Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Information Systems and Technology

Published byMorris Campbell Modified over 7 years ago

Similar presentations

Presentation on theme: "Managing Information Systems and Technology"— Presentation transcript:

1 Managing Information Systems and Technology
Chapter 14

2 Planning for Information Systems and Technology
Managing Information Systems and Technology Identify several factors that should be considered in planning for information systems and technology

3 Information systems use information technology to support operations, management and decision- making. Essentially, information systems are used to increase organization and efficiency. Thus, their function and success rate are very important in day-to-day activity of many organizations. Studying the factors critical to the success of an information system will only help increase productivity in many different industries. Some factors that should be considered in planning for information systems and technology are:

4 Proper Planning One of the most important factors in implementing a information system is proper planning in the initial stages. The organization implementing the information system must understand what is needed, why it is needed and the most efficient way of achieving the goal. Information systems will not be able to deliver the necessary information without proper planning and organization. Even if there is a sense of urgency in implementing the information system, it should not be at the cost of proper planning.

5 Strong Leadership Strong leadership overseeing the implementation of the information system is an absolute necessity. The leaders must be able to inspire and motivate people from multiple departments and companies in order to ensure the proper flow of information. Thus, it is necessary for top management and organization leaders to understand the long-term goal for the information system and potential hurdles that may occur.

6 Collaboration Implementing a strong information system is not an easy task, so partnerships and collaboration between multiple departments or employees is necessary. Entrusting such a large project to one group is not sufficient. Employees from different regions, departments and partners must be involved in the design process in order to ensure all possible goals are met. Hopefully, a multidisciplinary team will be able to design the optimal information system while developing all supporting material for the entire corporation. In essence, all these different employees must see their efforts as a collaboration.

7 Implementation Skills
The implementation of an information system is even more difficult than the development process. Implementation requires skills in project management and support. Project management skills will involve being able to monitor the large number of tasks involved in implementation. Support skills will help with ensuring the information system will become an integral part of day-to-day activity. Good support skills will also involve ongoing communication with users, solving problems and improving the information system for future users.

8 More Factors: Training and education Quality data and reporting
Management commitment, customer satisfaction Staff Orientation Role of the quality department Communication to improve quality, and Continuous improvement

9 Hint: Strong Leadership…
Name three factors that should be considered in planning for information systems and technology? Hint: Strong Leadership…

10 Acquiring Information Technology
Managing Information Systems and Technology Describe common sources for acquiring information technology

11 In acquiring information technology:-
There are five categories of information technology to be acquired: Hardware Software Networks Data management Personnel and training

12 Hardware: Common sources for acquiring computer hardware are as follows: Computer manufacturers Distributors Retail stores Value added resellers

13 Software: Computer software can be developed from scratch, purchased as a package, or purchased and then modified. Common sources for acquiring computer software are as follows: Developed or modified: In-house programmers Contract programmers

14 Software: (Cont’d) Purchased: Computer manufacturers
Software companies Retail stores Value added resellers

15 Networks: Information technology for networks can be acquired from a number of sources. These sources include: Network companies Computer manufacturers Software companies Value added resellers Telecommunications companies Value added network companies

16 Data management: Before acquiring data management technology, the decision about the basic approach to data management must first be made. Sources of data management include: Computer manufacturers Software companies Database software companies

17 Personnel and training:
Sources of these include: Managers can select personnel from inside the organization of hire from the outside. Training departments with full-time instructors provide courses and other forms of training. Computer Based Training (CBT) software is used to train users online.

18 Hint: Telecommunications companies
There are 6 sources in which information technology for networks can be acquired. name 4 of them Hint: Telecommunications companies

19 Organizing Information Systems Activities
Managing Information Systems and Technology Describe the traditional organizational structure of an information systems department

20 Organizing Information Systems Activities:-
Centralized versus Decentralized Management: In a centralized management structure, decisions related to the information systems and technology is made by a single, centrally located group of managers. Advantage: centralized is more economical with no duplication of personnel. In a decentralized management structure, decisions related to the information systems and technology is made by managers working in local departments or groups. Advantage: decentralized provides better response to user needs due to their proximity.

21 Information Systems Organizational Structure:-
Departments may be called Information Systems (IS), Management Information Systems (MIS), or Information Technology (IT). These departments are headed by an information systems manager, sometimes called a Chief Information Officer (CIO). There are five traditional organization of an information systems department. They are as follows: Systems department Operations department Technical support department End-user support department WWW and electronic commerce (e-commerce) support

22 Systems Department: The systems department is concerned with developing and maintaining information systems. The staff of this department would include: Systems analysts Programmers, sometimes called application programmers Programmer/Analyst (when a person performs both functions)

23 Operations Department:
This department is concerned with operating the computer and network equipment in information systems. Staff members of this department include: Computer operators Data entry operators

24 Technical Support Department:
The technical support department provides assistance in technical specialties to other areas. Staff includes: Database administrator System programmers Network analysts Network administrators

25 End-user Support Department:
The end-user support department helps users develop and use computer applications, mainly on personal computers. The staff of this department includes: Personal computer analysts Help desk operators Technical trainers

26 WWW and Electronic Commerce Support:
This people involved in Web and e-commerce support are often part of the system development area in the information systems department. Staff of this department consists of: Webmaster Web programmers Multimedia developers E-commerce project manager

27 Hint: WWW and electronic commerce (e-commerce) support
There are 5 traditional organization of an information systems department. What are they? Hint: WWW and electronic commerce (e-commerce) support

28 Controlling and Securing Information Systems
Managing Information Systems and Technology Identify methods used by organizations to control and secure their information systems

29 Methods used by organizations to control and secure their information systems.
There are 8 models used: Bell-LaPadula This was developed to address concerns about protecting classified information. This model prevents the leaking or transfer of classified information to less secure clearance levels, by blocking lower classified subjects from accessing higher classified objects. This model also focuses on maintaining the confidentiality of objects. Is the first mathematical model of a multi-level security policy and is built on a state machine concept and the information flow model.

30 Methods used by organizations to control and secure their information systems.
Properties: Simple security property states that a subject may not read information at higher sensitivity level (no read up). Star security property states that a subject may not write information to an object at a lower sensitivity level (no write down). Discretionary security property states that the system uses an access matrix to enforce discretionary access control.

31 Methods used by organizations to control and secure their information systems.
 Biba model This model primarily protects data integrity. It is also based on a state machine concept.  Properties: Simple integrity property states that a subject cannot read an object at a lower integrity level (no read down). Star integrity property state that a subject cannot modify an object at a higher integrity level (no write up).

32 Methods used by organizations to control and secure their information systems.
Clark-Wilson model This model is primarily concerned with formalizing the notion of information integrity. It describes how the data items in the system should be kept valid from one state of the system to the next and specifies the capabilities of various principles in a system. The model must also ensure that different entities are responsible for manipulating the relationships between principals, transactions and data items.

33 Methods used by organizations to control and secure their information systems.
Information Flow model This model is the transfer of information from one variable to another variable in a given process. A system shouldn’t leak any secret to public observers. To ensure confidentiality, flowing information from high to low variables should not be allowed.

34 Methods used by organizations to control and secure their information systems.
Information Flow model This model is the transfer of information from one variable to another variable in a given process. A system shouldn’t leak any secret to public observers. To ensure confidentiality, flowing information from high to low variables should not be allowed.

35 Methods used by organizations to control and secure their information systems.
Non-interference model This model is not concerned about the flow of information but instead it is concerned with how the actions of a subject at a higher security level affect the system state or actions of a subject at a lower security level. Basically, the actions of subject A (high) should not affect the actions of subject (low) or even be noticed by subject B. This is a type of information leakage and implicitly creates a covert channel. The non-interference model can be imposed to provide a form of protection against damage caused by malicious programs such as Trojan horses.

36 Methods used by organizations to control and secure their information systems.
Take-Grant This model employs a directed graph to dictate how rights can be passed from one subject to another or from a subject to an object.

37 Methods used by organizations to control and secure their information systems.
Access-control matrix This model is a table of subjects and objects that indicates the actions or functions that each subject can perform on each object. It is used by systems to quickly determine whether the requested action by a subject for an object is authorized. Each column of the matrix is an Access Control List (ACL), and each row is a capabilities list. ACL is tied to the object; it lists valid actions each subject can perform. Capabilities list is tied to the subject; it lists valid actions that can be taken on each object. A capabilities lists method of access control can be accomplished by storing on each subject a list of rights the subject has for every object.

38 Methods used by organizations to control and secure their information systems.
Brewer and Nash model This model was constructed to provide information security access controls that can change dramatically. This model is also known as the Chinese Wall model. It was designed to provide controls that mitigate conflict of interest in commercial organizations, and is built upon an information flow model.

39 Which two models deals with the integrity of data?
Hint: Answers in the first 4 models…

40 The Effects of Information Technology on Employment
Managing Information Systems and Technology List several effects of information technology on employment

41 Effects of Information Technology on Employment

42 Ethical Management Of Information Systems and Technology
Managing Information Systems and Technology Describe different forms of computer crime and ways of preventing them

43 Ethical Management of Information Systems and Technology
Common types of computer related crimes include: Computer Viruses Data Diddling Hackers and Crackers Logic Bombs Trojan Horse

44 Ethical Management of Information Systems and Technology
Computer crime is becoming ever prevalent in our society. More and more, companies and individuals rely on the services and resources provided through networks and computers. Companies may be dependent on the data to conduct business, while individuals may store information that is important to their personal or work-related activities. Due to this, it becomes vital that steps are taken to protect computer systems and the data that’s stored on them.

45 Ethical Management of Information Systems and Technology
It is important to remember that no system can ever be completely secure. The only network, Web site, or computer system that’s 100% secure is one that can’t be accessed by anyone or anything, which makes it completely unusable. Natural disasters, malicious, users who make mistakes, or motivated criminals can compromise security and/or cause damage. The goal for securing your system should be to balance security with accessibility.

46 Ethical Management of Information Systems and Technology
Computer Crimes and Prevention: COMPUTER VIRUSES Computer viruses are programs that can attach themselves to other programs or files. The virus infected files can then become carriers of the virus, or become damaged in some way. The virus may effect computer services, displaying messages or playing sounds, or may crash the operating system so that the computer won’t run as expected (if at all). You can prevent computer viruses by installing an anti-virus program on your computer, which scans files for known viruses. There are a number of these programs on the market, and they can be purchased from software stores or acquired on the Internet. Once installed, you will need to regularly update anti- virus files, which are used to detect and remove viruses from your system.

47 Ethical Management of Information Systems and Technology
HACKERS AND CRACKERS In computer jargon, "hacker" has a variety of meanings, including being synonymous with programmers and advanced computer users. In these cases, it refers to someone who hacks away at a keyboard for long periods of time, performing any number of computer-related tasks. In recent years, hacking has come to mean the same as another term "cracker," which is a person who cracks the security of a system or computer application. Hacking (and cracking) now refers to the act of gaining unauthorized access to a computer, network, Web site, or areas of a system. A person may hack their way into a system for a variety of reasons; curiosity, the challenge of breaking through security measures, or to perform malicious actions and destroy or steal data. All to often, it involves performing mischief and damaging a Web site or corporate network in some manner.

48 Ethical Management of Information Systems and Technology
Commonly, hackers will impersonate a valid user to gain access to a system. If the system requires a username and password before allowing entry, a hacker may take an authentic user’s identity. On a network or an office with Internet access, a hacker can impersonate someone else by simply sitting at the unattended workstation of another user who hasn’t logged off. It also commonly occurs when someone has an easy to guess username and password, or allows this information to be known by others. Another common method hackers use to gain access is to guess or crack a username and password that’s used to access a computer, network, or Internet account. To prevent being hacked in this manner, you should use passwords that are difficult to guess. You should also make your passwords a mixture of letters, numbers, and special characters (e.g. #, $, %, ^, &, *). You should change your password at regular intervals, and set a minimal length to passwords (such as being a minimum of six or eight characters).

49 Ethical Management of Information Systems and Technology
TROJAN HORSE Trojan horses get their name from the story of the attack on Troy. In the story, the army couldn’t get past the gates of Troy to attack. A covert attack was needed, so soldiers hid inside of a giant wooden horse, which was offered as a gift to the citizens of Troy. Once inside the gates of the city, the Trojan Horse opened and the attack began. In computer terms, Trojan Horses live up to the name derived from the Greek story. Covert instructions are hidden inside of a program. These instructions are embedded in software or , and may provide any number of undesired or unauthorized functions. Once opened, they may modify or damage data, or send information over the Internet (which can then be used by a hacker for future attacks). By dealing hidden content in messages or software, you can avoid problems with Trojan Horses. Using anti-virus software, firewalls, and other security software, your system can check for Trojan Horses and prevent them from attacking.

50 Ethical Management of Information Systems and Technology
Establishing and maintaining the security of your system requires several steps: Identify what will require protection. This includes data, software, media, services, and hardware. Analyze the value of what is requires protection. This will allow you to determine how much insurance is required to replace the system, and also how much money and effort should be spent on security. If your company will go bankrupt without the data on one server, but another server at a different location stores redundant data, then this will help you identify your priorities. Identify the threats associated with elements of your network or computer system. This will vary from business-to-business, and person-to-person. There may be little risk of someone walking into the computer room in your home, sitting at the computer and accessing data.

51 Ethical Management of Information Systems and Technology
Identify the exposure to risk. This means looking at the risks you’ve identified, and determining how likely it is that different risks will become an actual problem. Having a hard-drive fail, and losing your data, will generally be a greater risk than a river flooding and washing away the building. Determine what measures should be taken to deal with the risks. This will often include implementing regular backups of data, storing copies off-site, storing the network server in a secure room, and so forth. Implement the measures you’ve decided to use to deal with the various risks. Remember to upgrade and regularly maintain security. This includes updating anti-virus files, upgrading security software, and performing regular backups of data. From time-to-time, reassess whether things have changed. Determine if your system is at risk from possible new threats, and if new measures need to be taken to deal with possible problems.

52 Which event did the name Trojan Horse come from?
Hint: A movie was made about this event

Download ppt "Managing Information Systems and Technology"

Similar presentations

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
7.2 System Development Life Cycle (SDLC)

7.2 System Development Life Cycle (SDLC)
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Lead Black Slide. © 2001 Business & Information Systems 2/e2 Chapter 14 Managing Information Systems and Technology.

Lead Black Slide. © 2001 Business & Information Systems 2/e2 Chapter 14 Managing Information Systems and Technology.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Defining Security Issues

Defining Security Issues
Information Systems Today, 2/C/e ©2008 Pearson Education Canada Lecture Outline eCommerce Highlights of Electronic Business 2-1.

Information Systems Today, 2/C/e ©2008 Pearson Education Canada Lecture Outline eCommerce Highlights of Electronic Business 2-1.
Lead Black Slide Powered by DeSiaMore1. 2 Chapter 14 Managing Information Systems and Technology.

Lead Black Slide Powered by DeSiaMore1. 2 Chapter 14 Managing Information Systems and Technology.
Information Security Rabie A. Ramadan GUC, Cairo Room C7 -310 Lecture 2.

Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
Invitation to Computer Science 5th Edition

Invitation to Computer Science 5th Edition
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Security Planning and Administrative Delegation Lesson 6.

Security Planning and Administrative Delegation Lesson 6.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.

What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Advantage of File-oriented system: it provides useful historical information about how data are managed earlier. File-oriented systems create many problems.

Advantage of File-oriented system: it provides useful historical information about how data are managed earlier. File-oriented systems create many problems.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.

CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.

Similar presentations

Ads by Google