MB0047 Slides Unit 15

C o n f i d e n t i a l
MB0047-Management Information System

Unit-15 Security and Ethical Issues
1
Program : MBA
Semester : II
Subject Code : MB0047
Subject Name : Management Information System
Unit number : 15
Unit Title : Security and Ethical Issues
Lecture Number : 15
Lecture Title : Security and Ethical Issues
HOME NEXT
2
Management Information System
Objectives:

After studying this unit, you should be able to:
Explain control issues in management information
systems
Describe administrative control
Analyse the security hazards
Analyse ethics in business information system
HOME NEXT PREVIOUS
Lecture Outline
Introduction
Control Process
Control
Input Control
Processing Control
Procedural Control
Physical Facility Control
Security Threats in MIS
Prevention of Cyber Crime
Computer Failure Controls
Security Hazards
Security Techniques
Ethical Issues
Technical Solutions for Privacy Protection
Summary
Check Your Learning
Activity
3
HOME NEXT PREVIOUS
4
Introduction
Information systems are exposed to many threats and violations.

Hence, the resources of information systems are to be protected,
through the in- built control so as to ascertain the security and the
quality as well.

In this session, you will learn about the various control issues, analyse
the security hazards and ethics in business information system.

HOME NEXT PREVIOUS
5
The manager of an organisation exercises control to track whether the
control activities and the information system including the data are
according to the set standards.
The process of control includes the measurement of progress in
attaining the goals.
The following figure depicts the basic steps in control process.

HOME NEXT PREVIOUS
Control Process
Actual
Vs
Standard
Corrective Action
Corrective Action
Measure performance
Establish standard of
performance
6
Control

HOME NEXT PREVIOUS
The information systems face many threats and it has to be
systematically controlled by implementing effective control system.
The following are the various controls that are applied in the business
organisation for security from such threats.

Security control
Administrative control
Information system control
Input control
Processing control
Output control

Storage control
Procedural control
Physical facility control
Physical protection control
Telecommunication controls
Computer failure controls

7

HOME NEXT PREVIOUS

Input Control

The computer processes the data which we feed in it, and gives us
the output obtained through the process. The types of input
control are:

Used to feed the data and must be in
accordance to the rules prescribed by the
management.
Forms
A code has to be assigned to the
transaction or the document or file before
entering the data into it.
Transaction
codes
Source document can be prepared by any
person and has to be verified by a
competent person to make corrections.
Verification
The codes which are considered important
have to be checked.
Check digit
Applied to monitor the activities of the
system. Record count is an example, in
which the total number of documents are
compared.
Total
control
8
HOME NEXT PREVIOUS
Processing Control

When the data is fed into the computer, the controls are embedded in
many computer programs, to detect the input and process errors.
These processing controls can be further divided into:

Built in the hardware itself to verify
the accuracy of processing.
Hardware
control
Designed to assure that right data is
being processed. It also established
check points during the processing of
the program and helps in building an
audit trail.
Software
control
9
Procedural Control

HOME NEXT PREVIOUS
The maximum security to the data and information system can
be given by these procedural controls.
Some of the examples are:

Each activity related to computerised
information system like systems
development, computer operation
and control of data and program files
is assigned to different groups.
Separation of
duties
A formal review must take place
before authorisation is given on
getting a request for system
development, changes or system
conversion.
Authorisation
requirements
10
Physical Facility Control

HOME NEXT PREVIOUS

Physical facility control protects the facilities and contents from
complete loss or destruction. Computer data centres are prone
to many threats such as, thefts, natural disasters, sabotage,
unauthorised usage, vandalism, etc. To help review or design
security controls, they can be classified using several criteria.

Before the event
During the event
After the event
11
Security Threats in MIS

HOME NEXT PREVIOUS

The classification of security threats are stated below:

Types of
threats
Creation of
malware
Virus
Worm
Trojan horse
Spyware
Adware
DoS
Cyber
engineering
Cyber war
Smart
phones
Tablets Windows 7 Mac
Encrypted
threats
Html 5
12
Security Threats in MIS (contd.)

HOME NEXT PREVIOUS

The following are considered as computer crimes.

Modification of computer input in an unauthorised
activity.
Modifying data using programming languages,
entering fictitious or false data, entering unauthorised
instructions in the system software or using
unauthorised computer processing systems.
Modification of business transactions, deleting or
destructing the data , or stealing output.
Modifying or altering or misapplying the system tools
or software packages or writing codes for the purpose
of fraud and theft.
13
Security Threats in MIS (contd.)

HOME NEXT PREVIOUS

Another type of crime prevailing in the world is cyber crime. Even the
criminal activity which continues to target business systems comes
under the range of cyber crime. Examples for the cyber crime:

Sending bulk emails to the targeted
computers. This cybercrime is often
received by unanimous group
Data victimising is done by modifying
the data before processing them
Internet time stealing is undertaken
by a group to steal the surfing hours
used by others
1
2
3
14
Prevention of Cyber Crime

HOME NEXT PREVIOUS

The following are the preventive measures to be taken into
consideration for prevention of cyber crime:

Use passwords to prevent unauthorised use of
the business information systems
Encrypt (scramble) sensitive business data
Ask the IT department to track bug reports
and patches to reduce the chances of malware
Install special malware detection
software such as antivirus
Train employees not to download email
attachments
Plan if the organisations web base or intranet
systems are under attack
Analyse the risks and threats associated with
a new technology coming in
Find how the attack took place and what data
was accessed
15
Computer Failure Controls

HOME NEXT PREVIOUS

A computer may fail to operate due to reasons such as power failures,
malfunctions of circuitry, mishandling etc. An automated control
system is needed in order to protect the system from these failures.
Some of the precautions to avoid computer failures are:

Adequate
electricity
supply
Humidity
control
Air
conditioning
Fire
prevention
standards
Trained
computer
operators
Fault
tolerant
systems
Adequate
insurance
coverage
16
Security Hazards

HOME NEXT PREVIOUS

Security of the information system can be broken because of the
following reasons:

All the components of a system are involved.
People, software and hardware errors cause
the biggest problem
Malfunctions
This hazard is due to dishonesty, cheating or
deceit
Fraud and
unauthorised
access
Occurs when the communication channel is
busy or noisy. Also power cuts and high
voltage surges destroy a sensitive component
of the computer
Power and
communication
failure
Occurs due to electrical short circuits,
flammable liquids, etc
Fire hazard
Employees destroy the computer centre in
case of strike, lockout, or there may be
chances of riots in the area
Sabotage and riots
These are non controllable. They are not
frequent hazards but if they happen, they
destroy the things
Natural disasters
17
Security Techniques

HOME NEXT PREVIOUS

Security can be maintained at two levels:

Techniques
Physical
Physical controlled
access
Biometric security
Physical location
Physical protection
Procedural
Integrity
Isolation
Identification
Authorisation
Authentication
Monitoring
18
Ethical Issues

HOME NEXT PREVIOUS

Ethics is a study of the principles and practices, which guides in
deciding whether the action taken is morally right or wrong.
Respecting ethical values means making a beginning to protect
generally accepted individual human rights. The rights are:

Rights
Right to
healthy life and
work safety
Right to
privacy
Right to private
intellectual
property
Right to
descent
Right to fair
treatment and
no
discrimination
19
Technical Solutions for Privacy
Protection

HOME NEXT PREVIOUS

The technical solutions for privacy protection are:

Cookies
Web bug
Opt-Out or Opt-In
Trustee seals
Cookie Crusher
Blocking ads
Encryption
20
Summary

HOME NEXT PREVIOUS
Information systems are exposed to many threats and
violations.
Hence, the resources of information systems are to be
protected, through the in-built control so as to ascertain the
security and the quality as well.
The different types of control are: Security control,
Administrative control, Information system control, Input
control, Processing control, Output control, Storage control,
Procedural control, Physical facility control, Physical protection
control, Telecommunication controls, Computer failure controls.
Different types of threats involve Creation of malware, Cyber
engineering, Cyber war, Smart phones, Tablets, Windows 7,
Mac, Encrypted threats , Html 5.
Security hazards include malfunctions, Fraud and unauthorised
access, Power and communication failure, Fire hazard,
Sabotage and riots, Natural disasters.
21
Check Your Learning
1. What is Authentication and what are the processes that are followed
for authentication.
Ans: It is an action which determines the validity of system. For this,
one of the following processes must be followed:
1) Physical observation
2) Periodic disconnects and call back procedures
3) Periodic requests for further information or re-verification from
the user

2. List out the security hazards in MIS.
Ans: The security hazards in management
information system are:
Malfunctions
Fraud and unauthorised access
Power and communication failure
Fire hazard
Sabotage and riots
Natural disasters
HOME NEXT PREVIOUS
22
Assume you are the manager for a defense data encryption company
where information is kept highly confidential. What are the security
controls you would follow for the systems and employees of your
company?

Activity
HOME PREVIOUS

MB0047 Slides Unit 15

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

MB0047 Slides Unit 15

Încărcat de

Drepturi de autor:

Formate disponibile

C o n f i d e n t i a l

MB0047-Management Information System

S-ar putea să vă placă și