Академический Документы
Профессиональный Документы
Культура Документы
Code: ETCS-401
UNIT- I
Information and Security:
Information Systems: Recent History, Distributed Information System
and its Importance, Role of Internet and Web Services, Threats and
attacks, Classification of Threats and Assessing Damages Security in
Mobile and Wireless Computing- Security Challenges in Mobile Devices,
authentication Service Security, Security Implication for organizations,
Laptops Security. Basic Principles of Information Security,
Confidentiality, Integrity Availability and other terms in Information
Security, Information Classification and their Roles, Privacy of Data.
History
• What has changed in 50 Years ?
• Importance of WWW – backbone
• The EDI(Electronic Data Interchange), ERP (Enterprise Resource
Planning), EIS(Executive Information System), Supply Chain
Management(SCM)
• ENIGMA
Information System
• An Information System can be defined technically as a set of
interrelated components that collect (or retrieve), process, store and
distribute information to support decision making and control in an
organization. Another definition of an Information system (by
Buckingham et al (1987b)
Another Definition
• A system which assembles, stores, processes, and delivers
information relevant to an organization (or to a society), in such a way
that the information is accessible and useful to those who wish to use
it, including managers, staff, clients and citizens. An information
system is a human activity (social) system, which may or may not
involve the use of computer systems. Also, in addition to supporting
decision-making, information systems help workers and managers to
analyze complex problems, to develop new products and to integrate
the various modules and departments.
Types of Information Systems
• The six major types of information systems corresponding to each organizational
level are:
• 1. Transaction Processing Systems (TPS): serve the operational level of an
organization.
• 2. Knowledge work systems (KWS)
• 3. Office automation systems (OAS) to serve the knowledge level of an
organization.
• 4. Decision-support systems (DSS)
• 5. Management information systems (MIS) serve the management level of the
organization.
• 6. Executive support systems (ESS) serve the strategic level of an organization.
What is Security in General
• IS management has as goal to avoid damage and to control risk of damage to information assets
(forensics)
The Need for Information Security
• Why not simply solve all security problems once for all?
• Reasons why that’s impossible:
– Rapid innovation constantly generates new technology with new vulnerabilities
– More activities go online
– Crime follows the money
– Information security is a second thought when developing IT
– New and changing threats
– More effective and efficient attack technique and tools are being developed
• Conclusion: Information security doesn’t have a final goal, it’s a continuing process
Security control categories
•Physical controls
•Technical Controls
•Administrative controls
Physical controls
• Facility protection
• Security guards
• Locks
• Monitoring
• Environmental controls
• Intrusion detection
Technical Controls
• Preventive controls:
Prevent attempts to exploit vulnerabilities
Example: encryption of files
• Detective controls:
Warn of attempts to exploit vulnerabilities
Example: Intrusion detection systems (IDS)
• Corrective controls:
Correct errors or irregularities that have been detected.
Example: Restoring all applications from the last known good image to bring a corrupted system back
online
Layers of
DIS
Information System Architecture
• Q1. Distributed system as a stack of three abstract layers, Names the layers?
• Q2. The statement, " client/Server Architecture emerged where the presentation layer resided with the
client" , is true?
• Q3. 3 Tier Architecture also evolved to integrate between ______ Systems and allow for ______
Connectivity.