UNIVERSITY OF CAPE COAST

COLLEGE OF DISTANCE EDUCATION – CoDE

TEMASCO STUDY CENTRE

NAME OF COURSE: INFORMATION SYSTEMS MANAGEMENT 1

COURSE CODE: EBS 451D
NAME OF LECTURER: ACHIANOR ERASMUS

A PRESENTATION ON EDUCATIONAL LEADERSHIP AND

BASES OF POWER
BY
1. DORSU SELORM DESMOND BJHSE/GA/25/20/0001
2. ODANU JUSTICE KISSEH BJHSE/GA/03/20/0043
3. SOPHIA ADOMA YEBOAH BJHSE/GA/03/22/0059
 PRESENTATION OUTLINE
1. The information systems security
2. information privacy and control
3. Intrusion Detection
4. Spreadsheet
5. The World Wide Web

Information systems security

The protection of information systems against unauthorized access to or modification of information,
whether in storage, processing or transit, and against the denial of service to authorized users, including
those measures necessary to detect, document, and counter such threats.

Basic principles of information security

Confidentiality
Confidentiality measures are designed to prevent unauthorized disclosure of information. The purpose
of the confidentiality principle is to keep personal information private and to ensure that it is visible
and accessible only to those individuals who own it or need it to perform their organizational functions.

Integrity
Consistency includes protection against unauthorized changes (additions, deletions, alterations, etc.) to
data. The principle of integrity ensures that data is accurate and reliable and is not modified incorrectly,
whether accidentally or maliciously.

Availability
Availability is the protection of a system’s ability to make software systems and data fully available
when a user needs it (or at a specified time). The purpose of availability is to make the technology
infrastructure, the applications and the data available when they are needed for an organizational
process or for an organization’s customers.

Three types of controls

Administrative Control
Administrative Control is a set of security rules, policies, procedures, or guidelines specified by the
management to control access and usage of confidential information. It includes all the levels of
employees in the organization and determines the privileged access to the resources to access data.

Logical Control
Logical controls are preventative controls that apply information technology software’s and systems to
prohibit unwanted access to information within a computer system. Nonphysical access controls are
also referred to as logical controls. These will prevent information assets from being accessed
electronically.

Logical controls that can prevent access to an organizations informational asset include: Authentication
of unauthorized users from being permitted to access a company’s systems
1) User identification (e.g. username and passwords)

2) Password management
3) Network firewalls

Password is a secret sequence of characters used to authenticate and authorize access to a computer
system, network, or application. Passwords are a type of logical control, designed to ensure that only
authorized users can access sensitive information and resources.

Designing a personal, user-friendly password

Good passwords:
● must not be too short (otherwise brute-force guessing will soon open)
● should not be words found in a dictionary
● should be a mixture of uppercase, lowercase, letters and digits
● should not be easily guessable by people who know you (first names, birthdates)
● should not be hard to remember that you have to write down.
● are not written down

Biometric authentication
Biometric authentication is a technology that uses biological characteristics to verify a person’s identity
and grant access to secure systems or locations.
Biometric authentication uses unique physical or behavioral traits to verify individuals' identities.

Possessed Objects
Possessed Objects refer to physical items or devices that a user possesses to authenticate or authorize
access to a system, network, or application. Example of possessed objects is smart cards.

Physical Control
Physical control in information security systems control refers to the measures taken to prevent
unauthorized physical access to sensitive areas, devices, or media. It involves controlling and managing
physical access to:

Access control
Access control refers to the mechanisms and policies that regulate and manage access to sensitive
resources, data, and systems. It ensures that only authorized individuals, devices, or systems can
access, modify, or delete sensitive information.

Identification in information security systems refers to the process of claiming or declaring an identity,
which is typically the first step in the authentication process. It involves providing a username, ID
number, or other identifier to access a system, network, or application.
Authentication in information security systems is the process of verifying the identity of a user,
device, or system. It ensures that someone or something is who they claim to be, and it prevents
unauthorized access to sensitive resources, data, and systems.

Cryptography
Information security uses cryptography to transfer usable information into a form that renders it
unusable by anyone other than an authorized user. This is called encryption.

Information Privacy and Control

Privacy
Privacy in information systems security refers to the protection of personal information and data from
unauthorized access, use, disclosure, modification, or destruction. It involves ensuring that individuals'
personal information is handled in a way that respects their rights and expectations, and that it is not
shared or used without their consent.

Spyware
Spyware in information systems security refers to a type of malicious software (malware) that is
designed to secretly monitor and collect personal or sensitive information about a user, organization, or
system. Spyware is often installed on a device without the user's knowledge or consent, and can be
used to:

1. Track browsing history and online activities

2. Collect personal information, such as login credentials or credit card numbers
3. Monitor keystrokes and other user activities
4. Display unwanted advertisements or pop-ups
5. Install additional malware or software
6. Allow remote access to the infected device

Remedies and prevention

Backing up user data and reinstalling the operating system.

Anti-spyware programs
Examples: Lavasoft’s Ad-Aware, Se and Patrick Kolla’s Spybot, Search & Destroy

Spam
spam is an unsolicited e-mail message or newsgroup posting sent to many recipients or newsgroups at
once.

Virus
A virus in information systems security is a type of malicious software (malware) that replicates itself
by attaching to other programs or files on a computer.

Types of viruses include:

1. Trojans
2. Worms
3. Logic bombs
4. Rootkits
5. Boot sector viruses
6. Bomb

Viruses are spread in several ways.

The most common are:
I. Downloading an infected disk
II. Copying a document file that is infected with a macro virus.

TO AVOID VIRUS:
I. Treat all disks as though they are infected.
II. Install an antivirus program and keep its virus definition up to data.
III. Run your antivirus regularly.

SOFTWARE PIRACY:
It is the illegal copying of software program.

Types of Software Piracy:

1. End-User piracy: This is when users copy software without appropriate licensing for each copy.
2. Pre-installed software: this is when a computer manufacturer takes one copy of software and
illegally installs it on more than one computer.
3. Internet Piracy: when unauthorized copies are downloaded over the Internet.
4. Counterfeiting: when illegal copies of software are made and distributed in packaging that
reproduces the manufacturers' packaging.
5. Online auction Piracy: this takes several forms such as: software resold in violation of the original
terms for sale, NFR (not for resale) etc.
6. Don't be fooled: if the price of the software is too good to be true, the chances are it's illegal or
unlicensed, pirated software packaging can look very similar to the original product. In order to be
certain about the authenticity of your software products, buy from a familiar, reputable reseller.

Intrusion Detection
Intrusion detection in information systems security is the process of monitoring and analyzing network
traffic, system logs, and other data to identify and alert on potential security threats in real-time. It
involves detecting and responding to unauthorized access, misuse, or abuse of computer systems,
networks, and data.
Intrusion detection systems (IDS) use various techniques to identify threats, including:

1. Signature-based detection: Matching patterns of known attacks.

2. Anomaly-based detection: Identifying unusual behavior.
3. Stateful protocol analysis: Analyzing network protocols.
IDS can detect various types of threats, including:

1. Network-based attacks (e.g., hacking, DoS/DDoS)

2. Host-based attacks (e.g., malware, unauthorized access)
3. Application-layer attacks (e.g., SQL injection, cross-site scripting)
4. Insider threats (e.g., unauthorized data access)

There are two main types of IDS:

1. Network-based IDS (NIDS) : Monitors network traffic.

2. Host-based IDS (HIDS) : Monitors system logs and processes.

Intrusion prevention
Intrusion prevention in information systems security is the process of detecting and preventing
potential security threats in real-time, before they can cause harm.

THE WORLD WIDE WEB

The World Wide Web or the web is a particular part of the Internet with all cool content, resources, and
useful services. You can surf the Web with a piece of software called a Web browser. The most
popular Web browser today is Google Chrome. Other popular browsers are Microsoft Internet
Explorer, Mozilla Firefox, Opera Mini, and Apple’s Safari.

Components of Web
There are 3 components of the web:

1.Uniform Resource Locator (URL): It serves as a system for resources on the web. A uniform
resource locator (URL) is a reference to a resource that specifies the location of the resource on a
computer network and a mechanism for retrieving it.

2. Hypertext Link Protocol: It specifies communication of browser and server.

The Hypertext Transfer Protocol is an application protocol for distributed, collaborative, hypermedia
information systems that allow users to communicate data on the World Wide Web.

3. HyperText Markup Language (HTML): This defines the structure, organization, and content of
the webpage. The HTML is the set of markup symbols or codes inserted into a file intended for display
on the Internet. The markup tells web browsers how to display a web page's words and images.

Understanding the Web

Information on the World Wide Web is presented in pages. A Web page is like a page in a book, made
up of text and pictures (also called graphics).
A link on a Web page can point to another Web page on the same site or another site. Links are usually
in a different color from the rest of the text and often are underlined; when you click a link, you’re
taken directly to the linked page.

A Website is nothing more than a collection of Web pages (each in its computer file) residing on a host
computer. The host computer is connected full-time to the Internet so you can access the site and its
Web pages anytime you access the Internet.

The home page is the main page at a Web site, and it often serves as an opening screen that provides a
brief overview and menu of everything you can find at that site.

The address of a Web page is called a URL, which stands for uniform resource locator. Most URLs
start with http:// or https://, add a www. , continue with the name of the site, and end with a
.com/.org/.xyz
URL The uniform resource locator (URL) identifies a computer on the Internet.

An IP address is a numeric address for a computer connected to the Internet.

Every device in a computer network has an IP address.

A domain name is the text version of a computer’s numeric IP address.

Searching for Reliable Information on the Web.

The Internet has a wealth of information, however, finding what you are looking for can be hard
without the right tools. Search engines like Google search and Microsoft’s Bing help users find
information.

The results page will show you how many results match your keyword or keywords and will also show
you related searches for your keyword or keywords. Each result contains a brief description and a link
to the website. If the website is not available, the search engine may have a saved version of that
website. This ‘out of date version can be viewed by selecting the ‘Cached Page’ command. Your
search may result in thousands of webpages. Each result page only contains a few results, to see the
rest you can select the links at the bottom of the page.

How to Perform Transactions over the Web

Businesses have websites on the Internet that allow you to perform online transactions. These types of
transactions include buying or selling merchandise, ordering tickets to a location or event, and
performing banking transactions.

E-commerce is the buying and selling of goods and services over the internet.
E-commerce can be a substitute for brick-and-mortar stores, though some businesses choose to
maintain both. Almost anything can be purchased through e-commerce today.

An online transaction usually requires you to provide personal information such as username,
password, address, and bank account or credit card details.
Because there is a great deal of personal information exchanged in an online transaction, you must
ensure that the transactions are done securely and only on credible Websites.

Spreadsheet software
Spreadsheet software is a type of application that enables users to store, organize, and analyze data in a
tabular format.

Key Features:
1. Cells: The basic unit of storage, where data is entered and stored.
2. Rows and Columns: Data is organized into rows and columns, making it easy to read and analyze.
3. Formulas and Functions:
4. Charts and Graphs: Data can be visualized using various chart and graph options.
5. Data Analysis: Spreadsheet software often includes tools for data analysis, such as filtering, sorting,
and pivot tables.
6. Collaboration: Many spreadsheet software options allow for real-time collaboration and sharing.

Popular Spreadsheet Software:

1. Microsoft Excel: A widely used and feature-rich spreadsheet software.
2. Google Sheets: A cloud-based spreadsheet software that allows for real-time collaboration.
3. LibreOffice Calc: A free and open-source spreadsheet software.
4. Apple Numbers: A spreadsheet software for Mac and iOS devices.

Uses:
1. Budgeting and Financial Planning
2. Data Analysis and Visualization
3. Accounting and Bookkeeping
4. Scientific and Engineering Calculations
5. Business Intelligence and Reporting

Launching and existing Microsoft Excel.

1. Click the start button.
2. Select “All programs” from the start menu.
3. Click on Microsoft Office suite.
4. Click on Excel

Some elements of a Microsoft Excel.

Workbook
Worksheet Area
Formula Bar
Active cell
Status Bar