Information System and Security

Prerequisite – Information Security, Threats to Information Security 
 

INTRODUCTION:

An information system (IS) is a collection of hardware, software, data, and people that work together to collect, process, store, and disseminate information. An IS can be used for a variety of purposes, such as supporting business operations, decision making, and communication.

Information security refers to the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. It aims to protect the confidentiality, integrity, and availability of information and information systems.

• Information systems are vulnerable to a variety of security threats, such as hackers, viruses, and natural disasters. As such, it is important for organizations to implement appropriate security measures to protect their information systems.
• There are several different security measures that organizations can implement to protect their information systems, such as:
• Firewalls: Firewalls are used to restrict access to an organization’s network and to protect against unauthorized access.
• Intrusion detection systems: These systems are used to detect and alert organizations to potential security breaches.
• Encryption: Encryption is used to protect sensitive information by converting it into unreadable code.
• Access controls: Access controls are used to restrict access to information and information systems to authorized individuals only.
• Security policies: Organizations can implement security policies to ensure that their employees understand their security responsibilities and adhere to them.
• Security Auditing: Regularly monitoring the system for possible malicious activities and vulnerabilities.
• By implementing these security measures, organizations can protect their information systems from unauthorized access and use, and ensure that their sensitive information is kept confidential and secure.

The Information System is an integrated set of the component for collecting, storing, processing and communicating information. Business firm and other organization on the information system to manage their operation in the marketplace supply service and augment personals lives. 

Types of information system: 
Information systems are categorized based on their scope, purpose, and functionality. Here are the main types of information systems:

Transaction Processing Systems (TPS): TPSs are used to process and record transactions, such as sales, purchases, and payments. They are designed to handle high volumes of transactions and are critical for the daily operations of businesses.

Management Information Systems (MIS): MISs are used to provide managers with the information they need to make decisions. They typically provide reports and analysis on the performance of the organization, including financial, operational, and marketing data.

Decision Support Systems (DSS): DSSs are used to support decision-making by providing information and analysis to users. They use models and analytical tools to analyze data and provide recommendations based on that analysis.

Executive Support Systems (ESS): ESSs are used to support the strategic decision-making of senior executives. They provide high-level summaries of data and analysis, typically in the form of dashboards and other visualizations.

Enterprise Resource Planning (ERP) Systems: ERPs are used to manage and integrate all the business processes and data of an organization. They typically include modules for finance, HR, inventory management, and other areas of the business.

Customer Relationship Management (CRM) Systems: CRMs are used to manage customer interactions and relationships. They provide a 360-degree view of the customer, including their purchase history, preferences, and feedback.

Supply Chain Management (SCM) Systems: SCMs are used to manage the flow of goods and services from suppliers to customers. They include modules for inventory management, logistics, and procurement.

Knowledge Management Systems (KMS): KMSs are used to capture, store, and share knowledge and expertise within an organization. They include tools for collaboration, content management, and search.

Geographic Information Systems (GIS): GISs are used to manage and analyze spatial data. They are used in fields such as urban planning, environmental management, and natural resource management.

Expert Systems (ES): ESs are used to provide expert-level advice and decision-making in specific domains. They are typically based on rule-based or knowledge-based systems.

Security Challenge: 
The number of smart phone devices capable of offering internet technology and experience rivaling desktop computer standards is growing at a fast pace. Security and privacy concern for mobile devices rival or go beyond similar concern for a laptop computer as mobile device are even more mobile by nature and are less likely to be managed by an organization. 

Ensure Security: 
In order to ensure security, it is necessary to provide at least the following services, which are given below. 

1. Authorization: 
   It is act of determining whether an (authenticate) entity has the right to execute action. 
    
2. Audit: 
   An auditing service providing a history of action that can be used to determine what (if anything) went wrong and what caused it to go wrong. 
    
3. Physical authentication: 
   Some firm of authentication such as an object (a key or a smart card ) or a personal characteristic like a fingerprint, retinal pattern, hand geometry. 
    
4. Data Confidentiality: 
   It protects against disclosure of any data while in transit and is provided by encryption of data. 
    

ADVANTAGES OR DISADVANTAGES:

Advantages of implementing information system and security include:

• Protection of sensitive information: By implementing security measures, organizations can protect their sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction.
• Compliance: Implementing information security can help organizations meet compliance requirements, such as HIPAA, PCI-DSS, and SOX.
• Risk management: By implementing security measures, organizations can better manage the risks associated with their information systems.
• Business continuity: By protecting information systems from natural disasters, power outages and other disruptions, organizations can ensure that their business operations can continue uninterrupted.
• Cost savings: Implementing security measures can help organizations avoid costly data breaches and other security incidents.

Disadvantages of implementing information system and security include:

• Cost: Implementing security measures can be costly, as it may require additional resources, such as security experts, to manage the process.
• Time-consuming: Implementing security measures can be time-consuming, especially for organizations that have not previously used this framework.
• Complexity: Implementing security measures can be complex, especially for organizations that have a lot of data and systems to protect.
• Inflexibility: Security measures can be inflexible, making it difficult for organizations to respond quickly to changing security needs.
• Limited Adaptability: Security measures are predefined, which is not adaptable to new technologies, it may require updating or revising to accommodate new technology.