8/12/2019 MB0047 Slides Unit 15
1/22
C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
1
Program : MBA
Semester : II
Subject Code : MB0047
Subject Name : Management Information System
Unit number : 15
Unit Title : Security and Ethical Issues
Lecture Number : 15
Lecture Title : Security and Ethical Issues
HOME NEXT
8/12/2019 MB0047 Slides Unit 15
2/22
C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
2
Management Information System
Objectives:
After studying this unit, you should be able to:
Explain control issues in management information
systems
Describe administrative control
Analyse the security hazards
Analyse ethics in business information system
HOME NEXTPREVIOUS
8/12/2019 MB0047 Slides Unit 15
3/22
8/12/2019 MB0047 Slides Unit 15
4/22
C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
4
Introduction
Information systems are exposed to many threats and violations.
Hence, the resources of information systems are to be protected,
through the in- built control so as to ascertain the security and the
quality as well.
In this session, you will learn about the various control issues, analyse
the security hazards and ethics in business information system.
HOME NEXTPREVIOUS
8/12/2019 MB0047 Slides Unit 15
5/22
C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
5
The manager of an organisation exercises control to track whether the
control activities and the information system including the data areaccording to the set standards.
The process of control includes the measurement of progress in
attaining the goals.
The following figure depicts the basic steps in control process.
HOME NEXTPREVIOUS
Control Process
Actual
Vs
Standard
Corrective Action
Corrective Action
Measure performanceEstablish standard of
performance
8/12/2019 MB0047 Slides Unit 15
6/22
C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
6
Control
HOME NEXTPREVIOUS
The information systems face many threats and it has to besystematically controlled by implementing effective control system.
The following are the various controls that are applied in the businessorganisation for security from such threats.
Security control
Administrative control
Information system control
Input control
Processing control
Output control
Storage control
Procedural control
Physical facility control
Physical protection control
Telecommunication controls
Computer failure controls
8/12/2019 MB0047 Slides Unit 15
7/22C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
7
HOME NEXTPREVIOUS
Input Control
The computer processes the data which we feed in it, and gives usthe output obtained through the process. The types of input
control are:
Used to feed the data and must be inaccordance to the rules prescribed by themanagement.
Forms
A code has to be assigned to thetransaction or the document or file before
entering the data into it.
Transaction
codesSource document can be prepared by any
person and has to be verified by acompetent person to make corrections.
Verification
The codes which are considered important
have to be checked.Check digit
Applied to monitor the activities of thesystem. Record count is an example, inwhich the total number of documents arecompared.
Totalcontrol
8/12/2019 MB0047 Slides Unit 15
8/22C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
8
HOME NEXTPREVIOUS
Processing Control
When the data is fed into the computer, the controls are embedded in
many computer programs, to detect the input and process errors.These processing controls can be further divided into:
Built in the hardware itself to verifythe accuracy of processing.
Hardware
controlDesigned to assure that right data is
being processed. It also establishedcheck points during the processing ofthe program and helps in building anaudit trail.
Softwarecontrol
8/12/2019 MB0047 Slides Unit 15
9/22C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
9
Procedural Control
HOME NEXTPREVIOUS
The maximum security to the data and information system can
be given by these procedural controls.Some of the examples are:
Each activity related to computerisedinformation system like systemsdevelopment, computer operation
and control of data and program filesis assigned to different groups.
Separation of
duties
A formal review must take placebefore authorisation is given ongetting a request for systemdevelopment, changes or system
conversion.
Authorisationrequirements
8/12/2019 MB0047 Slides Unit 15
10/22C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
10
Physical Facility Control
HOME NEXTPREVIOUS
Physical facility control protects the facilities and contents fromcomplete loss or destruction. Computer data centres are prone
to many threats such as, thefts, natural disasters, sabotage,unauthorised usage, vandalism, etc. To help review or designsecurity controls, they can be classified using several criteria.
Before the event
During the event
After the event
8/12/2019 MB0047 Slides Unit 15
11/22C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
11
Security Threats in MIS
HOME NEXTPREVIOUS
The classification of security threats are stated below:
Types ofthreats
Creation ofmalware
Virus
Worm
Trojan horse
Spyware
AdwareDoS
Cyberengineering
Cyber war Smartphones
Tablets Windows 7 Mac Encryptedthreats
Html 5
8/12/2019 MB0047 Slides Unit 15
12/22C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
12
Security Threats in MIS (contd.)
HOME NEXTPREVIOUS
The following are considered as computer crimes.
Modification of computer input in an unauthorisedactivity.
Modifying data using programming languages,entering fictitious or false data, entering unauthorisedinstructions in the system software or usingunauthorised computer processing systems.
Modification of business transactions, deleting ordestructing the data , or stealing output.
Modifying or altering or misapplying the system toolsor software packages or writing codes for the purposeof fraud and theft.
8/12/2019 MB0047 Slides Unit 15
13/22C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
13
Security Threats in MIS (contd.)
HOME NEXTPREVIOUS
Another type of crime prevailing in the world is cyber crime. Even thecriminal activity which continues to target business systems comesunder the range of cyber crime. Examples for the cyber crime:
Sending bulk emails to the targetedcomputers. This cybercrime is oftenreceived by unanimous group
Data victimising is done by modifyingthe data before processing them
Internet time stealing is undertakenby a group to steal the surfing hoursused by others
1
2
3
8/12/2019 MB0047 Slides Unit 15
14/22C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
14
Prevention of Cyber Crime
HOME NEXTPREVIOUS
The following are the preventive measures to be taken intoconsideration for prevention of cyber crime:
Use passwords to prevent unauthorised use ofthe business information systems
Encrypt (scramble) sensitive business data
Ask the IT department to track bug reportsand patches to reduce the chances of malware
Install special malware detectionsoftware such as antivirus
Train employees not to download emailattachments
Plan if the organisations web base or intranet
systems are under attack
Analyse the risks and threats associated witha new technology coming in
Find how the attack took place and what datawas accessed
MB0047 M I f i S
8/12/2019 MB0047 Slides Unit 15
15/22C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
15
Computer Failure Controls
HOME NEXTPREVIOUS
A computer may fail to operate due to reasons such as power failures,malfunctions of circuitry, mishandling etc. An automated control
system is needed in order to protect the system from these failures.
Some of the precautions to avoid computer failures are:
Adequateelectricity
supply
Humiditycontrol
Airconditioning
Firepreventionstandards
Trainedcomputeroperators
Faulttolerant
systems
Adequateinsurancecoverage
MB0047 M t I f ti S t
8/12/2019 MB0047 Slides Unit 15
16/22C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
16
Security Hazards
HOME NEXTPREVIOUS
Security of the information system can be broken because of the
following reasons:
All the components of a system are involved.People, software and hardware errors causethe biggest problem
Malfunctions
This hazard is due to dishonesty, cheating ordeceit
Fraud andunauthorised
access
Occurs when the communication channel isbusy or noisy. Also power cuts and highvoltage surges destroy a sensitive componentof the computer
Power andcommunication
failure
Occurs due to electrical short circuits,flammable liquids, etcFire hazard
Employees destroy the computer centre incase of strike, lockout, or there may bechances of riots in the area
Sabotage and riots
These are non controllable. They are notfrequent hazards but if they happen, theydestroy the things
Natural disasters
MB0047 M t I f ti S t
8/12/2019 MB0047 Slides Unit 15
17/22C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
17
Security Techniques
HOME NEXTPREVIOUS
Security can be maintained at two levels:
Techniques
Physical
Physical controlledaccess
Biometric security
Physical location
Physical protection
Procedural
Integrity
Isolation
Identification
Authorisation
Authentication
Monitoring
8/12/2019 MB0047 Slides Unit 15
18/22
MB0047 Management Information System
8/12/2019 MB0047 Slides Unit 15
19/22C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
19
Technical Solutions for PrivacyProtection
HOME NEXTPREVIOUS
The technical solutions for privacy protection are:
Cookies
Web bug
Opt-Out or Opt-In
Trustee seals
Cookie Crusher
Blocking ads
Encryption
MB0047-Management Information System
8/12/2019 MB0047 Slides Unit 15
20/22C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
20
Summary
HOME NEXTPREVIOUS
Information systems are exposed to many threats and
violations.
Hence, the resources of information systems are to be
protected, through the in-built control so as to ascertain the
security and the quality as well.
The different types of control are: Security control,
Administrative control, Information system control, Inputcontrol, Processing control, Output control, Storage control,Procedural control, Physical facility control, Physical protectioncontrol, Telecommunication controls, Computer failure controls.
Different types of threats involve Creation of malware, Cyberengineering, Cyber war, Smart phones, Tablets, Windows 7,
Mac, Encrypted threats , Html 5.
Security hazards include malfunctions, Fraud and unauthorisedaccess, Power and communication failure, Fire hazard,Sabotage and riots, Natural disasters.
MB0047-Management Information System
8/12/2019 MB0047 Slides Unit 15
21/22C o n f i d e n t i a l
MB0047-Management Information System
Unit-15 Security and Ethical Issues
21
Check Your Learning
1. What is Authentication and what are the processes that are followed
for authentication.
Ans: It is an action which determines the validity of system. For this,one of the following processes must be followed:
1) Physical observation
2) Periodic disconnects and call back procedures
3) Periodic requests for further information or re-verification from
the user
2. List out the security hazards in MIS.
Ans: The security hazards in managementinformation system are:
Malfunctions
Fraud and unauthorised access Power and communication failure
Fire hazard
Sabotage and riots
Natural disasters
HOME NEXTPREVIOUS
MB0047-Management Information System
8/12/2019 MB0047 Slides Unit 15
22/22
MB0047 Management Information System
Unit-15 Security and Ethical Issues
22
Assume you are the manager for a defense data encryption companywhere information is kept highly confidential. What are the securitycontrols you would follow for the systems and employees of yourcompany?
Activity