Information security means protecting information and information system from unauthorized access, use, disclosure, disruption, modification

or destruction.
Security refers to the policies, procedures & technical measures to prevent unauthorized access, alteration, theft or physical damage to information system. Control consist of all the methods, policies & organizational procedures that ensures the safety of the organizational assets, the accuracy & reliability of its accounting records

More involvements of computers in our daily life. Keep your system safe from hackers. Data theft is growing concern among corporate. Preventing people from accessing data on your computer.

Security management system is designed to meet threats & it has following scope Identification of threats & possibilities of its occurrence Protecting the information & information system from unauthorized access. Ensure the privacy of individual & personal information Provides methods & system to recover from damage & to put the information system track for normal use

Confidentiality Integrity Availability

Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The system attempts to enforce confidentiality by encrypting the card number during transmission

In information security, Integrity means that data cannot be modified without authorization. Integrity is violated when an employee accidentally or with malicious intent deletes important data files, when a virus infects a computer, when an employee is able to modify his own salary in a payroll database.

The information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly

Information security threats

A Virus is a computer program that attaches itself to another legitimate program and cause damage to the computer system or to the network.

It can attaches itself to executable file and keeps replicating and looks for another executable file to attach itself and spread. It can infect the master boot record of the disk and spread on the disk when the operating system starts booting the computer.

Worms are independent computer programs that copy themselves from one computer to other computer over a network. Unlike virus, worms operates on their own without attaching to other computer program file. Worms destroy data & programs as well as disrupts the operations of computer .

A hidden piece of code that attempts to reveal confidential information to an attacker. Trojan horses are designed to allow a hacker remote access to a target computer system. Once a Trojan horse has been installed on a target computer system, it is possible for a hacker to access it. The term is derived from the Trojan Horse story in Greek mythology.

Spyware transmits personal data to the third party that will use it for a purpose you did not sanction. spyware is a type of malware that is installed on computers and collects little bits information at a time about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect

A hacker is a individual who intends to gain unauthorized access to a computer system. Hackers & crackers gain unauthorized access by finding weaknesses in the security protection, often taking advantage of various features of the internet that make it an open system that is easy to use.

We tend to think the security threats to a business originate outside the organization. In fact, company insiders pose serious security problems. Studies found that user lack of knowledge is the single greatest cause of network security breaches End users introduce error by entering faulty data or by not following the proper instruction for processing data & using computer equipment

To control the threats to information system an organization must invest in proper security developed through Security Management system. The objective of such system is to reduce the incidence of failures, erroneous human actions & predict & prepare for contingencies to minimize the damaging impact of natural calamities.
The measures are-

Servers, PCs are controlled for access. Policy, procedures & record keeping system keep a watch on who visits & how long. Access to sensitive installation & storage areas is restricted & only allowed on authorization from the management.

Monitoring keeps tracks of users access, files referred, read, which provides information on how the system is used by whom & in what manner

Each individual user has unique physical trait such as finger prints, face geometry, voice recognition. When the biometric profile is read by the system matches with the stored biometric profile, access is granted to the user. In the event of mismatch, the permission to access is not granted

A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. Firewall processes names, IP address & all incoming request & confirm the authenticity & validity of the access by checking against access rules programmed into the system

Is a art and science of achieving security by encoding message to make them non readable. Encryption is a process of making information not understandable by all. The message is secured through the process of encryption & decryption. Encryption algorithm converts normal text into cipher text through encryption. The decryption process reconverts cipher text to normal text. Encryption method uses a pair of public key & private key unique to sender & receiver to secure the communication

Intellectual Property is a property that arises from the human intellect. It is a product of human creation. Intellectual Property is the creation of the human intellectual process and is therefore the product of the human intellect or mind.

Information & information products such as business rules, business model, patterns, layout, diagram or specific compilation in certain format used for business advantage can be classified as intellectual property. They can be viewed, copied & distributed on network. Therefore, such intellectual property requires protection provision from copyright, patient act.

Copyright is a statutory grant that protects creators of intellectual property from having their work copied by other for any purpose during the life of the author plus additional 70 years after the authors death. For corporate owned works, copyright protection lasts for 95 years after their initial creation. Copyright is a right given by law to creators of literacy, dramatic, musical & artistic work. It ensures certain safeguards of the rights of author over their creation

In the mid-60s, the copyright office began registering software program & in 80s Congress passed the computer software copyright act, which provides protection for software program code. Copyrights protect against copying of entire programs or their parts. Damages & relief are readily obtained for infringement.

A patent grants the owner an exclusive monopoly on the ideas behind an invention for 20 years. The patents are granted after formal application by the investor to patent certification body of the country & after an elaborate scrutiny of the invention, the patents are granted by the patent officer

The key concept in patent law are originality, novelty & invention. The patent officer did not accept application for software patents routinely until a 1981 supreme court decision that held that computer programs could be a part of a patentable process. The strength of patent protection is that it grants monopoly on the underlying concept & ideas of software.

Information stored in the electronic media can be easily replicated, altered & reorganized in a new format making it difficult to prove that it is theft. Internet is used to transmit information in any form freely around the world. With web technology copying, altering & configuring different information objects & creation of altogether new information object is easily possible.

Microsoft & 1,400 other software & information content firms are represented by the Software & Information Industry Association(SIIA), which lobbies for new laws & enforcement of existing laws to protect intellectual property around the world.

Ethics is a study of the principles & practices, which guides to decide whether the action taken is morally right or wrong. Ethics is about values & human behavior. The value & human behavior is primarily regulated by various legal provision & can be enforced through courts. A well defined & accepted code of conduct largely ensures the obligation of ethical use of IT for competitive advantages.

Respecting ethical values means making a beginning to protect generally accepted individual human rights. The rights are

The right to healthy life & work safety The right to privacy The right to private intellectual property The right to fair treatment & no discrimination

Inappropriate use of computer technology Inappropriate use of computer resources Manipulation of records Deletion/distortion of records Unauthorized access Unauthorized electronic transfer of funds Criminal hacking Violating intellectual property rights

The five dimensions are:

Information Rights and Obligations, Property Rights, Accountability and Control, System Quality, and Quality of Life

There have been some attempts to regulate the collection and use of information about individuals.

Fair Information Practices(FIP) is a set of principles governing the collection & use of information about individuals( data collectors must take responsible step to assure that consumer information is accurate & secure from unauthorized use).

Health Insurance Portability & Accountability Act of 1996 (HIPAA), which took effect on April 14, 2003, includes privacy protection for medical records.
Privacy Protection Act of 1980 Video Privacy Protection Act of 1988

Intellectual property is considered to be property created by individual or corporation. Information technology has made it difficult to protect intellectual property because computerized information can be easily copied or distributed on networks. Intellectual property is subject to a variety of protections under different legal traditions Copyright Patent law

Many of our laws and court decisions establishing precedents in the area of accountability, liability, and control were firmly in place long before computers were invented. Many of them date back to the early 1900s, and some simply don't make sense in this day and age.
Who can & will be held accountable & liable for the harm done to individual

As we rely on Information Systems more, data quality issues are gaining importance. These issues affect you as a consumer and as a user. When the credit reporting agencies mess up your credit record and you can't get a car loan.
What standards of data & system quality should we demand to protect individual rights & safety of society

The negative social costs of introducing information technologies & systems are beginning to mount along with the power of the technology. We hear stories about children who haven't developed normal social skills because they spend all their time in front of a computer One quality of life issue that affects more and more people personally is the ability to work from home. . The impact on personal and family life can be considerable.

Managing Global Information Systems

A global information system is an information system which is developed and / or used in a global context. A global information system is any information which attempts to deliver the totality of measurable data worldwide within a defined context.

The International Information Systems Architecture consist of basic information systems required by organizations to coordinate worldwide trade and other activities

The basic strategy to follow when building an international system is to understand the global environment in which the firm is operating, the overall market force, that are pushing industry towards global competition. Also examines the inhibitors or negative factors that creates management challenges.

Corporate global strategy for competing in that environment. Organize production & distribution around the globe.

After strategy, it is time to consider how to structure the organization so it can pursue the strategy. Division of labour across a global environment? Where will production, administrative, marketing & HR functions be located? Who will handle the system function?

Discover & manager user requirement Change in local unit to conform to international requirement Reengineer on global scale

Changing technology is a key driving factor leading towards global market. As markets have become much more competitive quality has become widely regarded as a key ingredient for success in business.

As markets have become much more competitive - quality has become widely regarded as a key ingredient for success in business. Today's business climate requires an exact interpretation of customer requirements coupled with effective and efficient processes to meet those requirements.

In its broadest sense, Quality is a degree of excellence In the narrow sense, Product or service quality is conformance with requirement, freedom from defects or contamination, or simply a degree of customer satisfaction.

Defining Assurance Freedom from doubt Defining Quality Assurance Systems Prevention-based systems which improve product and service quality, and increases productivity by placing the emphasis on product, service and process design. The purpose of QA is: To provide assurance to a customer To ensure that manufacturing and/or service standards are uniform

Quality Assurance consists of four steps: Plan, Do, Check, and Act (PDCA).
Plan: Establish objectives and processes required to deliver the desired results. Do: Implement the process developed. Check: Monitor and evaluate the implemented process by testing the results against the predetermined objectives Act: Apply actions necessary for improvement if the results require changes.

Software Quality Assurance (SQA) is defined as a planned and systematic approach to the evaluation of the quality of software product standards, processes, and procedures. SQA includes the process of assuring that standards and procedures are established and are followed throughout the software acquisition life cycle.

Product evaluation and process monitoring are the SQA activities that assure the software development and control processes described in the project's Management Plan are correctly carried out and that the project's procedures and standards are followed.

Product evaluation is an SQA activity that assures standards are being followed. SQA assures that clear and achievable standards exist and then evaluates compliance of the software product to the established standards. Product evaluation assures that the software product reflects the requirements of the applicable standard(s) as identified in the Management Plan.

Process monitoring is an SQA activity that ensures that appropriate steps to carry out the process are being followed. SQA monitors processes by comparing the actual steps carried out with those in the documented procedures.

A fundamental SQA technique is the audit, which looks at a process and/or a product in depth, comparing them to established procedures and standards. Audits are used to review management, technical, and assurance processes to provide an indication of the quality and status of the software product. The purpose of an SQA audit is to assure that proper control procedures are being followed