Information Systems

UNIT - 1

By Shanu Gaharana

LECTURE NO.-1

By Shanu Gaharana

Data

Definitions

Raw facts such as an employees name and number of hours worked in a week, inventory part numbers or sales orders. Information A collection of facts organized in such a way that they have additional value beyond the value of the facts themselves. Information Data $35,000 12 Units $12,000 J. Jones Western Region $100,000 100 Units 35 Units Data Processing
By Shanu Gaharana

Salesperson: J. Jones Sales Territory: Western Region Current Sales: 147 Units = $147,000

Definitions
Information Systems An information system(IS) is typically considered to be a set of interrelated elements or components that collect(input), manipulate(processes), and disseminate (output) data and information and provide a feedback mechanism to meet an objective. Open System Close System

By Shanu Gaharana

HISTORY OF INFORMATION SYSTEMS IS has always played a crucial role in civilization. 1. IS over 500 yrs ago 2. IS in mid eighteenth century 3. IS in 20th centuary

By Shanu Gaharana

IMPORTANCE OF INFORMATION SYSTEMS

By Shanu Gaharana

CHANGING NATURE OF IS There are 4 powerful changes that have altered the business environment are : Globalization  Rise of the Information Economy  Transformation of the Business Enterprise  Emergence of the digital firm
By Shanu Gaharana

Mainframe based information s/m

By Shanu Gaharana

Client Server Based System

By Shanu Gaharana

Architecture of Web Services based Systems

By Shanu Gaharana

LECTURE NO.-2

By Shanu Gaharana

Need of Distributed IS
DS have the following 2 properties :-

1. There are several autonomous computational entities, each of which has its own local memory.

2. The entities communicate with each other by message passing

By Shanu Gaharana

Distributed S/m


 

An integration of system services, presenting a transparent view of a multiple computer system with distributed resources and control A collection of independent computers that appear to the users of the system as a single computer Examples Personal workstations + a pool of processors + single file system Robots on the assembly line + Robots in the parts department A large bank with hundreds of branch offices all over the 13 world

Message Passing in Distributed Systems

By Shanu Gaharana

Need of Distributed IS
The widening scope of IS can be summarized as : In 1950s : technical changes 1960s -1970s : managerial controls 1980s 1990s : institutional core activities  Today : digital information webs extending beyond the enterprise.

By Shanu Gaharana

ROLE OF INTERNET & WEB SERVICES

By Shanu Gaharana

Statistics from the IITF Report The Emerging Digital Economy *



To get a market of 50 Million People Participating:

  

Radio took 38 years TV took 13 years Once it was open to the General Public, The Internet made to the 50 million person audience mark in just 4 years!!!

http://www.ecommerce.gov/emerging.htm
Released on April 15, 1998

* Delivered to the President and the U.S. Public on April 15, 1998 by Bill Daley, Secretary of Commerce and Chairman of the Information Infrastructure Task Force

By Shanu Gaharana

IS THREATS & ATTACKS

Basically 2 types of Threats :1. Information level 2. Network Level

By Shanu Gaharana

IS THREATS & ATTACKS

Security threats have following principal sources :1. Human Error 2. Computer abuse or crime 3. Natural & political disasters 4. Failure of h/w or s/w.

By Shanu Gaharana

LECTURE NO.-3

By Shanu Gaharana

Security threats related to computer crime or abuse include :1. Impersonation 2. Trojan Horse Method 3. Logic Bomb 4. Computer viruses 5. DoS 6. Dial Diddling 7. Salami Technique
By Shanu Gaharana

8. Spoofing 9. Super zapping 10. Scavenging 11. Data Leakage 12. Wiretapping 13. Theft of mobile devices

By Shanu Gaharana

Block Diagram of Spoofing

By Shanu Gaharana

Classification of Threats & Assessing Damages

A Threat is an indication of a potential undesirable event. Threat consists of the 4 properties :1. Asset 2. Actor 3. Motive(optional) 4. Access(optional)

By Shanu Gaharana

The major Categories of damages are : Destruction of information &/ or other resource Corruption or modification of information Theft, removal or loss of information and/or other resources. Disclosure of information Interruption of access to important information.

By Shanu Gaharana

There are 5 categories of Logical & Physical assets :1. Information 2. Hardware 3. Software 4. People 5. Systems

By Shanu Gaharana

Another way of grouping the threats is :1. Human actors using n/w access 2. Human actors using physical access 3. System Problems 4. Other Problems

By Shanu Gaharana

GENERIC THREAT PROFILE : Represented by Tree Structures  This structure shows Assets, Access, Actors, Motives, and the

possible outcomes.
 There should be a suitable method in organization for asset

classification to know which of their assets are critical.

By Shanu Gaharana

LECTURE NO.-4

By Shanu Gaharana

Security Considerations in Mobile & Wireless Computing

Today belongs to Mobile Computing . As the mobility of workers increases, security issues also increase in

number, because working with technology outside the office brings many challenges.

By Shanu Gaharana

Proliferation of Mobile & Wireless Devices :Wireless Networks, and the use of mobile devices, are bringing the world a new means of communication and day-to-day business activities.

>As the mobility of workers increases, security issues also increase in number, because working with technology outside the office brings many challenges. > The implementation of these new Wireless devices also brings about new security threats to Information assets.

By Shanu Gaharana

Trends in Mobility : Types of Mobility :1. User Mobility:- refers to a wireless service that lets you be completely mobile
such as in a car, train, etc. 2. Device Mobiliity :- it enables to determine if the IP phone is at its home location or at a roaming location. Uses smaller, battery driven devices

3. Session Mobility :- Issues in data distribution. 4. Service Mobility (Code Mobility):- managing security is a big issue

By Shanu Gaharana

Key Findings for Mobile Computing Security Scenario : With usage experience, awareness of mobile users gets enhanced.  People continue to remain the weakest link for laptop security.  Wireless connectivity does little to increase burden of managing laptops Laptop experience changes the view of starting a smart handheld pilot There is naivety and/ or neglect in smart handheld security  Rules rather than technology keep smart handhelds usage in check
By Shanu Gaharana

Security Challenges Posed by Mobile Devices

Basically 2 challenges are presented : 1.Micro Challenges:- device level 2.Macro Challenges:- organizational level Some well- known technical challenges in mobile security are :1.Managing the registry settings & configurations 2.Authentication service security 3.Cryptography Security for mobile devices
By Shanu Gaharana

 LDAP (Light Weighted Directory Access Protocol ) - is an application

protocol for reading and editing directories over an IP network. A directory in this sense is an organized set of records: for example, a telephone directory is an alphabetical list of persons and organizations with an address and phone number in each "record"

 RAS Security:- important consideration for protecting the business

sensitive data that may reside on the employees mobile devices.

Media Player Control Security  Networking API Security

By Shanu Gaharana

LECTURE NO. -5

By Shanu Gaharana

Authentication Service Security

A secure n/w access involves the mutual authentication b/w the device

& the base stations or web servers .

Authentication services security is important given the typical attacks

on mobile devices through wireless n/w :

Denial of Service attacks Traffic analysis Eavesdropping
By Shanu Gaharana

Man in the middle attacks Session hijacking.

By Shanu Gaharana

Mobile Devices :Security Implications for Organizations

Managing diversity and proliferation of handheld devices Threats Through lost and stolen devices. Protecting data on lost devices Educating the laptop users

By Shanu Gaharana

LAPTOP SECURITY
Basic security measures are as following:1. 2. 3. 4. Choose a secure operating s/m and lock it down. Enable a strong BIOS Password. Asset tag or engrave the laptop. Register the laptop with manufacturer.

Physical Security :1. 2. 3. 4. 5. 6. Use a cable or hard-wired lock. Use a docking station. Use personal firewall for your laptop. Lock up all the ports and PCMCIA cards. Use laptop safes Use Motion Sensors & Alarms
By Shanu Gaharana

LAPTOP SECURITY
 Protecting Sensitive data :-

- Use NTFS file s/m - Disable the guest account. - Prevent the last logged-in user name from being displayed. - Enable EFS (Encrypting File System). - Backup your data before you leave.

By Shanu Gaharana

Lecture No. - 6

By Shanu Gaharana

INFORMATION CLASSIFICATION
 It is a demonstration toward an organizations commitment to security protections.  Helps to identify which information is most sensitive or vital.  Identify which protections apply to which information.

By Shanu Gaharana

TERMS FOR INFORMATION CLASSIFICATION 1. Unclassified :- neither sensitive nor classified. Public release of this information does not violate confidentiality. 2. Sensitive but unclassified:- minor secret but may not create serious damage if disclosed. Information that may be classified with these labels range from personally identifying information such as passport and Social Security numbers. 3. Confidential:- this information would cause "damage" or be to national security if publicly available 4. Secret:- this information would cause serious damage to national security if publicly available 5. Top Secret :- this information would cause exceptionally serious damage to national security if publicly available
By Shanu Gaharana

INFORMATION CLASSIFICATION in PRIVATE ORGANIZATIONS

1. Public 2. Sensitive 3. Private

By Shanu Gaharana

Information Systems Development

By Shanu Gaharana

LECTURE NO. 7

By Shanu Gaharana

BASIC PRINCIPLES OF IS
IS plays a crucial role in the modern digital economy.  There are basically 3 pillars of Infosec:

-Confidentiality - Integrity -Availability

By Shanu Gaharana

Security Related Basic Terms

Electronic Security Non repudiation :- Regarding digital security, the cryptological meaning and
application of non-repudiation is- A service that provides proof of the integrity and origin of data. - An authentication that with high assurance can be asserted to be genuine.

Electronic Signature :- An electronic signature is any electronic means that

indicates that a person adopts the contents of an electronic message. The U.S. Code defines an electronic signature for the purpose of US law as "an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.
By Shanu Gaharana

  

Encryption Cipher Cryptanalysis:- is the study of methods for obtaining the

meaning of encryptedinformation, without access to the secret information that is normally required to do so. Typically, this involves knowing how the system works and finding a secret key. In non-technical language, this is the practice of codebreaking or cracking the code

 

Cryptography DoS Attacks

Tempest :- is a codename referring to investigations and studies of compromising

emanations (CE) . Compromising Emanations (CE) are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, may disclose the information transmitted, received, handled, or otherwise processed by any informationprocessing equipment. TEMPEST is a codename only and is not an acronym.

Spoofing Steganography:- Art of hiding the existence of a message.

By Shanu Gaharana

INFORMATION INTEGRITY
Assurance that the data being accessed or read has neither been tampered

with, nor been altered or damaged through a system error, since the time of the last authorized access

By Shanu Gaharana

OTHER TERMS IN IS
 Identification Authentication Accountability Authorization Privacy

By Shanu Gaharana

References
http://samer-baydoun.com

>Information S/ms Security by Nina Godbole > http://www.csbdu.in/virtual/DIGITAL%20MUP/4.2.php

By Shanu Gaharana