1 / 38

Information and data

INFORMATION SYSTEMS IN ORGANIZATIONS. Information and data. Zatil Ridh'wah Hj Darot. Data. Definition: raw facts and can take in the form of a number, a statement or a picture. They are ____________in the production of information.

currin
Download Presentation

Information and data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INFORMATION SYSTEMS IN ORGANIZATIONS Information and data Zatil Ridh'wah Hj Darot

  2. Data • Definition: raw facts and can take in the form of a number, a statement or a picture. • They are ____________in the production of information. • Raw data is useless, thus it is manipulated through a process (such as tabulations, statistical analysis, etc.) • Examples: • 3,4,102, fish, apple, 1cm

  3. Information • Definition: facts or conclusions that have meaning within a context. • This require a process that is used to produce information which involves collecting data and then subjecting them to a ___________________in order to create information. • For example, sales forecast or financial statement.

  4. Sources of information • Organizations generate substantial amount of information relation to their operations. • These information, including information beyond the boundaries of the organization is used to help business function. • There are two types of information sources: • ___________ • ____________

  5. Internal sources of information • Information created by the operations of the business and to be used by the business • May include: • Sales records • Personnel files • Accounting records • ____________ • Cost information • Customer feedback

  6. External sources of information • Information obtained from outside of the organization. • External information can help the organization operates its business. • For example, • _______________ • Health and safety regulations • Books, newspaper, magazines • Trade journals • Social media

  7. Information requirements • Relevant • Complete • Accurate • Current • Economical

  8. Relevant • Information must pertain to the problem at hand. • Must be presented in a way that helps _____________ it in a specific context. • For example, • The total number of years of education might not be relevant to Dina’s qualification for a new job. • However, if Dina has so many years of education in mechanical engineering and so many years in experience, therefore it is relevant information.

  9. Complete • Partial information is useless. • For example, • Marketing data about household incomes might lead to bad decisions if not accompanied by vital information on the _____________of the targeted population.

  10. Accurate • Incorrect information might lead to ______________. • For example, • An inaccurate record of a patient's reaction to penicillin might lead a doctor to harm the patient while believing that she is helping him.

  11. Current • Decision are often based on the latest information available. • What _________________________ today. • For example, • A short term investment decision to purchase a stock today based on yesterday’s stock prices might be a costly mistake if the stock’s price has risen in the interim.

  12. Economical • In the business setting especially, the cost of obtaining information must be considered as ____________ involved in any decision. • For example, • Conducting a million dollars worth of market research to seek if a demand for a new product will help reduce risk of marketing failure, but the cost of obtaining the information might diminish profit from sales.

  13. Storing information • Data and information must be stored __________________ • Still be able to retain even when the storage device is not connected to electrical power. • Storage devices differ in the technology used to maintain data and physical structure. • Modern technology have made storing information and data more accessible. • Storage hardware • Cloud storage

  14. Storage hardware • Can include: • Flash drives • Hard disk (external and internal)

  15. Cloud storage • Availability of network-accessible storage from an off-site computer or technology device. • Advantages: • Reduce ___________________ data • Free internal storage infrastructure for live and production data • Disadvantages: • Reliance on networks and their costs • Risk of security breaches

  16. Information security • Increasing reliance on Information System combined with its connection to the outside world (through the Internet) makes securing information challenging. • The role of information security is to protect information. • Major goals of information security: • Reduce risk of systems and ____________________________ • Maintain information confidentiality • Ensure integrity and reliability of data resources • Ensure availability of data resources and online operations • Ensure compliance with polices and laws regarding security and privacy

  17. Risks to information resources • Risks associated with _______________ and data storage • Downtime – the period of time during which IS is not available • Types of risks: • Risks to hardware • Risks to data and applications • Risks to online operations • Denial of service • Computer hijacking

  18. Risks to Hardware • #1 cause of system downtime is hardware failure • Natural disasters • Fires, floods, earthquakes, hurricanes tornadoes and lightning can destroy hardware, software or both • Blackouts and Brownouts • If power is disrupted, computers cannot function. • Blackouts – total losses of electrical power • Brownouts– partial losses of electrical power • Vandalism • ______________________

  19. Risks to Data and Application • Data is a unique resources • Data and application are susceptible to disruption, damage or theft • Damage to software is __________________ • Social Engineering • Con artist pretend to be service individuals and ask for passwords. • Identity theft • Pretending to be another person • Phishing: bogus messages direct users to a site to “update” personal data • Spear phishing: use personal information to attack organizational systems

  20. Cont’d • Cyber terrorism • Involves terrorist attacks on business organizations’ information systems with intent to: • Disrupt network communication • Implement DOS attacks • Destroy/ steal corporate/ government information • Honeytoken • A _______________in a networked database used to combat hackers • Hacking • Unauthorized access

  21. Cont’d • Honeypot • A server containing a mirrored copy od a database or a bogus database • Virus • Spreads from computer to computer • Worm • Spreads in a network without human intervention • Trojan horse • A virus disguised as legitimate software • Logic bomb • Software that is programmed to cause damage at a specific time

  22. Cont’d • Unintentional, non-malicious damage can be caused by: • Poor training • Lack of adherence to backup procedures • Unauthorized _________________ of software may cause damage • Human error

  23. Risks to Online Operations • Hackers try daily to interrupt online businesses • Some types of attacks: • Unauthorized access • Data theft • Defacing of webpages • Denial of service • Hijacking computers

  24. Denial of Service • Denial of Service (DoS): an attacker launches a large number of information requests • Slows down legitimate traffic to site • Distributed Denial of Service (DDoS): an attacker launches a DoS attack from ________________ • Usually launched from hijacked personal computers called “zombies” • There is no definitive cure for this • A site can filter illegitimate traffic

  25. DoS Attack DDoS Attack

  26. Computer Hijacking • Hijacking: using some or all of a computer’s resources without consent of its owner • Often done for making a DDoS attack • Done by installing a software bot on the computer • Main purpose of hijacking is usually to send spam • Bots are planed by __________________in operating systems and communication software • A bot usually installs e-mail forwarding software

  27. Security measure • Backup • Access controls • Atomic transactions • Audit trail • Firewall • Authentication and encryption

  28. Backup • Periodic duplication of all data • Redundant Arrays of Independent Disks (RAID): set of disks programmed to replicate stored data • Data must routinely be transported off-site as protection from site disaster

  29. Access Controls • Measures taken to ___________________ have access to a computer, network, application or data • Physical locks: secure equipment in a facility • Software locks: determine who is authorized to use the software • Types of access controls • What you know: access codes, such as user ID and password • What you have: requires special devices • Who you are: unique physical characteristics

  30. Cont’d • Access codes and passwords are usually stores in the OS or in databases. • Security card is more secure than a password • Biometric: uses unique physical characteristics such as fingerprints, retinal scans, voiceprints

  31. Atomic Transactions • A set of indivisible transactions • Requires all of the transactions in the set to be completely executed, or none are executed • Ensures that only full entry occurs in all the appropriate files to guarantee integrity of data • Control against malfunction and prevents fraud

  32. Audit Trails • A series of documented facts that help detects who recorded which transactions, at what time and under whose approval

  33. Firewall and Proxy Servers • Firewall: hardware and software that blocks access to computing resources • Best defense against unauthorized access over the Internet • DMZ: demilitarized zone approach • One end of the network is connects to the trusted network and the other end to the internet • Connection is established using proxy server • Proxy server: “Represents” another server for all _______________ from resources inside the trusted network • can also be placed between the Internet and the trusted network when there is no DMZ

  34. Authentication and Encryption • Symmetric encryption: when the sender and the recipient use the same key • Asymmetric encryption: both a public and a private key are used • Transport Layer Security (TLS): a protocol for transactions on the Web that uses a combination of public key and symmetric key encryption • HTTPS: the secure version of HTTP • Digital signatures: a means to authenticate online messages, implemented with public keys

  35. Cont’d • Digital certificates: computer files that associate one’s identity with one’s public key • Issued by certificate authority (a trusted 3rd party) • Contains holder’s name, a serial number, expiration dates and a copy of holder's public key • Also contains the digital signature of the CA

  36. Tutorial questions • Give examples in which raw data can also serve as useful information. • When accessing an information system, would you prefer that your identity be verified with a biometric or with a password? Why?

More Related