Date post: | 14-Apr-2018 |
Category: |
Documents |
Upload: | nandkumar-khachane |
View: | 222 times |
Download: | 0 times |
of 18
7/29/2019 Problems and Issues With Mis
1/18
1
PROBLEMS AND ISSUES WITH MIS
1. Definitiono A MIS manages the information a business needs to run effectively. While these
systems have existed for hundreds of years, the MIS that is referred to in recent
times is more indicative of a consistent approach to developing an information
framework replete with guidelines, polices, procedures and standards supportiveof the company's long-term goals. MIS, as it is defined in the vernacular, typically
refers to a strategic information system that, if used effectively, manifests itself asa tool that builds productivity in a way that maximizes profit margins.
New Technology
o While new technology in and of itself is not a solution, it can provide methods by
which to overcome existing performance gaps and to capitalize on newopportunities. Although technology-based, the term "technology" may not
necessarily connote a complicated endeavor in a MIS. But it should be noted that,in practice, newer technology is what enables newer versions of these strategic
Information Systems (IS).
To quote the Organisation of Economic Cooperation and Development (OECD),
"the Internet and related advances in information and communication technology
(ICT) are transforming economic activity, much as the steam engine, railways andelectricity did in the past."
ICT is developing at an exponential rate, and while its impact can be seen on the
economy at large, the impact of ICT is even more clearly demonstrated in the
ways by which the new technology has enabled more sophisticated IS. Forinstance, think about the impact the typewriter had, the word processor and finally
the computer. Huge, right? Today, ICT is growing so exponentially that it has to
be considered spherically.
New storage devices, such as Apple's Time Capsule or Seagate's FreeAgentExternal Drive have presented new information storage options for businesses,
enabling individuals or smaller businesses to have a secure method of information
storage. There are also newer applications for business, such as Google Apps,which change the way information can be gathered, shared and accessed. These
newer ICT innovations create both new concerns and new opportunities. First,
any technology can fail, at any time, for no reason. This is an issue that has to beaccounted for. Also, information can be pirated from electronic devices, sosecurity measures must be in place.
While issues such as storage failure and security needed to be considered when
everything was handwritten, the way those concerns manifest themselves with theadvent of ICT is much different and must be handled in new and improved ways.
7/29/2019 Problems and Issues With Mis
2/18
2
Development Problems in MIS
o In dealing with MIS, several common development issues arise. According to
Kalle Lyytinen (reference 1), the first, and most common, is in regard to the goals
of the MIS. Frequently, the goals are "ambiguous, too narrow" or "conflicting."
These development issues, while common in any goal-setting environment, are ofspecial importance in MIS. Basically, a person must understand the goal
presented in order to work toward it. Also, the goal must be broad enough. For
example, a goal to improve the efficiency of the production of half-inch purplecogs is probably too narrow, while a goal to improve efficiency of cog production
would present a better breadth. Lastly, no one does well when goals are
conflicting. An example of this would be "increase profits for this quarter" versus"increase profits for the year". The profits of this quarter may decline because of
factors like reinvestment and new opportunities. Trying to meet both goals is
difficult, if not impossible.
Other issues identified by Lyytinen relevant to the development of MIS includetechnology, economy, process features, view of organization and self-image.
Technology here refers to the impact technology has on information systems, both
as a limitation (the system does not have the capability to use an automated
information-gathering system) and to its opportunities (the system has thecapability of intra-networking, file sharing and collaboration). Economy, in terms
of the company, refers to whether the correct goal was identified; whereas process
features refer to whether the process by which to achieve that goal will besuccessful. The view of the organization and self-image have to do with whether
the queries "can it be done?", and "can we do really do this?", are answered
affirmatively at the company level and at the individual level.
Usage Problems in MIS
o Lyytinen goes on to identify issues regarding the process of the MIS. She
observes that the process is frequently seen as too difficult, slow and/or
unreliable. Essentially, the process must be easy to use and understand; otherwiseit may prove too difficult for the average person to complete successfully. A good
example here would be a set of instructions 50 pages long for a process that
should take 15 minutes. Secondly, processes that are slow simply take up toomuch time. After a while, people will stop using them, if for no other reason than
the aggravation that accompanies them. All of these factors can contribute to an
unreliable system. Since the information gathered is the purpose of the system, if
it provides incorrect information it is useless.
Other process-oriented problems regarding MIS have to do with data, with
concepts, with people and with the complexity of the system. Is the data reliable,
and is the right data being reviewed? Did the people who set up the IS process
7/29/2019 Problems and Issues With Mis
3/18
3
fully understand the nature of the product? Is the process chosen for themanagement of the information system appropriate? The people the company
employs need to understand how the MIS is attempting to improve company
function, and have to believe that that goal can be achieved through the processinstituted. And is the process too complex, and the data it collects not clear
enough for accurate measurement?
Effective MIS
o One of the biggest issues facing MIS, either in its development or its usage, lies in
the fact that the systems do not have a concrete definition or a quantitative
measure. Without ways to make its use measurable and understandable, how can
its success (or lack of success) be gauged? And much of the research into MIS hasneglected to look at the myriad of different types and focus on how each would
apply.
MIS research tends to look at issues in such a narrow way that practical
applications to a given business are few if any. Few totally understand thetechnology being used. Who judges whether the MIS process being implemented
is the correct one?
QUALITY ASSURANCE (QA) refers to the systematic activities implemented in a quality
system so that quality requirements for a product or service will be fulfilled.[1] It is the systematic
measurement, comparison with a standard, monitoring of processes and an associated feedback
loop that confers error prevention.[2] This can be contrasted with quality control, which is focused
on process outputs.
Two principles included in QA are: "Fit for purpose", the product should be suitable for the
intended purpose; and "Right first time", mistakes should be eliminated. QA includes
management of the quality of raw materials, assemblies, products and components, services
related to production, and management, production and inspection processes.[citation needed]
Suitable quality is determined by product users, clients or customers, not by society in general. It
is not related to cost and adjectives or descriptors such "high" and "poor" are not applicable. For
example, a low priced product may be viewed as having high quality because it is disposable
where another may be viewed as having poor quality because it is not disposable.
Software quality assurance (SQA) consists of a means of monitoring the software
engineering processes and methods used to ensure quality.[citation needed]
The methods by which thisis accomplished are many and varied, and may include ensuring conformance to one or more
standards, such as ISO 9000 or a model such as CMMI.
SQA encompasses the entire software development process, which includes processes such as
requirements definition, software design,coding, source code control, code reviews, change
management,configuration management,testing,release management, and product integration.
http://en.wikipedia.org/wiki/Quality_systemhttp://en.wikipedia.org/wiki/Quality_systemhttp://en.wikipedia.org/wiki/Quality_assurance#cite_note-1http://en.wikipedia.org/wiki/Quality_assurance#cite_note-1http://en.wikipedia.org/wiki/Quality_assurance#cite_note-2http://en.wikipedia.org/wiki/Quality_controlhttp://en.wikipedia.org/wiki/Quality_(business)http://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Software_engineeringhttp://en.wikipedia.org/wiki/Software_engineeringhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/ISO_9000http://en.wikipedia.org/wiki/CMMIhttp://en.wikipedia.org/wiki/Software_developmenthttp://en.wikipedia.org/wiki/Software_designhttp://en.wikipedia.org/wiki/Computer_programminghttp://en.wikipedia.org/wiki/Revision_controlhttp://en.wikipedia.org/wiki/Code_reviewhttp://en.wikipedia.org/wiki/Change_managementhttp://en.wikipedia.org/wiki/Change_managementhttp://en.wikipedia.org/wiki/Configuration_managementhttp://en.wikipedia.org/wiki/Software_testinghttp://en.wikipedia.org/wiki/Release_Managementhttp://en.wikipedia.org/wiki/Quality_systemhttp://en.wikipedia.org/wiki/Quality_systemhttp://en.wikipedia.org/wiki/Quality_assurance#cite_note-1http://en.wikipedia.org/wiki/Quality_assurance#cite_note-2http://en.wikipedia.org/wiki/Quality_controlhttp://en.wikipedia.org/wiki/Quality_(business)http://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Software_engineeringhttp://en.wikipedia.org/wiki/Software_engineeringhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/ISO_9000http://en.wikipedia.org/wiki/CMMIhttp://en.wikipedia.org/wiki/Software_developmenthttp://en.wikipedia.org/wiki/Software_designhttp://en.wikipedia.org/wiki/Computer_programminghttp://en.wikipedia.org/wiki/Revision_controlhttp://en.wikipedia.org/wiki/Code_reviewhttp://en.wikipedia.org/wiki/Change_managementhttp://en.wikipedia.org/wiki/Change_managementhttp://en.wikipedia.org/wiki/Configuration_managementhttp://en.wikipedia.org/wiki/Software_testinghttp://en.wikipedia.org/wiki/Release_Management7/29/2019 Problems and Issues With Mis
4/18
4
SQA is organized into goals, commitments, abilities, activities, measurements, and verifications.[1]
Information quality (IQ) is a term to describe the quality of the content ofinformation systems.
It is often pragmatically defined as: "The fitness for use of the information provided."
Information quality assurance is the process to guarantee confidence that particular information
meets some context specific quality requirements. It has been suggested, however, that higher thequality the greater will be the confidence in meeting more general, less specific contexts.
"Information quality" is a measure of the value which the information provides to the user of that
information. "Quality" is often perceived as subjective and the quality of information can then
vary among users and among uses of the information.
list of dimensions or elements used in assessing Information Quality is:[3]
Intrinsic IQ: Accuracy, Objectivity, Believability, Reputation
Contextual IQ: Relevancy,Value-Added, Timeliness,Completeness, Amount of
information
Representational IQ: Interpretability, Format, Coherence, Compatibility[4]
Accessibility IQ: Accessibility, Access security
quality metrics
Authority/Verifiability
Authority refers to the expertise or recognized official status of a source. Consider the reputation
of the author and publisher. When working with legal or government information, considerwhether the source is the official provider of the information. Verifiability refers to the ability of
a reader to verify the validity of the information irresepective of how authoritative the source is.
To verify the facts is part of the duty of care of the journalistic deontology, as well as, where
possible, to provide the sources of information so that they can be verified
Scope of coverage
Scope of coverage refers to the extent to which a source explores a topic. Consider time periods,
geography or jurisdiction and coverage of related or narrower topics.
Composition and Organization
Composition and Organization has to do with the ability of the information source to present its
particular message in a coherent, logically sequential manner.
Objectivity
http://en.wikipedia.org/wiki/Software_quality_assurance#cite_note-1http://en.wikipedia.org/wiki/Information_systemshttp://en.wikipedia.org/wiki/Information_quality#cite_note-3http://en.wikipedia.org/wiki/Accuracyhttp://en.wiktionary.org/wiki/Objectivityhttp://en.wiktionary.org/wiki/Believablehttp://en.wiktionary.org/wiki/Reputationhttp://en.wikipedia.org/wiki/Relevancehttp://en.wikipedia.org/wiki/Relevancehttp://en.wikipedia.org/wiki/Value-addedhttp://en.wiktionary.org/wiki/Timelinesshttp://en.wikipedia.org/wiki/Completenesshttp://en.wikipedia.org/wiki/Completenesshttp://en.wiktionary.org/wiki/Interpretabilityhttp://en.wikipedia.org/wiki/Information_quality#cite_note-4http://en.wikipedia.org/wiki/Accessibilityhttp://en.wikipedia.org/wiki/Accessibilityhttp://en.wikipedia.org/wiki/Software_quality_assurance#cite_note-1http://en.wikipedia.org/wiki/Information_systemshttp://en.wikipedia.org/wiki/Information_quality#cite_note-3http://en.wikipedia.org/wiki/Accuracyhttp://en.wiktionary.org/wiki/Objectivityhttp://en.wiktionary.org/wiki/Believablehttp://en.wiktionary.org/wiki/Reputationhttp://en.wikipedia.org/wiki/Relevancehttp://en.wikipedia.org/wiki/Value-addedhttp://en.wiktionary.org/wiki/Timelinesshttp://en.wikipedia.org/wiki/Completenesshttp://en.wiktionary.org/wiki/Interpretabilityhttp://en.wikipedia.org/wiki/Information_quality#cite_note-4http://en.wikipedia.org/wiki/Accessibility7/29/2019 Problems and Issues With Mis
5/18
5
Objectivity is the bias or opinion expressed when a writer interprets or analyze facts. Consider
the use of persuasive language, the sources presentation of other viewpoints, its reason for
providing the information and advertising.
Integrity
1. Adherence to moral and ethical principles; soundness of moral character
2. The state of being whole, entire, or undiminished
Comprehensiveness
1. Of large scope; covering or involving much; inclusive: a comprehensive study.
2. Comprehending mentally; having an extensive mental grasp.
3. Insurance. covering or providing broad protection against loss.
Validity
Validity of some information has to do with the degree of obvious truthfulness which the
information caries
Uniqueness
As much as uniqueness of a given piece of information is intuitive in meaning, it also
significantly implies not only the originating point of the information but also the manner in
which it is presented and thus the perception which it conjures. The essence of any piece of
information we process consists to a large extent of those two elements.
Timeliness
Timeliness refers to information that is current at the time of publication. Consider publication,
creation and revision dates. Beware of Web site scripting that automatically reflects the current
days date on a page.
Reproducibility (utilized primarily when referring to instructive information)
Means that documented methods are capable of being used on the same data set to achieve a
consistent result.
INFORMATION SECURITY (sometimes shortened to InfoSec) is the practice of defending
information from unauthorized access, use, disclosure, disruption, modification, perusal,
inspection, recording or destruction. It is a general term that can be used regardless of the form
the data may take (electronic, physical, etc...)
Below are the typical terms you will hear when dealing with information security:
7/29/2019 Problems and Issues With Mis
6/18
6
IT Security = Sometimes referred to as computer security, IT Security is information security
when applied to technology (most often some form of computer system). It is worthwhile to note
that a computer does not necessarily mean a home desktop. A computer is any device with
a processor and some memory (even a calculator). IT security specialists are almost always
found in any major enterprise/establishment due to the nature and value of the data within larger
businesses. They are responsible for keeping all of the technology within the company secure
from malicious cyber attacks that often attempt to breach into critical private information or gaincontrol of the internal systems.
Information Assurance = The act of ensuring that data is not lost when critical issues arise.
These issues include but are not limited to; natural disasters, computer/server malfunction,
physical theft, or any other instance where data has the potential of being lost. Since most
information is stored on computers in our modern era, information assurance is typically dealt
with by IT security specialists. One of the most common methods of providing information
assurance is to have an off-site backup of the data in case one of the mentioned issues arise.
Governments, military, corporations, financial institutions, hospitals, and private
businesses amass a great deal of confidential information about their employees, customers,
products, research and financial status. Most of this information is now collected, processed andstored on electronic computers and transmitted across networks to other computers.
Should confidential information about a business' customers or finances or new product line fall
into the hands of a competitor, such a breach of security could lead to negative consequences.
Protecting confidential information is a business requirement, and in many cases also an ethical
and legal requirement.
For the individual, information security has a significant effect on privacy, which is viewed very
differently in different cultures.
The field of information security has grown and evolved significantly in recent years. There are
many ways of gaining entry into the field as a career. It offers many areas for specializationincluding: securing network(s) and allied infrastructure, securing applications and
databases, security testing, information systems auditing, business continuity
planning and digital forensics, etc.
7/29/2019 Problems and Issues With Mis
7/18
7
Information Security Attributes: or qualities,
i.e.,Confidentiality, Integrityand Availability (CIA). Information Systems are decomposed in
three main portions, hardware, software and communications with the purpose to help identify
and apply information security industry standards, as mechanisms of protection and prevention,
at three levels or layers: physical, personal and organizational. Essentially, procedures or policies
are implemented to tell people (administrators, users and operators) how to use products to
ensure information security within the organizations.
Key concepts
The CIA triad (confidentiality, integrity and availability) is one of the core principles of
information security.
There is continuous debate about extending this classic trio. Other principles such as
Accountability have sometimes been proposed for addition it has been pointed out that issues
such as Non-Repudiation do not fit well within the three core concepts, and as regulation of
computer systems has increased (particularly amongst the Western nations) Legality is becoming
a key consideration for practical security installations. In 1992 and revised in 2002 the OECD's
Guidelines for the Security of Information Systems and Network proposed the nine generally
accepted principles: Awareness, Responsibility, Response, Ethics, Democracy, Risk Assessment,
Security Design and Implementation, Security Management, and Reassessment. Building upon
those, in 2004 theNIST's Engineering Principles for Information Technology Security proposed
33 principles. From each of these derived guidelines and practices.
In 2002,Donn Parkerproposed an alternative model for the classic CIA triad that he called
the six atomic elements of information. The elements are confidentiality,
possession, integrity, authenticity, availability, and utility. The merits of theParkerian hexad are
a subject of debate amongst security professionals.
ConfidentialityConfidentiality is the term used to prevent the disclosure of information to unauthorized
individuals or systems. For example, a credit card transaction on the Internet requires the credit
card number to be transmitted from the buyer to the merchant and from the merchant to a
transaction processing network. The system attempts to enforce confidentiality by encrypting the
card number during transmission, by limiting the places where it might appear (in databases, log
files, backups, printed receipts, and so on), and by restricting access to the places where it is
stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality
has occurred.
Confidentiality is necessary (but not sufficient) for maintaining theprivacyof the people whose
personal information a system holds]
Integrity
In information security, integrity means that data cannot be modified undetectably. This is not
the same thing as referential integrity in databases, although it can be viewed as a special case of
Consistency as understood in the classic ACID model of transaction processing. Integrity is
violated when a message is actively modified in transit. Information security systems typically
provide message integrity in addition to data confidentiality.
http://en.wikipedia.org/wiki/Data_integrityhttp://en.wikipedia.org/wiki/NISThttp://en.wikipedia.org/wiki/Donn_Parkerhttp://en.wikipedia.org/wiki/Donn_Parkerhttp://en.wikipedia.org/wiki/Parkerian_hexadhttp://en.wikipedia.org/wiki/Parkerian_hexadhttp://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Data_integrityhttp://en.wikipedia.org/wiki/NISThttp://en.wikipedia.org/wiki/Donn_Parkerhttp://en.wikipedia.org/wiki/Parkerian_hexadhttp://en.wikipedia.org/wiki/Privacy7/29/2019 Problems and Issues With Mis
8/18
8
Availability
For any information system to serve its purpose, the information must be available when it is
needed. This means that the computing systems used to store and process the information,
the security controls used to protect it, and the communication channels used to access it must be
functioning correctly. High availability systems aim to remain available at all times, preventing
service disruptions due to power outages, hardware failures, and system upgrades. Ensuring
availability also involves preventing denial-of-service attacks.
Authenticity
In computing, e-Business, and information security, it is necessary to ensure that the data,
transactions, communications or documents (electronic or physical) are genuine. It is also
important for authenticity to validate that both parties involved are who they claim to be.
Non-repudiation
In law, non-repudiation implies one's intention to fulfill their obligations to a contract. It also
implies that one party of a transaction cannot deny having received a transaction nor can the
other party deny having sent a transaction.
Electronic commerce uses technology such as digital signatures and public key encryption to
establish authenticity and non-repudiation.
INFORMATIONSECURITYCONTROLS
Organizational Controls
Organizational controls are procedures and processes that define how people in the
organization should perform their duties.
Preventative controls in this category include:
Clear roles and responsibilities. These must be clearly defined and documented so thatmanagement and staff clearly understand who is responsible for ensuring that an appropriatelevel of security is implemented for the most important IT assets.
Separation of duties and least privileges. When properly implemented, these ensure thatpeople have only enough access to IT systems to effectively perform their job duties and nomore.
Documented security plans and procedures. These are developed to explain how controlshave been implemented and how they are to be maintained.
Security training and ongoing awareness campaigns. This is necessary for all members ofthe organization so that users and members of the IT team understand their responsibilitiesand how to properly utilize the computing resources while protecting the organization'sdata.
Systems and processes for provisioning and de-provisioning users. These controls arenecessary so that new members of the organization are able to become productive quickly,while leaving personnel lose access immediately upon departure. Processes for provisioningshould also include employee transfers from groups within the company where privilegesand access change from one level to another. For example, consider government personnelchanging jobs and security classifications form Secret to Top Secret, or vice versa.
Established processes for granting access to contractors, vendors, partners, and customers.This is often a variation on user provisioning, mentioned previously, but in many cases it isvery distinct. Sharing some data with one group of external users while sharing a different
7/29/2019 Problems and Issues With Mis
9/18
9
collection of data with a different group can be challenging. Legal and regulatoryrequirements often impact the choices, for example when health or financial data isinvolved.
Detection controls in this category include:
Performing continuing risk management programs to assess and control risks to theorganization's key assets.
Executing recurrent reviews of controls to verify the controls' efficacy.
Periodic undertaking of system audits to ensure that systems have not beencompromised or misconfigured.
Performing background investigations of prospective candidates for employment; youshould contemplate implementing additional background investigations for employees whenthey are being considered for promotions to positions with a significantly higher level ofaccess to the organization's IT assets.
Establishing a rotation of duties, which is an effective way to uncover nefarious activities by
members of the IT team or users with access to sensitive information.
Management controls in this category include:
Incident response planning, which provides an organization with the ability to quicklyreact to and recover from security violations while minimizing their impact andpreventing the spread of the incident to other systems.
Business continuity planning, which enables an organization to recover from catastrophicevents that impact a large fraction of the IT infrastructure.
Operational Controls
Operational controls define how people in the organization should handle data, software andhardware. They also include environmental and physical protections as described below.
Preventative controls in this category include:
Protection of computing facilities by physical means such as guards, electronic badgesand locks, biometric locks, and fences.
Physical protection for end-user systems, including devices such as mobile computer
locks and alarms and encryption of files stored on mobile devices. Emergency backup power, which can save sensitive electrical systems from harm
during power brownouts and blackouts; they can also ensure that applications andoperating systems are shut down gracefully manner to preserve data and transactions.
Fire protection systems such as automated fire suppression systems and fire extinguishers,which are essential tools for guarding the organization's key assets.
Temperature and humidity control systems that extend the life of sensitive electricalequipment and help to protect the data stored on them.
Media access control and disposal procedures to ensure that only authorized personnel have
access to sensitive information and that media used for storing such data is rendered
unreadable by degaussing or other methods before disposal.
Backup systems and provisions for offsite backup storage to facilitate the restoration of lostor corrupted data. In the event of a catastrophic incident, backup media stored offsite makesit possible to store critical business data on replacement systems.
Detection and recovery controls in this category include:
Physical security, which shields the organization from attackers attempting to gainaccess to its premises; examples include sensors, alarms, cameras, and motiondetectors.
Environmental security, which safeguards the organization from environmental threats suchas floods and fires; examples include smoke and fire detectors, alarms, sensors, and flood
7/29/2019 Problems and Issues With Mis
10/18
10
detectors.
Technological Controls
Technological controls vary considerably in complexity. They include system architecturedesign, engineering, hardware, software, and firmware. They are all of the technologicalcomponents used to build an organization's information systems.
Preventative controls in this category include:
Authentication. The process of validating the credentials of a person, computer, process,or device. Authentication requires that the person, process, or device making the requestprovide a credential that proves it is what or who it says it is. Common forms ofcredentials are digital signatures, smart cards, biometric data, and a combination of usernames and passwords.
Authorization. The process of granting a person, computer process, or device access tocertain information, services, or functionality. Authorization is derived from theidentity of the person, computer process, or device requesting access, which is verifiedthrough authentication.
Nonrepudiation. The technique used to ensure that someone performing an action on acomputer cannot falsely deny that he or she performed that action. Nonrepudiation
provides undeniable proof that a user took a specific action such as transferring money,authorizing a purchase, or sending a message.
Access control. The mechanism for limiting access to certain information based on auser's identity and membership in various predefined groups. Access control can bemandatory, discretionary, or role-based.
Protected communications. These controls use encryption to protect the integrity andconfidentiality of information transmitted over networks.
Detection and recovery controls in this category include:
Audit systems. Make it possible to monitor and track system behavior that deviates fromexpected norms. They are a fundamental tool for detecting, understanding, and recovering
from security breaches. Antivirus programs. Designed to detect and respond to malicious software, such as
viruses and worms. Responses may include blocking user access to infected files,cleaning infected files or systems, or informing the user that an infected program wasdetected.
System integrity tools. Make it possible for IT staff to determine whether unauthorized
changes have been made to a system. For example, some system integrity tools calculate a
checksum for all files present on the system's storage volumes and store the information in a
database on a separate computer. Comparisons between a system's current state and itspreviously-known good configuration can be completed in a reliable and automated fashion
with such a tool.
Management controls in this category include: Security administration tools included with many computer operating systems and business
applications as well as security oriented hardware and software products. These tools areneeded in order to effectively maintain, support, and troubleshoot security features in all ofthese products.
Cryptography, which is the foundation for many other security controls. The secure creation,storage, and distribution of cryptographic keys make possible such technologies as virtualprivate networks(VPNs), secure user authentication, and encryption of data on various types of storage
7/29/2019 Problems and Issues With Mis
11/18
11
media.
Identification, which supplies the ability to identify unique users and processes. With thiscapability, systems can include features such as accountability, discretionary access control,role-based access control, and mandatory access control.
Protections inherent in the system, which are features designed into the system to provide
protection of information processed or stored on that system. Safely reusing objects, supporting
no-execute (NX) memory, and process separation all demonstrate system protection features.
ETHICS
7/29/2019 Problems and Issues With Mis
12/18
12
7/29/2019 Problems and Issues With Mis
13/18
13
7/29/2019 Problems and Issues With Mis
14/18
14
7/29/2019 Problems and Issues With Mis
15/18
15
7/29/2019 Problems and Issues With Mis
16/18
16
7/29/2019 Problems and Issues With Mis
17/18
17
7/29/2019 Problems and Issues With Mis
18/18
18