Information system: May 2013

3.1 Ethical Issues:

· Ethics: are principals of right or wrong that any individual use to guide a certain action or behaviour.

· Code of Ethics: is a collection of principles that are intended to guide decision making by members of an organization.

· Fundamental Tenets of Ethics:

o Responsibility: is a social force that binds you to your obligations.

o Accountability: is the responsibility to someone or for some activity.

o Liability: anything that is owed to someone else for example, individuals have the right to recover the damages done to them by other individuals, organizations, or systems.

· Ethical issues:

o Privacy Issues.

o Accuracy Issues.

o Property Issues.

o Accessibility Issues.

· Threats to Privacy:

o Electronic Surveillance.

o Personal Information in Databases.

o Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites.

· Protecting Privacy:

o Privacy Codes and Policies:

§ Opt-out Model: the organization collects personal information from the customers.

§ Opt-in Model: the organization is prohibited from collecting information from the customer.

3.2 Threats to Information Security:

· Factors Increasing the Threats to Information Security:

o Today’s interconnected, interdependent, wirelessly-networked business environment.

o Government legislation.

o Smaller, faster, cheaper computers and storage devices.

o Decreasing skills necessary to be a computer hacker.

o International organized crime turning to cybercrime.

o Downstream liability.

o Increased employee use of unmanaged devices.

o Lack of management support.

· Categories of Threats to Information Systems:

o Unintentional acts:

§ Human errors.

§ Deviations in quality of service by service providers (e.g., utilities or heavy equipments).

§ Environmental hazards (e.g., dirt and static electricity).

o Natural disasters:

§ Floods, Earthquake, Hurricanes and fires.

o Technical failures:

§ Problems with hardware and software.

o Management failures:

§ Lack of funding for information security efforts for example lack of leadership causes the information security of the organization to suffer.

o Deliberate acts:

§ Information Extortion.

§ Identity Theft.

§ Theft of Equipment and Information.

§ Software attack.

§ A supervisory control and data acquisition (SCADA) system is a large-scale, distributed, measurement and control system.

3.3 Protecting Information Resources:

· Risk Management:

o Risk analysis

o Risk mitigation:

§ Risk Acceptance. Accept the potential risk, continue operating with no controls, and absorb any damages that occur.

§ Risk limitation. Limit the risk by implementing controls that minimize the impact of threat.

§ Risk transference. Transfer the risk by using other means to compensate for the loss, such as purchasing insurance.

· Controls:

o Physical controls:

§ Physical protection of computer facilities and resources from unauthorized individuals through walls, door locks or alarm system.

o Access controls:

§ Restriction of unauthorized user access to computer resources; use biometrics and passwords controls for user identification.

o Communications (network) controls:

§ The protection of data across networks and include border security controls, authentication and authorization.

o Application controls:

§ Protect specific applications.

· Business Continuity Planning, Backup, and Recovery:

o Hot Site is a fully configured computer facility, with all services, communications links, and physical plant operations.

o Warm Site provides many of the same services and options of the hot site, but it typically does not include the actual applications the company runs.

o Cold Site provides only rudimentary services and facilities and so does not supply computer hardware or user workstations.

· Information Systems Auditing:

o Types of Auditors and Audits:

§ Internal: Performed by corporate internal auditors.

§ External: Reviews internal audit as well as the inputs, processing and outputs of information systems.

· IS Auditing Procedure:

o Auditing around the computer means verifying processing by checking for known outputs or specific inputs.

o Auditing through the computer means inputs, outputs and processing are checked.

o Auditing with the computer means using a combination of client data, auditor software, and client and auditor hardware.

7.1 Wireless Technologies:

· Wireless devices: are small devices which produced for people who travel from one place to another. It will save and allocate their time between personal and professional obligations.

o Capabilities of Wireless Devices:

§ Bluetooth, Wi- Fi, Digital Camera, GPS, QWERTY keyboard…

· Wireless Transmission Media:

o Microwave transmission systems

o Satellite transmission:

§ Geostationary (GEO)

§ Medium-earth-orbit (MEO)

§ Low-earth-orbit (LEO)

o Radio transmission

o Infrared: red light that is not visible for human eyes and it is used in remote control in VCR.DVD and CD.

7.2 Wireless Computer Networks and Internet Access:

· Short range wireless networks:

o Bluetooth.

o Ultra Wideband Network (UWB).

o Near Field Communication Network (NFC).

· Medium range wireless networks:

o Wireless Fidelity (Wi-Fi).

o Wireless Mesh Networks.

· Wide area wireless networks:

o Cellular Radio:

§ 1^st Generation: analog signals and low bandwidth.

§ 2^nd Generation: digital signals for voice and data communication up to 10 Kbps.

§ 2.5 Generation: digital voice and data communication up to 144 Kbps.

§ 3^rd Generation: digital voice and data communication up to 384 Kbps.

o Wireless Broadband or WIMAX: is more secured and can access to rural areas.

7.3 Mobile Computing and Mobile Commerce:

· Mobile computing: designed for people who travel and do their work from anywhere. It has 2 characteristics:

o Mobility: they can carry the mobile device to any place.

o Broad reach: when they carry an open mobile, they can be reached even they are in a great distance.

o These two characteristics created five value-added attributes that break the barriers of geography and time:

§ Ubiquity

§ Convenience

§ Instant connectivity

§ Personalization

§ Localization of products and services

· Mobile Commerce: is driven by 5 factors, which are:

o Widespread availability of mobile devices.

o No need for a PC.

o The “Cell phone culture”.

o Declining prices.

o Bandwidth improvement.

· Mobile Commerce Applications:

o Financial Services:

o Mobile Banking

o Wireless Electronic Payment Systems

o Micropayments

o Mobile (Wireless) Wallets

o Wireless Bill Payments

o Intra business Applications

o Accessing Information via:

§ Mobile Portal

§ Voice Portal

o Location-Based Applications:

o Shopping from Wireless Devices.

o Location-based Advertising.

o Location-based Services.

o Wireless Telemedicine.

o Telemetry Application.

7.4 Pervasive Computing:

· Radio frequency identification (RFID): technology allows manufacturers to attach tags with antennas and computer chips on goods and then track their movement through radio signals.

· Wireless sensor networks (WSNs): are networks of interconnected, battery-powered, wireless sensors that are placed into the physical environment.

7.5 Wireless Security:

· major threats to wireless networks:

o Rogue access point: is an unauthorized access point to a wireless network.

o War driving: is the act of locating WLANs while driving around a city or elsewhere.

o Eavesdropping: refers to efforts by unauthorized users to try to access data traveling over wireless networks.

o RF (Radio frequency) jamming: is when a person or a device intentionally or unintentionally interferes with your wireless network transmissions.

Information system

Saturday 4 May 2013

Chapter 3: Information Systems: Ethics, Privacy and Information Security

Chapter 7: Wireless Technologies and the Modern Organization