1 / 56

CIS511 Information System Architecture

CIS511 Information System Architecture. Asst.Prof. Dr. Surasak Mungsing. CIS511 สถาปัตยกรรมระบบสารสนเทศ. Description:

galahad
Download Presentation

CIS511 Information System Architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIS511 Information System Architecture Asst.Prof. Dr. Surasak Mungsing

  2. CIS511 สถาปัตยกรรมระบบสารสนเทศ Description: หลักการทำงานของคอมพิวเตอร์ การวัดขนาดและสมรรถนะคอมพิวเตอร์ วิวัฒนาการของระบบคอมพิวเตอร์ ระบบคอมพิวเตอร์และเครือข่าย ระบบเครือข่ายเฉพาะถิ่น ระบบ Broadband ระบบInternet ซอฟต์แวร์ระบบ เช่น ระบบปฏิบัติการ ระบบฐานข้อมูล ระบบสื่อสารและโปรโตคอล การสื่อสารข้อมูลและการกำหนดการประมวลผล ระบบสารสนเทศBack office เช่นระบบงบประมาณ ระบบการเงินบัญชี ระบบบุคคล และระบบสารสนทศ ระบบให้บริการส่วน Front office การกำหนดคุณลักษณะเฉพาะของระบบฮาร์ดแวร์เครือข่ายและระบบประมวลผล

  3. Evaluation • Project/Reports 40 % • Individual Report 20% • Group Project 20% • Participation 10 % • Mid-term Exam 20 % • Final Exam 30 % Total 100 %

  4. Q & A

  5. Introduction to Information System

  6. Topic • Information System • Threats and Attacks

  7. Why Study Information System • Ease the managing task • Guide for problem solving & decision making • Realise opportunities and meet personal and company goals. • In Business: used in all functional areas.

  8. Information Concepts (1) • Data vs. Information • Data • Raw facts • Distinct pieces of information, usually formatted in a special way • Information • A collection of facts organized in such a way that they have additional value beyond the value of the facts themselves

  9. Examples Data – thermometer readings of temperature taken every hour: 16.0, 17.0, 16.0, 18.5, 17.0,15.5…. Information today’s high: 18.5 today’s low: 15.5 Transformation

  10. Types of Data

  11. Characteristics of Valuable Information • accurate, • complete, • economical, • flexible, • reliable, • relevant, • simple, • timely, • verifiable, • accessible, • secure

  12. Example: Health Information • You want the information about you in a health information system to be: • As accurate as possible (e.g. your age, sex) • As complete as possible • Relevant • To be reliable • Should be available in a timely manner (e.g. information about your drug allergies are available before your operation!)

  13. System • Definition • A set of elements or components that interact to accomplish goals • A combination of components working together

  14. Example of a System with sub-components Customer Maintenance Component Order Entry Component Customer Support System Catalog Maintenance Component Order Fulfillment Component

  15. System Elements • Inputs • Processing mechanisms • Outputs Inputs Process Outputs

  16. System Example

  17. System Components and Concepts • System boundary • Defines the system and distinguishes it from everything else • System types • Simple vs. complex • Open vs. closed • Stable vs. dynamic • Adaptive vs. non-adaptive • Permanent vs. temporary

  18. System Performance and Standards • Efficiency • A measure of what is produced divided by what is consumed (eg. Efficiency of a motor is the energy produced divided by what is consumed) • Effectiveness • A measure of the extent to which a system achieves its goals • System performance standard • A specific objective of the system

  19. Nature of Information Systems • Organization: Group of individuals operating together in a systematic way to achieve a set of objectives • Individual interact to achieve objectives • The interact with each other through rules and procedures to achieve objectives • Has objectives • Takes input , process them into output • Resources classified into raw materials, machinery, human resources, money, information • Environment include physical environment, other organization, abstract entities, individuals

  20. Organizational Activities • Primaryactivities (inbound logistics, operations, sales and marketing, outbound logistic, after sales support) • Secondary activities (corporation planning and control, admin, finance management, HRM, R&D)

  21. Organizational Structure • Hierarchical • Functional Management Structure • Strategic Management • Operational Management Types of Information • Planning, operating and control • Strategic, operation and control • Qualitative and quantitative

  22. Linkage between Activities • Organization divided into departments • Information disseminated formally and informally • Information flows should reflect structure and means of achieving objectives • Data and Information

  23. Qualities of Good Information • Complete, relevant, timely, accurate, understandable, significant, channel, right recipient, cost benefit • Noise in communication • Redundant information • Information cost (design and set up costs, running costs, storage costs)

  24. Information Systems Defn. Formalized set of procedures designed to convert data into information for decision making Activities includes: data capture, data processing, dissemination of information, information use, monitoring the system Information System Development Process entails: 1. Establish business objectives 2. Design in information needs 3. Establish sources of data 4. Examine who needs data 5. Format and timing of information received 6. Process required to convert data into information 7. Building system 8. Monitor and control system effectiveness

  25. Information System (cont.) • Design could be bottom up or top down • Manual or mechanized • Information needs (planning, monitoring, control, decision making, recording and processing transaction, communication)

  26. Types of Information Systems • Transaction processing systems • Office automation systems • Management information systems • Decision support systems • Executive information systems • Expert systems

  27. Nature of Decision Making • Structure (programmed decisions) • Unstructured • Semi-structured • Analytical decision • Heuristic decisions

  28. Q&A

  29. Threats and Attacks Principles of Information Security, 2nd Edition

  30. Learning Objectives • Identify and understand the threats posed to information security • Identify and understand the more common attacks associated with those threats Principles of Information Security, 2nd Edition

  31. Threats • Threat: an object, person, or other entity that represents a constant danger to an asset • Management must be informed of the different threats facing the organization • By examining each threat category, management effectively protects information through policy, education, training, and technology controls Principles of Information Security, 2nd Edition

  32. Threats (contd) • The 2004 Computer Security Institute (CSI)/Federal Bureau of Investigation (FBI) survey found: • 79 percent of organizations reported cyber security breaches within the last 12 months • 54 percent of those organizations reported financial losses totaling over $141 million Principles of Information Security, 2nd Edition

  33. Threats to Information Security Principles of Information Security, 2nd Edition

  34. Acts of Human Error or Failure • Includes acts performed without malicious intent • Causes include: • Inexperience • Improper training • Incorrect assumptions • Employees are among the greatest threats to an organization’s data Principles of Information Security, 2nd Edition

  35. Acts of Human Error or Failure (contd) • Employee mistakes can easily lead to: • Revelation of classified data • Entry of erroneous data • Accidental data deletion or modification • Data storage in unprotected areas • Failure to protect information • Many of these threats can be prevented with controls Principles of Information Security, 2nd Edition

  36. Figure 2-1 – Acts of Human Error or Failure Principles of Information Security, 2nd Edition

  37. Deliberate Acts of Espionage or Trespass • Access of protected information by unauthorized individuals • Competitive intelligence (legal) vs. industrial espionage (illegal) • Shoulder surfing occurs anywhere a person accesses confidential information • Controls let trespassers know they are encroaching on organization’s cyberspace • Hackers uses skill, guile, or fraud to bypass controls protecting others’ information Principles of Information Security, 2nd Edition

  38. Principles of Information Security, 2nd Edition

  39. Deliberate Acts of Theft • Illegal taking of another’s physical, electronic, or intellectual property • Physical theft is controlled relatively easily • Electronic theft is more complex problem; evidence of crime not readily apparent Principles of Information Security, 2nd Edition

  40. Deliberate Software Attacks • Malicious software (malware) designed to damage, destroy, or deny service to target systems • Includes viruses, worms, Trojan horses, logic bombs, back doors, and denial-of-services attacks Principles of Information Security, 2nd Edition

  41. Principles of Information Security, 2nd Edition

  42. Forces of Nature • Forces of nature are among the most dangerous threats • Disrupt not only individual lives, but also storage, transmission, and use of information • Organizations must implement controls to limit damage and prepare contingency plans for continued operations Principles of Information Security, 2nd Edition

  43. Deviations in Quality of Service • Includes situations where products or services not delivered as expected • Information system depends on many interdependent support systems • Internet service, communications, and power irregularities dramatically affect availability of information and systems Principles of Information Security, 2nd Edition

  44. Internet Service Issues • Internet service provider (ISP) failures can considerably undermine availability of information • Outsourced Web hosting provider assumes responsibility for all Internet services as well as hardware and Web site operating system software Principles of Information Security, 2nd Edition

  45. Attacks • Act or action that exploits vulnerability (i.e., an identified weakness) in controlled system • Accomplished by threat agent which damages or steals organization’s information Principles of Information Security, 2nd Edition

  46. Attacks (contd) • Malicious code: includes execution of viruses, worms, Trojan horses, and active Web scripts with intent to destroy or steal information • Back door: gaining access to system or network using known or previously unknown/newly discovered access mechanism Principles of Information Security, 2nd Edition

  47. Attacks (contd) • Password crack: attempting to reverse calculate a password • Brute force: trying every possible combination of options of a password • Dictionary: selects specific accounts to attack and uses commonly used passwords (i.e., the dictionary) to guide guesses Principles of Information Security, 2nd Edition

  48. Attacks (contd) • Denial-of-service (DoS): attacker sends large number of connection or information requests to a target • Target system cannot handle successfully along with other, legitimate service requests • May result in system crash or inability to perform ordinary functions • Distributed denial-of-service (DDoS): coordinated stream of requests is launched against target from many locations simultaneously Principles of Information Security, 2nd Edition

  49. Figure 2-9 - Denial-of-Service Attacks Principles of Information Security, 2nd Edition

More Related