Unit-15 Security and Ethical Issues 1 Program : MBA Semester : II Subject Code : MB0047 Subject Name : Management Information System Unit number : 15 Unit Title : Security and Ethical Issues Lecture Number : 15 Lecture Title : Security and Ethical Issues HOME NEXT C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 2 Management Information System Objectives:
After studying this unit, you should be able to: Explain control issues in management information systems Describe administrative control Analyse the security hazards Analyse ethics in business information system HOME NEXT PREVIOUS C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues Lecture Outline Introduction Control Process Control Input Control Processing Control Procedural Control Physical Facility Control Security Threats in MIS Prevention of Cyber Crime Computer Failure Controls Security Hazards Security Techniques Ethical Issues Technical Solutions for Privacy Protection Summary Check Your Learning Activity 3 HOME NEXT PREVIOUS C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 4 Introduction Information systems are exposed to many threats and violations.
Hence, the resources of information systems are to be protected, through the in- built control so as to ascertain the security and the quality as well.
In this session, you will learn about the various control issues, analyse the security hazards and ethics in business information system.
HOME NEXT PREVIOUS C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 5 The manager of an organisation exercises control to track whether the control activities and the information system including the data are according to the set standards. The process of control includes the measurement of progress in attaining the goals. The following figure depicts the basic steps in control process.
HOME NEXT PREVIOUS Control Process Actual Vs Standard Corrective Action Corrective Action Measure performance Establish standard of performance C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 6 Control
HOME NEXT PREVIOUS The information systems face many threats and it has to be systematically controlled by implementing effective control system. The following are the various controls that are applied in the business organisation for security from such threats.
Security control Administrative control Information system control Input control Processing control Output control
Storage control Procedural control Physical facility control Physical protection control Telecommunication controls Computer failure controls
C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 7
HOME NEXT PREVIOUS
Input Control
The computer processes the data which we feed in it, and gives us the output obtained through the process. The types of input control are:
Used to feed the data and must be in accordance to the rules prescribed by the management. Forms A code has to be assigned to the transaction or the document or file before entering the data into it. Transaction codes Source document can be prepared by any person and has to be verified by a competent person to make corrections. Verification The codes which are considered important have to be checked. Check digit Applied to monitor the activities of the system. Record count is an example, in which the total number of documents are compared. Total control C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 8 HOME NEXT PREVIOUS Processing Control
When the data is fed into the computer, the controls are embedded in many computer programs, to detect the input and process errors. These processing controls can be further divided into:
Built in the hardware itself to verify the accuracy of processing. Hardware control Designed to assure that right data is being processed. It also established check points during the processing of the program and helps in building an audit trail. Software control C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 9 Procedural Control
HOME NEXT PREVIOUS The maximum security to the data and information system can be given by these procedural controls. Some of the examples are:
Each activity related to computerised information system like systems development, computer operation and control of data and program files is assigned to different groups. Separation of duties A formal review must take place before authorisation is given on getting a request for system development, changes or system conversion. Authorisation requirements C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 10 Physical Facility Control
HOME NEXT PREVIOUS
Physical facility control protects the facilities and contents from complete loss or destruction. Computer data centres are prone to many threats such as, thefts, natural disasters, sabotage, unauthorised usage, vandalism, etc. To help review or design security controls, they can be classified using several criteria.
Before the event During the event After the event C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 11 Security Threats in MIS
HOME NEXT PREVIOUS
The classification of security threats are stated below:
Types of threats Creation of malware Virus Worm Trojan horse Spyware Adware DoS Cyber engineering Cyber war Smart phones Tablets Windows 7 Mac Encrypted threats Html 5 C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 12 Security Threats in MIS (contd.)
HOME NEXT PREVIOUS
The following are considered as computer crimes.
Modification of computer input in an unauthorised activity. Modifying data using programming languages, entering fictitious or false data, entering unauthorised instructions in the system software or using unauthorised computer processing systems. Modification of business transactions, deleting or destructing the data , or stealing output. Modifying or altering or misapplying the system tools or software packages or writing codes for the purpose of fraud and theft. C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 13 Security Threats in MIS (contd.)
HOME NEXT PREVIOUS
Another type of crime prevailing in the world is cyber crime. Even the criminal activity which continues to target business systems comes under the range of cyber crime. Examples for the cyber crime:
Sending bulk emails to the targeted computers. This cybercrime is often received by unanimous group Data victimising is done by modifying the data before processing them Internet time stealing is undertaken by a group to steal the surfing hours used by others 1 2 3 C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 14 Prevention of Cyber Crime
HOME NEXT PREVIOUS
The following are the preventive measures to be taken into consideration for prevention of cyber crime:
Use passwords to prevent unauthorised use of the business information systems Encrypt (scramble) sensitive business data Ask the IT department to track bug reports and patches to reduce the chances of malware Install special malware detection software such as antivirus Train employees not to download email attachments Plan if the organisations web base or intranet systems are under attack Analyse the risks and threats associated with a new technology coming in Find how the attack took place and what data was accessed C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 15 Computer Failure Controls
HOME NEXT PREVIOUS
A computer may fail to operate due to reasons such as power failures, malfunctions of circuitry, mishandling etc. An automated control system is needed in order to protect the system from these failures. Some of the precautions to avoid computer failures are:
Adequate electricity supply Humidity control Air conditioning Fire prevention standards Trained computer operators Fault tolerant systems Adequate insurance coverage C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 16 Security Hazards
HOME NEXT PREVIOUS
Security of the information system can be broken because of the following reasons:
All the components of a system are involved. People, software and hardware errors cause the biggest problem Malfunctions This hazard is due to dishonesty, cheating or deceit Fraud and unauthorised access Occurs when the communication channel is busy or noisy. Also power cuts and high voltage surges destroy a sensitive component of the computer Power and communication failure Occurs due to electrical short circuits, flammable liquids, etc Fire hazard Employees destroy the computer centre in case of strike, lockout, or there may be chances of riots in the area Sabotage and riots These are non controllable. They are not frequent hazards but if they happen, they destroy the things Natural disasters C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 17 Security Techniques
HOME NEXT PREVIOUS
Security can be maintained at two levels:
Techniques Physical Physical controlled access Biometric security Physical location Physical protection Procedural Integrity Isolation Identification Authorisation Authentication Monitoring C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 18 Ethical Issues
HOME NEXT PREVIOUS
Ethics is a study of the principles and practices, which guides in deciding whether the action taken is morally right or wrong. Respecting ethical values means making a beginning to protect generally accepted individual human rights. The rights are:
Rights Right to healthy life and work safety Right to privacy Right to private intellectual property Right to descent Right to fair treatment and no discrimination C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 19 Technical Solutions for Privacy Protection
HOME NEXT PREVIOUS
The technical solutions for privacy protection are:
Cookies Web bug Opt-Out or Opt-In Trustee seals Cookie Crusher Blocking ads Encryption C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 20 Summary
HOME NEXT PREVIOUS Information systems are exposed to many threats and violations. Hence, the resources of information systems are to be protected, through the in-built control so as to ascertain the security and the quality as well. The different types of control are: Security control, Administrative control, Information system control, Input control, Processing control, Output control, Storage control, Procedural control, Physical facility control, Physical protection control, Telecommunication controls, Computer failure controls. Different types of threats involve Creation of malware, Cyber engineering, Cyber war, Smart phones, Tablets, Windows 7, Mac, Encrypted threats , Html 5. Security hazards include malfunctions, Fraud and unauthorised access, Power and communication failure, Fire hazard, Sabotage and riots, Natural disasters. C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 21 Check Your Learning 1. What is Authentication and what are the processes that are followed for authentication. Ans: It is an action which determines the validity of system. For this, one of the following processes must be followed: 1) Physical observation 2) Periodic disconnects and call back procedures 3) Periodic requests for further information or re-verification from the user
2. List out the security hazards in MIS. Ans: The security hazards in management information system are: Malfunctions Fraud and unauthorised access Power and communication failure Fire hazard Sabotage and riots Natural disasters HOME NEXT PREVIOUS C o n f i d e n t i a l MB0047-Management Information System Unit-15 Security and Ethical Issues 22 Assume you are the manager for a defense data encryption company where information is kept highly confidential. What are the security controls you would follow for the systems and employees of your company?