problems and issues with mis

7/29/2019 Problems and Issues With Mis

1/18

1

PROBLEMS AND ISSUES WITH MIS

1. Definitiono A MIS manages the information a business needs to run effectively. While these

systems have existed for hundreds of years, the MIS that is referred to in recent

times is more indicative of a consistent approach to developing an information

framework replete with guidelines, polices, procedures and standards supportiveof the company's long-term goals. MIS, as it is defined in the vernacular, typically

refers to a strategic information system that, if used effectively, manifests itself asa tool that builds productivity in a way that maximizes profit margins.

New Technology

o While new technology in and of itself is not a solution, it can provide methods by

which to overcome existing performance gaps and to capitalize on newopportunities. Although technology-based, the term "technology" may not

necessarily connote a complicated endeavor in a MIS. But it should be noted that,in practice, newer technology is what enables newer versions of these strategic

Information Systems (IS).

To quote the Organisation of Economic Cooperation and Development (OECD),

"the Internet and related advances in information and communication technology

(ICT) are transforming economic activity, much as the steam engine, railways andelectricity did in the past."

ICT is developing at an exponential rate, and while its impact can be seen on the

economy at large, the impact of ICT is even more clearly demonstrated in the

ways by which the new technology has enabled more sophisticated IS. Forinstance, think about the impact the typewriter had, the word processor and finally

the computer. Huge, right? Today, ICT is growing so exponentially that it has to

be considered spherically.

New storage devices, such as Apple's Time Capsule or Seagate's FreeAgentExternal Drive have presented new information storage options for businesses,

enabling individuals or smaller businesses to have a secure method of information

storage. There are also newer applications for business, such as Google Apps,which change the way information can be gathered, shared and accessed. These

newer ICT innovations create both new concerns and new opportunities. First,

any technology can fail, at any time, for no reason. This is an issue that has to beaccounted for. Also, information can be pirated from electronic devices, sosecurity measures must be in place.

While issues such as storage failure and security needed to be considered when

everything was handwritten, the way those concerns manifest themselves with theadvent of ICT is much different and must be handled in new and improved ways.


2/18

2

Development Problems in MIS

o In dealing with MIS, several common development issues arise. According to

Kalle Lyytinen (reference 1), the first, and most common, is in regard to the goals

of the MIS. Frequently, the goals are "ambiguous, too narrow" or "conflicting."

These development issues, while common in any goal-setting environment, are ofspecial importance in MIS. Basically, a person must understand the goal

presented in order to work toward it. Also, the goal must be broad enough. For

example, a goal to improve the efficiency of the production of half-inch purplecogs is probably too narrow, while a goal to improve efficiency of cog production

would present a better breadth. Lastly, no one does well when goals are

conflicting. An example of this would be "increase profits for this quarter" versus"increase profits for the year". The profits of this quarter may decline because of

factors like reinvestment and new opportunities. Trying to meet both goals is

difficult, if not impossible.

Other issues identified by Lyytinen relevant to the development of MIS includetechnology, economy, process features, view of organization and self-image.

Technology here refers to the impact technology has on information systems, both

as a limitation (the system does not have the capability to use an automated

information-gathering system) and to its opportunities (the system has thecapability of intra-networking, file sharing and collaboration). Economy, in terms

of the company, refers to whether the correct goal was identified; whereas process

features refer to whether the process by which to achieve that goal will besuccessful. The view of the organization and self-image have to do with whether

the queries "can it be done?", and "can we do really do this?", are answered

affirmatively at the company level and at the individual level.

Usage Problems in MIS

o Lyytinen goes on to identify issues regarding the process of the MIS. She

observes that the process is frequently seen as too difficult, slow and/or

unreliable. Essentially, the process must be easy to use and understand; otherwiseit may prove too difficult for the average person to complete successfully. A good

example here would be a set of instructions 50 pages long for a process that

should take 15 minutes. Secondly, processes that are slow simply take up toomuch time. After a while, people will stop using them, if for no other reason than

the aggravation that accompanies them. All of these factors can contribute to an

unreliable system. Since the information gathered is the purpose of the system, if

it provides incorrect information it is useless.

Other process-oriented problems regarding MIS have to do with data, with

concepts, with people and with the complexity of the system. Is the data reliable,

and is the right data being reviewed? Did the people who set up the IS process


3/18

3

fully understand the nature of the product? Is the process chosen for themanagement of the information system appropriate? The people the company

employs need to understand how the MIS is attempting to improve company

function, and have to believe that that goal can be achieved through the processinstituted. And is the process too complex, and the data it collects not clear

enough for accurate measurement?

Effective MIS

o One of the biggest issues facing MIS, either in its development or its usage, lies in

the fact that the systems do not have a concrete definition or a quantitative

measure. Without ways to make its use measurable and understandable, how can

its success (or lack of success) be gauged? And much of the research into MIS hasneglected to look at the myriad of different types and focus on how each would

apply.

MIS research tends to look at issues in such a narrow way that practical

applications to a given business are few if any. Few totally understand thetechnology being used. Who judges whether the MIS process being implemented

is the correct one?

QUALITY ASSURANCE (QA) refers to the systematic activities implemented in a quality

system so that quality requirements for a product or service will be fulfilled.[1] It is the systematic

measurement, comparison with a standard, monitoring of processes and an associated feedback

loop that confers error prevention.[2] This can be contrasted with quality control, which is focused

on process outputs.

Two principles included in QA are: "Fit for purpose", the product should be suitable for the

intended purpose; and "Right first time", mistakes should be eliminated. QA includes

management of the quality of raw materials, assemblies, products and components, services

related to production, and management, production and inspection processes.[citation needed]

Suitable quality is determined by product users, clients or customers, not by society in general. It

is not related to cost and adjectives or descriptors such "high" and "poor" are not applicable. For

example, a low priced product may be viewed as having high quality because it is disposable

where another may be viewed as having poor quality because it is not disposable.

Software quality assurance (SQA) consists of a means of monitoring the software

engineering processes and methods used to ensure quality.[citation needed]

The methods by which thisis accomplished are many and varied, and may include ensuring conformance to one or more

standards, such as ISO 9000 or a model such as CMMI.

SQA encompasses the entire software development process, which includes processes such as

requirements definition, software design,coding, source code control, code reviews, change

management,configuration management,testing,release management, and product integration.
http://en.wikipedia.org/wiki/Quality_systemhttp://en.wikipedia.org/wiki/Quality_systemhttp://en.wikipedia.org/wiki/Quality_assurance#cite_note-1http://en.wikipedia.org/wiki/Quality_assurance#cite_note-1http://en.wikipedia.org/wiki/Quality_assurance#cite_note-2http://en.wikipedia.org/wiki/Quality_controlhttp://en.wikipedia.org/wiki/Quality_(business)http://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Software_engineeringhttp://en.wikipedia.org/wiki/Software_engineeringhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/ISO_9000http://en.wikipedia.org/wiki/CMMIhttp://en.wikipedia.org/wiki/Software_developmenthttp://en.wikipedia.org/wiki/Software_designhttp://en.wikipedia.org/wiki/Computer_programminghttp://en.wikipedia.org/wiki/Revision_controlhttp://en.wikipedia.org/wiki/Code_reviewhttp://en.wikipedia.org/wiki/Change_managementhttp://en.wikipedia.org/wiki/Change_managementhttp://en.wikipedia.org/wiki/Configuration_managementhttp://en.wikipedia.org/wiki/Software_testinghttp://en.wikipedia.org/wiki/Release_Managementhttp://en.wikipedia.org/wiki/Quality_systemhttp://en.wikipedia.org/wiki/Quality_systemhttp://en.wikipedia.org/wiki/Quality_assurance#cite_note-1http://en.wikipedia.org/wiki/Quality_assurance#cite_note-2http://en.wikipedia.org/wiki/Quality_controlhttp://en.wikipedia.org/wiki/Quality_(business)http://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Software_engineeringhttp://en.wikipedia.org/wiki/Software_engineeringhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/ISO_9000http://en.wikipedia.org/wiki/CMMIhttp://en.wikipedia.org/wiki/Software_developmenthttp://en.wikipedia.org/wiki/Software_designhttp://en.wikipedia.org/wiki/Computer_programminghttp://en.wikipedia.org/wiki/Revision_controlhttp://en.wikipedia.org/wiki/Code_reviewhttp://en.wikipedia.org/wiki/Change_managementhttp://en.wikipedia.org/wiki/Change_managementhttp://en.wikipedia.org/wiki/Configuration_managementhttp://en.wikipedia.org/wiki/Software_testinghttp://en.wikipedia.org/wiki/Release_Management


4/18

4

SQA is organized into goals, commitments, abilities, activities, measurements, and verifications.[1]

Information quality (IQ) is a term to describe the quality of the content ofinformation systems.

It is often pragmatically defined as: "The fitness for use of the information provided."

Information quality assurance is the process to guarantee confidence that particular information

meets some context specific quality requirements. It has been suggested, however, that higher thequality the greater will be the confidence in meeting more general, less specific contexts.

"Information quality" is a measure of the value which the information provides to the user of that

information. "Quality" is often perceived as subjective and the quality of information can then

vary among users and among uses of the information.

list of dimensions or elements used in assessing Information Quality is:[3]

Intrinsic IQ: Accuracy, Objectivity, Believability, Reputation

Contextual IQ: Relevancy,Value-Added, Timeliness,Completeness, Amount of

information

Representational IQ: Interpretability, Format, Coherence, Compatibility[4]

Accessibility IQ: Accessibility, Access security

quality metrics

Authority/Verifiability

Authority refers to the expertise or recognized official status of a source. Consider the reputation

of the author and publisher. When working with legal or government information, considerwhether the source is the official provider of the information. Verifiability refers to the ability of

a reader to verify the validity of the information irresepective of how authoritative the source is.

To verify the facts is part of the duty of care of the journalistic deontology, as well as, where

possible, to provide the sources of information so that they can be verified

Scope of coverage

Scope of coverage refers to the extent to which a source explores a topic. Consider time periods,

geography or jurisdiction and coverage of related or narrower topics.

Composition and Organization

Composition and Organization has to do with the ability of the information source to present its

particular message in a coherent, logically sequential manner.

Objectivity
http://en.wikipedia.org/wiki/Software_quality_assurance#cite_note-1http://en.wikipedia.org/wiki/Information_systemshttp://en.wikipedia.org/wiki/Information_quality#cite_note-3http://en.wikipedia.org/wiki/Accuracyhttp://en.wiktionary.org/wiki/Objectivityhttp://en.wiktionary.org/wiki/Believablehttp://en.wiktionary.org/wiki/Reputationhttp://en.wikipedia.org/wiki/Relevancehttp://en.wikipedia.org/wiki/Relevancehttp://en.wikipedia.org/wiki/Value-addedhttp://en.wiktionary.org/wiki/Timelinesshttp://en.wikipedia.org/wiki/Completenesshttp://en.wikipedia.org/wiki/Completenesshttp://en.wiktionary.org/wiki/Interpretabilityhttp://en.wikipedia.org/wiki/Information_quality#cite_note-4http://en.wikipedia.org/wiki/Accessibilityhttp://en.wikipedia.org/wiki/Accessibilityhttp://en.wikipedia.org/wiki/Software_quality_assurance#cite_note-1http://en.wikipedia.org/wiki/Information_systemshttp://en.wikipedia.org/wiki/Information_quality#cite_note-3http://en.wikipedia.org/wiki/Accuracyhttp://en.wiktionary.org/wiki/Objectivityhttp://en.wiktionary.org/wiki/Believablehttp://en.wiktionary.org/wiki/Reputationhttp://en.wikipedia.org/wiki/Relevancehttp://en.wikipedia.org/wiki/Value-addedhttp://en.wiktionary.org/wiki/Timelinesshttp://en.wikipedia.org/wiki/Completenesshttp://en.wiktionary.org/wiki/Interpretabilityhttp://en.wikipedia.org/wiki/Information_quality#cite_note-4http://en.wikipedia.org/wiki/Accessibility


5/18

5

Objectivity is the bias or opinion expressed when a writer interprets or analyze facts. Consider

the use of persuasive language, the sources presentation of other viewpoints, its reason for

providing the information and advertising.

Integrity

1. Adherence to moral and ethical principles; soundness of moral character

2. The state of being whole, entire, or undiminished

Comprehensiveness

1. Of large scope; covering or involving much; inclusive: a comprehensive study.

2. Comprehending mentally; having an extensive mental grasp.

3. Insurance. covering or providing broad protection against loss.

Validity

Validity of some information has to do with the degree of obvious truthfulness which the

information caries

Uniqueness

As much as uniqueness of a given piece of information is intuitive in meaning, it also

significantly implies not only the originating point of the information but also the manner in

which it is presented and thus the perception which it conjures. The essence of any piece of

information we process consists to a large extent of those two elements.

Timeliness

Timeliness refers to information that is current at the time of publication. Consider publication,

creation and revision dates. Beware of Web site scripting that automatically reflects the current

days date on a page.

Reproducibility (utilized primarily when referring to instructive information)

Means that documented methods are capable of being used on the same data set to achieve a

consistent result.

INFORMATION SECURITY (sometimes shortened to InfoSec) is the practice of defending

information from unauthorized access, use, disclosure, disruption, modification, perusal,

inspection, recording or destruction. It is a general term that can be used regardless of the form

the data may take (electronic, physical, etc...)

Below are the typical terms you will hear when dealing with information security:


6/18

6

IT Security = Sometimes referred to as computer security, IT Security is information security

when applied to technology (most often some form of computer system). It is worthwhile to note

that a computer does not necessarily mean a home desktop. A computer is any device with

a processor and some memory (even a calculator). IT security specialists are almost always

found in any major enterprise/establishment due to the nature and value of the data within larger

businesses. They are responsible for keeping all of the technology within the company secure

from malicious cyber attacks that often attempt to breach into critical private information or gaincontrol of the internal systems.

Information Assurance = The act of ensuring that data is not lost when critical issues arise.

These issues include but are not limited to; natural disasters, computer/server malfunction,

physical theft, or any other instance where data has the potential of being lost. Since most

information is stored on computers in our modern era, information assurance is typically dealt

with by IT security specialists. One of the most common methods of providing information

assurance is to have an off-site backup of the data in case one of the mentioned issues arise.

Governments, military, corporations, financial institutions, hospitals, and private

businesses amass a great deal of confidential information about their employees, customers,

products, research and financial status. Most of this information is now collected, processed andstored on electronic computers and transmitted across networks to other computers.

Should confidential information about a business' customers or finances or new product line fall

into the hands of a competitor, such a breach of security could lead to negative consequences.

Protecting confidential information is a business requirement, and in many cases also an ethical

and legal requirement.

For the individual, information security has a significant effect on privacy, which is viewed very

differently in different cultures.

The field of information security has grown and evolved significantly in recent years. There are

many ways of gaining entry into the field as a career. It offers many areas for specializationincluding: securing network(s) and allied infrastructure, securing applications and

databases, security testing, information systems auditing, business continuity

planning and digital forensics, etc.


7/18

7

Information Security Attributes: or qualities,

i.e.,Confidentiality, Integrityand Availability (CIA). Information Systems are decomposed in

three main portions, hardware, software and communications with the purpose to help identify

and apply information security industry standards, as mechanisms of protection and prevention,

at three levels or layers: physical, personal and organizational. Essentially, procedures or policies

are implemented to tell people (administrators, users and operators) how to use products to

ensure information security within the organizations.

Key concepts

The CIA triad (confidentiality, integrity and availability) is one of the core principles of

information security.

There is continuous debate about extending this classic trio. Other principles such as

Accountability have sometimes been proposed for addition it has been pointed out that issues

such as Non-Repudiation do not fit well within the three core concepts, and as regulation of

computer systems has increased (particularly amongst the Western nations) Legality is becoming

a key consideration for practical security installations. In 1992 and revised in 2002 the OECD's

Guidelines for the Security of Information Systems and Network proposed the nine generally

accepted principles: Awareness, Responsibility, Response, Ethics, Democracy, Risk Assessment,

Security Design and Implementation, Security Management, and Reassessment. Building upon

those, in 2004 theNIST's Engineering Principles for Information Technology Security proposed

33 principles. From each of these derived guidelines and practices.

In 2002,Donn Parkerproposed an alternative model for the classic CIA triad that he called

the six atomic elements of information. The elements are confidentiality,

possession, integrity, authenticity, availability, and utility. The merits of theParkerian hexad are

a subject of debate amongst security professionals.

ConfidentialityConfidentiality is the term used to prevent the disclosure of information to unauthorized

individuals or systems. For example, a credit card transaction on the Internet requires the credit

card number to be transmitted from the buyer to the merchant and from the merchant to a

transaction processing network. The system attempts to enforce confidentiality by encrypting the

card number during transmission, by limiting the places where it might appear (in databases, log

files, backups, printed receipts, and so on), and by restricting access to the places where it is

stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality

has occurred.

Confidentiality is necessary (but not sufficient) for maintaining theprivacyof the people whose

personal information a system holds]

Integrity

In information security, integrity means that data cannot be modified undetectably. This is not

the same thing as referential integrity in databases, although it can be viewed as a special case of

Consistency as understood in the classic ACID model of transaction processing. Integrity is

violated when a message is actively modified in transit. Information security systems typically

provide message integrity in addition to data confidentiality.
http://en.wikipedia.org/wiki/Data_integrityhttp://en.wikipedia.org/wiki/NISThttp://en.wikipedia.org/wiki/Donn_Parkerhttp://en.wikipedia.org/wiki/Donn_Parkerhttp://en.wikipedia.org/wiki/Parkerian_hexadhttp://en.wikipedia.org/wiki/Parkerian_hexadhttp://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Data_integrityhttp://en.wikipedia.org/wiki/NISThttp://en.wikipedia.org/wiki/Donn_Parkerhttp://en.wikipedia.org/wiki/Parkerian_hexadhttp://en.wikipedia.org/wiki/Privacy


8/18

8

Availability

For any information system to serve its purpose, the information must be available when it is

needed. This means that the computing systems used to store and process the information,

the security controls used to protect it, and the communication channels used to access it must be

functioning correctly. High availability systems aim to remain available at all times, preventing

service disruptions due to power outages, hardware failures, and system upgrades. Ensuring

availability also involves preventing denial-of-service attacks.

Authenticity

In computing, e-Business, and information security, it is necessary to ensure that the data,

transactions, communications or documents (electronic or physical) are genuine. It is also

important for authenticity to validate that both parties involved are who they claim to be.

Non-repudiation

In law, non-repudiation implies one's intention to fulfill their obligations to a contract. It also

implies that one party of a transaction cannot deny having received a transaction nor can the

other party deny having sent a transaction.

Electronic commerce uses technology such as digital signatures and public key encryption to

establish authenticity and non-repudiation.

INFORMATIONSECURITYCONTROLS

Organizational Controls

Organizational controls are procedures and processes that define how people in the

organization should perform their duties.

Preventative controls in this category include:

Clear roles and responsibilities. These must be clearly defined and documented so thatmanagement and staff clearly understand who is responsible for ensuring that an appropriatelevel of security is implemented for the most important IT assets.

Separation of duties and least privileges. When properly implemented, these ensure thatpeople have only enough access to IT systems to effectively perform their job duties and nomore.

Documented security plans and procedures. These are developed to explain how controlshave been implemented and how they are to be maintained.

Security training and ongoing awareness campaigns. This is necessary for all members ofthe organization so that users and members of the IT team understand their responsibilitiesand how to properly utilize the computing resources while protecting the organization'sdata.

Systems and processes for provisioning and de-provisioning users. These controls arenecessary so that new members of the organization are able to become productive quickly,while leaving personnel lose access immediately upon departure. Processes for provisioningshould also include employee transfers from groups within the company where privilegesand access change from one level to another. For example, consider government personnelchanging jobs and security classifications form Secret to Top Secret, or vice versa.

Established processes for granting access to contractors, vendors, partners, and customers.This is often a variation on user provisioning, mentioned previously, but in many cases it isvery distinct. Sharing some data with one group of external users while sharing a different


9/18

9

collection of data with a different group can be challenging. Legal and regulatoryrequirements often impact the choices, for example when health or financial data isinvolved.

Detection controls in this category include:

Performing continuing risk management programs to assess and control risks to theorganization's key assets.

Executing recurrent reviews of controls to verify the controls' efficacy.

Periodic undertaking of system audits to ensure that systems have not beencompromised or misconfigured.

Performing background investigations of prospective candidates for employment; youshould contemplate implementing additional background investigations for employees whenthey are being considered for promotions to positions with a significantly higher level ofaccess to the organization's IT assets.

Establishing a rotation of duties, which is an effective way to uncover nefarious activities by

members of the IT team or users with access to sensitive information.

Management controls in this category include:

Incident response planning, which provides an organization with the ability to quicklyreact to and recover from security violations while minimizing their impact andpreventing the spread of the incident to other systems.

Business continuity planning, which enables an organization to recover from catastrophicevents that impact a large fraction of the IT infrastructure.

Operational Controls

Operational controls define how people in the organization should handle data, software andhardware. They also include environmental and physical protections as described below.


Protection of computing facilities by physical means such as guards, electronic badgesand locks, biometric locks, and fences.

Physical protection for end-user systems, including devices such as mobile computer

locks and alarms and encryption of files stored on mobile devices. Emergency backup power, which can save sensitive electrical systems from harm

during power brownouts and blackouts; they can also ensure that applications andoperating systems are shut down gracefully manner to preserve data and transactions.

Fire protection systems such as automated fire suppression systems and fire extinguishers,which are essential tools for guarding the organization's key assets.

Temperature and humidity control systems that extend the life of sensitive electricalequipment and help to protect the data stored on them.

Media access control and disposal procedures to ensure that only authorized personnel have

access to sensitive information and that media used for storing such data is rendered

unreadable by degaussing or other methods before disposal.

Backup systems and provisions for offsite backup storage to facilitate the restoration of lostor corrupted data. In the event of a catastrophic incident, backup media stored offsite makesit possible to store critical business data on replacement systems.

Detection and recovery controls in this category include:

Physical security, which shields the organization from attackers attempting to gainaccess to its premises; examples include sensors, alarms, cameras, and motiondetectors.

Environmental security, which safeguards the organization from environmental threats suchas floods and fires; examples include smoke and fire detectors, alarms, sensors, and flood


10/18

10

detectors.

Technological Controls

Technological controls vary considerably in complexity. They include system architecturedesign, engineering, hardware, software, and firmware. They are all of the technologicalcomponents used to build an organization's information systems.


Authentication. The process of validating the credentials of a person, computer, process,or device. Authentication requires that the person, process, or device making the requestprovide a credential that proves it is what or who it says it is. Common forms ofcredentials are digital signatures, smart cards, biometric data, and a combination of usernames and passwords.

Authorization. The process of granting a person, computer process, or device access tocertain information, services, or functionality. Authorization is derived from theidentity of the person, computer process, or device requesting access, which is verifiedthrough authentication.

Nonrepudiation. The technique used to ensure that someone performing an action on acomputer cannot falsely deny that he or she performed that action. Nonrepudiation

provides undeniable proof that a user took a specific action such as transferring money,authorizing a purchase, or sending a message.

Access control. The mechanism for limiting access to certain information based on auser's identity and membership in various predefined groups. Access control can bemandatory, discretionary, or role-based.

Protected communications. These controls use encryption to protect the integrity andconfidentiality of information transmitted over networks.

Detection and recovery controls in this category include:

Audit systems. Make it possible to monitor and track system behavior that deviates fromexpected norms. They are a fundamental tool for detecting, understanding, and recovering

from security breaches. Antivirus programs. Designed to detect and respond to malicious software, such as

viruses and worms. Responses may include blocking user access to infected files,cleaning infected files or systems, or informing the user that an infected program wasdetected.

System integrity tools. Make it possible for IT staff to determine whether unauthorized

changes have been made to a system. For example, some system integrity tools calculate a

checksum for all files present on the system's storage volumes and store the information in a

database on a separate computer. Comparisons between a system's current state and itspreviously-known good configuration can be completed in a reliable and automated fashion

with such a tool.

Management controls in this category include: Security administration tools included with many computer operating systems and business

applications as well as security oriented hardware and software products. These tools areneeded in order to effectively maintain, support, and troubleshoot security features in all ofthese products.

Cryptography, which is the foundation for many other security controls. The secure creation,storage, and distribution of cryptographic keys make possible such technologies as virtualprivate networks(VPNs), secure user authentication, and encryption of data on various types of storage


11/18

11

media.

Identification, which supplies the ability to identify unique users and processes. With thiscapability, systems can include features such as accountability, discretionary access control,role-based access control, and mandatory access control.

Protections inherent in the system, which are features designed into the system to provide

protection of information processed or stored on that system. Safely reusing objects, supporting

no-execute (NX) memory, and process separation all demonstrate system protection features.

ETHICS


12/18

12


13/18

13


14/18

14


15/18

15


16/18

16


17/18

17


18/18

18

problems and issues with mis

Documents