Scribd
Upload
42 views34 pages

Management Information System: Unit 5

This document discusses several topics related to managing information systems ethically and securely, including: 1. It identifies ethical issues around how IT affects employment, privacy, and society. 2. It describes different types of security strategies like access controls, encryption, and firewalls to protect business applications. 3. It proposes ways managers can address the harmful effects and increase the benefits of IT, like ensuring informed consent and proportionality of new technologies.

Uploaded by

Bhuvana Ganesan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
42 views34 pages

Management Information System: Unit 5

This document discusses several topics related to managing information systems ethically and securely, including: 1. It identifies ethical issues around how IT affects employment, privacy, and society. 2. It describes different types of security strategies like access controls, encryption, and firewalls to protect business applications. 3. It proposes ways managers can address the harmful effects and increase the benefits of IT, like ensuring informed consent and proportionality of new technologies.

Uploaded by

Bhuvana Ganesan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 34

MANAGEMENT

INFORMATION SYSTEM
UNIT 5
LEARNING OBJECTIVES

• Identify several ethical issues regarding how the use of information technologies in business affects
employment, individuality, working conditions, privacy, crime, health and solutions to societal
problems.
• Identify the several types of security management strategies and defenses and explain how they can
be used to ensure the security of business applications of information technology.
• Propose several ways that business managers and professionals can help lessen the harmful effects
and increase the beneficial effects of the use of information technology.
SECURITY AND ETHICAL CHALLENGES - INTRODUCTION
• The use of information technologies in business has a major impact on society and thus
raises ethical issues in the area of crime, privacy, individuality, employment, health and
working conditions.
• It is important to understand that information technology has had a beneficial results as
well as detrimental effects, on society and people in each of these areas.
• For example, computerizing a manufacturing process may have the beneficial result of
improving working conditions and producing products of higher quality at lower cost, but
it also have the adverse effect of eliminating people’s jobs.
ETHICAL RESPONSIBILITY OF BUSINESS
PROFESSIONALS
• Ethical responsibility of business professionals includes performing their role as a vital
human resource in the business systems to develop and use in their organization
• To make a decision in an organization managers or business professionals approach in a
ethical dimension.
• Business Ethics concerned with the numerical ethical question that managers must
confront as part of their daily business decision making.
TECHNOLOGY ETHICS

• Proportionality – the good achieved by the technology must outweigh the harm or risk.
• Informed Consent – those affected by the technology should understand and accept the
risks.
• Justice – The benefits and burdens of the technology should be distributed fairly.
• Minimized risk – even if judged acceptable by the order three guidelines, the technology
must be implemented so as to avoid all unnecessary risk.
MIS AS CONTROL SYSTEM

• Controls are constraints and other restrictions imposed on user and a system and they can be used to secure systems
against the risk or to reduce damage caused to systems, app. and data.
• Controls are not only for access but also to implement policies and ensure nonsensical(ridiculous) data not entered
into corporate database.
• Elements of Control System:
• 1. Set of Objectives
• 2. Performance Standards
• 3. Feed back mechanism
• 4. Control /action center

• All these should be properly evolved and instituted in the org with due identity to internal and external environment
FEATURES OF CONTROL SYSTEM

• Early Warning Mechanism :predicts possibility of achieving goals and standards


• Performance Standards: meaningful standards and challenging
• Strategic Controls: critical success factors
• Feed back :continuous to control center, not only progress but also deviation,
• Accurate and Timely : accurate and on time to control center for corrective action
• Realistic : cost of control <<< benefits, encouraging factors for employees ex. incentives, rewards.
• Information flow: should be aligned with org and decision makers to ensure right info for right people
• Exception principles: control sys should approve some deviations.
TYPES OF MIS CONTROL SYSTEM

• Administrative Controls : Invigilation duty


• Information System Control : input, processing, output ,storage controls
• Procedural Control :for operation of IS Valuation
• Physical Facility Control :communication lines, systems, insurance.
APPLICATIONS OF MIS

• Strategy Support
• Data Processing Strategy Support:
• While computers cannot create business strategies by themselves they can assist management in
understanding the effects of their strategies, and help enable effective decision making.
• It provide financial statements and performance reports to assist in the planning, monitoring and
implementation of strategy.
• Unmanageable volumes of data: By studying the correct reports decision-makers can identify
patterns and trends that would have remained unseen if the raw data were consulted manually
DATA PROCESSING:

• A valuable time saving benefit to the workforce. Where in the past


business information had to be manually processed for filing and analysis
it can now be entered quickly and easily onto a computer by a data
processor, allowing for faster decision making and quicker reflexes for the
enterprise as a whole.
• Example :Personnel Management
11 GOALS OF INFORMATION SECURITY

• Reduce the risk of systems and organizations ceasing operations


• Maintain information confidentiality
• Ensure the integrity and reliability of data resources
• Ensure uninterrupted availability of data resources and online operations
• Ensure compliance with national security laws and privacy policies and laws
12 RISKS TO INFORMATION SYSTEMS

• Causes of systems downtime


• Number-one is hardware failure
• Fire and theft are the next two contributors

• Risks to Hardware
• Natural disasters
• Blackouts and brownouts
• Vandalism
13 RISKS TO INFORMATION SYSTEMS

• Risks to Applications and Data


• Theft of information
• Data alteration, data destruction, and defacement
• Computer viruses and Logic Bombs
• Nonmalicious mishaps
14 RISKS TO INFORMATION SYSTEMS

Figure 17.2 Frequency of security breaches in a 12-month period based on a survey of 745
professionals
15 RISKS TO ONLINE OPERATIONS

• Denial of Service (DoS)


• Too many requests are received to log on to a Web site’s pages
• If perpetrated from multiple computers it is called distributed denial of service (DDoS)

• Spoofing
• Deception of users to make them think they are logged on at one site while they actually are on
another
16 CONTROLLING INFORMATION SYSTEM
RISKS
• Controls: Constraints imposed on a user or a system to secure systems against risks .

Figure 17.3 Common controls to protect systems from risk


17 CONTROLLING INFORMATION SYSTEM
RISKS
• Program Robustness and Data Entry Controls
• Provide a clear and sound interface with the user
• Menus and limits / data input constraints
• Backup
• Periodic duplication of all data
• Access Controls
• Ensure that only authorized people can gain access to systems and files
• Access codes and passwords
• Biometric
• An access control unique in physical, measurable characteristic of a human being that
is used to identify a person
18 CONTROLLING INFORMATION SYSTEM
RISKS
• Atomic Transactions
• Ensures that
transaction data are
recorded properly
in all the pertinent
files to ensure
integrity
19 CONTROLLING INFORMATION SYSTEM
RISKS
• Audit Trails
• Built into an IS so that transactions can be traced to people, times, and authorization
information
20 ENCRYPTION

• Authentication
• Process of ensuring that the sender and receiver of a message is indeed that person
• Original message – plaintext
• Coded message – ciphertext
• Messages scrambled on sending end; descramble to plain text on receiving end
21 ENCRYPTION STRENGTH

Figure 17.6 Estimated time needed to break encryption keys, using $100,000
worth of computer equipment
22 ENCRYPTION

• Distribution Restrictions
• Public Key encryption
• Symmetric
• Both sender and recipient use same key
• Key is referred to as secret key

• Asymmetric (also called public key encryption)


• Sender is able to communicate key to recipient before message is sent
23 ENCRYPTION
24 ENCRYPTION

• Secure Sockets Layer and Secure Hypertext Transport Protocol ensure online transactions
are secure
• Pretty Good Privacy – Network Associates product that allows individuals to register for
public and private keys
25 DIGITAL SIGNATURES AND DIGITAL
CERTIFICATES
• Electronic Signatures
• Digital Signatures
• Different each time you send a message

• Digital Certificates
• Computer files that serve as the equivalent of ID cards
26 FIREWALLS

• Software whose purpose is to manage access to computing resources


• Early firewalls used combination of hardware and software
• While firewalls are used to keep unauthorized users out, they are also used to keep
unauthorized software or instructions away
• Computer viruses and other rogue software
• Proxy Servers act as a buffer between internal and external networks
27 SECURITY STANDARDS

• The Orange Book (DOD)- Four security levels


• Decision A: Verify Protection
• Decision B: Mandatory Protection
• Decision C: Discretionary Protection
• Decision D: Minimal Protection or No Protection

• The ISO Standard


• Common set of requirements for IT product security functions and for assurance measures
during security evaluation
• Permits comparability between results of independent security tests
28 THE DOWNSIDE OF SECURITY CONTROLS

• Security measures slow data communications and require discipline that is not easy to
maintain
• Passwords
• Encryption
• Firewalls

• Drains personnel resources as well…


29 CHIEF SECURITY OFFICERS
30 RECOVERY MEASURES

• The Business Recovery Plan – Nine steps proposed for development


1. Obtain management’s commitment to the plan
2. Establish a planning committee
3. Perform risk assessment and impact analysis
4. Prioritize recovery needs
5. Select a recovery plan
6. Select vendors
7. Develop and implement the plan
8. Test the plan
9. Continually test and evaluate
31 RECOVERY MEASURES

• Outsourcing the Recovery Plan


• Some companies may choose not to develop their own recovery plan
• Small companies may not be able to afford an expensive recovery plan
• May opt for a Web-based service
32 MEDIAN AMOUNTS OF IT SECURITY BUDGETS
BY INDUSTRY
33 THE ECONOMIC ASPECT OF SECURITY
MEASURES
• Two types of costs to consider when determining how much to spend on data security:
• The cost of potential damage
• The cost of implementing a preventive measure
34 THE ECONOMIC ASPECT OF SECURITY
MEASURES

Figure 17.12 The total cost to the enterprise is lowest at


“Optimum.” No less, and no more, should be spent on information
security measures.

You might also like