Chapter 8 Securing Information Systems

SUMMARY Chapter 8

Securing Information Systems

8.1 System Vulnerability and Abuse 

1https://techmedics.bypronto.com/wp-content/uploads/sites/1526/2017/08/cyber-insurance.png

A. The Reason Systems are Vulnerable 

o Hardware problems 

o Software problems

o Disasters

o Use of networks, computers outside of firm's control

B. Malicious Software: Viruses, Worms, Trojan Horses, and Spyware 

The types of malicious softwares : 

o Viruses are rogue software program that attaches itself to other software programs or data files in order to be executed

o Worm is Independent computer programs that copy themselves from one computer to other computers over a network

o Trojan horses are software program that appears to be benign but then does something other than expected

o Spyware is small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising

o Keyloggers are record every keystroke on computer to steal serial numbers, passwords, launch Internet attacks

C. Hackers and Computer Crime 

A hacker is an individual who intends to gain unauthorized access to a  computer  system. 

Hacker activities have broadened beyond mere system intrusion to include theft of goods and information, as well as system damage and cybervandalism, the intentional disruption,  defacement, or even destruction of a Web site or  corporate information system, such as : 

o Spoofing, misrepresenting oneself by using fake e-mail addresses or masquerading as someone else. 

o Sniffer, eavesdropping program that monitors information traveling over network; Enables hackers to steal proprietary information such as e-mail, company files, and so on.

o Denial-of-service attacks (DoS),flooding server with thousands of false requests to crash the network

o Distributed denial-of-service attacks (DDoS), use of numerous computers to launch a DoS

o Botnets, use networks of "zombie" PCs infiltrated by bot malware 

o Computer crime 

o Identity Theft 

o Click Fraud

o Cyberwarfare, actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption.

D. Some of the reasons employees constitute to internal threat :

https://community.cengage.com/GECResource2/cfs-file/__key/communityserver-blogs-components-weblogfiles/00-00-00-00-09/ComputerHacker.jpg

Security threats often originate inside an organization. 

o Inside knowledge 

o Sloppy security procedures 

o User lack of knowledge

8.2 Business Value of Security and Control 

Lack of sound security and control can cause firms relying on computer systems for their core business functions to lose sales and productivity. Information assets, such as confidential employee records, trade secrets, or business plans, lose much of their value if they are revealed to outsiders or if they expose the firm to legal liability. 

New laws, such as HIPAA, the Sarbanes-Oxley Act, and the Gramm-Leach-Bliley Act, require companies to practice stringent electronic records management and adhere to strict standards for security, privacy, and control. Legal actions requiring electronic evidence and computer forensics also require firms to pay more attention to security and electronic records management.

8.3 Establishing a Framework for Security and Control 

Firms need to establish a good set of both general and application controls for their information systems. A risk assessment evaluates information assets, identifies control points and control weaknesses, and determines the most cost-effective set of controls.

Firms must also develop a coherent corporate security policy and plans for continuing business operations in the event of disaster or disruption. The security policy includes policies for acceptable use and identity management. Comprehensive and systematic MIS auditing helps organizations determine the effectiveness of security and controls for their information systems. 

8.4 Technologies and Tools for Protecting Information Resources 

Firewalls prevent unauthorized users from accessing a private network when it is linked to the Internet. Intrusion detection systems monitor private networks from suspicious network traffic and attempts to access corporate systems. Passwords, tokens, smart cards, and biometric authentication are used to authenticate system users. Antivirus software checks computer systems for infections by viruses and worms and often eliminates the malicious software, while antispyware software combats intrusive and harmful spyware programs. Encryption, the coding and scrambling of messages, is a widely used technology for securing electronic transmissions over unprotected networks. Digital certificates combined with public key encryption provide further protection of electronic transactions by authenticating a user’s identity. Companies can use fault-tolerant computer systems or create high-availability computing environments to make sure that their information systems are always available. Use of software metrics and rigorous software testing help improve software quality and reliability.

Reference : 

Laudon, Kenneth C. & Jane P. Laudo. (2014) Management Information Systems: Managing the Digital Firm, 13th Edition. England: Pearson.

Chapter 6 Foundations of Business Intelligence: Databases and Information Management

SUMMARY Chapter 6

Foundations of Business Intelligence: Databases and Information Management 

6.1 Organizing Data in a Traditional File Environment 

Data management is so essential because an effective information system provides users with accurate, timely, and relevant information. However, many businesses don’t have timely, accurate, or relevant information because the data in their information systems have been poorly organized and maintained.

A.     File Organization Terms and Concepts  

o   Bit is  represents the smallest unit of data a computer can handle

o   Byte is a group of bits, represents a single character, which can be a letter, a number, or another symbol

o   Field is a grouping of characters into a word, a group of words, or a complete number

o   Record is a group of related fields, such as a student's identification number, the course taken, the date, and the grade

o   File is a group of records of the same type

o   Database is a group of related files

B.        Problems with the Traditional File Environment  

o   Data Redundancy and Inconsistency

o   Program-Data Dependence

o   Lack of Flexibility

o   Poor Security

o   Lack of Data Sharing and Availability

6.2  The Database Approach to Data Management  

Database is a collection of data organized to serve many applications efficiently by centralizing the data and controlling redundant data. Rather than storing data in separate files for each application, data appears to users as being stored in only one location.

A.     Database Management System (DBMS) is software that permits an organization to centralize data, manage them efficiently, and provide access to the stored data by application programs.

B.     Capabilities of Database Management Systems

o   Data definition to specify the structure of the content of the database.

o   Data dictionary is an automated or manual file that stores definitions of data elements and their characteristics.

o   Data manipulation language is used to add, change, delete, and retrieve the data in the database

C.     Designing Databases 

To create a database, you must understand the relationships among the data, the type of data that will be maintained in the database, how the data will be used, and how the organization will need to change to manage data from a company-wide perspective.

6.3  Using Databases to Improve Business Performance and Decision Making 

Businesses use their databases to keep track of basic transactions, such as paying suppliers, processing orders, keeping track of customers, and paying employees. But they also need databases to provide information that will help the company run the business more efficiently, and help managers and employees make better decisions.

A.     The Challenge of Big Data 

o   There is an explosion of data ;  may be unstructured or semi-structured, not suitable for relational database

o   Big data doesn't designate any specific quantity

o   Big data are produced in much larger quantities and much more rapidly than traditional data

B.     Business Intelligence Infrastructure 

o   Data Warehouses, a database that stores current and historical data of potential interest to decision makers throughout the company and Data Marts which a subset of a data warehouse in which a summarized or highly focused portion of the organization’s data is placed in a separate database for a specific population of users.

o   Hadoop, an open-source software framework the Apache Software Foundation manages thatenables distributed parallel processing of huge amounts of data across inexpensive computers. for handling unstructured and semi-structured data in vast quantities, as well as structured data,

o   In- Memory computing , the storage of information in the main random access memory (RAM) of dedicated servers rather than in complicated relational databases operating on comparatively slow disk drives. 

o   Analytic Platforms, which Commercial database vendors have developed specialized high-speed  analytic platforms using both relational and non-relational technology that are optimized for analyzing large datasets.

6.4  Managing Data Resources

A. Establishing an Information Policy that specifies the organization’s rules for sharing,  disseminating, acquiring, standardizing, classifying, and inventorying  information.

B.     Ensuring Data Quality begins with a data quality audit, which is a structured survey of the accuracy and level of completeness of the data in an information system. Then, data cleansing, also known as data scrubbing, consists of activities for detecting and correcting data in a database that are incorrect, incomplete, improperly formatted, or redundant.

Reference :

Laudon, Kenneth C. & Jane P. Laudo. (2014) Management Information Systems: Managing the Digital Firm, 13th Edition. England: Pearson.

click here for download!

E-Business VS E-Commerce

E-Business

E-business stands for electronic business, refers to the use of digital technology and the Internet to execute the major business processes in the enterprise. E-business includes activities for the internal management of the firm and for coordination with suppliers and other business partners. It also includes electronic commerce or e-commerce. The term “e-business” was coined by IBM’s marketing and Internet team in 1996[1].

There are two E-Business types[2]:

1.       Pure play 

This refers to a company that focuses on one particular kind of product or service, instead of various kinds at once.

2.      Brick and click

This term is suitable for a company that runs their business in both online and offline way. That is mean, while they have a website and offer their products or services online, at the same time they also have a physical store and sell their products or services there.

E-Commerce

According to the editor-in-chief of International Journal of Electronic Commerce, Vladimir Zwass, ‘Electronic commerce is sharing business information, maintaining business relationships and conducting business transactions by means of telecommunications networks’[3].

E-commerce is the part of e-business that deals with the buying and selling of goods and services over the Internet. It also encompasses activities supporting those market transactions, such as advertising, marketing, customer support, security, delivery, and  payment.

There are several types of E-Commerce:

•        Business to consumer (B2C)
•       Business to business (B2B)
•       Consumer to business (C2B)
•       Consumer to consumer (C2C)
•       Government to business (G2B)
•       Business to government (B2G)
•       Consumer to government (G2C)

                                                                                                 

The Advantages and Limitations of E-Business and E-Commerce

ADVANTAGES[4]	LIMITATIONS[5]
Reduce money and time spent for your business	Security and Integrity Issues
Flexible business hours	Purchase to Delivery Time
Remove location restriction	Momentary Intangibility
Easily track your business growth	Sectoral Limitations
Reach your customer faster	Ecommerce Is Highly Competitive[6]

Comparison Chart Between E-Business and E-Commerce [7]

BASIS FOR COMPARISON	E-COMMERCE	E-BUSINESS
Meaning	Trading of merchandise, over the internet is known as E-commerce.	Running business using the internet is known as E-business.
What is it?	Subset	Superset
Is it limited to monetary transactions?	Yes	No
What they carry out?	Commercial transactions	Business transactions
Approach	Extroverted	Ambiverted
Requires	Website	Website, CRM, ERP, etc.
Which network is used?	Internet	Internet, Intranet and Extranet.

Download full text/pdf here 

---

[1] https://en.wikipedia.org/wiki/Electronic_business

[2] https://medium.com/@Magento_expert/e-business-vs-e-commerce-know-the-differences-151ec9baf0fe

[3] V. Zwass, ‘Structure and macro-level impacts of electronic commerce: from technological infrastructure to electronic marketplaces’, http://www.mhhe. com/business/mis/zwass/ecpaper.html

[4] https://medium.com/@Magento_expert/e-business-vs-e-commerce-know-the-differences-151ec9baf0fe

[5] https://bizfluent.com/list-6023059-disadvantages-e-business.html

[6] https://id.oberlo.com/blog/20-ecommerce-advantages-and-disadvantages

[7] https://keydifferences.com/difference-between-e-commerce-and-e-business.html