MB0047 Slides Unit 15

8/12/2019 MB0047 Slides Unit 15

1/22

C o n f i d e n t i a l

MB0047-Management Information System

Unit-15 Security and Ethical Issues

1

Program : MBA

Semester : II

Subject Code : MB0047

Subject Name : Management Information System

Unit number : 15

Unit Title : Security and Ethical Issues

Lecture Number : 15

Lecture Title : Security and Ethical Issues

HOME NEXT

8/12/2019 MB0047 Slides Unit 15

2/22




2

Management Information System

Objectives:

After studying this unit, you should be able to:

Explain control issues in management information

systems

Describe administrative control

Analyse the security hazards

Analyse ethics in business information system

HOME NEXTPREVIOUS

8/12/2019 MB0047 Slides Unit 15

3/22

8/12/2019 MB0047 Slides Unit 15

4/22




4

Introduction

Information systems are exposed to many threats and violations.

Hence, the resources of information systems are to be protected,

through the in- built control so as to ascertain the security and the

quality as well.

In this session, you will learn about the various control issues, analyse

the security hazards and ethics in business information system.

HOME NEXTPREVIOUS

8/12/2019 MB0047 Slides Unit 15

5/22




5

The manager of an organisation exercises control to track whether the

control activities and the information system including the data areaccording to the set standards.

The process of control includes the measurement of progress in

attaining the goals.

The following figure depicts the basic steps in control process.

HOME NEXTPREVIOUS

Control Process

Actual

Vs

Standard

Corrective Action

Corrective Action

Measure performanceEstablish standard of

performance

8/12/2019 MB0047 Slides Unit 15

6/22




6

Control

HOME NEXTPREVIOUS

The information systems face many threats and it has to besystematically controlled by implementing effective control system.

The following are the various controls that are applied in the businessorganisation for security from such threats.

Security control

Administrative control

Information system control

Input control

Processing control

Output control

Storage control

Procedural control

Physical facility control

Physical protection control

Telecommunication controls

Computer failure controls

8/12/2019 MB0047 Slides Unit 15

7/22C o n f i d e n t i a l



7

HOME NEXTPREVIOUS

Input Control

The computer processes the data which we feed in it, and gives usthe output obtained through the process. The types of input

control are:

Used to feed the data and must be inaccordance to the rules prescribed by themanagement.

Forms

A code has to be assigned to thetransaction or the document or file before

entering the data into it.

Transaction

codesSource document can be prepared by any

person and has to be verified by acompetent person to make corrections.

Verification

The codes which are considered important

have to be checked.Check digit

Applied to monitor the activities of thesystem. Record count is an example, inwhich the total number of documents arecompared.

Totalcontrol

8/12/2019 MB0047 Slides Unit 15




8

HOME NEXTPREVIOUS

Processing Control

When the data is fed into the computer, the controls are embedded in

many computer programs, to detect the input and process errors.These processing controls can be further divided into:

Built in the hardware itself to verifythe accuracy of processing.

Hardware

controlDesigned to assure that right data is

being processed. It also establishedcheck points during the processing ofthe program and helps in building anaudit trail.

Softwarecontrol

8/12/2019 MB0047 Slides Unit 15




9

Procedural Control

HOME NEXTPREVIOUS

The maximum security to the data and information system can

be given by these procedural controls.Some of the examples are:

Each activity related to computerisedinformation system like systemsdevelopment, computer operation

and control of data and program filesis assigned to different groups.

Separation of

duties

A formal review must take placebefore authorisation is given ongetting a request for systemdevelopment, changes or system

conversion.

Authorisationrequirements

8/12/2019 MB0047 Slides Unit 15




10

Physical Facility Control

HOME NEXTPREVIOUS

Physical facility control protects the facilities and contents fromcomplete loss or destruction. Computer data centres are prone

to many threats such as, thefts, natural disasters, sabotage,unauthorised usage, vandalism, etc. To help review or designsecurity controls, they can be classified using several criteria.

Before the event

During the event

After the event

8/12/2019 MB0047 Slides Unit 15




11

Security Threats in MIS

HOME NEXTPREVIOUS

The classification of security threats are stated below:

Types ofthreats

Creation ofmalware

Virus

Worm

Trojan horse

Spyware

AdwareDoS

Cyberengineering

Cyber war Smartphones

Tablets Windows 7 Mac Encryptedthreats

Html 5

8/12/2019 MB0047 Slides Unit 15




12

Security Threats in MIS (contd.)

HOME NEXTPREVIOUS

The following are considered as computer crimes.

Modification of computer input in an unauthorisedactivity.

Modifying data using programming languages,entering fictitious or false data, entering unauthorisedinstructions in the system software or usingunauthorised computer processing systems.

Modification of business transactions, deleting ordestructing the data , or stealing output.

Modifying or altering or misapplying the system toolsor software packages or writing codes for the purposeof fraud and theft.

8/12/2019 MB0047 Slides Unit 15




13

Security Threats in MIS (contd.)

HOME NEXTPREVIOUS

Another type of crime prevailing in the world is cyber crime. Even thecriminal activity which continues to target business systems comesunder the range of cyber crime. Examples for the cyber crime:

Sending bulk emails to the targetedcomputers. This cybercrime is oftenreceived by unanimous group

Data victimising is done by modifyingthe data before processing them

Internet time stealing is undertakenby a group to steal the surfing hoursused by others

1

2

3

8/12/2019 MB0047 Slides Unit 15




14

Prevention of Cyber Crime

HOME NEXTPREVIOUS

The following are the preventive measures to be taken intoconsideration for prevention of cyber crime:

Use passwords to prevent unauthorised use ofthe business information systems

Encrypt (scramble) sensitive business data

Ask the IT department to track bug reportsand patches to reduce the chances of malware

Install special malware detectionsoftware such as antivirus

Train employees not to download emailattachments

Plan if the organisations web base or intranet

systems are under attack

Analyse the risks and threats associated witha new technology coming in

Find how the attack took place and what datawas accessed

MB0047 M I f i S

8/12/2019 MB0047 Slides Unit 15




15

Computer Failure Controls

HOME NEXTPREVIOUS

A computer may fail to operate due to reasons such as power failures,malfunctions of circuitry, mishandling etc. An automated control

system is needed in order to protect the system from these failures.

Some of the precautions to avoid computer failures are:

Adequateelectricity

supply

Humiditycontrol

Airconditioning

Firepreventionstandards

Trainedcomputeroperators

Faulttolerant

systems

Adequateinsurancecoverage

MB0047 M t I f ti S t

8/12/2019 MB0047 Slides Unit 15




16

Security Hazards

HOME NEXTPREVIOUS

Security of the information system can be broken because of the

following reasons:

All the components of a system are involved.People, software and hardware errors causethe biggest problem

Malfunctions

This hazard is due to dishonesty, cheating ordeceit

Fraud andunauthorised

access

Occurs when the communication channel isbusy or noisy. Also power cuts and highvoltage surges destroy a sensitive componentof the computer

Power andcommunication

failure

Occurs due to electrical short circuits,flammable liquids, etcFire hazard

Employees destroy the computer centre incase of strike, lockout, or there may bechances of riots in the area

Sabotage and riots

These are non controllable. They are notfrequent hazards but if they happen, theydestroy the things

Natural disasters

MB0047 M t I f ti S t

8/12/2019 MB0047 Slides Unit 15




17

Security Techniques

HOME NEXTPREVIOUS

Security can be maintained at two levels:

Techniques

Physical

Physical controlledaccess

Biometric security

Physical location

Physical protection

Procedural

Integrity

Isolation

Identification

Authorisation

Authentication

Monitoring

8/12/2019 MB0047 Slides Unit 15

18/22

MB0047 Management Information System

8/12/2019 MB0047 Slides Unit 15




19

Technical Solutions for PrivacyProtection

HOME NEXTPREVIOUS

The technical solutions for privacy protection are:

Cookies

Web bug

Opt-Out or Opt-In

Trustee seals

Cookie Crusher

Blocking ads

Encryption


8/12/2019 MB0047 Slides Unit 15




20

Summary

HOME NEXTPREVIOUS

Information systems are exposed to many threats and

violations.

Hence, the resources of information systems are to be

protected, through the in-built control so as to ascertain the

security and the quality as well.

The different types of control are: Security control,

Administrative control, Information system control, Inputcontrol, Processing control, Output control, Storage control,Procedural control, Physical facility control, Physical protectioncontrol, Telecommunication controls, Computer failure controls.

Different types of threats involve Creation of malware, Cyberengineering, Cyber war, Smart phones, Tablets, Windows 7,

Mac, Encrypted threats , Html 5.

Security hazards include malfunctions, Fraud and unauthorisedaccess, Power and communication failure, Fire hazard,Sabotage and riots, Natural disasters.


8/12/2019 MB0047 Slides Unit 15




21

Check Your Learning

1. What is Authentication and what are the processes that are followed

for authentication.

Ans: It is an action which determines the validity of system. For this,one of the following processes must be followed:

1) Physical observation

2) Periodic disconnects and call back procedures

3) Periodic requests for further information or re-verification from

the user

2. List out the security hazards in MIS.

Ans: The security hazards in managementinformation system are:

Malfunctions

Fraud and unauthorised access Power and communication failure

Fire hazard

Sabotage and riots

Natural disasters

HOME NEXTPREVIOUS


8/12/2019 MB0047 Slides Unit 15

22/22

MB0047 Management Information System


22

Assume you are the manager for a defense data encryption companywhere information is kept highly confidential. What are the securitycontrols you would follow for the systems and employees of yourcompany?

Activity

MB0047 Slides Unit 15

Documents