560 likes | 715 Views
CIS511 Information System Architecture. Asst.Prof. Dr. Surasak Mungsing. CIS511 สถาปัตยกรรมระบบสารสนเทศ. Description:
E N D
CIS511 Information System Architecture Asst.Prof. Dr. Surasak Mungsing
CIS511 สถาปัตยกรรมระบบสารสนเทศ Description: หลักการทำงานของคอมพิวเตอร์ การวัดขนาดและสมรรถนะคอมพิวเตอร์ วิวัฒนาการของระบบคอมพิวเตอร์ ระบบคอมพิวเตอร์และเครือข่าย ระบบเครือข่ายเฉพาะถิ่น ระบบ Broadband ระบบInternet ซอฟต์แวร์ระบบ เช่น ระบบปฏิบัติการ ระบบฐานข้อมูล ระบบสื่อสารและโปรโตคอล การสื่อสารข้อมูลและการกำหนดการประมวลผล ระบบสารสนเทศBack office เช่นระบบงบประมาณ ระบบการเงินบัญชี ระบบบุคคล และระบบสารสนทศ ระบบให้บริการส่วน Front office การกำหนดคุณลักษณะเฉพาะของระบบฮาร์ดแวร์เครือข่ายและระบบประมวลผล
Evaluation • Project/Reports 40 % • Individual Report 20% • Group Project 20% • Participation 10 % • Mid-term Exam 20 % • Final Exam 30 % Total 100 %
Topic • Information System • Threats and Attacks
Why Study Information System • Ease the managing task • Guide for problem solving & decision making • Realise opportunities and meet personal and company goals. • In Business: used in all functional areas.
Information Concepts (1) • Data vs. Information • Data • Raw facts • Distinct pieces of information, usually formatted in a special way • Information • A collection of facts organized in such a way that they have additional value beyond the value of the facts themselves
Examples Data – thermometer readings of temperature taken every hour: 16.0, 17.0, 16.0, 18.5, 17.0,15.5…. Information today’s high: 18.5 today’s low: 15.5 Transformation
Characteristics of Valuable Information • accurate, • complete, • economical, • flexible, • reliable, • relevant, • simple, • timely, • verifiable, • accessible, • secure
Example: Health Information • You want the information about you in a health information system to be: • As accurate as possible (e.g. your age, sex) • As complete as possible • Relevant • To be reliable • Should be available in a timely manner (e.g. information about your drug allergies are available before your operation!)
System • Definition • A set of elements or components that interact to accomplish goals • A combination of components working together
Example of a System with sub-components Customer Maintenance Component Order Entry Component Customer Support System Catalog Maintenance Component Order Fulfillment Component
System Elements • Inputs • Processing mechanisms • Outputs Inputs Process Outputs
System Components and Concepts • System boundary • Defines the system and distinguishes it from everything else • System types • Simple vs. complex • Open vs. closed • Stable vs. dynamic • Adaptive vs. non-adaptive • Permanent vs. temporary
System Performance and Standards • Efficiency • A measure of what is produced divided by what is consumed (eg. Efficiency of a motor is the energy produced divided by what is consumed) • Effectiveness • A measure of the extent to which a system achieves its goals • System performance standard • A specific objective of the system
Nature of Information Systems • Organization: Group of individuals operating together in a systematic way to achieve a set of objectives • Individual interact to achieve objectives • The interact with each other through rules and procedures to achieve objectives • Has objectives • Takes input , process them into output • Resources classified into raw materials, machinery, human resources, money, information • Environment include physical environment, other organization, abstract entities, individuals
Organizational Activities • Primaryactivities (inbound logistics, operations, sales and marketing, outbound logistic, after sales support) • Secondary activities (corporation planning and control, admin, finance management, HRM, R&D)
Organizational Structure • Hierarchical • Functional Management Structure • Strategic Management • Operational Management Types of Information • Planning, operating and control • Strategic, operation and control • Qualitative and quantitative
Linkage between Activities • Organization divided into departments • Information disseminated formally and informally • Information flows should reflect structure and means of achieving objectives • Data and Information
Qualities of Good Information • Complete, relevant, timely, accurate, understandable, significant, channel, right recipient, cost benefit • Noise in communication • Redundant information • Information cost (design and set up costs, running costs, storage costs)
Information Systems Defn. Formalized set of procedures designed to convert data into information for decision making Activities includes: data capture, data processing, dissemination of information, information use, monitoring the system Information System Development Process entails: 1. Establish business objectives 2. Design in information needs 3. Establish sources of data 4. Examine who needs data 5. Format and timing of information received 6. Process required to convert data into information 7. Building system 8. Monitor and control system effectiveness
Information System (cont.) • Design could be bottom up or top down • Manual or mechanized • Information needs (planning, monitoring, control, decision making, recording and processing transaction, communication)
Types of Information Systems • Transaction processing systems • Office automation systems • Management information systems • Decision support systems • Executive information systems • Expert systems
Nature of Decision Making • Structure (programmed decisions) • Unstructured • Semi-structured • Analytical decision • Heuristic decisions
Threats and Attacks Principles of Information Security, 2nd Edition
Learning Objectives • Identify and understand the threats posed to information security • Identify and understand the more common attacks associated with those threats Principles of Information Security, 2nd Edition
Threats • Threat: an object, person, or other entity that represents a constant danger to an asset • Management must be informed of the different threats facing the organization • By examining each threat category, management effectively protects information through policy, education, training, and technology controls Principles of Information Security, 2nd Edition
Threats (contd) • The 2004 Computer Security Institute (CSI)/Federal Bureau of Investigation (FBI) survey found: • 79 percent of organizations reported cyber security breaches within the last 12 months • 54 percent of those organizations reported financial losses totaling over $141 million Principles of Information Security, 2nd Edition
Threats to Information Security Principles of Information Security, 2nd Edition
Acts of Human Error or Failure • Includes acts performed without malicious intent • Causes include: • Inexperience • Improper training • Incorrect assumptions • Employees are among the greatest threats to an organization’s data Principles of Information Security, 2nd Edition
Acts of Human Error or Failure (contd) • Employee mistakes can easily lead to: • Revelation of classified data • Entry of erroneous data • Accidental data deletion or modification • Data storage in unprotected areas • Failure to protect information • Many of these threats can be prevented with controls Principles of Information Security, 2nd Edition
Figure 2-1 – Acts of Human Error or Failure Principles of Information Security, 2nd Edition
Deliberate Acts of Espionage or Trespass • Access of protected information by unauthorized individuals • Competitive intelligence (legal) vs. industrial espionage (illegal) • Shoulder surfing occurs anywhere a person accesses confidential information • Controls let trespassers know they are encroaching on organization’s cyberspace • Hackers uses skill, guile, or fraud to bypass controls protecting others’ information Principles of Information Security, 2nd Edition
Deliberate Acts of Theft • Illegal taking of another’s physical, electronic, or intellectual property • Physical theft is controlled relatively easily • Electronic theft is more complex problem; evidence of crime not readily apparent Principles of Information Security, 2nd Edition
Deliberate Software Attacks • Malicious software (malware) designed to damage, destroy, or deny service to target systems • Includes viruses, worms, Trojan horses, logic bombs, back doors, and denial-of-services attacks Principles of Information Security, 2nd Edition
Forces of Nature • Forces of nature are among the most dangerous threats • Disrupt not only individual lives, but also storage, transmission, and use of information • Organizations must implement controls to limit damage and prepare contingency plans for continued operations Principles of Information Security, 2nd Edition
Deviations in Quality of Service • Includes situations where products or services not delivered as expected • Information system depends on many interdependent support systems • Internet service, communications, and power irregularities dramatically affect availability of information and systems Principles of Information Security, 2nd Edition
Internet Service Issues • Internet service provider (ISP) failures can considerably undermine availability of information • Outsourced Web hosting provider assumes responsibility for all Internet services as well as hardware and Web site operating system software Principles of Information Security, 2nd Edition
Attacks • Act or action that exploits vulnerability (i.e., an identified weakness) in controlled system • Accomplished by threat agent which damages or steals organization’s information Principles of Information Security, 2nd Edition
Attacks (contd) • Malicious code: includes execution of viruses, worms, Trojan horses, and active Web scripts with intent to destroy or steal information • Back door: gaining access to system or network using known or previously unknown/newly discovered access mechanism Principles of Information Security, 2nd Edition
Attacks (contd) • Password crack: attempting to reverse calculate a password • Brute force: trying every possible combination of options of a password • Dictionary: selects specific accounts to attack and uses commonly used passwords (i.e., the dictionary) to guide guesses Principles of Information Security, 2nd Edition
Attacks (contd) • Denial-of-service (DoS): attacker sends large number of connection or information requests to a target • Target system cannot handle successfully along with other, legitimate service requests • May result in system crash or inability to perform ordinary functions • Distributed denial-of-service (DDoS): coordinated stream of requests is launched against target from many locations simultaneously Principles of Information Security, 2nd Edition
Figure 2-9 - Denial-of-Service Attacks Principles of Information Security, 2nd Edition