Upload
malvika-kishor
View
483
Download
0
Embed Size (px)
Citation preview
Information SystemsInformation Systems
UNIT - 1
By Shanu Gaharana
LECTURE NO.-1
By Shanu Gaharana
DefinitionsDefinitionsData
Raw facts such as an employee’s name and number of hours worked in a week, inventory part numbers or sales orders.
Information
A collection of facts organized in such a way that they have additional value beyond the value of the facts themselves.
Data Information
$35,000 12 Units $12,000 J. Jones Western Region $100,000 100 Units
35 Units
Data Processing
Salesperson: J. Jones Sales Territory: Western Region Current Sales: 147 Units = $147,000By Shanu Gaharana
Information Systems
An information system(IS) is typically considered to be a set of interrelated elements or components that collect(input), manipulate(processes), and disseminate (output) data and information and provide a feedback mechanism to meet an objective.
Open System
Close System
Definitions
By Shanu Gaharana
By Shanu Gaharana
HISTORY OF INFORMATION SYSTEMS
IS has always played a crucial role in civilization.
1.IS over 500 yrs ago
2.IS in mid –eighteenth century
3.IS in 20th centuary
By Shanu Gaharana
IMPORTANCE OF INFORMATION SYSTEMS
By Shanu Gaharana
CHANGING NATURE OF IS
There are 4 powerful changes that have altered the business
environment are :-
Globalization
Rise of the Information Economy
Transformation of the Business Enterprise
Emergence of the digital firm
By Shanu Gaharana
Mainframe based information s/m
By Shanu Gaharana
Client Server Based System
By Shanu Gaharana
Architecture of Web Services based Systems
LECTURE NO.-2
By Shanu Gaharana
By Shanu Gaharana
Need of Distributed IS
DS have the following 2 properties :-
1. There are several autonomous computational entities, each of which has
its own local memory.
2. The entities communicate with each other by message passing
13
Distributed S/mDistributed S/m An integration of system services, presenting a transparent view of a
multiple computer system with distributed resources and control A collection of independent computers that appear to the users of the
system as a single computer Examples
– Personal workstations + a pool of processors + single file system– Robots on the assembly line + Robots in the parts department– A large bank with hundreds of branch offices all over the world
Message Passing in Distributed SystemsMessage Passing in Distributed Systems
By Shanu Gaharana
By Shanu Gaharana
Need of Distributed IS
The widening scope of IS can be summarized as :-
In 1950s : technical changes
1960s -1970s : managerial controls
1980s – 1990s : institutional core activities
Today : digital information webs extending beyond the enterprise.
By Shanu Gaharana
ROLE OF INTERNET & WEB SERVICES
Statistics from the IITF Report Statistics from the IITF Report The Emerging Digital EconomyThe Emerging Digital Economy * *
To get a market of 50 Million People Participating: Radio took 38 years TV took 13 years Once it was open to the General Public, The Internet made to the
50 million person audience mark in just 4 years!!!
http://www.ecommerce.gov/emerging.htm– Released on April 15, 1998
* Delivered to the President and the U.S. Public on April 15, 1998 by Bill Daley, Secretary of Commerce and Chairman of the Information Infrastructure Task Force
By Shanu Gaharana
By Shanu Gaharana
IS THREATS & ATTACKS
Basically 2 types of Threats :-
1. Information level
2. Network Level
By Shanu Gaharana
IS THREATS & ATTACKS
Security threats have following principal sources :-
1. Human Error
2. Computer abuse or crime
3. Natural & political disasters
4. Failure of h/w or s/w.
LECTURE NO.-3
By Shanu Gaharana
By Shanu Gaharana
Security threats related to computer crime or abuse include :-
1.Impersonation
2.Trojan Horse Method
3.Logic Bomb
4.Computer viruses
5.DoS
6.Dial Diddling
7.Salami Technique
2. The entities communicate with each other by message passing
By Shanu Gaharana
8. Spoofing
9. Super – zapping
10. Scavenging
11. Data Leakage
12. Wiretapping
13. Theft of mobile devices
By Shanu Gaharana
Block Diagram of Spoofing
By Shanu Gaharana
A Threat is an indication of a potential undesirable event.
Threat consists of the 4 properties :-
1.Asset
2.Actor
3.Motive(optional)
4.Access(optional)
Classification of Threats & Assessing Damages
By Shanu Gaharana
The major Categories of damages are :-
• Destruction of information &/ or other resource
• Corruption or modification of information
• Theft, removal or loss of information and/or other resources.
•Disclosure of information
•Interruption of access to important information.
By Shanu Gaharana
There are 5 categories of Logical & Physical assets :-
1. Information
2. Hardware
3. Software
4. People
5. Systems
By Shanu Gaharana
Another way of grouping the threats is :-
1.Human actors using n/w access
2.Human actors using physical access
3.System Problems
4.Other Problems
By Shanu Gaharana
GENERIC THREAT PROFILE :-
Represented by Tree Structures
This structure shows Assets, Access, Actors, Motives, and the possible
outcomes.
There should be a suitable method in organization for ‘asset
classification’ to know which of their assets are critical.
By Shanu Gaharana
LECTURE NO.-4
By Shanu Gaharana
Security Considerations in Mobile & Wireless Computing
Today belongs to Mobile Computing .
As the mobility of workers increases, security issues also increase in
number, because working with technology outside the office brings many
challenges.
By Shanu Gaharana
Proliferation of Mobile & Wireless Devices :-
Wireless Networks, and the use of mobile devices, are bringing the world a new means of communication and day-to-day business activities.
>As the mobility of workers increases, security issues also increase in number, because working with technology outside the office brings many challenges.
> The implementation of these new Wireless devices also brings about new security threats to Information assets.
By Shanu Gaharana
Trends in Mobility :-
• Types of Mobility :-
1.User Mobility:- refers to a wireless service that lets you be completely mobile
such as in a car, train, etc.
2. Device Mobiliity :- it enables to determine if the IP phone is at its home location
or at a roaming location. Uses smaller, battery driven devices
3. Session Mobility :- Issues in data distribution.
4. Service Mobility (Code Mobility):- managing security is a big issue
By Shanu Gaharana
Key Findings for Mobile Computing Security Scenario :-
With usage experience, awareness of mobile users gets enhanced.
People continue to remain the weakest link for laptop security.
Wireless connectivity does little to increase burden of managing laptops
Laptop experience changes the view of starting a smart handheld pilot
There is naivety and/ or neglect in smart handheld security
Rules rather than technology keep smart handhelds’ usage in check
By Shanu Gaharana
Security Challenges Posed by Mobile Devices
Basically 2 challenges are presented :
1.Micro Challenges:- device level
2.Macro Challenges:- organizational level
Some well- known technical challenges in mobile security are :-
1.Managing the registry settings & configurations
2.Authentication service security
3.Cryptography Security for mobile devices
By Shanu Gaharana
LDAP (Light Weighted Directory Access Protocol ) - is an
application protocol for reading and editing directories over an IP network. A directory
in this sense is an organized set of records: for example, a telephone directory is an
alphabetical list of persons and organizations with an address and phone number in
each "record"
RAS Security:- important consideration for protecting the business
sensitive data that may reside on the employees’ mobile devices.
Media Player Control Security
Networking API Security
By Shanu Gaharana
LECTURE NO. -5
By Shanu Gaharana
Authentication Service Security
A secure n/w access involves the mutual authentication b/w the device
& the base stations or web servers .
Authentication services security is important given the typical attacks
on mobile devices through wireless n/w :
Denial of Service attacks
Traffic analysis
Eavesdropping
By Shanu Gaharana
Man in the middle attacks
Session hijacking.
By Shanu Gaharana
Mobile Devices :Security Implications for Organizations
Managing diversity and proliferation of handheld devices
Threats Through lost and stolen devices.
Protecting data on lost devices
Educating the laptop users
By Shanu Gaharana
LAPTOP SECURITYBasic security measures are as following:-
1.Choose a secure operating s/m and lock it down.2.Enable a strong BIOS Password.3.Asset tag or engrave the laptop.4.Register the laptop with manufacturer.
Physical Security :-
1.Use a cable or hard-wired lock.2.Use a docking station.3.Use personal firewall for your laptop.4.Lock up all the ports and PCMCIA cards.5.Use laptop safes6.Use Motion Sensors & Alarms
By Shanu Gaharana
LAPTOP SECURITY
Protecting Sensitive data :-
- Use NTFS file s/m
- Disable the guest account.
- Prevent the last logged-in user name from being displayed.
- Enable EFS (Encrypting File System).
- Backup your data before you leave.
By Shanu Gaharana
Lecture No. - 6
By Shanu Gaharana
INFORMATION CLASSIFICATION
It is a demonstration toward an organizations commitment to security protections.
Helps to identify which information is most sensitive or vital.
Identify which protections apply to which information.
By Shanu Gaharana
TERMS FOR INFORMATION CLASSIFICATION
1. Unclassified :- neither sensitive nor classified. Public release of this information does not violate confidentiality.
2. Sensitive but unclassified:- minor secret but may not create serious damage if disclosed. Information that may be classified with these labels range from personally identifying information such as passport and Social Security numbers.
3. Confidential:- this information would cause "damage" or be to national security if publicly available
4. Secret:- this information would cause serious damage to national security if publicly available
5. Top Secret :- this information would cause exceptionally serious damage to national security if publicly available
By Shanu Gaharana
INFORMATION CLASSIFICATION in PRIVATE ORGANIZATIONS
1. Public
2. Sensitive
3. Private
Information Systems DevelopmentInformation Systems Development
By Shanu Gaharana
By Shanu Gaharana
LECTURE NO. – 7
By Shanu Gaharana
BASIC PRINCIPLES OF IS
IS plays a crucial role in the modern digital economy.
There are basically 3 pillars of Infosec:
-Confidentiality
- Integrity
-Availability
By Shanu Gaharana
Security Related Basic Terms
Electronic SecurityNon – repudiation :- Regarding digital security, the cryptological meaning and application of non-repudiation is-
- A service that provides proof of the integrity and origin of data.- An authentication that with high assurance can be asserted to be genuine.
Electronic Signature :- An electronic signature is any electronic means that
indicates that a person adopts the contents of an electronic message. The U.S. Code defines
an electronic signature for the purpose of US law as "an electronic sound, symbol, or
process, attached to or logically associated with a contract or other record and executed or
adopted by a person with the intent to sign the record.
Encryption Cipher Cryptanalysis:- is the study of methods for obtaining the
meaning of encryptedinformation, without access to the secret information that is normally required to do so. Typically, this involves knowing how the system works and finding a secret key. In non-technical language, this is the practice of
codebreaking or cracking the code
Cryptography
DoS Attacks
By Shanu Gaharana
Tempest :- is a codename referring to investigations and studies of compromising
emanations (CE) . Compromising Emanations (CE) are defined as unintentional
intelligence-bearing signals which, if intercepted and analyzed, may disclose the
information transmitted, received, handled, or otherwise processed by any information-
processing equipment. TEMPEST is a codename only and is not an acronym.
Spoofing
Steganography:- Art of hiding the existence of a message.
By Shanu Gaharana
INFORMATION INTEGRITY
Assurance that the data being accessed or read has neither been tampered
with, nor been altered or damaged through a system error, since the time of
the last authorized access
By Shanu Gaharana
OTHER TERMS IN IS
Identification
Authentication
Accountability
Authorization
Privacy
ReferencesReferences
By Shanu Gaharana
http://samer-baydoun.com
>Information S/ms Security by Nina Godbole
> http://www.csbdu.in/virtual/DIGITAL%20MUP/4.2.php