Security of Information systems.

By -

Security of Information systems

Security means protection of data from accidental or intentional modification, destruction or disclosure to unauthorised persons

POTENTIAL THREATS TO SECURITY

image_027

•Natural disasters such as fire, floods, earthquakes

•Accidents such as disk crashes, file erasure by inexperienced operators

•Theft/erasure of data by disgruntled employees

• Frauds by changing programs, data by employees

• Industrial espionage

• Viruses/Worms

• Hackers who break into systems connected to the internet

• Denial of service attacks by flooding with mail

SECURITY MEASURES

•Regular back up of data bases every day/or week depending on the time criticality and size

• Incremental back up at shorter intervals

• Backup copies kept in safe remote location

-particularly necessary for disaster recovery

• Duplicate systems run and all transactions mirrored if it is a very critical system and cannot tolerate any disruption before storing in disk.

• Physical locks

• Password system

• Biometric authentication (Eg: Finger print)

HOW TO PROTECT DATA/PROGRAMS

Data/Programs can be protected in the following ways:

•Encrypting sensitive data/programs

•Identification of all persons who read or modify data and logging it in a file

•Training employees on data care/handling and security

•Antivirus software

•Firewall protection when connected to internet

DATA SECURITY, PRIVACY AND INTEGRITY

•Data security is concerned with protecting data from erasure, theft, unauthorized access and unauthorized modifications.

•Data privacy is concerned with protecting data regarding individuals from

being accessed and used without the permission/knowledge of concerned individuals

•Data integrity is concerned with the quality, reliability and trustworthiness of raw as well as processed data

•Security does not imply privacy or integrity

•Privacy controls need specific law against disclosure of personal data

•Ultimately data and system integrity most important

REFERENCES

1. Most of the material in this module has been taken from Chapter 15, Control, Audit and Security of Information in the book “Analysis and Design of Information Systems”, 2nd Edition, Prentice Hall of India, 2002, by V.Rajaraman.

2. M.Bishop, Computer Security, Pearson Education Asia, New Delhi, 2003. It is an comprehensive book cover 1000 pages) which discusses security in great details. Going through the contents pages (pp.vii to xxx) will give a student a glimpse of various aspect of security, audit and integrity of information systems.

3. D.A. Watne, P.B.B. Turney, Auditing EDP Systems, Prentice Hall Inc. N.J., U.S.A., 1990, is an extensive treatment of auditing information systems.

Comments

Post a Comment

Popular posts from this blog

WORKED EXAMPLES ON PROCESS SPECIFICATION.

By -
Image
PROCESS SPECIFICATION WORKED EXAMPLES 6.1 A bank has the following policy on deposits: On deposits of Rs. 5000 and above and for three years or above the interest is 12%. On the same deposit for a period less than 3 years it is 10%. On deposits below Rs. 5000 the interest is 8% regardless of the period of deposit. Write the above process using (i) Structured English (ii) A decision table 6.2 An organization maintains an employee file in which each record has following data: { Employee No., employee name, employee gross pay}. It has been decided to increase the pay as per the following formula: For pay of Rs. 1000 or less increase 15%. For pay of more than Rs. 1000 but up to Rs. 2500 increase 10%. For pay over Rs. 2500 increase 5%. (i) Writ e a structured English processing rule corresponding to the above policies. (ii) Express the policies as a decision table. (i) While employee records left in file do Read Number, name , gross pay 6.3 An offshore gas company bills it
Read more

Why do we need information systems, management structure, requirements of information at different levels of management.

By -
Image
Why do we need information systems, management structure, requirements of information at different levels of management NEED FOR INFORMATION SYSTEMS Information systems are needed when timely processing for fast action is needed, same data has to be processed in different ways and when organizations require innovative processing. MANAGEMENT STRUCTURE Functional areas of management are as follows: •PRODUCTION • MARKETING • MATERIALS – purchase, stores • FINANCE –Accounts • HUMAN RESOURCE DEVELOPMENT(HRD) • RESEARCH AND DEVELOPMENT (R&D) INFORMATION FOR MANAGEMENT A Production Management The following type of information is needed in production management: Strategic Information: 1)Yearly and monthly production quotas and alternate schedules 2)Policies on machine replacement, augmentation and modernization. 3)Identifying best product mix. Tactical Information 1)Identifying and controlling areas of high cost. 2) Identifying critical bottlenecks in production. 3)
Read more

The User Interface:Establishing User Interfaces

By -
Image
The User Interface Establishing User Interfaces The success factors in analysis start with the established interfaces from day one. What does this mean? You must start the process by meeting with the right people in the organization. In the best projects, the process is as follows: 1. Executive interface: There needs to be an executive-level supporter of the project. Without such a supporter, you risk not being able to keep the project on schedule. Most important, you need a supporter for the political issues that you may need to handle during the project (discussed in detail later). The executive supporter, sometimes known as a sponsor (JAD reference), should provide a preliminary schedule advising the organization of what is expected and the objectives of the project. The executive supporter should attach a letter to the preliminary schedule and send it to the project team members. The letter must put the importance of the project into perspective. Therefore, it is strongly rec
Read more