unit1 (iscl)- new
TRANSCRIPT
![Page 1: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/1.jpg)
Information SystemsInformation Systems
UNIT - 1
By Shanu Gaharana
![Page 2: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/2.jpg)
LECTURE NO.-1
By Shanu Gaharana
![Page 3: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/3.jpg)
DefinitionsDefinitionsData
Raw facts such as an employee’s name and number of hours worked in a week, inventory part numbers or sales orders.
Information
A collection of facts organized in such a way that they have additional value beyond the value of the facts themselves.
Data Information
$35,000 12 Units $12,000 J. Jones Western Region $100,000 100 Units
35 Units
Data Processing
Salesperson: J. Jones Sales Territory: Western Region Current Sales: 147 Units = $147,000By Shanu Gaharana
![Page 4: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/4.jpg)
Information Systems
An information system(IS) is typically considered to be a set of interrelated elements or components that collect(input), manipulate(processes), and disseminate (output) data and information and provide a feedback mechanism to meet an objective.
Open System
Close System
Definitions
By Shanu Gaharana
![Page 5: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/5.jpg)
By Shanu Gaharana
HISTORY OF INFORMATION SYSTEMS
IS has always played a crucial role in civilization.
1.IS over 500 yrs ago
2.IS in mid –eighteenth century
3.IS in 20th centuary
![Page 6: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/6.jpg)
By Shanu Gaharana
IMPORTANCE OF INFORMATION SYSTEMS
![Page 7: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/7.jpg)
By Shanu Gaharana
CHANGING NATURE OF IS
There are 4 powerful changes that have altered the business
environment are :-
Globalization
Rise of the Information Economy
Transformation of the Business Enterprise
Emergence of the digital firm
![Page 8: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/8.jpg)
By Shanu Gaharana
Mainframe based information s/m
![Page 9: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/9.jpg)
By Shanu Gaharana
Client Server Based System
![Page 10: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/10.jpg)
By Shanu Gaharana
Architecture of Web Services based Systems
![Page 11: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/11.jpg)
LECTURE NO.-2
By Shanu Gaharana
![Page 12: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/12.jpg)
By Shanu Gaharana
Need of Distributed IS
DS have the following 2 properties :-
1. There are several autonomous computational entities, each of which has
its own local memory.
2. The entities communicate with each other by message passing
![Page 13: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/13.jpg)
13
Distributed S/mDistributed S/m An integration of system services, presenting a transparent view of a
multiple computer system with distributed resources and control A collection of independent computers that appear to the users of the
system as a single computer Examples
– Personal workstations + a pool of processors + single file system– Robots on the assembly line + Robots in the parts department– A large bank with hundreds of branch offices all over the world
![Page 14: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/14.jpg)
Message Passing in Distributed SystemsMessage Passing in Distributed Systems
By Shanu Gaharana
![Page 15: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/15.jpg)
By Shanu Gaharana
Need of Distributed IS
The widening scope of IS can be summarized as :-
In 1950s : technical changes
1960s -1970s : managerial controls
1980s – 1990s : institutional core activities
Today : digital information webs extending beyond the enterprise.
![Page 16: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/16.jpg)
By Shanu Gaharana
ROLE OF INTERNET & WEB SERVICES
![Page 17: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/17.jpg)
Statistics from the IITF Report Statistics from the IITF Report The Emerging Digital EconomyThe Emerging Digital Economy * *
To get a market of 50 Million People Participating: Radio took 38 years TV took 13 years Once it was open to the General Public, The Internet made to the
50 million person audience mark in just 4 years!!!
http://www.ecommerce.gov/emerging.htm– Released on April 15, 1998
* Delivered to the President and the U.S. Public on April 15, 1998 by Bill Daley, Secretary of Commerce and Chairman of the Information Infrastructure Task Force
![Page 18: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/18.jpg)
By Shanu Gaharana
![Page 19: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/19.jpg)
By Shanu Gaharana
IS THREATS & ATTACKS
Basically 2 types of Threats :-
1. Information level
2. Network Level
![Page 20: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/20.jpg)
By Shanu Gaharana
IS THREATS & ATTACKS
Security threats have following principal sources :-
1. Human Error
2. Computer abuse or crime
3. Natural & political disasters
4. Failure of h/w or s/w.
![Page 21: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/21.jpg)
LECTURE NO.-3
By Shanu Gaharana
![Page 22: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/22.jpg)
By Shanu Gaharana
Security threats related to computer crime or abuse include :-
1.Impersonation
2.Trojan Horse Method
3.Logic Bomb
4.Computer viruses
5.DoS
6.Dial Diddling
7.Salami Technique
2. The entities communicate with each other by message passing
![Page 23: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/23.jpg)
By Shanu Gaharana
8. Spoofing
9. Super – zapping
10. Scavenging
11. Data Leakage
12. Wiretapping
13. Theft of mobile devices
![Page 24: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/24.jpg)
By Shanu Gaharana
Block Diagram of Spoofing
![Page 25: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/25.jpg)
By Shanu Gaharana
A Threat is an indication of a potential undesirable event.
Threat consists of the 4 properties :-
1.Asset
2.Actor
3.Motive(optional)
4.Access(optional)
Classification of Threats & Assessing Damages
![Page 26: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/26.jpg)
By Shanu Gaharana
The major Categories of damages are :-
• Destruction of information &/ or other resource
• Corruption or modification of information
• Theft, removal or loss of information and/or other resources.
•Disclosure of information
•Interruption of access to important information.
![Page 27: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/27.jpg)
By Shanu Gaharana
There are 5 categories of Logical & Physical assets :-
1. Information
2. Hardware
3. Software
4. People
5. Systems
![Page 28: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/28.jpg)
By Shanu Gaharana
Another way of grouping the threats is :-
1.Human actors using n/w access
2.Human actors using physical access
3.System Problems
4.Other Problems
![Page 29: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/29.jpg)
By Shanu Gaharana
GENERIC THREAT PROFILE :-
Represented by Tree Structures
This structure shows Assets, Access, Actors, Motives, and the possible
outcomes.
There should be a suitable method in organization for ‘asset
classification’ to know which of their assets are critical.
![Page 30: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/30.jpg)
By Shanu Gaharana
LECTURE NO.-4
![Page 31: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/31.jpg)
By Shanu Gaharana
Security Considerations in Mobile & Wireless Computing
Today belongs to Mobile Computing .
As the mobility of workers increases, security issues also increase in
number, because working with technology outside the office brings many
challenges.
![Page 32: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/32.jpg)
By Shanu Gaharana
Proliferation of Mobile & Wireless Devices :-
Wireless Networks, and the use of mobile devices, are bringing the world a new means of communication and day-to-day business activities.
>As the mobility of workers increases, security issues also increase in number, because working with technology outside the office brings many challenges.
> The implementation of these new Wireless devices also brings about new security threats to Information assets.
![Page 33: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/33.jpg)
By Shanu Gaharana
Trends in Mobility :-
• Types of Mobility :-
1.User Mobility:- refers to a wireless service that lets you be completely mobile
such as in a car, train, etc.
2. Device Mobiliity :- it enables to determine if the IP phone is at its home location
or at a roaming location. Uses smaller, battery driven devices
3. Session Mobility :- Issues in data distribution.
4. Service Mobility (Code Mobility):- managing security is a big issue
![Page 34: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/34.jpg)
By Shanu Gaharana
Key Findings for Mobile Computing Security Scenario :-
With usage experience, awareness of mobile users gets enhanced.
People continue to remain the weakest link for laptop security.
Wireless connectivity does little to increase burden of managing laptops
Laptop experience changes the view of starting a smart handheld pilot
There is naivety and/ or neglect in smart handheld security
Rules rather than technology keep smart handhelds’ usage in check
![Page 35: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/35.jpg)
By Shanu Gaharana
Security Challenges Posed by Mobile Devices
Basically 2 challenges are presented :
1.Micro Challenges:- device level
2.Macro Challenges:- organizational level
Some well- known technical challenges in mobile security are :-
1.Managing the registry settings & configurations
2.Authentication service security
3.Cryptography Security for mobile devices
![Page 36: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/36.jpg)
By Shanu Gaharana
LDAP (Light Weighted Directory Access Protocol ) - is an
application protocol for reading and editing directories over an IP network. A directory
in this sense is an organized set of records: for example, a telephone directory is an
alphabetical list of persons and organizations with an address and phone number in
each "record"
RAS Security:- important consideration for protecting the business
sensitive data that may reside on the employees’ mobile devices.
Media Player Control Security
Networking API Security
![Page 37: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/37.jpg)
By Shanu Gaharana
LECTURE NO. -5
![Page 38: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/38.jpg)
By Shanu Gaharana
Authentication Service Security
A secure n/w access involves the mutual authentication b/w the device
& the base stations or web servers .
Authentication services security is important given the typical attacks
on mobile devices through wireless n/w :
Denial of Service attacks
Traffic analysis
Eavesdropping
![Page 39: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/39.jpg)
By Shanu Gaharana
Man in the middle attacks
Session hijacking.
![Page 40: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/40.jpg)
By Shanu Gaharana
Mobile Devices :Security Implications for Organizations
Managing diversity and proliferation of handheld devices
Threats Through lost and stolen devices.
Protecting data on lost devices
Educating the laptop users
![Page 41: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/41.jpg)
By Shanu Gaharana
LAPTOP SECURITYBasic security measures are as following:-
1.Choose a secure operating s/m and lock it down.2.Enable a strong BIOS Password.3.Asset tag or engrave the laptop.4.Register the laptop with manufacturer.
Physical Security :-
1.Use a cable or hard-wired lock.2.Use a docking station.3.Use personal firewall for your laptop.4.Lock up all the ports and PCMCIA cards.5.Use laptop safes6.Use Motion Sensors & Alarms
![Page 42: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/42.jpg)
By Shanu Gaharana
LAPTOP SECURITY
Protecting Sensitive data :-
- Use NTFS file s/m
- Disable the guest account.
- Prevent the last logged-in user name from being displayed.
- Enable EFS (Encrypting File System).
- Backup your data before you leave.
![Page 43: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/43.jpg)
By Shanu Gaharana
Lecture No. - 6
![Page 44: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/44.jpg)
By Shanu Gaharana
INFORMATION CLASSIFICATION
It is a demonstration toward an organizations commitment to security protections.
Helps to identify which information is most sensitive or vital.
Identify which protections apply to which information.
![Page 45: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/45.jpg)
By Shanu Gaharana
TERMS FOR INFORMATION CLASSIFICATION
1. Unclassified :- neither sensitive nor classified. Public release of this information does not violate confidentiality.
2. Sensitive but unclassified:- minor secret but may not create serious damage if disclosed. Information that may be classified with these labels range from personally identifying information such as passport and Social Security numbers.
3. Confidential:- this information would cause "damage" or be to national security if publicly available
4. Secret:- this information would cause serious damage to national security if publicly available
5. Top Secret :- this information would cause exceptionally serious damage to national security if publicly available
![Page 46: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/46.jpg)
By Shanu Gaharana
INFORMATION CLASSIFICATION in PRIVATE ORGANIZATIONS
1. Public
2. Sensitive
3. Private
![Page 47: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/47.jpg)
Information Systems DevelopmentInformation Systems Development
By Shanu Gaharana
![Page 48: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/48.jpg)
By Shanu Gaharana
LECTURE NO. – 7
![Page 49: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/49.jpg)
By Shanu Gaharana
BASIC PRINCIPLES OF IS
IS plays a crucial role in the modern digital economy.
There are basically 3 pillars of Infosec:
-Confidentiality
- Integrity
-Availability
![Page 50: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/50.jpg)
By Shanu Gaharana
Security Related Basic Terms
Electronic SecurityNon – repudiation :- Regarding digital security, the cryptological meaning and application of non-repudiation is-
- A service that provides proof of the integrity and origin of data.- An authentication that with high assurance can be asserted to be genuine.
Electronic Signature :- An electronic signature is any electronic means that
indicates that a person adopts the contents of an electronic message. The U.S. Code defines
an electronic signature for the purpose of US law as "an electronic sound, symbol, or
process, attached to or logically associated with a contract or other record and executed or
adopted by a person with the intent to sign the record.
![Page 51: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/51.jpg)
Encryption Cipher Cryptanalysis:- is the study of methods for obtaining the
meaning of encryptedinformation, without access to the secret information that is normally required to do so. Typically, this involves knowing how the system works and finding a secret key. In non-technical language, this is the practice of
codebreaking or cracking the code
Cryptography
DoS Attacks
![Page 52: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/52.jpg)
By Shanu Gaharana
Tempest :- is a codename referring to investigations and studies of compromising
emanations (CE) . Compromising Emanations (CE) are defined as unintentional
intelligence-bearing signals which, if intercepted and analyzed, may disclose the
information transmitted, received, handled, or otherwise processed by any information-
processing equipment. TEMPEST is a codename only and is not an acronym.
Spoofing
Steganography:- Art of hiding the existence of a message.
![Page 53: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/53.jpg)
By Shanu Gaharana
INFORMATION INTEGRITY
Assurance that the data being accessed or read has neither been tampered
with, nor been altered or damaged through a system error, since the time of
the last authorized access
![Page 54: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/54.jpg)
By Shanu Gaharana
OTHER TERMS IN IS
Identification
Authentication
Accountability
Authorization
Privacy
![Page 55: Unit1 (ISCL)- New](https://reader033.vdocuments.us/reader033/viewer/2022061304/54ff8aff4a7959b8508b5496/html5/thumbnails/55.jpg)
ReferencesReferences
By Shanu Gaharana
http://samer-baydoun.com
>Information S/ms Security by Nina Godbole
> http://www.csbdu.in/virtual/DIGITAL%20MUP/4.2.php