Management information systems
This presentation is the property of its rightful owner.
Sponsored Links
1 / 16

Management Information Systems PowerPoint PPT Presentation


  • 115 Views
  • Uploaded on
  • Presentation posted in: General

Management Information Systems. The Islamia University of Bahawalpur Delivered by: Tasawar Javed. Information Security. Today’s talk Information security Objectives of information security Management of information security Information security management Threats

Download Presentation

Management Information Systems

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Management information systems

Management Information Systems

The Islamia University of Bahawalpur

Delivered by:

TasawarJaved


Management information systems

Information Security

  • Today’s talk

    • Information security

      • Objectives of information security

      • Management of information security

    • Information security management

    • Threats

      • Internal and external threats

      • Accidental and deliberate Acts

    • Types of Threats

    • Risks


Management information systems

Information Security

  • Information security

    • System Security

      • Secure their information resources, attention was focused almost exclusively on protecting hard ware and data

    • Information Security

      • This term was used to describe the protection of both computer and non computer equipment, facilities, data, and information from misuse by unauthorised parties.

        This broad definition includes such equipment as

        copiers, fax machines, and all types of media, and paper document


Management information systems

Information Security

  • Objectives of Information Security

    • Confidentiality

      • Firm seeks to protect its data and information from disclosure to unauthorized persons.

      • Executive information systems, HRIS, & such transaction processing systems as payroll, accounts receivable, purchasing, and accounts payable are especially critical in this regard.

    • Availability

      • The purpose of firm’s information infrastructure is to make its data and information available to those who are authorized to use it. This objective is especially important to information oriented systems such as human resource information systems and executive information systems.


Management information systems

Information Security

  • Integrity

    • All of the information systems should provide an accurate representation of the physical systems that they represent

      The firm’s information systems must protect the data and information from misuse, but ensure its availability to authorized users who can have confidence in its accuracy


Management information systems

Information Security

  • Management of information Security

    • Management is not only expected to keep the information resources secure, it is also expected to keep the firm functioning after a disaster or security breach.

    • ISM; express the activity of keeping information resources secure

    • Business Continuity Management

      • The activity of keeping the firm and its information resources functioning after a catastrophe


Management information systems

Information Security

  • Management of information Security

    • CISSO: Corporate information systems security officer has been used for the person in the organization, typically a member of the information systems unit, who is responsible for the firm’s information systems security.

    • CIAO

      • Firms are trying to achieve an even higher level of security; designated a Corporate Information Assurance Officer; who will report to the CEO and manage an information assurance unit.

      • The CIAO should possess the full range of security certification and have a minimum of 10 years experience in managing an information security facility


Management information systems

Information Security

  • Information Security Management

    • It consist on four steps

      • Identifying the threat

      • Define the risks

      • Establish and information security policy

      • Implementing the controls

        The Term Risk Management has been coined to describe this approach of basing the security of the firm’s information resources on the risk that it faces


Information security

Information Security

Identify

The threats

  • RISK Mgmt

Define the Risks

Establish an IS policy

Implement the controls


Management information systems

Information Security

  • Information security Management

    • Information Security Benchmark

      • A benchmark is a recommended level of performance

      • Security benchmark is a recommended level of security that in normal circumstances should offer reasonable protection against unauthorized intrusion.

      • These are defined by government and industry association and reflect what those authorities believe to be the components of a good information security program.


Management information systems

Information Security

  • When a firm follow this approach, which we call benchmark compliance, it is assumed that government and industry authorities have done a good job of considering the threats and risks and that the bench marks offer good protection

    Benchmark compliance

Benchmarks

Establish an ISP

Implement the control


Management information systems

Information Security

  • Threats

    • Information security threat is a person, organization, mechanism, or event that has potential to inflict harm on the firm’s information resources

  • Internal and External Threats

    • Internal includes not only employee, temporary workers, consultants, contractors, and even partners. External threats due to more intimate knowledge of the system by the internal threats


Management information systems

Information Security

  • Accidental and deliberate Acts

    • Some threats are accidental; caused by persons inside or outside the firm

    • Information security should be aimed at preventing deliberate threats, it should also eliminate or reduce the opportunity for accidental damage


Management information systems

Information security

  • Types of threats

    • Virus

      • Computer program that can replicate itself without being observable to the user and embed copies of itself in other programs and boot sectors

    • Trojan horse

      • Can neither replicate nor distribute itself; user produced it as utility but when it is used then it produces unwanted changes in the system’s functionality

    • Adware

      • It generates intrusive advertising messages

    • Spyware

      • Gathers data from the user’s machines


Information security1

Information Security

  • Risks

    • Unauthorized disclosure and theft

    • Unauthorized use

    • Unauthorized destruction and denial of services

    • Unauthorized modification


Management information systems

  • Thank you!!!

  • Q&A


  • Login