Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFORMATION SYSTEMS IN ORGANIZATIONS

Published byMargaret Walsh Modified over 5 years ago

Similar presentations

Presentation on theme: "INFORMATION SYSTEMS IN ORGANIZATIONS"— Presentation transcript:

1 INFORMATION SYSTEMS IN ORGANIZATIONS
Information and data Zatil Ridh'wah Hj Darot

2 Data Definition: raw facts and can take in the form of a number, a statement or a picture. They are ____________in the production of information. Raw data is useless, thus it is manipulated through a process (such as tabulations, statistical analysis, etc.) Examples: 3,4,102, fish, apple, 1cm

3 Information Definition: facts or conclusions that have meaning within a context. This require a process that is used to produce information which involves collecting data and then subjecting them to a ___________________in order to create information. For example, sales forecast or financial statement.

4 Sources of information
Organizations generate substantial amount of information relation to their operations. These information, including information beyond the boundaries of the organization is used to help business function. There are two types of information sources: ___________ ____________

5 Internal sources of information
Information created by the operations of the business and to be used by the business May include: Sales records Personnel files Accounting records ____________ Cost information Customer feedback

6 External sources of information
Information obtained from outside of the organization. External information can help the organization operates its business. For example, _______________ Health and safety regulations Books, newspaper, magazines Trade journals Social media

7 Information requirements
Relevant Complete Accurate Current Economical

8 Relevant Information must pertain to the problem at hand.
Must be presented in a way that helps _____________ it in a specific context. For example, The total number of years of education might not be relevant to Dina’s qualification for a new job. However, if Dina has so many years of education in mechanical engineering and so many years in experience, therefore it is relevant information.

9 Complete Partial information is useless. For example,
Marketing data about household incomes might lead to bad decisions if not accompanied by vital information on the _____________of the targeted population.

10 Accurate Incorrect information might lead to ______________.
For example, An inaccurate record of a patient's reaction to penicillin might lead a doctor to harm the patient while believing that she is helping him.

11 Current Decision are often based on the latest information available.
What _________________________ today. For example, A short term investment decision to purchase a stock today based on yesterday’s stock prices might be a costly mistake if the stock’s price has risen in the interim.

12 Economical In the business setting especially, the cost of obtaining information must be considered as ____________ involved in any decision. For example, Conducting a million dollars worth of market research to seek if a demand for a new product will help reduce risk of marketing failure, but the cost of obtaining the information might diminish profit from sales.

13 Storing information Data and information must be stored __________________ Still be able to retain even when the storage device is not connected to electrical power. Storage devices differ in the technology used to maintain data and physical structure. Modern technology have made storing information and data more accessible. Storage hardware Cloud storage

14 Storage hardware Can include: Flash drives
Hard disk (external and internal)

15 Cloud storage Availability of network-accessible storage from an off-site computer or technology device. Advantages: Reduce ___________________ data Free internal storage infrastructure for live and production data Disadvantages: Reliance on networks and their costs Risk of security breaches

16 Information security Increasing reliance on Information System combined with its connection to the outside world (through the Internet) makes securing information challenging. The role of information security is to protect information. Major goals of information security: Reduce risk of systems and ____________________________ Maintain information confidentiality Ensure integrity and reliability of data resources Ensure availability of data resources and online operations Ensure compliance with polices and laws regarding security and privacy

17 Risks to information resources
Risks associated with _______________ and data storage Downtime – the period of time during which IS is not available Types of risks: Risks to hardware Risks to data and applications Risks to online operations Denial of service Computer hijacking

18 Risks to Hardware #1 cause of system downtime is hardware failure
Natural disasters Fires, floods, earthquakes, hurricanes tornadoes and lightning can destroy hardware, software or both Blackouts and Brownouts If power is disrupted, computers cannot function. Blackouts – total losses of electrical power Brownouts– partial losses of electrical power Vandalism ______________________

19 Risks to Data and Application
Data is a unique resources Data and application are susceptible to disruption, damage or theft Damage to software is __________________ Social Engineering Con artist pretend to be service individuals and ask for passwords. Identity theft Pretending to be another person Phishing: bogus messages direct users to a site to “update” personal data Spear phishing: use personal information to attack organizational systems

20 Cont’d Cyber terrorism Honeytoken Hacking
Involves terrorist attacks on business organizations’ information systems with intent to: Disrupt network communication Implement DOS attacks Destroy/ steal corporate/ government information Honeytoken A _______________in a networked database used to combat hackers Hacking Unauthorized access

21 Cont’d Honeypot Virus Worm Trojan horse Logic bomb
A server containing a mirrored copy od a database or a bogus database Virus Spreads from computer to computer Worm Spreads in a network without human intervention Trojan horse A virus disguised as legitimate software Logic bomb Software that is programmed to cause damage at a specific time

22 Cont’d Unintentional, non-malicious damage can be caused by:
Poor training Lack of adherence to backup procedures Unauthorized _________________ of software may cause damage Human error

23 Risks to Online Operations
Hackers try daily to interrupt online businesses Some types of attacks: Unauthorized access Data theft Defacing of webpages Denial of service Hijacking computers

24 Denial of Service Denial of Service (DoS): an attacker launches a large number of information requests Slows down legitimate traffic to site Distributed Denial of Service (DDoS): an attacker launches a DoS attack from ________________ Usually launched from hijacked personal computers called “zombies” There is no definitive cure for this A site can filter illegitimate traffic

25 DoS Attack DDoS Attack

26 Computer Hijacking Hijacking: using some or all of a computer’s resources without consent of its owner Often done for making a DDoS attack Done by installing a software bot on the computer Main purpose of hijacking is usually to send spam Bots are planed by __________________in operating systems and communication software A bot usually installs forwarding software

27 Security measure Backup Access controls Atomic transactions
Audit trail Firewall Authentication and encryption

28 Backup Periodic duplication of all data
Redundant Arrays of Independent Disks (RAID): set of disks programmed to replicate stored data Data must routinely be transported off-site as protection from site disaster

29 Access Controls Measures taken to ___________________ have access to a computer, network, application or data Physical locks: secure equipment in a facility Software locks: determine who is authorized to use the software Types of access controls What you know: access codes, such as user ID and password What you have: requires special devices Who you are: unique physical characteristics

30 Cont’d Access codes and passwords are usually stores in the OS or in databases. Security card is more secure than a password Biometric: uses unique physical characteristics such as fingerprints, retinal scans, voiceprints

31 Atomic Transactions A set of indivisible transactions
Requires all of the transactions in the set to be completely executed, or none are executed Ensures that only full entry occurs in all the appropriate files to guarantee integrity of data Control against malfunction and prevents fraud

32 Audit Trails A series of documented facts that help detects who recorded which transactions, at what time and under whose approval

33 Firewall and Proxy Servers
Firewall: hardware and software that blocks access to computing resources Best defense against unauthorized access over the Internet DMZ: demilitarized zone approach One end of the network is connects to the trusted network and the other end to the internet Connection is established using proxy server Proxy server: “Represents” another server for all _______________ from resources inside the trusted network can also be placed between the Internet and the trusted network when there is no DMZ

34 Authentication and Encryption
Symmetric encryption: when the sender and the recipient use the same key Asymmetric encryption: both a public and a private key are used Transport Layer Security (TLS): a protocol for transactions on the Web that uses a combination of public key and symmetric key encryption HTTPS: the secure version of HTTP Digital signatures: a means to authenticate online messages, implemented with public keys

35

36 Cont’d Digital certificates: computer files that associate one’s identity with one’s public key Issued by certificate authority (a trusted 3rd party) Contains holder’s name, a serial number, expiration dates and a copy of holder's public key Also contains the digital signature of the CA

37 Tutorial questions Give examples in which raw data can also serve as useful information. When accessing an information system, would you prefer that your identity be verified with a biometric or with a password? Why?

38

Download ppt "INFORMATION SYSTEMS IN ORGANIZATIONS"

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Management Information Systems, Sixth Edition

Management Information Systems, Sixth Edition
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.

Similar presentations

Ads by Google