expiration
Ensure authenticated File uploads and File sharing
Implement SSL: SSL is a protocol used to provide security over the
Internet
Deploy proper Web site security tools
Allow only authenticated access
Adequate training to be provided to the users
Disable messenger and social internet services
Hourly or Daily backup for mission critical data
Continuous monitoring of the network and security audit logs

Conclusion: Often the Strategic security concept is seen as hype.

However with growing smart and intelligent anti security agents day by day
globally, the business is constantly facing the high level of security risks. In
order to safe guard the business it is mandatory to ensure that the
comprehensive Strategic security concept is implemented.
4. Consider the functioning of the FMCG major Hindustan Unilever
Limited and answer the following:
Answer:
Hindustan Unilever Limited (HUL) is India's largest Fast Moving
Consumer Goods Company with a heritage of over 80 years in India and
touches the lives of two out of three Indians.
With over 35 brands spanning 20 distinct categories such as soaps,
detergents, shampoos, skin care, toothpastes, deodorants, cosmetics, tea,
coffee, packaged foods, ice cream, and water purifiers, the Company is a
part of the everyday life of millions of consumers across India. Its portfolio
includes leading household brands such as Lux, Lifebuoy, Surf Excel, Rin,
Wheel, Fair & Lovely, Ponds, Vaseline, Lakm, Dove, Clinic Plus, Sunsilk,
Pepsodent, Closeup, Axe, Brooke Bond, Bru, Knorr, Kissan, Kwality Walls and
Pureit.
i).Usefulness of information system in gaining competitive
advantage:
Information System Strategies for Dealing with Competitive Forces

May 2015

Page 9 of 17

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

Basic strategy: Align IT with business objectives: - 75 percent of

businesses fail to align the IT with the business objectives, leading to lower
profitability.
To align IT:
Identify business goals and strategies.
Break strategic goals into concrete activities and processes.
Identify metrics for measuring progress.
Determine how IT can help achieve business goals.
Measure actual performance.
Low-cost leadership: Use information systems to achieve the lowest
operational costs and the lowest prices.
Inventory replenishment system sends orders to suppliers when
purchase recorded at cash register.
Minimizes inventory at warehouses, operating costs.
Efficient customer response system.
Product differentiation: Use information systems to enable new products
and services, or greatly change the customer convenience in using the
existing products and services.
Use continuous innovations
Use information systems to customize, personalize products to fit
specifications of individual consumers.
Mass customization as per customer demand.
Focus on market niche: Use information systems to enable specific market
focus, and serve narrow target market better than competitors.
Analyzes customer buying habits, preferences
Advertising pitches to smaller and smaller target markets
Analyzes data collected to determine preferences
Strengthen customer and supplier intimacy: Strong linkages to
customers and suppliers increase switching costs and loyalty
Use IS to facilitate direct access from suppliers to production schedules
Permits suppliers to decide how and when to ship suppliers to Chrysler
factories, allowing more lead time in producing goods.
Keep track of user preferences for purchases, and recommends titles
purchased by others
Some companies pursue several strategies at same time:
Emphasize low cost plus customization of products.
Successfully using IS to achieve competitive advantage requires
precise coordination of technology, organizations, and people.
May 2015

Page 10 of 17

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

The Internets Impact on Competitive Advantage: Enables new

products and services
Transforms industries
Increases bargaining power of customers and suppliers
Intensifies competitive rivalry
Creates new opportunities for building brands and large customer
bases
Existing competitors: widens market, increasing competitors, reducing
differences, pressure to compete on price
New entrants: reduces barriers to entry (e.g., need for sales force
declines), provides technology for driving business processes
Substitute products and services: facilitates creation of new products
and services
Customers bargaining power: bargaining power shifts to customer
Suppliers bargaining power: procurement over Internet raises power
over suppliers, suppliers can benefit from reduced barriers to entry and
elimination of intermediaries
The Business Value Chain Model:
Highlights specific activities in a business where competitive strategies can
best be applied and where information systems are likely to have a strategic
impact.
Primary activities
Support activities
Benchmarking
Best practices
A firms value chain is linked to the value chains of its suppliers,
distributors, and customers.
A value web is a collection of independent firms that use information
technology to coordinate their value chains to produce a product
collectively.
Value webs are flexible and adapt to changes in supply and demand.
Synergies, Core Competencies, and Network-Based Strategies:
Synergies:
When output of some units can be used as inputs to other units
When two firms can pool markets and expertise (e.g., Similar Products)
Lower costs and generate profits
Enabled by information systems that ties together disparate units so
they act as whole
May 2015

Page 11 of 17

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

Core

competency:
Activities for which firm is world-class leader.
E.g., worlds best Cosmetics producer, best package delivery service.
Relies on knowledge that is gained over many years of experience as
well as knowledge research.
Any information system that encourages the sharing of knowledge
across business units enhances competency.
Example: Use intranet to help people working on similar problems share
ideas and expertise
Network-based strategies:
Network economics:
Marginal costs of adding another participant are near zero, whereas
marginal gain is much larger
E.g., larger number of participants in Internet, greater value to all
participants
Virtual company: Uses networks to link people, resources, and ally with
other companies to create and distribute products without traditional
organizational boundaries or physical locations
Disruptive Technologies: Technologies with disruptive impact on industries
and businesses, rendering existing products, services and business models
obsolete:
Personal computers
World Wide Web
Internet music services
First movers versus fast followers
First movers of disruptive technologies may fail to see potential,
allowing second movers to reap rewards (fast followers)
The Internet and Globalization: Prior to the Internet, competing globally
was only an option for huge firms able to afford factories, warehouses, and
distribution centers abroad.
The Internet drastically reduces costs of operating globally.
Globalization benefits:
Scale economies and resource cost reduction
Higher utilization rates, fixed capital costs, and lower cost per unit of
production
Speeding time to market
How Information Systems Improve Quality?
Reduce cycle time and simplify production process.
May 2015

Page 12 of 17

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

Benchmarking
Use customer demands to improve products and services.
Improve design quality and precision.
Computer-aided design (CAD) systems
Improve production precision and tighten production tolerances.
Continuous Improvement:
Identify processes for change.
Analyze existing processes.
Design new process.
Implement new process.
Measure new process effectiveness.
Business Process Reengineering:
A radical form of fast change
Not continuous improvement, but elimination of old processes,
replacement with new processes, in a brief time period
Can produce dramatic gains in productivity, but increases
organizational resistance to change
li).Link between marketing and production activities:
Production process: is concerned with transforming a range of inputs into
those outputs that are required by the market.
This involves two main sets of resources - the transforming resources, and
the transformed resources. The transforming resources include the buildings,
machinery, computers, and people that carry out the transforming
processes. The transformed resources are the raw materials and components
that are transformed into end products.
Marketing process: is the process of analyzing market opportunities,
selecting target markets, developing the marketing mix, and managing the
marketing effort. Target customers stand at the center of the marketing
process. There are following steps in Marketing Process:
Analyzing marketing opportunities
Selecting target markets
Developing the marketing Mix
Managing the marketing effort

May 2015

Page 13 of 17

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

The production and marketing are both important parts of a total business
system aimed at providing consumer with need-satisfying goods and
services. The production should produce the product & quality desired by the
marketing in order to compete in the market. Both processes should go by
hand in hand.
Together production and marketing provides five basic economic utilities.

Form utility: This associated primarily with production, the physical or

chemical changes that make a product more valuable. It is provided when
someone produce something tangible for instance, a Lux Soap. But just
producing it doesnt result in consumer satisfaction. The product must be
something that consumers want or there is no need to be satisfied and no
utility.
May 2015

Page 14 of 17

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

Possession utility: This is how marketing thinking guides the production

side of business. Marketing decisions focus on the customer and include
decisions about what goods and services to produce. It doesnt make sense
to provide goods and services consumers dont want or need. Marketing is
concerned with what customers want and it should guide what is produced
and offered.
Task utility: It is provided when someone provides services to other or
produces in tangible goods that are service to the clients. This is associated
with production.
Time utility: It means having the product available when the customer
wants it. This is also provided by marketing only.
Place utility: It means having the product available where the customer
wants it. It exists when a product is readily accessible to potential customers.
This is also provided by marketing only.
iii). Networking requirements for gaining competitive advantage:
Decision making is happening at Internet speed. Providing access to
information in real time has emerged as a new challenge for IT and presents
the business with an opportunity to create sustainable competitive
advantage. Mobility is enabling enhanced productivity by delivering real-time
access to information and bridging the gap between resources and
individuals.
Mobility allows employees to access business applications, services, and
tools from any location, at any time resulting to be more productive. Mobility
helps companies use existing business processes to deliver incremental
value in real time through innovative business applications and services.
Wireless networking is at the core of today's business mobility strategy.
Wireless networking has revolutionized the workplace, allowing companies to
introduce compelling new applications and extend mobility services to
employees in a secure, scalable, reliable manner. Wireless guest access is
an example of the way in which mobility services have improved business
processes by reshaping the way that businesses interface with external
partners, suppliers, contractors, and guests. Companies must have a
solid, secure wireless infrastructure to gain the most from mobility services.
A corporate wireless network must be flexible enough to adapt to new
business requirements, while integrating into the existing wired network

May 2015

Page 15 of 17

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

to simplify business processes and deliver a compelling total cost of

ownership (TCO).
The wireless infrastructure must be capable of building on the strengths
of the existing wired network to become a platform for innovative mobility
services and applications. By integrating the wired and wireless networks,
enterprises can create a single network whose total value is greater than the
sum of its parts.
Business has moved into a "mobile age", promoted by the proliferation of
mobile devices and the need for employees to conduct business at any time
and in any location. The concept of mobility has evolved to an individualcentric transaction model. Resources are now mobilized to be available
regardless of how, when, and where the individual seeks to access them.

Unified WLAN Architecture: A unified wired and wireless architecture

typically requires the wired and wireless infrastructures to be delivered from
the same technology provider. In an integrated architecture, the control and
management features are housed directly in the thread of the wired network.
With this architecture, many of the services offered as standard features on
the wired network can be extended into the wireless network because of the
unification of user and management interfaces.

Unified WLAN Architecture

Conclusion: Mobility is more than just wireless technology; it is the
set of capabilities that are enabled after the user's access to resources
becomes presence-aware and location- and network-independent. True
mobility can only be achieved with the complete integration of the wired and
May 2015

Page 16 of 17

MBA
INFORMATION SYSTEMS

MANAGEMENT INFORMATION
SYSTEM

Enrolment number:
MBISMCT13727119

wireless networks. This integration allows resources to traverse different

network types with fluidity, reliability and security.

May 2015

Page 17 of 17