Information System and Security

Prerequisite – Information Security, Threats to Information Security 
 

INTRODUCTION:

An information system (IS) is a collection of hardware, software, data, and people that work together to collect, process, store, and disseminate information. An IS can be used for a variety of purposes, such as supporting business operations, decision making, and communication.

Information security refers to the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. It aims to protect the confidentiality, integrity, and availability of information and information systems.

• Information systems are vulnerable to a variety of security threats, such as hackers, viruses, and natural disasters. As such, it is important for organizations to implement appropriate security measures to protect their information systems.
• There are several different security measures that organizations can implement to protect their information systems, such as:
• Firewalls: Firewalls are used to restrict access to an organization’s network and to protect against unauthorized access.
• Intrusion detection systems: These systems are used to detect and alert organizations to potential security breaches.
• Encryption: Encryption is used to protect sensitive information by converting it into unreadable code.
• Access controls: Access controls are used to restrict access to information and information systems to authorized individuals only.
• Security policies: Organizations can implement security policies to ensure that their employees understand their security responsibilities and adhere to them.
• Security Auditing: Regularly monitoring the system for possible malicious activities and vulnerabilities.
• By implementing these security measures, organizations can protect their information systems from unauthorized access and use, and ensure that their sensitive information is kept confidential and secure.

The Information System is an integrated set of the component for collecting, storing, processing and communicating information. Business firm and other organization on the information system to manage their operation in the marketplace supply service and augment personals lives. 

Types of information system: 
There are two types of the information system which are given below: General purpose information system, and Specialized information system. 

1. General purpose information system: 
   There are some general types of information system .for example a database management system(DBMS) is a combination of software and data that makes it possible to organize and analyze data. Database management system software is typically not designed to work with a specific organization or a specific type of analysis. 
    
2. Specialized information system: 
   In contrast, there is a number of a specialized information system that has been specifically designed to support a particular process within an organization or to carry out very specific analysis task. 

   Example: Enterprise resource planning (ERP) (used to integrate management of information system across an entire organization) 

Security Challenge: 
The number of smart phone devices capable of offering internet technology and experience rivaling desktop computer standards is growing at a fast pace. Security and privacy concern for mobile devices rival or go beyond similar concern for a laptop computer as mobile device are even more mobile by nature and are less likely to be managed by an organization. 

Ensure Security: 
In order to ensure security, it is necessary to provide at least the following services, which are given below. 

1. Authorization: 
   It is act of determining whether an (authenticate) entity has the right to execute action. 
    
2. Audit: 
   An auditing service providing a history of action that can be used to determine what (if anything) went wrong and what caused it to go wrong. 
    
3. Physical authentication: 
   Some firm of authentication such as an object (a key or a smart card ) or a personal characteristic like a fingerprint, retinal pattern, hand geometry. 
    
4. Data Confidentiality: 
   It protects against disclosure of any data while in transit and is provided by encryption of data. 
    

ADVANTAGES OR DISADVANTAGES:

Advantages of implementing information system and security include:

• Protection of sensitive information: By implementing security measures, organizations can protect their sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction.
• Compliance: Implementing information security can help organizations meet compliance requirements, such as HIPAA, PCI-DSS, and SOX.
• Risk management: By implementing security measures, organizations can better manage the risks associated with their information systems.
• Business continuity: By protecting information systems from natural disasters, power outages and other disruptions, organizations can ensure that their business operations can continue uninterrupted.
• Cost savings: Implementing security measures can help organizations avoid costly data breaches and other security incidents.

Disadvantages of implementing information system and security include:

• Cost: Implementing security measures can be costly, as it may require additional resources, such as security experts, to manage the process.
• Time-consuming: Implementing security measures can be time-consuming, especially for organizations that have not previously used this framework.
• Complexity: Implementing security measures can be complex, especially for organizations that have a lot of data and systems to protect.
• Inflexibility: Security measures can be inflexible, making it difficult for organizations to respond quickly to changing security needs.
• Limited Adaptability: Security measures are predefined, which is not adaptable to new technologies, it may require updating or revising to accommodate new technology.