CONFIDENTIAL

UNIVERSITI KUALA LUMPUR

BUSINESS SCHOOL

FINAL (3RD) ASSIGNMENT

JANUARY 2023 SEMESTER

COURSE CODE : EIB 20203 (IF10)

COURSE NAME : MANAGEMENT INFORMATION SYSTEM

PROGRAMME NAME : BACHELOR OF BUSINESS ADMINISTRATION (HONS)

TIME / DURATION : 6.00 PM – 09.00 PM / 3.0 HOURS

DATE : 21ST JUNE 2023

LECTURER’S NAME : DR AHMAD BUDIMAN BIN HJ HUSAIN

STUDENT’S NAME / ID : MUHAMMAD DANIEL BIN ROSDY / 62211222084

INSTRUCTIONS TO CANDIDATES

1. Please CAREFULLY read the instruction given in the question paper.

2. Answer ALL Questions.

3. All questions must be answered in English (any other language is not allowed).

THERE ARE TWO (2) PAGES OF QUESTIONS, INCLUDING THIS PAGE.

20 JANUARY 2023 CONFIDENTIAL

INSTRUCTION: Answer all questions.

Question 1

Maybank Berhad has been among the two largest banking service providers in Malaysia. To
stay profiting, they need to overcome the competitive forces that may affect their businesses.
Discuss in detail all the FIVE (5) Competitive Forces.
(20 marks)
The five competitive force is Competitive Rivalry In The Market. The financial
services industry is thought to be very competitive. The excellent return on investment has
drawn more market participants. Maybank's main competitors are Public Bank, CIMB, and
Hong Leong Bank. During the fiscal year 2020, Maybank earned $10.6 billion in revenue and
reported a net income of $5 billion, with an ROE of 7.8% and an excellent profit margin of
14.43%. CIMB recorded annual revenues of $6 billion, a 10.5% decrease year on year,
primarily due to the global pandemic, with a net income of $50.28 billion. Due to the
presence of megabanks, the market is intensely competitive.
Besides that, The Threat Of Substitutes is also one of the competitive forces. The
financial services industry is under enormous pressure from newly minted fintech startups
that leverage technological breakthroughs. However, the hazard is quite mild in the near
future.
The sector has developed over time, but there is still significant room for development in
order to eliminate inefficiencies and raise profitability. Many boring jobs can be automated
with little effort; there is an impending threat from fintech companies, which benefits
technology. However, in comparison to the incumbents' bundle offerings, they solely sell
one-off products. The worldwide fintech business, which is predicted to be worth $305 billion
by 2025, has enormous development potential. Despite the pressure on the business,
incumbents are capitalising on the situation and excelling on the digital front. As a result, the
threat remains low in the immediate future.
Furthermore, The Threat of New Entrants is also the main important Maybank
competitive force. In the industry, the threat is rated as moderate; it is determined by
underlying elements such as the compliance environment, the need for capital, and the
possibility for growth. The financial services business is one of the most strictly regulated in
the world in order to keep the general public secure. As a result, excessive compliance costs
limit profitability and act as a barrier to market participants. Another barrier is the lack of
differentiation in the items offered; it is difficult for a new entrant to gain market share and
penetrate a saturated market. High capital requirements, as well as limited capacity for
difference and innovation, are inescapable barriers for new entrants. Established incumbents

EIB 20203_MANAGEMENT INFORMATION SYSTEM Page PAGE 3 of

NUMPAGES 3
20 JANUARY 2023 CONFIDENTIAL

with a significant market share also discourage new entrants. Therefore, the threat remains
low in the short term.
In addition, The Bargaining Power Of Suppliers. Suppliers in the financial services
business have moderate bargaining strength. When there is a threat of forward integration,
suppliers congregate and supply becomes specialised. However, the danger of forward
integration is limited because suppliers cannot enter the business quickly. Risk is weighted
according to the importance of suppliers, and financial experts have little bargaining power
because they are many while vaccinations are scarce. Institutional investors inject large
sums of money into the business, but only under rigorous conditions and at a high rate of
return; additionally, they have other possibilities for investing. They are conscious of their
importance, which results in more bargaining power. When suppliers understand their value,
they have more bargaining power. Therefore, suppliers have moderate to high bargaining
power.

Lastly, The Bargaining Power Of Buyers. Customers' bargaining power is rated as

firmly moderate to high in the industry. Buyers' bargaining power is related to their
importance to the firm, buyer concentration, and switching costs. Because the sector is
increasingly competitive, purchasers have more options to pick from, which they take
advantage of. High market rivalry gives the consumer more negotiating power. Digitization
has also contributed to increased customer awareness, and customers now expect more
personalised services at lower prices. The lack of differentiation among services offered, as
well as the absence of switching costs, make migrating to another service provider easy for
users. As a result, purchasers have moderate to strong bargaining power.

Question 2

To start a new organization, it is common for companies to urgently set up a new department
that will run day-to-day business organization activities. Discuss FIVE (5) departmental
Information Systems that is crucial for company expansion.
(20
Marks)
Five departmental Information Systems that are crucial for company expansion are
Transaction Processing Systems. Transaction processing systems (TPS) handle data
collection, storage, processing, and output for a company's fundamental operations. TPS
information systems gather data from user inputs and generate outputs based on the
information gathered. one online plane ticket booking system is one example of a TPS
system.

EIB 20203_MANAGEMENT INFORMATION SYSTEM Page PAGE 3 of

NUMPAGES 3
20 JANUARY 2023 CONFIDENTIAL

In such a system, travellers enter their flight itinerary and preferred seats (the input), and the
system refreshes the list of available seats, deleting those chosen by the traveller (the
processing). The system then generates a bill as well as a duplicate of the ticket (the output).
TPS information systems, which can be based on real-time or batch processing, can assist
business managers in meeting demand without the need for extra staff.
Secondly, Management Information System. Managers and owners of small
businesses rely on an industry-specific management information system, or MIS, to obtain
current and historical operational performance data, such as sales and inventory data. The
MIS can generate scheduled reports on a regular basis, which corporate management can
use in strategic, tactical, and operational planning and operations. An MIS report, for
example, could be a pie chart that shows product sales volume by territory or a graph that
shows the percentage growth or reduction in a product's sales over time. Small business
owners and managers rely on MIS to conduct ad hoc "what-if" studies. For example, a
manager may utilise the system to calculate the impact on delivery schedules if monthly
sales double.
Besides that, The Decision Support System. A decision-support system, or DSS,
enables small-business owners and managers to employ predefined or ad hoc reports to
assist with operations planning and problem-solving decisions. Users utilise DSS to get
answers to specific questions in order to assess the potential impact of a choice before it is
implemented. A data summary report, such as a product revenue by quarter sales report,
may be used to respond to enquiries. Business owners and managers conduct an analysis
by using an interface - a dashboard - to select a specific graphic depiction of a key
performance indicator that gauges progress towards attaining a specified goal. A
manufacturing dashboard, for example, might show a visual reflecting the number of
products made on a specific line.
Furthermore, The Executive Support System. The executive support system, or
ESS, is a collection of preconfigured reports that assist small-business owners and
managers in identifying long-term patterns to aid in strategic planning and nonroutine
decision-making. System users can examine individual preconfigured reports and graphs
based on companywide and functional department data, such as sales, scheduling, and cost
accounting, by clicking on any icon presented on the ESS screen and entering report criteria.
The ESS reports provide information to the business manager or owner on a certain topic,
such as market trends and buyer preferences. Based on current data, the ESS system also
provides analysis capabilities for predicting outcomes, assessing performance, and
calculating statistics.
Lastly, The Knowledge Work System. An organisation may use various knowledge
management systems to ensure a continual flow of fresh and updated knowledge into the company
and its activities. A knowledge work system (KWS) is a type of knowledge management system that
EIB 20203_MANAGEMENT INFORMATION SYSTEM Page PAGE 3 of
NUMPAGES 3
20 JANUARY 2023 CONFIDENTIAL

facilitates the incorporation of new information or knowledge into corporate processes. Furthermore,
KWS provides assistance and resources for a variety of knowledge generation methodologies,
artificial intelligence applications, and group collaboration platforms for knowledge sharing, among
other things. It also uses images, pictures, and other forms of media to deliver new information. Some
of the applications that work on the key concepts of KWS such like Designers often use computer-
aided design systems (CAD) to automate their design process.

Question 3

Data security is very crucial in data management. Database administrator must aware the
threat that may affect the data as well as the information. Explain FIVE (5) categories of
threats normally faced by the user.
(20 marks)

Five categories of threats normally faced by the user are Insider Threats. Insider threats
occur when someone closes to a company who has authorised access to its network
purposefully or accidentally misuses that access to harm the company's essential data or
systems. Insider dangers are created by careless employees who do not follow their
organisations' business rules and procedures. They may, for example, mistakenly provide
customer data to other parties, click on phishing links in emails, or share their login
credentials with others. Other insider dangers come from contractors, business partners, and
third-party vendors. Some insiders willfully circumvent security measures for the sake of
convenience or in an ill-conceived attempt to become more productive. Malicious insiders
deliberately circumvent cybersecurity protocols in order to erase data, steal data for later
sale or exploit, disrupt operations, or otherwise harm the firm.

Besides that, Viruses and Worms. Viruses and worms are harmful software programmes
(malware) that are designed to destroy a company's systems, data, and network. A
computer virus is a piece of harmful code that copies itself to another programme, system, or
host file. It remains dormant until it is activated, either intentionally or unintentionally,
spreading the infection without the knowledge or approval of a user or system administrator.
A computer worm is a self-replicating programme that spreads without the need for a host
programme or human involvement. Its primary function is to spread the infection to other
computers while remaining active on the afflicted system. Worms frequently spread through
automatic and unnoticed portions of an operating system. When a worm enters a system, it
immediately begins replicating itself, infecting unprotected systems and networks.

EIB 20203_MANAGEMENT INFORMATION SYSTEM Page PAGE 3 of

NUMPAGES 3
20 JANUARY 2023 CONFIDENTIAL

Furthermore, Botnets. A botnet is a network of Internet-connected devices, such as PCs,

mobile devices, servers, and IoT devices, that are infected with and controlled remotely by a
common form of malware. Typically, botnet malware scans the internet for vulnerable
devices. The threat actor who creates a botnet's purpose is to infect as many connected
devices as possible, leveraging the computational power and resources of those devices for
automated operations that are generally hidden from the devices' users. The threat actors
who operate these botnets, who are generally cybercriminals, utilise them to transmit email
spam, engage in click fraud operations, and create malicious traffic for distributed denial-of-
service assaults.
In addition, Drive-By Download Attacks. In a drive-by download attack, malicious malware
is downloaded from a website without the user's permission or knowledge via a browser,
application, or integrated operating system. To start the download, the user does not need to
do anything. Simply visiting or viewing a website can initiate a download. Drive-by
downloads can be used by cybercriminals to inject banking Trojans, steal and collect
personal information, and deploy exploit kits or other malware to endpoints.

Lastly, Phishing Attacks. Phishing attacks are a type of information security threat that
uses social engineering to trick users into violating normal security practises and disclosing
sensitive information such as names, addresses, login credentials, Social Security numbers,
credit card information, and other financial information. Most of the time, hackers send out
bogus emails that appear to be from reputable sources such as financial institutions, eBay,
PayPal, and even friends and coworkers. In phishing attacks, hackers seek to persuade
users to perform a certain action, such as clicking on links in emails that direct them to
bogus websites that request personal information or install malware on their computers.
Opening attachments in emails can also install malware on users' computers, which is aimed
to collect sensitive information, sending emails to contacts, or enabling remote access to
their machines.

Question 4

The emergence of computer technology posing an increasing threat on user either in

intentional or unintentional. Explain FIVE (5) situations where the user is being treated
intentionally.
(20 marks)
Five situations where the user is being treated intentionally are Unpatched Security
Vulnerabilities. While new threats emerge on a daily basis, many of them rely on
outdated security flaws to function. With so much malware attempting to exploit the
same few vulnerabilities over and over, one of the most serious hazards that a
EIB 20203_MANAGEMENT INFORMATION SYSTEM Page PAGE 3 of
NUMPAGES 3
20 JANUARY 2023 CONFIDENTIAL

corporation may face is failing to fix such vulnerabilities once they've been detected.
It's all too usual for a company or even individual network user to ignore "update
available" notifications that appear in some programmes because they don't want to
sacrifice the 5-10 minutes of productive time that running the update would need.
Most users find updating to be inconvenient. However, it is a "nuisance" that might
save a company a lot of time, money, and lost revenue in the long run. The simple
solution is to keep a regular update schedule—a day of the week when your IT staff
checks for the newest security patches for your company's software and ensures
that they are applied to all of your company's systems.

Besides that, Hidden Backdoor Programs. This is an example of an intentionally-

created computer security vulnerability. A backdoor is a programme or piece of code
installed by a manufacturer of computer components, software, or entire machines
that allows a computer to be remotely accessed (usually for diagnostic,
configuration, or technical support purposes). A hidden backdoor programme is one
that is installed into a computer without the user's knowledge. Hidden backdoors are
a major software vulnerability because they allow anyone with knowledge of the
backdoor to gain unauthorised access to the compromised computer system and
any network to which it is connected.

Furthermore, Superuser or Admin Account Privileges. One of the most fundamental

principles of mitigating software vulnerabilities is to restrict programme users' access
privileges. The less information/resources a user has access to, the less damage a
compromised user account can cause. Many organisations, however, fail to regulate user
account access capabilities, allowing nearly every user on the network to have "Superuser"
or administrator-level access. Unprivileged users can create admin-level user accounts in
some computer security configurations. It is critical for controlling computer security risks to
ensure that user account access is restricted to only what each user requires to execute
their work. It is also crucial to ensure that freshly formed accounts do not have admin-level
access in order to prevent less-privileged users from simply creating more powerful
accounts.

In addition, Unknown Security Bugs in Software or Programming Interfaces. Computer

software is quite complex. When two or more programmes are designed to communicate
with one another, the complexity simply grows. The problem with this is that there may be
programming flaws and conflicts inside a single piece of software, which can lead to security
EIB 20203_MANAGEMENT INFORMATION SYSTEM Page PAGE 3 of
NUMPAGES 3
20 JANUARY 2023 CONFIDENTIAL

vulnerabilities. When two programmes communicate, the chance of disagreements that

result in software vulnerabilities increases. Programming defects and unexpected code
interactions are among the most frequent computer security vulnerabilities, and hackers
work hard every day to find and exploit them. Unfortunately, forecasting the formation of
these computer system vulnerabilities is extremely impossible because the combinations of
software that can be found on a single computer, let alone an entire network, are virtually
limitless.

Lastly, Automated Running of Scripts without Malware Or Virus Checks. One frequent
network security vulnerability that some attackers have learnt to exploit is the tendency of
certain web browsers (such as Safari) to launch "trusted" or "safe" scripts automatically.
Cybercriminals might enable the browser software to run malware without the user's
knowledge or input by impersonating a trusted piece of code and deceiving the browser—
who, in many cases, would not know how to stop this "feature." While preventing employees
from visiting malicious websites is a good start, blocking the automated running of "safe"
files is far more reliable and required for compliance with the Centre for Internet Security's
(CIS') guidelines.

Question 5

(a) What are the challenges of managing IT infrastructure and management solutions?
(10 marks)
the challenges of managing IT infrastructure and management solutions:
1) Making IT objectives business priorities

IT, like many other departments, can find it challenging to prioritise its goals for the
greater good. Whether you need more investment or are fighting to keep particular
components of your department in-house, one of the most difficult - and oldest -
concerns are proving your worth to decision-makers.
This can be accomplished by describing your department's overall goals and how you
have met them. If you have been unable to meet all of your targets, you must explain
why and propose a strategy for doing so in the coming quarter.
2) Pricing vs. the environment

Another important difficulty for modern IT administrators is lowering the facility's

operating costs. However, this frequently goes hand in hand with ensuring your activities

EIB 20203_MANAGEMENT INFORMATION SYSTEM Page PAGE 3 of

NUMPAGES 3
20 JANUARY 2023 CONFIDENTIAL

are as environmentally sustainable as possible. With additional regulations and even

fines imposed on organisations that fail to reduce their carbon footprint, balancing cheap
costs while remaining environmentally friendly is a serious challenge.
So don't need to settle on the optimal course of action for these because there's unlikely
to be an answer that doesn't compromise one or the other, but presenting answers is
essential. Pricing structure is frequently unique to each organisation, but there are some
commonalities, such as phasing out programmes that are rarely used or offer cheaper
alternatives, re-evaluating other management expenditures, and looking at other
spending to assist lower costs.

3) Service-level aggreements and what to do internally

Reliability has been a major concern in IT management from the dawn of technology as
we know it. Service Level Agreements (SLAs) are utilised when a portion of the facility is
outsourced, but even if everything is kept in-house, having an equivalent to assure a
high degree of IT service is prudent.
This is directly related to customer satisfaction (CSAT), since any disruption in service
caused by infrastructure might result in dissatisfied customers who will look to move their
business elsewhere. Ensure that your organisation conducts regular surveys to better
understand your clients' IT needs and pain issues.
4) The lack of powerful computing platforms

Because cloud computing infrastructure is at the heart of custom software development,

a lack of it could easily be holding your organisation back. The powerful platforms are
required to address obstacles such as data storage and managing computing activities.
Without cloud computing platforms, you'll struggle to advance in your IT capabilities, thus
it's worthwhile to invest in the technology now. This should ensure that there is enough
capacity and energy to accommodate cutting-edge software and hardware.

5) The increase in cyberattacks and security breaches

Increased IT infrastructure increases the risk of cyberattacks and security breaches, but
such risks should not deter your organisation. According to a poll conducted by
International Data Corporation (IDC), 80% of chief information security officers (CISOs)
failed to identify instances of excessive access to confidential data within their cloud
environments.

EIB 20203_MANAGEMENT INFORMATION SYSTEM Page PAGE 3 of

NUMPAGES 3
20 JANUARY 2023 CONFIDENTIAL

Security breaches aren't simply an internal issue, and developing measures to

counteract external threats is a vital component of IT infrastructure management. With
technology becoming increasingly important in every organisation, cyberattacks have the
potential to have far-reaching consequences.

(b) Explain FIVE (5) unique features of e-commerce, digital markets and digital goods?
(10 marks)

Five unique features of e-commerce, digital markets and digital goods:

1. Ubiquity
E-commerce is widespread, that is, it is available everywhere always. It sets the free
market from being restricted to a physical space and makes it possible to shop from a
computer (such as a desktop, or laptop). The result is called a market space.
For consumers, ubiquity cuts transaction costs for exploring products in a market.
Consumers can acquire any information whenever and wherever they want, regardless
of their location. It is no longer necessary that buyers to spend time and money
travelling to a market. In all, it saves the cognitive energy needed to transact in a
market space.
2. Global reach
When compared to traditional commerce, e-commerce technologies allow a business
to effortlessly reach across geographic barriers all over the world. Companies all
around the world are increasing their earnings and business results by expanding their
operations using e-commerce solutions. As a result, the potential market size for
online merchants is about equivalent to the size of the online population.
3. Universal standards
Universal norms are norms that all nations across the world adhere to. These are
Internet technical standards for conducting e-commerce. It allows everyone to connect
at the same "level" and creates network externalities that benefit everyone. Universal
technical standards reduce entry and search expenses.

EIB 20203_MANAGEMENT INFORMATION SYSTEM Page PAGE 3 of

NUMPAGES 3
20 JANUARY 2023 CONFIDENTIAL

4. Interactivity
E-commerce technology allows for two-way contact between buyers and sellers,
making it interactive. It demonstrates a considerable advantage of e-commerce
technology over commercial traditional technologies of the twentieth century.
5. Information density
The overall volume and quality of information available to all market buyers and
sellers via the Internet is referred to as information density. The Internet significantly
enhances information density. Consumers and retailers benefit from more information
density. E-commerce technologies improve information accuracy and timeliness. For
example, the flipkart.com store offers a wide range of products and pricing.

END OF EXAMINATION PAPER

EIB 20203_MANAGEMENT INFORMATION SYSTEM Page PAGE 3 of

NUMPAGES 3