680 likes | 1.01k Views
Information System Security. History of IS. Role of IS. Support Competitive Advantage. Support Business Decision Making. Support of Business Processes and Operations. Importance of IS. Basics of IS. IS Framework. Components of IS. Attribute of Information Quality.
E N D
Role of IS Support Competitive Advantage Support Business Decision Making Support of Business Processes and Operations
From mainframe to client server to web based IS. • Alvin Toffler’s “Third wave” – Agricultural, Industrial and Information waves. • 4th wave can be assumed as mobile technology
Powerful worldwide changes that have altered business environment are- • Globalization • Rise of information economy • Transformation of business enterprise • Emergence of digital firms
Modern business systems are decentralized, autonomous and heterogeneous. • Today IS are distributed and component based.
A computer service that runs at a single central location is more likely to become unavailable than a service distributed to many sites. • There are two ways in which a service can be made to run at many sites: replication of the service, and distribution of the service. • Distributed services i.e. services that have distinct components, at many different sites, that collaborate to ensure the quality of service
3 mantras of success in digital economy Liberalization Privatization Globalization Businesses now have no geographical boundaries. With the rise of M-Commerce we are in the era of anywhere, anytime computing. Protecting the data and information is crucial as business make knowledge based decision.
Prior to e-business days not only suppliers and consumers remain separated, but the knowledge producers and workers and business personnel also remained unconnected. Connectivity is a great boon of Internet. Connectivity built a bridge between the thinkers, business people, governments, common people, academicians and so on. We need to consider the modern day IS in this global context.
Scope of IS 1950s : Technical changes 1960-70 : Managerial Controls 1980-90 : Institutional Core activities Today : Digital Information webs extending beyond enterprises
Today’s firms are digital in terms of their rapid operations. • IS links the buyers and sellers to exchange information, products, services and payments via e-business and e-commerce. • Thus today the era is extended enterprise • To serve the needs of such organization, I.S. is no more confined to a single location.
Role of Internet and Web Services The Internet
Web is designed to exchange unstructured information. • While people can read web pages and understand their meaning, computers can not. • If corporations want to do business over the web, humans have to involve unless there is a way for computers to communicate on their own. • This is where web services comes in.
Web services are self contained modular applications that can be described, published, located and invoked over a network, generally over www. – IBM • Web services perform functions ranging from simple request to complex business process. • Once a web service is developed, other applications and web services can discover and invoke the deployed service through universal description, discovery and integration. • Web services make it easier to build service based architecture without the applications being locked-in to a particular software vendor’s products.
Web services have been prone to give a strong return on investment (ROI) and make computer based I.S. more adaptable. • They also help bring productivity, flexibility and low maintenance cost in the development of IS by integrating components from various third party vendors.
Threat is a possible event that can harm an information system. • Vulnerability is the degree of exposure in view of threat. • Countermeasure is a set of actions implemented to prevent threats.
Information level / based Threat • Threats that involve the purposeful dissemination of information in such a way that organizations, their operations and their reputations may be affected. • Dissemination may be active via sending e-mails or passive via setting up a web site.
Network based Threats • To become effective and potential attackers require network access to corporate computer systems or to networks used by corporate computer systems. • Examples are – hacking of computer systems and launching DoS attacks as well as spreading malicious code such as viruses. • Other issues related with network based threats are – confidentiality, authentication, integrity and non repudiation.
Sources of Threats • Human Error • Computer abuse or crime • Natural and political disasters • Failure of hardware / software
Computer crime and abuse • Computer crime is defined as any illegal act in which computer is used as a primary tool. • Computer abuse is unethical use of computers. • Security threats related to computer crime / abuse are – • Impersonation • Identification and authentication control defeated • Trojan horse method • Hiding of an authorized program a set of instructions that will cause unauthorized actions. • Logic bombs • Unauthorized instructions which stay inactive until a specific event occurs or until a specific time comes at which time they bring into effect an unauthorized act.
Computer viruses • Execute itself by inserting its malicious code in the execution path of another application And • Self replicate by replacing existing files with copies of files containing the viral code. • Worms are independent programs that make and transmit copies of themselves through telecommunication networks.
Dos • Rendering the system unusable by legitimate users. • Dial diddling (cheating) • Changing data before or during input often to change the content of database • Salami techniques • Diverting small amount (not noticed) of money from large numbers of accounts maintained by the system. • Spoofing • Configuring a computer system to masquerade (pretend to be) as another system over the network in order to gain unauthorized access. • Super zapping • Using a system’s programs that can bypass regular system control to perform unauthorized act.
Scavenging • Unauthorized access to information by searching through the residue after a job has been run on a computer. • Data leakage • Wiretapping • Theft of mobile devices
The three distinguishing features of emerging mobilecomputing environments are- • mobility of users • mobility of network elements (i.e. portable computing devices) • wireless networking
Mobility of Users • Global Authentication • A mechanism for flexible global authentication is essential to support user mobility. • Authentication often forms the basis of other security services such as authorization. • Privacy • The need to ensure privacy of users becomes more pronounced. • In static environments, the location of a user or network element is unlikely to be secret information. • Users and network elements are stationary. • However, in a mobilecomputing environment, it may be necessary to protect information about the locations and activities of users.
Contd…….. • Eavesdropping • Eavesdropping is the act of secretly listening to the private conversation of others without their consent. • Assumptions about physical security of the network no longer hold true when inter-domain interactions enter the picture. • Even if the foreign domain claims its network to be physically secure, a visiting user may not be willing to accept this assurance. • Thus, some sort of cryptographic protection becomes unavoidable. • An issue that is common to the mobility of users and network elements is the availability of resources.
Mobility of Network Elements • Mobile users may carry portable computing devices. • Portability introduces the following issues- • Risks to data • Due to the higher risks of physical damage, loss, or theft, mobility of devices implies that there is a higher risk of loss for the data stored on them. • Asymmetry in resources • Portable devices have comparatively fewer resources available to them. • Technological advancements will improve the quantity and quality of the available resources.
Wireless Networking • Wireless networking is necessary to support continuous user and device mobility. • This introduces additional issues of concern-
Eavesdropping • The convenience of wireless networks has a cost: it is more convenient for an eavesdropper to listen in on the traffic. • It is often asserted that the primary security concern with wireless networks is that communication is susceptible to eavesdropping and tampering. • While it is true that in wireless networks, links have no physical security at all, the situation is not much better with wired but open networks. Thus cryptographic protection is necessary in both wireless and fixed networks