EIS Final Exam Study Notes

Lecture 6

Requirements Analysis in EIS

Data Flow Diagrams (DFD)

      DFD Definition
      A graphical representation of how data flows through an enterprise information system. Shows where data comes from, how it is processed, and where it goes. Uses 4 symbols only.
    

Data Flow

Data in motion between elements. Shown as a labeled arrow (e.g., Customer Order, Paycheck). Represents one or more data items moving together.

Data Store

Data at rest. A file, folder, or database where data is stored for future use. Drawn as an open-ended rectangle with a label (e.g., Student File).

Process

Work performed on data to transform, store, or distribute it. Numbered in upper portion, named in lower. Contains business logic/rules.

Source / Sink

External entity that originates (source) or receives (sink) data. Always outside the system boundary. Drawn as a square (e.g., Customer, Teller).

DFD Level	Purpose	Key Feature
Context Diagram	Highest-level view of the entire system	Shows system as a single process; shows external entities & boundaries only
Diagram 0	Zooms into context diagram	Shows major internal processes, data flows, & data stores
Lower-level DFDs	Decomposes each process further	More detail per process

Use Case Diagrams (UML)

      Use Case Diagram Definition
      A UML behavioral diagram visualizing interactions between users (actors) and the system. Captures what the system does, not how. Drawn when gathering/defining system requirements.
    

Actor

A role (not a specific person) that interacts with the system. Can be a user or external system. Provides input to or receives output from the system.

Use Case

A major process the system performs, drawn as an oval. Labeled with a verb-noun phrase (e.g., "Withdraw Cash").

Association

Connects actors to use cases (two-way communication by default). Arrowhead added for one-way data flow direction.

Boundary

Box defining the scope of the system — separates internal (use cases) from external (actors).

Relationship	Meaning	Example
<<include>>	A use case always invokes another use case	"Login" always includes "Verify Password"
<<extend>>	A use case optionally extends another	"Print Receipt" optionally extends "Withdraw Cash"
Generalization	One use case/actor inherits from another	Admin is a specialization of User

Lecture 7

Database & Business Intelligence in Enterprise

Relational Database Fundamentals

Primary Key

Uniquely identifies each row in a table. Cannot be duplicated. Example: Supplier Number in SUPPLIER table.

Foreign Key

A field in one table that refers to the primary key in another table, creating a relationship. Example: Supplier Number in PART table.

Referential Integrity

Every foreign key value must match an existing primary key. Keeps relationships between tables consistent.

Normalization

Process of creating small, stable, flexible data structures. Reduces redundancy and avoids awkward many-to-many relationships.

      Conceptual vs. Physical Design
      Conceptual (Logical): Abstract model from business perspective — what data is stored and how it is related. Physical: How data is actually arranged on storage devices for efficiency and performance.
    

Feature	RDBMS (Relational)	NoSQL (Non-Relational)
Structure	Tables, rows, columns (structured)	Flexible — documents, key-value, graphs
Best for	ERP, Payroll, Banking, Finance	Real-time analytics, IoT, Social media, AI
Strength	Strong data integrity, ACID transactions	Massive volume, high-speed ingestion, flexible schema
Examples	Oracle DB, SQL Server, SAP HANA, MySQL	MongoDB, Cassandra

      Hybrid Approach in Modern Enterprise
      ERP systems use RDBMS for accuracy. Analytics and AI workloads use NoSQL for scale and speed. Both coexist.
    

Central Database & DBMS

DBMS — Software that centralizes data, provides controlled access, ensures integrity & security. Acts as interface between application programs and physical data files.
Logical View — How end users/business specialists see data
Physical View — How data is stored on storage media
Benefits of Central DB — Data integrity, data security, streamlined processes, single source of truth, supports BI & analytics

Business Intelligence (BI)

      BI Definition
      Process of gathering, analyzing, and interpreting data for decision-making. Transforms data into actionable insights to support strategic planning and tactical decisions.
    

      Three Primary Activities in BI Process
      1. Data Acquisition — obtaining, cleaning, organizing, relating, and cataloging source data. 2. Analysis — reporting, data mining, Big Data. 3. Publish Results — delivering BI to knowledge workers (push vs. pull).
    

BI Technique	Description	Example
Reporting Analysis	Sorting, grouping, summing, filtering structured data	Monthly sales reports, performance dashboards
Data Mining	Applying statistical techniques to discover patterns & relationships	Market basket analysis, fraud detection, loan defaults
Big Data	Extremely large/complex datasets (Volume, Velocity, Variety)	Google searches, IoT sensor data, social media

Feature	Data Warehouse	Data Mart
Scope	Enterprise-wide, large central repository	Smaller, department-focused subset
Users	Data specialists/analysts	Business users in a specific domain (e.g., Sales, HR)
Analogy	Distributor in supply chain	Retail store in supply chain

      ETL Process (Extract, Transform, Load)
      Extract: retrieve data from multiple sources. Transform: clean, structure, integrate, quality check. Load: store in data warehouse. Foundation for accurate BI — without ETL, results would be incomplete or misleading.
    

      Supervised vs. Unsupervised Data Mining
      Supervised: analyst starts with hypothesis → regression analysis, classification (spam detection). Unsupervised: no predefined model → cluster analysis, association analysis (market basket).
    

BI Technology	Purpose
Hadoop	Open-source framework for managing massive distributed data sets. Handles structured, semi-structured, and unstructured data.
MapReduce	Programming model: Map (break data into chunks, process in parallel) → Reduce (combine into final output)
Push Publishing	BI results delivered automatically (email, notifications) — system pushes to users
Pull Publishing	Users request BI results when needed (dashboards, queries) — user-driven

Lecture 8

Enterprise Systems Architecture

ERP Architecture Overview

      ERP Architecture
      The structure and design that defines how components of an ERP system interact. Includes hardware, software, databases, network components, and user interfaces. Choice determines scalability, integration, security, and performance.
    

Architecture Tiers Compared

Architecture	Description	Best For	Key Advantage	Key Limitation
Two-Tier	Client + Server only (data & application combined)	SMEs	Simple, lower cost	Tight dependency; not scalable for large orgs
Three-Tier	Web Tier → Application Tier → Data Tier	Large enterprises	Scalable, better security, easier maintenance	Higher complexity & initial cost
Web-Based	Three-tier with web browser replacing desktop client	SMEs & large enterprises	Anywhere access, no complex install	Internet dependency, security concerns
SOA	Loosely coupled, modular independent services	Large enterprises with complex IT	High integration & flexibility, reusable services	Complex, costly to implement
Cloud-Based	ERP hosted entirely in cloud	Distributed global teams	Scalable, pay-as-you-go, auto-updates	Data security, limited customization

Three-Tier Architecture Breakdown

        Web Tier (Presentation)
        User interface layer. HTML/CSS/JS. Handles input/display. Security: login, session, encryption. Cannot directly access Data Tier.
      

        Application Tier (Logic)
        Heart of ERP. Runs workflows, business rules, processes. Written in Python, Java, PHP, Ruby. Connects via APIs to Data Tier.
      

        Data Tier (Database)
        Single source of truth. Storage, retrieval, backup, security. Examples: SAP HANA, Oracle DB, SQL Server, PostgreSQL, MongoDB.
      

Web Service Architecture & SOA

Protocol	Type	Format	Use Case
SOAP	Strict, secure	XML	Banking, telecom, financial transactions — where security & reliability are critical
REST	Lightweight, flexible	JSON (also XML, HTML)	Real-time updates, mobile apps, logistics tracking (e.g., DHL)

Service Provider

System that provides the service and processes requests. Example: Payment gateway providing transaction service.

Service Requestor

Client application that requests a service. Example: ERP system requesting payment verification from a bank.

Service Registry

Directory where services are published (e.g., UDDI). Allows systems to find available services.

Service Interface

Communication layer (API) between systems. Defines how services are requested and delivered via REST or SOAP.

      SOA Key Advantages
      Modularity, integration with external systems, scalability, reusability, flexibility, cost efficiency. Breaks monolithic ERP into independent loosely-coupled services.
    

Cloud ERP Architecture

Public Cloud — Shared infrastructure, managed by vendor (SAP S/4HANA Cloud, Oracle NetSuite)
Private Cloud — Dedicated infrastructure for one organization (SAP HANA Enterprise Cloud)
Hybrid Cloud — Combines on-premise and cloud modules (Microsoft Dynamics 365)
Benefits — Scalability, cost savings, faster deployment, access anywhere, automatic updates
Challenges — Data security/privacy, internet dependency, limited customization

Lecture 9

E-Commerce

E-Commerce Fundamentals

      E-Commerce Definition
      Buying and selling goods and services over the Internet. Part of e-business. Includes digitally enabled commercial transactions between organizations and individuals. Core functions: buy/sell, collaborate with partners, customer service, gather business intelligence.
    

      8 Unique Features of E-Commerce Technology
      Ubiquity (available everywhere), Global Reach (across nations), Universal Standards (one internet standard), Richness (video/audio/text), Interactivity (user interaction), Information Density (lower info costs), Personalization/Customization, Social Technology (content generation & networking).
    

Business Relationship Models

Model	Who Trades	Example
B2C	Business → Consumer	Shopee, Amazon
B2B	Business → Business	Alibaba, SAP Ariba
C2C	Consumer → Consumer	eBay, Facebook Marketplace
C2B	Consumer → Business	Upwork, Shutterstock (freelancers)
B2G	Business → Government	E-Gov Procurement Portals
G2C	Government → Consumer	Online tax filing (IRS Free File)
G2G	Government → Government	ITDS international trade data sharing

Revenue / Operational Models

Revenue Model	How It Works	Example
Advertising	Large audience; earn from displaying ads	Facebook, Google, Yahoo
Sales (Merchant)	Directly sells goods/services; owns inventory	Amazon, Gap.com
Subscription	Recurring fee (monthly/yearly) for access	Netflix, Wall Street Journal, McAfee
Free/Freemium	Basic free; premium features paid	Google, Pandora
Transaction Fee	Fee per transaction between buyers/sellers	eBay, E*Trade
Brokerage	Connects buyers & sellers; earns commission	Airbnb, Uber, Alibaba
Affiliate	Referral fee for directing users to another site	Amazon affiliate, MyPoints
Infomediary	Collects consumer/business data; sells to marketers	Bizrate
Mixed Model	Multiple revenue streams	Amazon (subscriptions + sales)

Value Chain in E-Commerce

Primary Activities — Inbound Logistics, Operations, Outbound Logistics, Marketing & Sales, Service
Supporting Activities — Organizational Infrastructure, HRM, Technological Development, Procurement
Disintermediation — Removing middlemen via e-commerce direct model → lower prices for consumers

      EDI (Electronic Data Interchange)
      Digital system for computer-to-computer exchange of standard business documents (purchase orders, invoices). ~80% of B2B still uses EDI. Enables automatic replenishment and just-in-time inventory. Traditional EDI used private VANs; modern EDI uses internet technologies.
    

Digital Goods, M-Commerce & Social Commerce

Digital Goods — Delivered over digital network (music, movies, software). High first-unit cost, near-zero marginal cost to reproduce. Protected by copyright, patent, trademark, trade secrets.
M-Commerce — E-commerce via mobile devices (smartphones, tablets). Includes apps, mobile-optimized sites, mobile payments.
Social Commerce — E-commerce facilitated through social media platforms. Example: Instagram Shops, TikTok Shop.
Behavioral Targeting — Tracks user clickstreams to deliver personalized ads. Raises privacy and ethical concerns.
Location-Based Services (LBS) — Geosocial (check-in), Geoadvertising (location ads), Geoinformation (nearby data).

Lecture 10

Supply Chain Management

Supply Chain vs. SCM

        Supply Chain
        What exists — the interconnected network from raw material suppliers through manufacturers, distributors, retailers to end consumers.
      

        SCM (Supply Chain Management)
        How it's managed — coordinating and optimizing the flow of materials, information, and finances to maximize efficiency and customer satisfaction.
      

Supplier

→

Manufacturer

→

Distributor

→

Retailer

→

Consumer

SCM Flows & Drivers

Flow Type	Direction	Example
Materials Flow	Downstream ↓ (supplier → customer)	Raw materials → finished goods → consumer
Information Flow	Upstream ↑ (customer → supplier)	Customer orders → retailer orders → distributor orders → manufacturer
Financial Flow	Upstream ↑	Receipts → invoices → billing to suppliers

SCM Driver	Impact	Trade-off
Facilities	Location & capacity of plants/warehouses	Centralized = cost efficient; Decentralized = faster delivery
Inventory	Raw materials, WIP, finished goods	High inventory = better responsiveness but higher holding cost
Transportation	Movement between supply chain stages	Air = fast but expensive; Sea = cheap but slow
Information	Data on orders, demand, inventory	Best driver for both responsiveness & efficiency (RFID, ERP, IoT)

SCM Stages & Key Concepts

Planning — Forecast demand, assess inventory, develop strategy to meet customer needs
Sourcing — Select suppliers based on quality, reliability, and cost
Manufacturing — Transform materials into finished goods with quality control
Logistics & Transportation — Move finished products to distribution points and customers
Order Fulfillment — Order management, inventory storage, delivery logistics
Customer Service — Real-time information on availability, order status, returns
After-Sales & Returns — Post-purchase support, returns processing
End of Life & Recycling — Responsible recycling (e.g., Apple trade-in program)

      The Bullwhip Effect
      Small changes in consumer demand cause increasingly large fluctuations as orders move upstream (retailer → distributor → manufacturer). Solution: real-time information sharing across the entire supply chain via SCM systems. Shared data includes inventory levels, production schedules, demand forecasts, and shipment status.
    

      Just-In-Time (JIT) Processing
      Produces goods only when needed, minimizing inventory. Reduces storage costs, waste, and lead time. Combined with minimal lot sizes for agility. Example: Car manufacturers ensuring parts arrive exactly when needed on assembly line.
    

E-SCM & Technology

e-SCM — Integrates digital technologies into SCM for collaboration, efficiency, global coordination
EDI in SCM — Supports continuous production and JIT inventory; enables automatic replenishment
3PL (Third-Party Logistics) — Outsource non-core activities (transport, warehouse) to specialists like DHL, FedEx
Enterprise Portal — Provides self-service access integrating ERP, CRM, SCM, BI under one interface

Lecture 11

Ethical & Social Issues in Information Systems

Five Moral Dimensions of the Information Age

Moral Dimension	Core Question	Example
Information Rights	Who controls personal data?	Data privacy
Property Rights	Who owns information?	Software piracy
Accountability	Who is responsible for IS failures or harms?	AI errors
System Quality	What standards protect individual rights and safety?	Data breaches
Quality of Life	Is technology improving society?	Job loss, digital stress

Ethical Decision-Making Principles

Golden Rule

Do unto others as you would have them do unto you. Treat others as you wish to be treated.

Kant's Categorical Imperative

If an action is not right for everyone to take, it is not right for anyone. Ask: "If everyone did this, would it be acceptable?"

Utilitarian Principle

Choose the action that produces the greatest good for the greatest number.

Risk Aversion Principle

Take the action that produces the least harm or least potential cost. When uncertain, choose the safest option.

Slippery Slope Rule

If an action cannot be taken repeatedly without harm, it is not right to take at all. Promotes consistency.

"No Free Lunch" Rule

Assume all tangible and intangible objects belong to someone unless declared free. Respect IP and compensate creators.

      Five-Step Ethical Analysis Process
      1. Identify and describe the facts clearly. 2. Define the conflict or ethical dilemma. 3. Identify stakeholders. 4. Identify reasonable options. 5. Identify potential consequences of each option.
    

      Ethical vs. Legal Grid
      Legal + Ethical (Quadrant I) | Legal + Unethical (III) | Illegal + Ethical (II — very rare) | Illegal + Unethical (IV). Example: making a personal backup copy of software = Legal & Ethical (I). Selling a copy = Illegal & Unethical (IV).
    

Privacy, Data Rights & Intellectual Property

Privacy — Right to be left alone, free from surveillance. Technology makes privacy invasion cheap and effective.
Opt-In Model — Data collection requires explicit user approval (GDPR standard in Europe)
Opt-Out Model — Data collected automatically unless user declines (common in US)
GDPR — EU law requiring explicit consent before using personal data. Right to access, correct, delete ("Right to be Forgotten").
NORA — Non-Obvious Relationship Awareness: finds hidden relationships by combining data from multiple sources. Used in security & fraud detection; raises surveillance concerns.
Digital Dossier — Detailed profile built from combining data from multiple online/offline sources.

IP Protection	Covers	Duration
Copyright	Creative works (books, music, software)	Life of author + 70 years
Patent	Inventions, methods, software ideas	20 years
Trademark	Symbols, logos, brand names	Renewable indefinitely
Trade Secret	Formulas, algorithms, processes not publicly disclosed	As long as kept secret

Key Principles of Ethical Conduct

Responsibility

Accept potential costs, duties, and obligations of decisions.

Accountability

Mechanisms must exist to determine who is responsible for actions and decisions.

Liability

Individuals and organizations can be legally held accountable for harm they cause.

Due Process

Laws and regulations should be followed with the right to appeal or correct errors.

Lecture 12

Securing Information Systems

Key Definitions

        Security
        Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.
      

        Controls
        Methods, policies, and procedures ensuring the safety of assets, accuracy of records, and operational adherence to management standards.
      

Malicious Software (Malware)

Malware Type	How It Works	Key Feature
Virus	Attaches to other programs/files; spreads when humans take action (email attachments, downloads)	Requires human action to spread; delivers payload
Worm	Independent program; copies itself across networks without attaching to files	Spreads without human behavior; can halt networks
Trojan Horse	Appears benign but executes unexpected malicious actions. Does NOT replicate.	Often delivers viruses. Example: ZeuS steals banking credentials
Ransomware	Takes control of computer, blocks files, demands payment	Proliferating on desktop and mobile
Spyware	Secretly installs on computer; monitors web activity; serves ads; resets homepages	Infringes on privacy; slows performance
SQL Injection	Exploits poorly coded web apps; sends rogue SQL queries to access/plant code in database	Targets input validation errors in web forms

Hackers & Computer Crime

Attack / Crime	Description
Cybervandalism	Intentional disruption, defacement, or destruction of a website or corporate IS
Spoofing	Redirecting a web link to a different address; site masquerades as the intended destination
Sniffer	Eavesdropping program that monitors network traffic; steals emails, files, confidential reports
DoS Attack	Floods server with false requests to crash it; makes site unavailable to legitimate users
DDoS Attack	DoS using numerous computers to overwhelm from multiple launch points
Identity Theft	Imposter obtains personal info (SSN, credit card) to impersonate someone else
Phishing	Fake websites/emails mimicking legitimate businesses to steal confidential data
Spear Phishing	Targeted phishing; message appears to come from a trusted source within the company
Evil Twins	Bogus Wi-Fi networks (airports, hotels) that look identical to legitimate networks
Pharming	Redirects users to bogus website even when correct address is typed; exploits ISP address data
Click Fraud	Fraudulently clicks online ads without intent; serious problem for pay-per-click advertising
Social Engineering	Tricking employees into revealing passwords by pretending to be legitimate company members

      Zero-Day Vulnerability
      A security hole in software unknown to its creator. Hackers exploit it before the vendor learns of it and releases a patch. Patch management — tracking vulnerabilities and applying patches — is the key defense.
    

Organizational Framework for Security & Control

General Controls

Apply to ALL computerized applications. Govern design, security, and use of programs organization-wide. Includes: software controls, physical hardware controls, data security controls, administrative controls.

Application Controls

Specific to each application (e.g., payroll). Ensure only authorized data is completely and accurately processed. Includes: Input Controls, Processing Controls, Output Controls.

Risk Assessment

Determines the level of risk if a specific activity is not properly controlled. Assesses: value of information assets, vulnerability points, frequency of problems, potential damage.

Security Policy

Ranks information risks, identifies acceptable security goals, and specifies mechanisms to achieve them. Drives AUP (Acceptable Use Policy).

Disaster Recovery Planning

Plans for restoring computing and communications services after disruption. Focuses on technical issues of keeping systems running.

Business Continuity Planning

Focuses on restoring business operations after a disaster. Identifies critical processes and action plans for mission-critical functions.

Authentication & Access Control

Method	Description
Password	Basic authentication; vulnerable to hacking — weakest method
Token	Physical device (key ring) displaying frequently changing passcodes
Smart Card	Credit-card-sized device with chip containing access permissions and data
Biometric	Reads individual human traits (fingerprints, irises, voices) to grant/deny access
Two-Factor Authentication	Combines two forms of identification (e.g., smart card + PIN). Significantly more secure.

Security Technologies

Firewall

Hardware and software controlling inbound/outbound network traffic. Placed between private internal network and untrusted external (internet). Acts as gatekeeper — deters but does not completely prevent penetration.

Intrusion Detection System

Full-time monitoring at vulnerable network points. Generates alarms for suspicious events. Scans for attack patterns; can shut down sensitive network parts if unauthorized traffic detected.

Anti-Malware Software

Prevents, detects, and removes malware (viruses, worms, Trojans, spyware, adware). Effective only against known malware at time of writing.

UTM (Unified Threat Management)

Combines multiple security tools into one appliance: firewalls, VPNs, intrusion detection, web content filtering, anti-spam. Leading vendors: Fortinet, Sophos, Check Point.

Encryption

Transforms plain text into cipher text using an encryption key. SSL/TLS for secure web sessions. Symmetric encryption (single key) vs. Public Key encryption (public + private keys).

Blockchain

Chain of digital blocks containing transaction records. Each block connected to those before and after. Records secured by cryptography. Transactions cannot be changed once recorded. No single point of failure.

      Public Key Infrastructure (PKI)
      Uses two keys: one public (shared) and one private. Digital certificates (issued by a Certificate Authority) establish identity for secure online transactions. Widely used in e-commerce. More secure than symmetric encryption because the private key is never shared.
    

Enterprise InformationSystems — Study Notes

Enterprise Information
Systems — Study Notes