Information System

An information system can be defined as a set of interrelated components that collect,

manipulate, store data, distribute information to support decision making and provide a
feedback mechanism to monitor performance. It may also help the manager and workers to
analyse problems, visualize complex subject, and create new products. Software, Hardware,
information system users, computer system connections and information, and the system's
housing are all part of an Information System.

Components of Information System

People: Peoples are the most essential part of the information system because without
them the system cannot be operated correctly.

Hardware: It is the part of a physical component of an information system which we can

touch. The information system hardware includes the computer, processors, monitors,
printer, keyboards, disk drives, iPads, flash drives, etc.

Software: It is a set of instruction that tells the hardware what to do. It can be used to
organize, process and analyse data in the information system.

Data: Data is a collection of facts. Information systems work with data. These data can be
aggregated, indexed, and organized into tables and files together to form a database. These
databases can become a powerful tool for every businesses information system.

Network: It includes internet, intranet, extranet to provide successful operations for all
types of organizations and computer-based information system.

Procedures: It specifies the policies that govern the operation of an information system. It
describes how specific method of data are processed and analysed to get the answers for
which the information system is designed.

Feedback: It is the component of an information system which defines that an IS may be

provided with feedback.

Types of Information system

1. Executive Information Systems
It is a strategic-level information system which is found at the top of the Pyramid. Its
primary goal is to provide information gathered from both internal and external sources to
the senior executives and management to analyse the environment in which the
organization operates, and to plan appropriate courses of action for identifying the long-
term trends. It can also be used to monitor organization performance as well as to identify
opportunities and problems. EIS is designed in such a way that it can be operated directly
by executives without the need for intermediaries.

The role of Executive Information Systems are:

 o It is concerned for ease of use.
o It supports unstructured decisions.
o It concerned with predicting the future.
o It is highly flexible.
o It is effective.
o It uses both internal and external data sources.
o It is used only at the higher levels of authority.

2. Decision Support Systems

A DSS or Decision Support System is a computer application program used by senior
managers to analyse the business data and presents it in that form in which the users can
make business decisions more easily. These systems are usually interactive and can be used
to solve ill-structured problems in an organization. It helps in exchanging the information
within the organization.

The role of Decision Support System are:

o It supports ill-structured or semi-structured decisions.

o It is used by senior managerial levels.
o It has analytical and/or modeling capacity.
o It is concerned with predicting the future.

3. Management Information Systems

MIS or Management Information System is the use of information technology, people, and
business processes to record, store, manipulate, and process data to produce meaningful
information. These information helps decision makers to make day to day decisions
correctly and accurately. It is used to make a tactical decision (middle-term decision) to
ensure the smooth running of an organization. It also helps to evaluate the organization's
performance by comparing previous outputs with current output.

The role of Management Information Systems are:

o It is based on internal information flows.

o It supports relatively structured decisions.
o It is inflexible and has a little analytical capacity.
o It is used by lower and middle managerial levels.
o It deals with the past and presents rather than the future.

4. Transaction Processing Systems

TPS or transaction processing system is a type of information processing system for
business transactions that involve the collection, storage, modification and retrieval of all
data transaction of an enterprise. The characteristics of a Transaction Processing System
includes reliability, performance, and consistency. A TPS is also known as real-time
processing.

The role of Transaction Processing System are:

o It produces the information for other systems.

o It is used by operational personnel plus supervisory levels.
o It is efficiency oriented.

Development of Information System

1. Define and understand the problems
2. Develop an alternative solution
3. Evaluate and choose the best solution
4. Implement the solution

Mobile Computing-

Mobile computing is a generic term that refers to a variety of devices that allow
people to access data and information from wherever they are. Sometimes
referred to as "human-computer interaction," mobile computing transports data,
voice, and video over a network via a mobile device.

Mobile devices can be connected to a local area network (LAN), or they can take
advantage of Wi-Fi or wireless technology by connecting via a wireless local area
network (WLAN).

The Benefits of Mobile Computing

 Connectivity: You can stay connected to all sources at all times.

 Social Engagement: You can interact with a variety of users via the
Internet.
 Personalization: You can tailor your mobile computing to your individual
needs.

Role in IS-
(1)
non- disruptive user interfaces characterised by a low cognitive load,
(2)
hands-free operation,
(3)
an unobtrusive form factor,
(4)
the ability to model, recognise and act upon events in the environment (context
sensitivity), and
(5)
seamless, ubiquitous connectivity.

INTERNET AND WEB SERVICES-

The internet has revolutionized communication and there by its contribution of

information sharing. With access to computer and an appropriate connection, anyone
can interact with others worldwide. However, the web is designed to exchange
unstructured information, while people can read web pages and understand their
maning, computers cannot. If corporations want to conduct business over the web,
humans have to be involves unless there is a way for computers to communicate on
their own.

Web services in Information System: –

 Web services are self contained, modular applications that can be describe,
published,located and invoked over a network.
 Web services performs functions using ranging from simple requests to
complicated business processes.
 Web services have been proven to give a strong return on investors(RIO) and
make computer based information system more adaptable. They also help bring
productivity, flexibility,and low maintence cost in the developement of
information system by integring components from various third party vendor’s
product.
 Services refer to components and the services offered that can be used to build larger
application services.
 Web services are adaptable and can handle changes more readily

Cyber Security Introduction

Cybersecurity is the protection of Internet-connected systems, including hardware,
software, and data from cyber attacks. It is made up of two words one is cyber and other is
security. Cyber is related to the technology which contains systems, network and programs
or data. Whereas security related to the protection which includes systems security,
network security and application and information security.
It is the body of technologies, processes, and practices designed to protect networks,
devices, programs, and data from attack, theft, damage, modification or unauthorized
access. It may also be referred to as information technology security.

Cyber-attack is now an international concern and has given many concerns that hacks and
other security attacks could endanger the global economy. Organizations transmit sensitive
data across networks and to other devices in the course of doing businesses, and
cybersecurity describes to protect that information and the systems used to process or store
it.

As the volume of cyber-attacks grows, companies and organizations, especially those that
deal information related to national security, health, or financial records, need to take steps
to protect their sensitive business and personal information.

Cyber Security Goals

The objective of Cybersecurity is to protect information from being stolen, compromised or
attacked. Cybersecurity can be measured by at least one of three goals-

1. Protect the confidentiality of data.

2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.

4. 1. Confidentiality
5. Confidentiality is roughly equivalent to privacy and avoids the unauthorized
disclosure of information. It involves the protection of data, providing access for
those who are allowed to see it while disallowing others from learning anything about
its content. It prevents essential information from reaching the wrong people while
making sure that the right people can get it. Data encryption is a good example to
ensure confidentiality.
6. Tools for Confidentiality
7.

Encryption
Encryption is a method of transforming information to make it unreadable for
unauthorized users by using an algorithm. The transformation of data uses a secret
key (an encryption key) so that the transformed data can only be read by using
another secret key (decryption key). It protects sensitive data such as credit card
numbers by encoding and transforming data into unreadable cipher text. This
encrypted data can only be read by decrypting it. Asymmetric-key and symmetric-
key are the two primary types of encryption.

Access control
Access control defines rules and policies for limiting access to a system or to physical
or virtual resources. It is a process by which users are granted access and certain
privileges to systems, resources or information. In access control systems, users
need to present credentials before they can be granted access such as a person's
name or a computer's serial number. In physical systems, these credentials may
come in many forms, but credentials that can't be transferred provide the most
security.
Authentication
An authentication is a process that ensures and confirms a user's identity or role that
someone has. It can be done in a number of different ways, but it is usually based
on a combination of-

o something the person has (like a smart card or a radio key for storing secret
keys),
o something the person knows (like a password),
o something the person is (like a human with a fingerprint).

Authentication is the necessity of every organizations because it enables

organizations to keep their networks secure by permitting only authenticated users
to access its protected resources. These resources may include computer systems,
networks, databases, websites and other network-based applications or services.

Authorization
Authorization is a security mechanism which gives permission to do or have
something. It is used to determine a person or system is allowed access to
resources, based on an access control policy, including computer programs, files,
services, data and application features. It is normally preceded by authentication for
user identity verification. System administrators are typically assigned permission
levels covering all system and user resources. During authorization, a system verifies
an authenticated user's access rules and either grants or refuses resource access.

Physical Security
Physical security describes measures designed to deny the unauthorized access of IT
assets like facilities, equipment, personnel, resources and other properties from
damage. It protects these assets from physical threats including theft, vandalism,
fire and natural disasters.

2. Integrity
Integrity refers to the methods for ensuring that data is real, accurate and
safeguarded from unauthorized user modification. It is the property that information
has not be altered in an unauthorized way, and that source of the information is
genuine.
Tools for Integrity

Backups
Backup is the periodic archiving of data. It is a process of making copies of data or
data files to use in the event when the original data or data files are lost or
destroyed. It is also used to make copies for historical purposes, such as for
longitudinal studies, statistics or for historical records or to meet the requirements of
a data retention policy. Many applications especially in a Windows environment,
produce backup files using the .BAK file extension.

Checksums
A checksum is a numerical value used to verify the integrity of a file or a data
transfer. In other words, it is the computation of a function that maps the contents
of a file to a numerical value. They are typically used to compare two sets of data to
make sure that they are the same. A checksum function depends on the entire
contents of a file. It is designed in a way that even a small change to the input file
(such as flipping a single bit) likely to results in different output value.

Data Correcting Codes

It is a method for storing data in such a way that small changes can be easily
detected and automatically corrected.
3. Availability
Availability is the property in which information is accessible and modifiable in a
timely fashion by those authorized to do so. It is the guarantee of reliable and
constant access to our sensitive data by authorized people.

Tools for Availability

o Physical Protections
o Computational Redundancies

Physical Protections
Physical safeguard means to keep information available even in the event of physical
challenges. It ensure sensitive information and critical information technology are
housed in secure areas.

Computational redundancies
It is applied as fault tolerant against accidental faults. It protects computers and
storage devices that serve as fallbacks in the case of failures.