MIS I

Need of info

 DATA Data are collection of observations, Unorganized data not useful. INFORMATION Organize ( Process ) data in meaningful manner to help in decision making. To process data one needs to (1) clean the data from errors and reduce sources of unreliability, (2) analyze data to make it relevant (3) organize data in ways that help understanding.

INFORMATION SYSTEM Organized combination of People, Hardware, Software, Data Resources and Network to store, retrieve, transform and disseminate information in organization

Problem is the inability of the people in the organization to find accurate and qualified information. Estimates are that 15-to-30 percent of a knowledge-worker's time is spent seeking specific information and information searches costs companies loss in productivity, which could be rectified by making the needed information available as needed.

Information Security Information security means protecting information

and information systems from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction.

Resources
Physical
Conceptual

Security Breach Accidental

Modification / Distortion, Destruction, Disclosure.

Intentional Modification, Destruction, Disclosure.

Principles of Information Security

Confidentiality It is the term used to prevent the disclosure of

information to unauthorized individuals or systems.

eg -- a credit card transaction encrypts data before transmission.

Integrity
It means that data cannot be modified
undetectably. System is said to have integrity if its able to continue operating even when one or more components do not function. Information security systems typically provide

message integrity in addition to data confidentiality.

Availability

Information must be available when it is needed. Systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures and system upgrades. Ensuring availability involves preventing denial of service attacks.

Computer Crimes and Abuse

Spam Millions of junk or unsolicited bulk emails are sent on a daily basis asking to buy a product/service or directing to a website where potentially more vindictive activities may take place.

 Spyware/ Malware It secretly gathers information about the user and relays it to advertisers or other interested parties. It is a major cause for concern about privacy on the Internet. Virus Worms Trojan Horse Key Loggers It watches what is typed and where then sends this data to a location on the internet.

 Phishing It is an act of sending e-mails to a user, falsely claiming to be an established legitimate enterprise (banks, eBay etc), to scam the user into disclosing private information that will be used for identity theft. Denial of Service Attacks
Flooding a network server with thousands of false requests for services to crash the network. The network can not keep up and fails to service legitimate requests.

 Identity Theft
Evil Twins
Are wireless networks offering Wi-Fi internet connections trying to capture personal information. Pharming Redirects user to bogus web page even after typing correct web page address into the browser. Cyber Terrorism
Employees

Solutions Software & Firewalls. Patches. Risk Assessment. Security Policy --- Authorization policy, Access Control Policy. Disaster Recovery Planning. Business Continuity Planning. Encryption.