Introduction to Information System

1
 Module I
 Need for Information Security
 Introduction to Information Systems
 Trustworthiness of Information Systems
 Security and Access
 Security SDLC
 Ethical and Professional Issues

10/11/2019
10/11/2019
10/11/2019
10/11/2019
10/11/2019
10/11/2019
 Informatio
• Every aspect ofnmanagement in the modern age
relies heavily on information to thrive.
• Nothing moves without information and it is
generally believed that information is power and
that he who has it has power.
• It is an important resource needed to develop
other resources.
• Changing circumstances and environments have
necessitated the need for the proper
dissemination of information at various levels of
management.

10/11/2019
 Informatio
• The concept ofninformation in an organizational
sense is more complex and difficult than the
frequent use of this common word would
suggest.
• Every society, no doubt, is an information society
and every organization is an information
organization.
• Therefore, information is a basic resource like
materials, money and personnel.
• Information can be considered either as an
abstract concept(ideas) or as a commodity,
usually in the form of letters and reports.

10/11/2019
 Information System
• Information system, an integrated set of components
for collecting, storing, and processing data and for
providing information, knowledge, and digital
products. Business firms and other organizations rely
on information systems to carry out and manage their
operations, interact with their customers and suppliers,
and compete in the marketplace.
• Information systems are used to run inter
organizational supply chains and electronic markets.
For instance, corporations use information systems to
process financial accounts, to manage their human
resources, and to reach their potential customers with
online promotions.

10/11/2019
 Information System
• Many major companies are built entirely around
information systems. These include eBay, a largely auction
marketplace; Amazon, an expanding electronic mall and
provider of cloud computing services; Alibaba, a business-
to-business e-marketplace; and Google, a search engine
company that derives most of its revenue from keyword
advertising on Internet searches.
• Governments deploy information systems to provide
services cost-effectively to citizens.
• Digital goods—such as electronic books, video products,
and software—and online services, such as gaming and
social networking, are delivered with information systems.
Individuals rely on information systems, generally Internet-
based, for conducting much of their personal lives: for
socializing, study, shopping, banking, and entertainment.
10/11/2019
 Information System
• Any organized combination of
 People
 Hardware
 Communication networks
 Software
 Data resources
 Policies and procedures that stores retrieves,
transforms, and disseminates information in
an organization.

10/11/2019
 Information System

10/11/2019
 Components of Information System
1. Computer hardware. This is the physical
technology that works with information. ...
2. Computer software. The hardware needs to
know what to do, and that is the role of
software. ...
3. Telecommunications. ...
4. Databases and data warehouses. ...
5. Human resources and procedures.

10/11/2019
THE COMPONENTS OF INFORMATION
SYSTEMS
SYSTEM CONCEPTS: A FOUNDATION
Technology
Applications
Development

Management
WHAT IS A
SYSTEM?
Input
Processing
Output
FEEDBACK
10/11/2019
The system concept becomes even
more useful by including two additional elements:
Feedback
Control
Feedback is data about the performance of a system.
For example:
data about sales performanceis feedback to
a sales manager.
Data about the speed, attitude, and
direction of an aircraft is feedback to the
aircraft’s pilot or autopilot.
10/11/2019
Control involves monitoring and evaluating
feedback to determine whether a system is
moving toward the achievement of its goal.
The control function then makes the necessary
adjustments to a system’s input and processing
components to ensure that it produces proper
output.
For example: An airline pilot, makes minute
adjustments after evaluating the feedback from
the instruments to ensure the plane is exactly
where the pilot wants it to be.

10/11/2019
 Component of IS

10/11/2019
10/11/2019
 Functional elements of IS
• It comprises the following functional elements which relate to the
organization and its environments:
1. Perception– initial entry of data whether captured or generated,
into the organization;
2. Recording– physical capture of data;
3. Processing– transformation according to the “specific” needs of
the organization;
4. Transmission– the flows which occur in an information system;
5. Storage– presupposes some expected future use;
6. Retrieval– search for recorded data;
7. Presentation– reporting, communication; and
8. Decision making– a controversial inclusion, except to the extent
that the information system engages in decision making that
concerns itself.

10/11/2019
 Types of IS
The most important computer-
based information systems as
follows:
1. Information retrieval system (IR);
2. Question-answering system;
3. Database system (DBS);
4. Management information
system (MIS);
10/11/2019
 Application of IS

10/11/2019
 Recognizing IS

As a business professional, we should be able to

recognize the fundamental components of IS we
encounter in the real world. This means that you
should be able to identify:
The people, hardware, software, data, and network
resources they use.
The types of information products they produce.
The way they perform input, processing, output,
storage, and control activities.

10/11/2019
 IS and Society
• Nowadays, we live in information age and the
focus on information and technology has
profoundly affected the nature of society and
the world of work.
• More information is accessible to all people in
our society.
• Businesses are seeking employees who are
proficient in information retrieval, analysis, and
communication, in conjunction with highly
developed technological skills.
10/11/2019
 IS and Society
• As information systems enabled more diverse human
activities, they exerted a profound influence over society.
• These systems quickened the pace of daily activities,
enabled people to develop and maintain new and often
more-rewarding relationships, affected the structure and
mix of organizations, changed the type of products bought,
and influenced the nature of work.
• Information and knowledge became vital economic
resources.
• The dependence on information systems brought new
threats.
• Intensive industry innovation and academic research
continually develop new opportunities while aiming to
contain the threats.

10/11/2019
 How a Person receive information
1. Visually➔ through sight.
Ex: receive information by seeing the print in book.
2. Aurally ➔ through hearing.
Ex: hear the whistle of a train.
3. Tactilely ➔ through touch
Ex: feeling the humidity in the air.
4. Olfactory ➔ through smell
Ex: smelling the coffee in the morning.
5. Gustatorily ➔ through taste
Ex: tasting to see whether the milk is fresh or not .

Some of the information activities we receive involve transforming it from

one format to another.
Eg: Studying , building a house.

10/11/2019
 How a Person Use information
• Information devices and services provide to the
individual information that is used for a variety of
purpose in the conduct of daily life.!
1. Make decisions!
Information about course in university webpage
(enroll or no) !
2. Resolve uncertainty !
Ex: looking at the clock while studying for exam, you
are trying to resolve uncertainty of wither to
stop reading and go to class or not.!
3. Solve problems
10/11/2019
 Various Sphere of Information in Society
1. Economic sphere: Information is used daily
to influence behavior,
ex : advertising , oil. !
2. Political sphere: to influence behavior of citizens (voting,
government response )!
3. In education sector: teaching, learning,
and research !
4. In health sector: for patient care and
drug prescription !
5. In military and security: for war, fighting
and protection from crime
6. Etc….{ I will Leave to students to find other Sphere – Identify
atleast 10 and post Assignment in Microsoft teams}
10/11/2019
 Information Society
• Webster (2002) who proposes examining a
society on the basis of economic,
occupational, spatial, technology and cultural
criteria to determine the extent to which an
information society exists. (Lester & Koehler,
2007)

10/11/2019
 Types of IS
• The oral society
• Where most people reality and life was local
Knowing a very little about other places, people
and societies
• Society and societal institutional were oral
Information was stored in human memory.
• Human memory was the major way of
transporting information across time and space
• Sources of information and authority were
old people those who had more information
stored in their memory (Lester & Koehler,
2007)

10/11/2019
• Print Society
It provided an accessible way to store
information, Information container, can gave
access to information to much larger body of
people
That led to change the nature of the
information transmitted helps
increasing
which in mutual access to information, in
the sharing of information and ideas, changed
the reality of society (Lester & Koehler, 2007)

10/11/2019
 Type of IS
•Beyond print to electronic society
Telegraph and telephone
Telegraph made the transmission of messages possible across space
and time from one individual to another. Telephone where
individuals can share information through individual interactive oral
communication across space and time
Radio
Which support sharing of information in large scale (Lester & Koehler,
2007)
Television
It changes the sense of community through provision of information,
extending the community of the individual beyond the physical
location
Computer and the Internet
Which support recording, storing and distribution of information in
digital format by using combination of networked digital
infrastructure (Lester & Koehler, 2007)
10/11/2019
 Information System and Organization
• The rapid evolution of computer technology is expanding .
• man’s desire to obtain computer assistance in solving more
and more complex problems: problems which were
considered solely in the domain of man’s intuitive and
judgmental processes, particularly in organizations, a few
years ago.
• Information systems are becoming of ever greater
interest in progressive and dynamic organizations.
• The need to obtain access conveniently, quickly and
economically makes it imperative to devise procedures for
the creation, management and utilization of databases in
organizations.
• Management information and information systems, in
particular those related to effective decision-making
processes in a organization.

10/11/2019
 IS and Organization
• Information systems can give you a competitive advantage
and provide the data you need to make faster, smarter
business decisions. Depending on your needs, you can opt for
transaction processing systems, knowledge management
systems, decision support systems and more.
• When choosing one, consider your budget, industry and
business size. Look for an information system that aligns with
your goals and can streamline your day-to-day operations.
• Business intelligence (BI) systems, for instance, can turn data
into valuable insights.
• IS allows for faster, more accurate reporting, better business
decisions and more efficient resource allocation.

10/11/2019
 ERP IS in Organization
• Another major benefit is data visualization, which enables analysts to
interpret large amounts of information, predict future events and find
patterns in historical data.
• Organizations can also use enterprise resource planning (ERP) software to
collect, manage and analyze data across different areas, from
manufacturing to finance and accounting.
• This type of information system consists of multiple applications that
provide a 360-degree view of business operations. Net Suite ERP,
PeopleSoft.
• ERP provides actionable insights and helps you decide on the next steps.
• It also makes it easier to achieve regulatory compliance, increase data
security and share information between departments.
• In the long run, ERP software can reduce operational costs, improve
collaboration and boost your revenue.
• Nearly half of the companies that implement this system report major
benefits within six months.
10/11/2019
 IS for a Business Organization
1. Support the Business Process : Treats inputs as a request from the
customer and outputs as services to customer. Supports current
operations and use the system to influence further way of working.
2. Support Operation of a Business Organization: MIS supports
operations of a business organization by giving timely information,
maintenance and enhancement which provides flexibility in the
operation of organizations.
3. To Support Decision Making: MIS supports the decision making by
employee in their daily operations. MIS also supports managers in
decision making to meet the goals and objectives of the
organization. Different mathematical models and IT tools are used
for the purpose evolving strategies to meet competitive needs.
4. Strategies for an Organization: Today each business is running in a
competitive market. MIS supports the organization to evolve
appropriate strategies for the business to assented in a competitive
environment.

10/11/2019
 Constraint of IS
• Belief that a computerized MIS can solve all problems.
• Developed without streamlining the TPS.
• It is conceived as data processing and not as
information system.
• MIS does not give perfect information to all users.
• Lack of administrative discipline in following
standardized systems and procedures, wrong coding
can result in incomplete and incorrect information.
• MIS does not provide information needed by
managers but that what the function calls for.
• MIS does not meet critical and key factors such as
response to query on database etc.

10/11/2019
10/11/2019
 Limitation of IS
• IS cannot replace managerial judgment in Decision Making.
• The quality of output in IS is directly proportional to quality of
input.
• IS cannot provide tailor made/customized
information package.
• IS does not have enough flexibility to update itself quickly
• IS only consider quantitative data.
• IS is less useful in making non programmed decisions
• IS is less effective in organization where information is
not being shared with other.
• IS is less effective due to constant change in top management,
organizational structure and operational staff.

10/11/2019
 Trustworthiness of information security
 Information security can be thought of as a discipline that studies
ways to make systems trustworthy.
 Trust is the act of placing your confidence in something and
trustworthiness means that the placement of confidence is well-
founded.
 In the context of information security trust is the belief that a system
or a component will operate in an expected manner and that attacks
on the system will either not succeed or will cause minimal damage.
 Trustworthiness means that evidence exists that allows us to have
trust in a component/system; we have evidence that a
component/system meets a set of (functional and security)
requirements

10/11/2019
 Case Study
Amit Tiwari had many names, bank accounts and clients. None of them
were for real. With a plan that was both ingenious and naive, the 21-year-
old engineering student from Pune tried to defraud a Mumbai-based credit
card processing company, CC Avenue, of nearly Rs 900,000.He was
arrested by the Mumbai Police on August 21, 2003 after nearly an year of
hide and seek with CC Avenue. He's been charged for cheating under
Section 420.

https://indiaforensic.com/creditcardfraud.htm

10/11/2019
 Security and Access
NIST cybersecurity framework advocates that organizations
think of security as a continuous process and lists five key
functions:

1. Identification of vulnerabilities and risks.

2. Defending systems user errors and malicious attacks.
3. Detecting when a system has been misused or attacked.
4. Responding to attacks.
5. Planning for recovery.

Information security at a high level includes all of these

functions.

10/11/2019
We list some definitions related to the first step of the NIST
framework: identification of vulnerabilities and risks .
A vulnerability is a susceptibility or weakness in the system that
can expose it to an attack. For example, a vulnerability might
allow a malicious user to gain access to private data. The people
or adversaries who may violate a systems security by exploiting
vulnerabilities are called threats or attackers.

The list of possible threats include incompetent

or unintentional blunders, hackers, disgruntled employees,
organized crime, market competitors, foreign nations etc.

10/11/2019
The list of potential threats will vary based on the given system.
For example a system storing student records is probably not going to be
targeted by a foreign nation or organized crime.

Risk is the expected damage of vulnerability. Thus risk considers

the likelihood of a vulnerability being exploited and the cost of
the damage.
For example a web service running on a server may have a vulnerability,
but if it’s not connected to the network, the risk is zero.

An attack vector describes how an attacker was able to gain

access to the system and carried out the attack and is typically
used to describe malicious attacks rather than unintentional
errors.
Attack vectors could include malicious email attachments, a sql code
injection, and even social engineering attacks where a human operator is tricked
to weaken system defenses.
10/11/2019
 The Information Technology Act, 2000 (also known as
ITA- 2000, or the IT Act) is an Act of the Indian Parliament
(No 21 of 2000) notified on 17 October 2000. It is the primary
law in India dealing with cybercrime and electronic
commerce

10/11/2019
 Trustworthiness of IS

A trustworthy system is a system that gains a high level

of trust by its users by satisfying the specified security,
privacy, safety, availability and business integrity
requirements

10/11/2019
 The main system security goals to achieve are confidentiality,
integrity, availability, and accountability.
 Confidentiality ensures that only authorized users or
applications are allowed to interact with the system.
 Integrity ensures that critical data has not been changed in
an improper way in the system.
 Availability ensures that the information and/or services are
readily available to an authorized user on demand.
 Accountability ensures that once authorized users access the
system, they are accountable for all of their actions
 Normally, security requirements should not be specified in terms of the types of
security mechanisms or controls that are currently used for implementation.
 To achieve the security goals, security requirements should be identified.

10/11/2019
10/11/2019
 References
1. Baltaz, P. and Phillips,A. “Business Driven Information Systems” 4th
Edition.
2. O’ Brein, James,A., Marakas, George, M. and Bhel, R. (2009) “
Management Information System”,Tata Mc Graw Hill, New Delhi.
3. OZ, Effy, (2008). “Management Information System”, Cengage
Learning, New Delhi, India.
4. Picincu, A (2018) “Role of Information Systems in an
Organization” retrieved from https://bizfluent.com/about-
6525978-role-information-systems-organization.html
last assessed on 20 September 2019.
5. Shodhganga(2015) “INTRODUCTION TO
MANAGEMENT INFORMATION SYSTEMS
“retrieved from
https://shodhganga.inflibnet.ac.in/bitstream/10603/42602/7/07-
chapter_1.pdf. last assessedon 20 September 2019.

10/11/2019