INFORMATION SYSTEMS IN ORGANIZATIONS Information and data Zatil Ridh'wah Hj Darot
Data Definition: raw facts and can take in the form of a number, a statement or a picture. They are ____________in the production of information. Raw data is useless, thus it is manipulated through a process (such as tabulations, statistical analysis, etc.) Examples: 3,4,102, fish, apple, 1cm
Information Definition: facts or conclusions that have meaning within a context. This require a process that is used to produce information which involves collecting data and then subjecting them to a ___________________in order to create information. For example, sales forecast or financial statement.
Sources of information Organizations generate substantial amount of information relation to their operations. These information, including information beyond the boundaries of the organization is used to help business function. There are two types of information sources: ___________ ____________
Internal sources of information Information created by the operations of the business and to be used by the business May include: Sales records Personnel files Accounting records ____________ Cost information Customer feedback
External sources of information Information obtained from outside of the organization. External information can help the organization operates its business. For example, _______________ Health and safety regulations Books, newspaper, magazines Trade journals Social media
Information requirements Relevant Complete Accurate Current Economical
Relevant Information must pertain to the problem at hand. Must be presented in a way that helps _____________ it in a specific context. For example, The total number of years of education might not be relevant to Dina’s qualification for a new job. However, if Dina has so many years of education in mechanical engineering and so many years in experience, therefore it is relevant information.
Complete Partial information is useless. For example, Marketing data about household incomes might lead to bad decisions if not accompanied by vital information on the _____________of the targeted population.
Accurate Incorrect information might lead to ______________. For example, An inaccurate record of a patient's reaction to penicillin might lead a doctor to harm the patient while believing that she is helping him.
Current Decision are often based on the latest information available. What _________________________ today. For example, A short term investment decision to purchase a stock today based on yesterday’s stock prices might be a costly mistake if the stock’s price has risen in the interim.
Economical In the business setting especially, the cost of obtaining information must be considered as ____________ involved in any decision. For example, Conducting a million dollars worth of market research to seek if a demand for a new product will help reduce risk of marketing failure, but the cost of obtaining the information might diminish profit from sales.
Storing information Data and information must be stored __________________ Still be able to retain even when the storage device is not connected to electrical power. Storage devices differ in the technology used to maintain data and physical structure. Modern technology have made storing information and data more accessible. Storage hardware Cloud storage
Storage hardware Can include: Flash drives Hard disk (external and internal)
Cloud storage Availability of network-accessible storage from an off-site computer or technology device. Advantages: Reduce ___________________ data Free internal storage infrastructure for live and production data Disadvantages: Reliance on networks and their costs Risk of security breaches
Information security Increasing reliance on Information System combined with its connection to the outside world (through the Internet) makes securing information challenging. The role of information security is to protect information. Major goals of information security: Reduce risk of systems and ____________________________ Maintain information confidentiality Ensure integrity and reliability of data resources Ensure availability of data resources and online operations Ensure compliance with polices and laws regarding security and privacy
Risks to information resources Risks associated with _______________ and data storage Downtime – the period of time during which IS is not available Types of risks: Risks to hardware Risks to data and applications Risks to online operations Denial of service Computer hijacking
Risks to Hardware #1 cause of system downtime is hardware failure Natural disasters Fires, floods, earthquakes, hurricanes tornadoes and lightning can destroy hardware, software or both Blackouts and Brownouts If power is disrupted, computers cannot function. Blackouts – total losses of electrical power Brownouts– partial losses of electrical power Vandalism ______________________
Risks to Data and Application Data is a unique resources Data and application are susceptible to disruption, damage or theft Damage to software is __________________ Social Engineering Con artist pretend to be service individuals and ask for passwords. Identity theft Pretending to be another person Phishing: bogus messages direct users to a site to “update” personal data Spear phishing: use personal information to attack organizational systems
Cont’d Cyber terrorism Honeytoken Hacking Involves terrorist attacks on business organizations’ information systems with intent to: Disrupt network communication Implement DOS attacks Destroy/ steal corporate/ government information Honeytoken A _______________in a networked database used to combat hackers Hacking Unauthorized access
Cont’d Honeypot Virus Worm Trojan horse Logic bomb A server containing a mirrored copy od a database or a bogus database Virus Spreads from computer to computer Worm Spreads in a network without human intervention Trojan horse A virus disguised as legitimate software Logic bomb Software that is programmed to cause damage at a specific time
Cont’d Unintentional, non-malicious damage can be caused by: Poor training Lack of adherence to backup procedures Unauthorized _________________ of software may cause damage Human error
Risks to Online Operations Hackers try daily to interrupt online businesses Some types of attacks: Unauthorized access Data theft Defacing of webpages Denial of service Hijacking computers
Denial of Service Denial of Service (DoS): an attacker launches a large number of information requests Slows down legitimate traffic to site Distributed Denial of Service (DDoS): an attacker launches a DoS attack from ________________ Usually launched from hijacked personal computers called “zombies” There is no definitive cure for this A site can filter illegitimate traffic
DoS Attack DDoS Attack
Computer Hijacking Hijacking: using some or all of a computer’s resources without consent of its owner Often done for making a DDoS attack Done by installing a software bot on the computer Main purpose of hijacking is usually to send spam Bots are planed by __________________in operating systems and communication software A bot usually installs e-mail forwarding software
Security measure Backup Access controls Atomic transactions Audit trail Firewall Authentication and encryption
Backup Periodic duplication of all data Redundant Arrays of Independent Disks (RAID): set of disks programmed to replicate stored data Data must routinely be transported off-site as protection from site disaster
Access Controls Measures taken to ___________________ have access to a computer, network, application or data Physical locks: secure equipment in a facility Software locks: determine who is authorized to use the software Types of access controls What you know: access codes, such as user ID and password What you have: requires special devices Who you are: unique physical characteristics
Cont’d Access codes and passwords are usually stores in the OS or in databases. Security card is more secure than a password Biometric: uses unique physical characteristics such as fingerprints, retinal scans, voiceprints
Atomic Transactions A set of indivisible transactions Requires all of the transactions in the set to be completely executed, or none are executed Ensures that only full entry occurs in all the appropriate files to guarantee integrity of data Control against malfunction and prevents fraud
Audit Trails A series of documented facts that help detects who recorded which transactions, at what time and under whose approval
Firewall and Proxy Servers Firewall: hardware and software that blocks access to computing resources Best defense against unauthorized access over the Internet DMZ: demilitarized zone approach One end of the network is connects to the trusted network and the other end to the internet Connection is established using proxy server Proxy server: “Represents” another server for all _______________ from resources inside the trusted network can also be placed between the Internet and the trusted network when there is no DMZ
Authentication and Encryption Symmetric encryption: when the sender and the recipient use the same key Asymmetric encryption: both a public and a private key are used Transport Layer Security (TLS): a protocol for transactions on the Web that uses a combination of public key and symmetric key encryption HTTPS: the secure version of HTTP Digital signatures: a means to authenticate online messages, implemented with public keys
Cont’d Digital certificates: computer files that associate one’s identity with one’s public key Issued by certificate authority (a trusted 3rd party) Contains holder’s name, a serial number, expiration dates and a copy of holder's public key Also contains the digital signature of the CA
Tutorial questions Give examples in which raw data can also serve as useful information. When accessing an information system, would you prefer that your identity be verified with a biometric or with a password? Why?