What are the considerations companies should take for information systems?

1. ISINFORMATION SYSTEMS
BY: JAN WONG
HELLO AND
WELCOME TO
Chapter Seven:
SECURITY, ETHICS
AND PRIVACY
“How to ensure it is safe & secure?”

2. ISSecurity Risks

3. ISIs it possible to protect against all
types of risks?

4. It is not possible to protect against all
types of risks!
Costly
There is no one solution to
address all the risks.
High Complexity
All resource, data, software,
processes can be at risk.
Unpredictability
Hundreds of potential threats
exists.
Too Many Users
Many individuals have access to
different parts of the system.
Rapid Tech Change
Constant innovation and upgrades
cause systems to be obsolete.
Lack of Control
Systems may span outside the
organisation (e.g. 3rd party).
People Factor
People tend to violate security
measures for convenience.
Difficult to Detect
Due to so many different
components involved.
Distributed Systems
Making it difficult to track and
pinpoint security flaws.
#3:
System
Failures
#2:
Environmental
Hazards
#4:
Cybercrime
#1:
Human
Factors
Hardware, software & information

5. Let’s talk about
risks
• Design of hardware or systems
• Negligence or oversight during SDLC
• Lack of knowledge or experience
• Inadequate specifications given
• Greed
• Convenience
• Unauthorised access: use of system
without permission
• Unauthorised use: use of system for
unapproved activities
#1:
Human
Factors

6. Let’s talk about
risks
• External factors that is outside the
control of the system or users.
• Natural disasters such as earthquake,
floods, fire, lightning strikes, etc.
• Micro environment such as defective
aircond, smoke, heat and water
damage.
• Macro environment such as
radioactive fallout, riots and etc.
#2:
Environmental
Hazards

7. Let’s talk about
risks
• Poor design (both hardware or
software).
• Use of defective materials.
• Noise (unwanted electrical signals).
• Undervoltage (drop in electrical
supply).
• Power surge (significant increase of
electrical supply).
#3:
System
Failures

8. Let’s talk about
risks
• Hackers consists of outsiders that
penetrates the system without
permission, or insiders that misuse
their authorisation.
• Data tampering: inserts false data.
• DOS attack: hammering a website will
more requests that it can handle.
• Backdoor: allows users to bypass
security controls.
• Phishing & spoofing: a fake website
that looks legitimate.
• Programming Fraud:
#4:
Cybercrime
Adware
Displays advertisements on any
software.
Ransomware
Blocks access to a system until
the user pays a ransom.
Spyware
Secretly collects information
about the user.
Virus
Affects & infects a system
without permission.
Worm
Copies repetitively, using up
resources to shutdown system.
Trojanhorse
Looks legitimate but contains
malicious codes.

9. ISSecurity Measures
How to protect against them?

10. Minimise the risk
potentials of systems,
not eliminate them.
We can only
Because there is no 100% guaranteed protection.

11. Anti Virus
Scans programs or systems for
virus signatures to detect, remove
or quarantine infected files.
Firewall
A hardware / software that
protects a network from external
intrusion and informs you of
unusual behaviour.
SSL Certificate
Encrypts data between client and
the server.The certificate is usually
issued by a trusted Certificate
Authority (CA).
Access Control
A set of rules to define who can
access the system and what are
their usage limitations, usually via a
login credential.
Acceptable Use Policy
Outlines the activities for what can
be used (and not) within the
system, like a terms of usage.
Encryption
Converts plaintext / readable text
into encoded / unreadable
characters.
Verification Device
A device that generates a random
code to be used to verify your
identity when accessing a system.
Biometrics
Authenticates a user’s identity
using personal characteristics like
thumbprint, facial patterns or iris.
2-Step Verification
A second level of verification to
further protect account access.
Alarm System
Notifies users if there are any
abnormalities to the environment,
facility or system e.g. smoke or
movement detector.
Possessed Objects
An item that you must carry with
you in order to gain access to a
computer or facility e.g. access
card, RFID tag, etc.
Product Activation
Uses a unique identification code
to grant access to the product’s
usage.
License Agreement
Requires acceptance of terms
before via a digital sign-off using
the system.
Surge Protector
Protects computer & equipment
from electrical disturbances.
UPS
Like a battery, provides stored
power during power loss.
Backup
A duplicate copy of files or
program that can be used as a
restoration point.
Disaster Recovery Plan
A written plan that describes what
to do should a disaster occurs - to
evacuate, recover and test systems.

12. Backup
A duplicate copy of files or program that can be used as a restoration point.
Full
Fastest recovery
method, takes a
complete copy of all the
files to be saved - but
has the longest backup
and restoration time.
Differential
A full backup, but only
for files that were not
included in the first full
backup version - can be
time consuming during
restoration.
Mirror
Real-time backup that is
most reliable and
quickest to restore
from - but most
expensive and requires
the most storage to
make this happen.
Onsite / Offsite / Cloud
Determines how the backup files will be stored - physically within the same
premise of the original, outside the premise from the original, or on the cloud
that requires internet connectivity to access.
Full: Selective
Only backs up selected
files in full - but will be
difficult to be keep
tracked of over time.
Incremental
Requires minimal space
to store the backup as
it only saves the most
recent changes - but
extremely time
consuming to restore.

13. ISEthics & Privacy

14. “If it is on social
media, it has to
be true.”
We live in a generation where news are not verified.

15. The big problem:
Not Verifying Accuracy
Consumers do not check the facts.
No Regulations
There is no strict law government
digital code of conduct.
No Privacy Standards
Apart from GDPR (Europe), most
countries don’t have.

16. Privacy on the internet?
That’s oxymoron.
The citizens will decide
between convenience or
privacy.
Our data has become a currency for convenience.

17. Your data is collected:
Electronic Profile Cookies Visual Monitoring Geolocation
Purchase Behaviour Ads Interaction Search Terms App Downloads

18. ISImpact to Health

19. To prevent:
Do not purchase unneeded electronic devices,
reduce electricity consumption, recycle your
devices.
To prevent:
Have furnitures with good ergonomic that
provides comfort, efficiency and safety in your
workplace.
To prevent:
Don’t apply constant pressure on your wrists,
spread fingers apart during breaks, do light
stretches whenever possible.
To prevent:
Have constant breaks, display should be at least
arms’ length, have good lighting conditions, use
larger fonts, etc.
Computer Vision Syndrome
Eye & vision problems e.g. short sightedness, lazy
eye, ocular hypertension, astigmatism, etc.
Repetitive Strain Injury (RSI)
e.g. Carpal Tunnel Syndrome where the nerve
connecting forearm to palm is inflamed.
Tendonitis
Inflammation of tendon due to repeated motion
e.g. backaches, neck strains, etc.
Environmental Deterioration
Consumption of electricity, material production
and electronic waste.
To prevent:
Have consistent ‘time off’ and choose to
consume content in different mediums instead.
Addiction
Dependency towards devices where users are
not able to put it away for a prolonged period.