INFORMATION SYSTEM SECURITY

DIT III
ITT 613
INFORMATION
Information is processed data.

Characteristics of Information

 Relevant
Information, to be considered relevant, must meet the requirements of the information
consumer group.
 Complete
Information must be complete to provide consumers with a full and operational picture.
Preventing IS using data
 Timely
The need for speed and timely access to computer information is paramount in this digital
age, especially for businesses. To be timely, information must be dynamic and available
when needed.
 Accessible
For information to be meaningful to consumers, it must be accessible and within reach. If
information consumers are not able to access the data when they need it, it can lead
disappointment.
 Accurate
Garbage in, garbage out (GIGO) is a computer science reference that effectively illustrates
how data quality can affect a system's output and can hamper effective decision-making
capabilities.
 Understandable
Unambiguous and understandable computer information means it is explicit, clear and
concise. There is no chance the data can be IS interpreted or IS understood. On the other
hand, ambiguous information can result in multiple interpretations of the same data, which
can cause confusion and discord in a system's framework.
 Valuable
The value of computer information can be measured based on an entity's reliance on such
information or how much an entity is willing to pay for information. Valuable that can be
used to make decision.

SOURCE OF INFORMATION

Information can come from virtually anywhere

1. Media,
2. Blogs,
3. Databases
4. Library Catalog
5. Personal Experiences
6. Books,
7. Journal And
8. Magazine Articles,
9. Expert Opinions,
10. Encyclopedias, And
11. Web Pages

INFORMATION SYSTEM (IS)

Definition

Refers to a computer-based system for collecting, creating, storing and distributing information.

IS enhances the quality of management and growth of the organization by providing timely,
accurate and meaningful information for planning, organization and control.

EXAMPLES OF INFORMATION SYSTEMS

 Banking System
 Database
 Customer Relationship Systems (track customer activities, purchasing trends)
 Online Air Ticketing Booking System (collect data from users and generates airline tickets
and a bill)
 Business Intelligence System (predict future sales, forecast revenues)
 data warehouses
 enterprise resource planning
 enterprise systems
 expert systems
 search engines
 geographic information system
 global information system
 Office automation.

OBJECTIVES OF IS

The purpose of IS is

1. To providing quick, timely and necessary information to the management to help them to
discharge their functions of organizing, planning, control and decision making.
2. For Reporting, Reports give an idea about the performance of men, materials, machinery,
money and management. Reports throw light on the utilization of resources employed in the
organization.
3. For Controlling Costs by giving information about idle time, labor turnover, wastages and
losses and surplus capacity.
4. For Making Comparison of actual performance with the standard and budgeted performance,
5. To brings the notice of the management strength (i.e., strong points of the organization) to
take advantage of the opportunities available.
6. To reports on production statistics regarding rejection, defective and spoilage and their effect
on costs and quality of the products.

Note:

In Summary IS

 Support of its business process and operations

 Support of decision making by its employees and managers
 Support of its strategies for competitive advantage-Gaining a strategic advantage

COMPONENTS OF IS

1. Hardware

Hardware is the most obvious part of a computer-based information system. Hardware refers to
the computers themselves, along with any and all peripherals, including servers, routers,
monitors, printers and storage devices.

2. Software

Without software, the hardware wouldn't be very useful. Software, the second element of IS is
what tells the hardware how to function. It gathers, organizes and manipulates data and carries
out instructions. Everything you do using a computer is done by the software.

3. Data

Data, or information, is the third element of a IS. Just as hardware cannot function without
software, software cannot function without data. This is the information part of an information
system, and whether that is statistical data, sets of instructions, lists of names or even graphics
and animations, it is all key to a IS.

4. Procedures

It is commonly said that "procedures are to people what software is to hardware." The fourth
element of CBIS, procedures are the rules, descriptions and instructions for how things are done.
In computer-based information systems, procedures are frequently covered in instruction or user
manuals that describe how to use the hardware, software and data.

5. People

People are the most often overlooked and most important part of a computer-based information
system. It is people who design and operate the software, input the data, build the hardware and
keep it running, write the procedures and it is ultimately people who determine the success or
failure of a IS.
6. Communication (Network)

Networks- are a connecting system that allows diverse computers to distribute resources. The
components that allow one computer to communicate with another are hardware and are
controlled by software. If communication between people is included in this element, though, it
is an important element.

FUNCTIONS OF IS

The main purpose of IS is to provide the management the necessary information for decision
making. In order to achieve this purpose IS is to perform the following functions.

1. Collection of Data :

The first function of IS is to collect necessary data from both internal and external sources of the
organization. The data of the organization which have already been gathered are kept in some
physical medium such as a paper form or entering it directly into computer system.

2. Processing Data:

After storing the data, the next important function of IS is to process the same. In the processing,
the data are converted to require management information, calculating company, sorting,
classifying and summarizing etc. are the necessary activities to be done for processing the data.

3. Storage of Information:

Under the IS, necessary data and information are carefully stored, so that it can save time for
searching the same. Generally, data and information are stored by reserving and organizing them
in the form of files, records and databases for future use.

4. Retrieval of Information:

Another function of IS is to retrieve the information to meet the exact management information
demands. So retrieval should be done as per the requirement of the management users.

5. Disseminating:

Disseminating is the last function or finished product of IS. By disseminating the data and
information are divided and distributed to the users in an organization. This can be done through
reports or outline through computer terminals periodically. Disseminating is the process of
distributing information to users in an organization.

CHARACTERISTICS OF IS

The management information system has the following characteristics:

1. System Approach
IS is based on the System approach. It is a step by step approach to the study of system and its
performance. Performance is made in the light of the objective which has been constituted for
that purpose.

2. Management Oriented:

Under IS, necessary information is provided to each manager at the right time, in right form and
a relevant one, which is required by the management by providing information in taking
effective managerial decision.

3. Future Oriented (Flexible)

IS allow the integration of additional components

4. Integrated:

A management information system is an integrated collection of information systems, each

designed to support a unique functional because Organizations are involved in various functions.

5. Common-Data Followed (Accurate):

IS deals with the common data that are available in the business.

6. Long Term Planning:

IS is prepared for long term planning of the business. The designer should consider the present
situation and future trend of the business activities, when IS is designed.

7. Control Database:

Another important characteristic of IS is that it always based on centralized data and information.

BENEFITS OF IS

1. Production Process

IS a technology monitoring the production and operations of a business. Using databases, IS tell
managers and decision makers the amount of inventory in stock, important information about
customers, accounting information and any other data that is entered into the company's
computer system. IS also "cleans" the company's data and removes any incorrect or erroneous
input. For example, if text is entered into a number field, an IS controller will fix that input.

2. Business Strategy (Plan)

IS employees provide data to decision makers within the company that assists with strategic
decisions. IS control the raw data that companies import from sales, services and other business.
From that data, managers decide what inventory they should purchase, what products are selling
the best and what demographic buys the product. Managers then make decisions concerning the
company's future based on the information IS provides.

3. Competency

A company's greatest strengths, also called their "competency," can become clear with the help
of IS. When data is compiled and analyzed by the IS department, the company sees what they do
best.

4. Simulations

The IS department is responsible for creating hypothetical models that predict where a business
could be in the future. Data is used from past quarters to create simulations about potential
revenue, expenses, employee recruitment and growth. Investors use growth projection
information to determine the value of a company in the future. IS workers help the company
brace for good times and bad with estimates based on complied data.

5. Better Decisions

The old saying "knowledge is power" applies when business owners use the data gathered in
their IS applications to make smarter decisions. Hence IS helps in formulation of planning, the
management can formulate correct planning because, and preparation of planning requires
various data and information, which can be systematically supplied by the process of IS.

6. Provides Coordination

Under this system of IS, data and information are collected from each sub-system of the
organization, through the concept of each Sub-System. So, the IS can provide the facility of
coordination.

7. Systematic Decentralization

IS also provides systematic decentralization in the organization. Under the process of IS,
different middle and lower level officers and managers are authorized to supply their
information. It also provides a system for monitoring performance. Likewise, the IS can help in
decentralization.

8. Control System

To be an effective control system, it should be based on relevant data and information. On the
other hand, relevant data and information can be provided regularly in a systematic manner by
the IS. So, IS can help in taking proper control.

9. Increase Speed in Operation

In order to increase the speed of operation of a business, data and information should be supplied
at the right time at the right place. Because, without data and information no operation can be
done in a proper way.

10. Reduce duplication of efforts

Under the Process of IS, various data and information are stored in a scientific manner. So, the
managers can take the help of these data and information before and at the time of performing
their activities. Thereby, the IS can prevent unnecessary duplication of efforts likely to be done
by the managers. Generally, duplication of effort happens owing to the lack of sufficient data
provided timely to the managers.

DISADVANTAGES OF IS

1. Data Quality Issues

One of the problems with an IS framework is that the quality of the system depends largely on
the quality of its data. If the data is insufficient, incorrect or misplaced, the decisions that
managers make based on that data can be faulty..

2. Security Issues

Another issue surrounding IS processes involves data security. Hackers, identity thieves and
corporate saboteurs target sensitive company data. Such data can include vendor information,
bank records, intellectual property and personal data on company management. The hackers
distribute the information over the Internet, sell it to rival companies or use it to damage the
company's image.

3. IS Expense

IS implementation can be very expensive for companies. The installation costs can be extremely
expensive for large companies. Additionally, new employee hiring or employee training related
to the IS can also add to the implementation costs.

4. Employee Hiring and Training

Properly trained employees are a critical part of an IS. Employees are at the front lines of
business operations and create or manage the daily activities of the company. If an IS finds a
system flaw or management decides to change a process based on the IS information, re-training
employees will usually be required. The length and depth of the training may vary, making it
difficult to estimate the cost of this training. Management will also have to account for the lost
productivity during this training period.

5. Inflexibility

Once an IS is created and installed in a company, it may prove to be an inflexible system.

Making changes quickly to reflect fluctuating business operations may not be possible depending
on the IS style and functionality.

6. Information Faults

This is capturing wrong or incomplete information. The IS designed to provide information to

management so sound decisions can be made regarding company operations. The biggest error
and IS can have is pulling incorrect or inadequate information for management. This problem
results in wasted time and money for the company, leading to another review of the IS to correct
the information flaws.

INFORMATION SYSTEM DISCIPLINE

is ‘a branch of instruction or learning in Information systems’ though we do not wish to imply

the desirability of.
 No actual agreement on a limited field of study,
 No total control
 No too much order

The IS discipline provides the following factors for studying organizational, social, and end-user
issues in information technology (IT).
1. Approaches (a way of dealing with something)
2. Methodologies (systematic procedures for approaching something) and
3. Tools (A device especially one held in the hand, used to carry out a particular function)

INFORMATION SYSTEM CAREER PATHWAYS

Career pathway
A Career Pathway is a series of connected education and training programs and support services
that enables individuals to secure a job or advance in a demand industry or occupation.

There is a wide variety of career paths in the information systems discipline. "Workers with
specialized technical knowledge and strong communications skills will have the best prospects.
Workers with management skills and an understanding of business practices and principles will
have excellent opportunities.

The information systems field includes the people who design and build information systems, the
people who use those systems, and the people responsible for managing those systems hence the
demand for traditional IT staff such as Chief Information Officer (CIO), Programmers, Business
Analysts, Systems Analysts, and Designer is significant.

The list of Information Systems in different areas of work:

 IS Strategy

Strategic information systems (SIS) are information systems that are developed in response to
corporate business initiative. They are intended to give competitive advantage to the
organization.

 IS Management

MIS focuses on the management of information systems to provide efficiency and effectiveness
of strategic decision making.

 IS Development
A series of methodologies and processes can be used to develop and use an information system.

 IS Iteration

A design methodology based on a cyclic process of prototyping, testing, analyzing, and refining
a product or process.

 IS Organization

An association of systems.
TYPES OF INFORMATION SYSTEMS

Information systems differ in their business needs. Also depending upon different levels of the
organization and the category of information they need.

Level of organization

1. Top level (executives)

2. Middle level (senior managers & middle manager)

3. Lower level ( workers & operational)

The categories of information are:

1. Strategic information

Strategic information is the information needed by top most management for strategic
planning and decision making.

2. Managerial information

Managerial information is the information needed by middle management for making short
term decisions, management control and plans for the organization.

3. Operational information.

Operational information is the information required at the operational level for carrying out
the day-to-day operational activities. Its capabilities is to provide information for
processing transaction of the organization,

Five Major Types of Information Systems are:

1. Executive Support System

2. Decision Support System

3. Management Information System

4. Transaction Processing System

5. Office Automation System

Executive Executive Support System (ESS) is a reporting tool (software) that allows
Support you to turn your organization's data into useful summarized reports. These
Systems reports are generally used by executive level managers for quick access to
reports coming from all company levels and departments such as billing,
cost accounting, staffing, scheduling, and more.

ESS provide quick access to organized data from departments, some

Executive Support System tools also provide analysis tools that predict a
series of performance outcomes over time using the input data.

ESS is useful to executives as it provides possible outcomes and quick

reference to statistics and numbers needed for decision-making.

An Executive Support System ("ESS") is designed to help senior

management make strategic decisions. It gathers analyses and summarizes
the key internal and external information used in the business.

Decision- These systems assist higher management to make long term decisions. These
Support type of systems handle unstructured or semi structured decisions. A decision
Systems is considered unstructured if there are no clear procedures for making the
decision and if not all the factors to be considered in the decision can be
readily identified in advance.

A decision support system must very flexible. The user should be able to
produce customized reports by giving particular data and format specific to
particular situations.

The DSS will collect and analyze the data and then present it in a way that
can be interpreted by humans. Mainly results for decisions are presented into
charts and graphs.

Decision-support systems ("DSS") are specifically designed to help

management make decisions in situations where there is uncertainty about
the possible outcomes of those decisions.
Examples of DSS

For example: a national on-line book seller wants to begin selling its
products internationally but first needs to determine if that will be a wise
business decision. The vendor can use a DSS to gather information from its
own resources (using a tool such as OLAP) to determine if the company has
the ability or potential ability to expand its business and also from external
resources, such as industry data, to determine if there is indeed a demand to
 meet.

Management These systems assist lower management in problem solving and making
information decisions. They use the results of transaction processing and some other
system information also. It is a set of information processing functions. It should
handle queries as quickly as they arrive.

An important element of MIS is database.

A database is a non-redundant collection of interrelated data items that can

be processed through application programs and available to many users.

Provides input to be used in the managerial decision process. Deals with

supporting well-structured decision situations. Typical information requirements
can be anticipated.

Transaction TPS processes business transaction of the organization. Transaction can be

Processing any activity of the organization. Transactions differ from organization to
Systems organization. Transaction Processing Systems ("TPS") are designed to
process routine transactions efficiently and accurately.

An informational scheme for the collection, storage, retrieval and

modification of transactions made by an organization

A business will have several (sometimes many) TPS; for example:

- Billing systems to send invoices to customers

- Systems to calculate the weekly and monthly payroll and tax payments
- Production and purchasing systems to calculate raw material requirements
- Stock control systems to process all movements into, within and out of the
business
Office Office automation system is an information system which is computer based
Automation that collects, processes, and stores and transmits electronic messages.
Systems
(Functional Office automation refers to the varied computer machinery and software
IS) used to digitally create, collect, store, manipulate, and relay office
information needed for accomplishing basic task.

Office Automation Systems are systems that try to improve the productivity
of employees who need to process data and information. Perhaps the best
example is the wide range of software systems that exist to improve the
productivity of employees working in an office (e.g. Microsoft Office XP) or
systems that allow employees to work from home or whilst on the move.
land-line phones, cell phones, Internet, Intranet, multimedia, voice mail
and email, file sharing
Relation of information systems to levels of organization

INFORMATION SYSTEM LIFE CYCLE

SYSTEM DEVELOPMENT LIFE CYCLE (SDLC)

System Development Life Cycle (SDLC) is a methodology contains series phases (stages) for
developing computer based systems in order to meet or exceed customer’s expectations.

Its purpose is to provide Information Technology (IT) project managers with the tools to help
ensure successful implementation of systems or applications that satisfy strategic and business
objectives.

System Development Life Cycle Phases:

These are the main six phases of the System Development Life Cycle, and it’s an iterative
process for each project
 MAINTAINANCE PLANNING

TESTING ANALYSIS

IMPLEMENTATION DESIGN

1. System Planning 

The planning phase determines "what" needs to be accomplished.

The Planning phase is the most crucial step in creating a successful system, during this phase you
decide exactly what you want to do and the problems you’re trying to solve, by:

 Defining the problems, the objectives and the resources such as determine a prospective
start and end date, What will be the cost of the project, what are the labor
requirements(personnel) and what equipments might be needed

 Studying the ability of proposing alternative solutions after meeting with clients,
suppliers, consultants and employees.

 Studying how to make your product better than your competitors’.

After analyzing this data you will have three choices: develop a new system, improve the current
system or leave the system as it is.

2. System Analysis

The analysis phase includes gathering information from users, developing screen layouts and
defining applicable rules.

 The end-user’s requirements should be determined and documented,

  What their expectations are for the system, and how it will perform.

 A feasibility (achievability) study will be made for the project as well, involving
determining whether it’s organizationally, economically, socially, technologically feasible.

It’s very important to maintain strong communication level with the clients to make sure you
have a clear vision of the finished product and its function.

3. System Design
Is designing the system, programs are designed and developed and databases are constructed. It
determines how the system will look like and how it will function, this phase defines:

 The Elements of A System

 The Components

 The Security Level,

 Modules (units or parts)

 Architecture (building) and

 The Different Interfaces (crossing points) and

 Type of Data That Goes Through the System.

A general system design can be done with a pen and a piece of paper and then a detailed and
expanded system design is produced

4. Implementation and Deployment

In this phase, the system is ready to be deployed and installed in customer’s premises (location),
ready to become running, live and productive, it is the actual construction process after having a
complete and illustrated design for the requested system.

 Software Installation (the actual code is written here).

 If the system contains hardware, then the implementation phase will contain configuration
and fine-tuning for the hardware to meet certain requirements and functions.

The training may be required for end users to make sure they know how to use the system and to
get familiar with it, the implementation phase may take a long time and that depends on the
complexity of the system and the solution it presents.

5. System Testing

Testing is becoming more and more important to ensure customer’s satisfaction, and it requires
no knowledge in coding, hardware configuration or design.
Testing can be performed by real users, or by a team of specialized personnel, it can also be
systematic and automated to ensure that the actual outcomes are compared and equal to the
predicted and desired outcomes.

6. System Maintenance

In this phase, periodic maintenance for the system will be carried out to make sure that the
system won’t become out of date. This will include replacing the old hardware and continuously
evaluating system’s performance, it also includes providing latest updates for certain components
to make sure it meets the right standards and the latest technologies to face current security
threats.

FUNCTION OF SDLC

1. Eliciting the user /clients requirements

2. Planning what you need to add to the system(the input) and what you what of the system (the
output)
3. Drafting (checking if you planning is correct and checking if can be improved).
4. Producing = designing
5. Testing = Checking the system to find errors to be corrected or to assure that it is perfect.
6. Updating ; 80 % of time of work is spent updating (maintaining)
7. Updating can be done to expand the system or add new features to improve the system.
Updating can also be done to fix problems (errors/bugs) in the systems. Updating may be
required with new or changed legislation(rules)

IMPORTANCE OF SDLC

1. Deliver quality systems that meet or exceed customer expectations when promised and
within cost estimates.
2. Provide a framework for developing quality systems using an identifiable, measurable, and
repeatable process.
3. Establish a project management structure to ensure that each system development project is
effectively managed throughout its life cycle.
4. Identify and assign the roles and responsibilities of all involved parties, including functional
and technical managers, throughout the system development life cycle.
5. Ensure that system development requirements are well defined and subsequently satisfied.

INFORMATION SECURITY

Information Security (InfoSec), is the practice of defending information from unauthorized

access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction
Infosec programs are important for maintaining the (CIA) of IT systems and business data.

CIA triad is a model designed to guide policies for information

security within an organization. The model is also sometimes
referred to as the (AIC triad) to avoid confusion with the
Central Intelligence Agency.

The elements of the triad are considered the three most crucial
components of security.
 Confidentiality
 Integrity and
 Availability

Confidentiality:

Confidentiality is a set of rules that limits access to information. Confidentiality is designed to

prevent sensitive information from reaching the wrong people, while making sure that the right
people can in fact get it. Confidentiality is roughly equivalent to privacy.

A good example of methods used to ensure confidentiality is

 Account Number When Banking Online.

 Data Encryption Is A Common Method Of Ensuring Confidentiality.

 User IDs And Passwords

 Biometric Verification And Security Tokens,

 Integrity:

Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its
entire life cycle. Data must not be changed in transit, and steps must be taken to ensure that data
cannot be altered by unauthorized people. These measures include file permissions and user
access controls. Backups or redundancies must be available to restore the affected data to its
correct state.

Availability: 

Availability is a guarantee of reliable access to the information. Availability is best ensured by

 Hardware repairs

 Necessary system upgrades.  

 Providing adequate communication bandwidth

 Disaster recovery is essential for the worst case scenarios; that capacity is reliant on the
existence of a comprehensive disaster recovery plan (DRP). Safeguards against data loss or
interruptions in connections must include unpredictable events such as natural disasters and
fire.

To prevent data loss from such occurrences, a backup copy may be stored in a geographically
isolated location,