2. WHAT IS INFORMATION SYSTEM ?
An Information system is a combination of hardware
and software and telecommunication networks that
people build to collect, create and distribute useful data,
typically in an organization. It defines the flow of
information within the system. The objective of an
information system is to provide appropriate information
to the user, to gather the data, process the data and
communicate information to the user of the system.
4. They are five components
1. Computer Hardware:
Physical equipment used for input, output and processing. The
hardware structure depends upon the type and size of the
organization. It consists of an input and an output device, operating
system, processor, and media devices. This also includes computer
peripheral devices.
2. Computer Software:
The programs/ application program used to control and coordinate
the hardware components. It is used for analysing and processing
of the data. These programs include a set of instruction used for
processing information.
5. CONTINUE….
3. Databases:
Data are the raw facts and figures that are unorganized that
are later processed to generate information. Softwares are
used for organizing and serving data to the user, managing
physical storage of media and virtual resources. As the
hardware can’t work without software the same as software
needs data for processing. Data are managed using
Database management system.
Database software is used for efficient access for required
data, and to manage knowledge bases.
6. Continue….
4. Network:
• Networks resources refer to the telecommunication networks like the intranet,
extranet and the internet.
• These resources facilitate the flow of information in the organization.
• Networks consists of both the physicals devices such as networks cards, routers,
hubs and cables and software such as operating systems, web servers, data servers
and application servers.
• Telecommunications networks consist of computers, communications processors,
and other devices interconnected by communications media and controlled by
software.
• Networks include communication media, and Network Support.
7. Continue…
5. Human Resources:
It is associated with the manpower required to run and manage the
system. People are the end user of the information system, end-
user use information produced for their own purpose, the main
purpose of the information system is to benefit the end user. The
end user can be accountants, engineers, salespersons, customers,
clerks, or managers etc. People are also responsible to develop and
operate information systems. They include systems analysts,
computer operators, programmers, and other clerical IS personnel,
and managerial techniques.
8. Some common characteristics of information
systems include following:
Data stored in electronic form
Processing of all types of inputs including visual, audio, and video
Capable of handling high volumes of data with minimal effort
9. Securing information systems
Information systems security, refers to the processes
and methodologies involved with keeping information
confidential, available, and assuring its integrity.
Protection from harm, including :
Theft of information
Alteration of information.
10. Theft of information
Information theft or data theft is the act of stealing digital
information stored on computers, servers, or electronic
devices to obtain confidential information or compromise
privacy.
The data stolen can be anything from bank account
information, online passwords, passport numbers, driver's
license numbers, social security numbers, medical records,
online subscriptions, and so on.
11. CONTINUE..
Once an unauthorized person has access to personal or
financial information, they can delete, alter, or prevent
access to it without the owner’s permission.
If data thieves steal enough information, they can use it
to gain access to secure accounts, set up credit cards
using the victim’s name, or otherwise use the victim’s
identity to benefit themselves.
12. How does data theft happen
Data theft or digital theft occurs through a variety of
means. Some of the most common include:
Weak passwords:
Using a password that is easy to guess, or using the
same password for multiple accounts, can allow
attackers to gain access to data. Poor password habits
– such as writing passwords down on a piece of paper
or sharing them with others – can also lead to data
theft.
13. CONTINUE..
Database or server problems
If a company storing your information is attacked because
of a database or server problem, the attacker could access
customers' personal information.
Compromised downloads
An individual might download programs or data from
compromised websites infected by viruses like worms
or malware. This gives criminals unauthorized access to
their devices, allowing them to steal data.
14. CONTINUE..
System vulnerabilities:
Poorly written software applications or network
systems that are poorly designed or implemented
create vulnerabilities that hackers can exploit and
use to steal data. Antivirus software that is out of
date can also create vulnerabilities.
15. CONTINUE..
Use secure passwords
Passwords can be easily cracked by hackers,
particularly if you don't use a strong password. A
strong password is at least 12 characters or longer
and comprises a mix of upper- and lower-case
letters plus symbols and numbers. The shorter and
less complex your password is, the easier it is for
cybercriminals to crack.
16. CONTINUE..
You should avoid choosing something obvious –
such as sequential numbers (“1234”) or personal
information that someone who knows you might
guess, such as your date of birth or a pet’s name.
17. CONTINUE..
Avoid using the same password for multiple
accounts
If you use the same password for multiple
accounts, if a hacker cracks your password on one
website, they also have access to many more.
Remember to change your passwords regularly –
every six months or so.
18. CONTINUE..
Avoid writing down your passwords
Writing a password down anywhere leaves it
susceptible to being found by hackers, whether
it’s on a piece of paper, in an Excel spreadsheet,
or in the Notes app on your phone. If you have too
many passwords to remember, consider using
a password manager to help you keep track.
19. Hacking
is the act of compromising digital devices and
networks through unauthorized access to an
account or computer system. Hacking is not
always a malicious act, but it is most commonly
associated with illegal activity and data theft by
cyber criminals.
20. CONTINUE..
Hacking refers to the misuse of devices like
computers, Smartphone's, tablets, and networks to
cause damage to or corrupt systems, gather
information on users, steal data and documents, or
disrupt data-related activity.
21. Types of Hackers
Black Hat Hackers
Black hat hackers are the "bad guys" of the hacking
scene.
They go out of their way to discover vulnerabilities in
computer systems and software to exploit them for
financial gain or for more malicious purposes, such as
to gain reputation, carry out corporate espionage, or
as part of a nation-state hacking campaign.
22. CONTINUE..
These individuals’ actions can inflict serious
damage on both computer users and the
organizations they work for.
They can steal sensitive personal information,
compromise computer and financial systems, and
alter or take down the functionality of websites
and critical networks.
23. CONTINUE..
White Hat Hackers
White hat hackers can be seen as the “good guys”
who attempt to prevent the success of black hat
hackers through proactive hacking. They use their
technical skills to break into systems to assess and
test the level of network security, also known as
ethical hacking
24. CONTINUE..
This helps expose vulnerabilities in systems
before black hat hackers can detect and exploit
them.
Grey Hat Hackers
Grey hat hackers sit somewhere between the good
and the bad guys.
25. CONTINUE..
Unlike black hat hackers, they attempt to violate
standards and principles but without intending to do
harm or gain financially.
Their actions are typically carried out for the common
good. For example, they may exploit a vulnerability
to raise awareness that it exists, but unlike white hat
hackers, they do so publicly. This alerts malicious
actors to the existence of the vulnerability.
26. Cyber attack
A cyber attack is a malicious and deliberate
attempt by an individual or organization to breach
the information system of another individual or
organization. Usually, the attacker seeks some
type of benefit from disrupting the victim’s
network.
27. Most Common Cyber attacks
Malware is a term used to describe malicious
software, including spyware, ransom ware,
viruses, and worms. Malware breaches a network
through a vulnerability, typically when a user
clicks a dangerous link or email attachment that
then installs risky software.
28. malware can do the following
Blocks access to key components of the network
(ransom ware)
Installs malware or additional harmful software
Covertly obtains information by transmitting data
from the hard drive (spyware)
Disrupts certain components and renders the
system inoperable
29. Phishing
is the practice of sending fraudulent
communications that appear to come from a
reputable source, usually through email. The goal
is to steal sensitive data like credit card and login
information or to install malware on the victim’s
machine. Phishing is an increasingly common
cyber threat.
30. Denial-of-service attack
A denial-of-service attack floods systems, servers,
or networks with traffic to exhaust resources and
bandwidth. As a result, the system is unable to
fulfill legitimate requests. Attackers can also use
multiple compromised devices to launch this
attack. This is known as a distributed-denial-of-
service (DDoS) attack.
31. SQL injection
A Structured Query Language (SQL) injection
occurs when an attacker inserts malicious code into
a server that uses SQL and forces the server to
reveal information it normally would not. An
attacker could carry out a SQL injection simply by
submitting malicious code into a vulnerable
website search box. Learn how to defend
against SQL injection attacks.
32. Zero-day exploit
A zero-day exploit hits after a network
vulnerability is announced but before a patch or
solution is implemented. Attackers target the
disclosed vulnerability during this window of
time. Zero-day vulnerability threat
detection requires constant awareness.
33. Principles of Information System Security
What are the three information sytem security principles?
Confidentiality, integrity, and availability are the three
core concepts of information security. More than one of
these principles must be implemented in every aspect of the
information security program. The CIA Triad is their collective
name.
34. CONTINUE..
Confidentiality
Confidentiality safeguards are in place to avoid unauthorized
information dissemination. The confidentiality principle's goal is
to keep personal information confidential and only make it
public and available to those who possess it or need it to
accomplish their organizational tasks.
35. CONTINUE…
Integrity
Protection against unwanted data modifications (additions,
deletions, revisions, and so on) is included in consistency. The
integrity principle assures that data is correct and dependable,
and that it is not tampered with in any way, whether mistakenly
or deliberately.
36. CONTINUE…
Availability
The capacity of a system to create software systems and
data completely accessible when a customer requires it is
known as availability. The goal of availability is to
develop technological infrastructure, applications, and
data accessible when they're required for a business
process or by a company's customers.