ASSIGNMENT

OF
INFORMATION SECURITY
& PRIVACY

SUBMITTED TO:- SUBMITTED BY:-

Mr. Kiran kumar Anish Sethi

B.TECH(H)-MBA(CSE)

ROLL NO.- 17

SECTON-RA17B1
Q:-1 Explain the importance of information system in global context.

Ans-A geographic information system differs from other computerized information

systems in two major respects. First, the information in this type of system is
geographically referenced (geocoded). Second, a geographic information system has
considerable capabilities for data analysis and scientific modeling, in addition to the
usual data input, storage, retrieval, and output functions. 

A geographic information system is composed of software, hardware, and data. The

notion of data layer (or coverage) and overlay operation lies at the heart of most
software designed for geographic information systems.

n the world of globalization, Information system is such where data are collected, classified and
put into process interpreting the result thereon in order to provide an integrated series of
information for further conveying and analyzing. 
In a progressively more strong-willed worldwide atmosphere, Information System plays the role
as ‘enabler and facilitator’, which endows with tactical values to the officialdom and considerable
step up to the excellence of administration. 
‘An Information System is a particular type of work system that uses information technology to
detain, put on the air, store, retrieve, manipulate or display information, thereby partisan one or
more other work structure’. 
In today’s highly technological world, Information in an organization is as important

Q:-2.How do distributed information systems help the global enterprises?

Ans-

Q:-3 Explain the concept of Threats in detail.

Ans Threats to information security

THE heightened vulnerability of automated data has created special concerns for its
builders and users. These concerns include disaster, security and administrative errors. 
Disaster 
Computer hardware, programs, data files and other equipment can be destroyed by
fires, power failures or ochre disasters. It may take many years and millions of rupees to
reconstruct destroyed data files and computer programs and some may not even be
replaced. 

If an organisation needs them to function on a day-to-day basis, it will no longer be able

to operate. This is why companies employ elaborate emergency back-up facilities and
use duplicate mainframes, network pathways, terminals and power supplies. They may
also use a duplicate data centre to handle their transactions and to serve as an
emergency back-up for its primary data centre. 

Rather than build their back-up facilities, many firms contract with disaster recovery
firms. These disaster recovery firms provide hot sires housing spare computers at
locations around the country where subscribing firms can run their critical applications in
an emergency. 

Disaster recovery services offer back-up for client/server systems as well as traditional
mainframe applications. 

Security 
Security refers to the policies, procedures and technical measures used to prevent
unauthorised access, alteration, theft or physical damage to information systems. 

Security can be promoted with an array of techniques and tools to safeguard computer
hardware, software, communications networks and data. 

Errors 
Computers can also serve as instruments of error, severely disrupting or destroying an
organisation’s record keeping and operations. 

Errors in automated systems can occur at many points in the processing cycle:
through data entry, program error, computer operations and hardware. 

System quality issues 

In addition to disasters, viruses, and security breaches, defective software and data also
pose a constant threat to information systems, causing untold losses in productivity. 

An undiscovered error in a company’s credit software or erroneous financial data can

result in losses of billions of rupees. 

Bugs and program code defects 

A major problem with software is the presence of hidden bugs or program code defects.
Studies have shown that it is virtually impossible to eliminate all bugs from large
programs. The main source of bugs is the complexity of the decision-making code.
Even a relatively small program of several hundred lines will contain tens of decisions
leading to hundreds or even thousands of different paths. 

Important programs within most corporations are usually much larger, containing tens of
thousands or even millions of lines of code, each with many times the choices and
paths of the smaller programs. Such complexity is difficult to document and design —
system designers document some reactions wrongly or fail to consider some
possibilities. 

Studies show that about 60 per cent of errors discovered during testing are a result of
specifications in the design documentation that were missing, ambiguous, in error or in
conflict. 

Zero defects, a goal of the coral quality management movement, cannot be achieved in
larger programs. Complete testing simply is not possible. Fully testing programs that
contain thousands of choices and millions of paths would require thousands of years.
Even with rigorous testing, one could not know for sure that a piece of software was
dependable until the product proved itself after much operational use. 

The maintenance issue 

Another reason that systems are unreliable is that computer software traditionally has
been a nightmare to maintain. Maintenance, the process of modifying a system in
production use, is the most expensive phase of the systems development process.
Why? One major reason is organisational change. The firm may experience large
internal changes in structure or leadership or change may come from its
surroundingenvironment. 

These organisational changes affect information requirements. Another reason appears

to be software complexity, as measured by the number and size of interrelated software
programs and subprograms and the complexity of the flow of program logic between
them. 

A third common cause of long-term maintenance problems is faulty systems analysis

and design, especially analysis of information requirements. 

If errors are detected early, during analysis and design, the cost to the systems
development effort is small. But if they are not discovered until after programming,
testing, or conversion has been completed, the costs can soar astronomically. 

Poor data quality 

The most common source of information system failure is poor data quality. Data that
are inaccurate, untimely, or inconsistent with other sources of information can create
serious operational and financial problems for businesses. 
Companies cannot pursue aggressive marketing and customer relationship
management strategies unless they have high-quality data about their customers.

Q:-4 Which are the Three Pillars of Information Security? Explain in detail.

Ans- Three Pillars of Information Security

Confidentiality

Defined in ISO-17799 as “ensuring that information is accessible only to those

authorized to have access” and is one of the pillars of information security. 

Confidentiality is one of the design goals for many cryptosystems, made possible in
practice by the techniques of modern cryptology.

Integrity

Data integrity is data that has a complete or whole structure. All characteristics of the
data including business rules, rules for how pieces of data relate, dates, definitions and
lineage must be correct for data to be complete.

Availability

Simply put, availability is the proportion of time a system is in a functioning condition, or

with respect to data – the data providing systems ability to deliver the correct data to the
correct person within the bounds of the correct policies.

Well that’s all very well, but how can I use these as digital tools?

The systems that provide “Digital information systems” can be further dissected into the
following components, the hardware (physical devices like desktops, laptops etc), the
software – that acts as the conduit for information and interfaces with us the humans, 
and the communications with a view to identifying and applying standards and policies,
as mechanisms of protection and prevention.

Essentially, procedures or policies are implemented to tell people (administrators, users

and operators)how to use products to ensure information security within the
organizations.

In short every information system that has integrity, should have

1 – The right hardware,  up to date, and well maintained.

2 – The right software, with easy to use automated advanced techniques.

3 – The right policies,  to guide practices.

Computer security could focus on ensuring the availability and correct operation of a
digital information system, without concern for the information stored or processed by
the computer – this is an unbalanced approach.

Governments, Corporations, Financial institutions, hospitals, and private businesses

amass a great deal of confidential information about their employees, customers,
products, research, and financial status.

Most of this information is now collected, processed and stored on electronic computers
and transmitted across networks VPN, or otherwise to other computers.

Should confidential information about a business’ customers or finances or new product

line, or sales pipeline, forecasts etc. fall into the hands of a competitor, such a breach of
security could lead to lost business, law suits or even bankruptcy of the business.

Protecting confidential information is a business requirement, and in many cases also

an ethical and legal requirement.  This business “know how” as it is collectively is one of
the most valuable assets a company has – and we discuss it in greater detail in our
“data and it’s associated value” category.

For the individual, information security has a significant effect on privacy, which is
viewed very differently in different cultures.

This is collectively known as custodial data and is support by the data protection acts,
and policed by the data protection commissioner’s, or information commissioner’s.

Our aim on this blog is to address all three areas:

1 – Hardware – we can suggest suitable equipment, or advise on updates to legacy

systems you already may have

2 – The right software, with easy to use automated advanced techniques. We will
discuss the most advanced methods, and document how our solution is a better offering
than current industry standard offerings.
3 – Policy – Every enterprise will have it’s own requirements, and whilst we cannot input
directly, we can assist and advise.

Q:-5 What do you mean by Global Information Systems?

Ans- The Global Information System (GIS) is a global-coverage, core current strategic

intelligence service for use only by governments. It is not available to non-governmental
subscribers. GIS represents a base of more than 250,000 pages of data and images on
255+ countries and territories, updated daily, along with a constantly-growing database
of special reports on a wide range of specialist topics and regional studies.
GIS includes the Defense & Foreign Affairs Daily intelligence briefing, which is issued
five days a week, and covers current strategic intelligence issues.
GIS content is issued as "Unclassified". However, it is based on GIS' own worldwide
collection (HUMINT) and analysis team, which has been operating in the field for more
than three decades. As a result, it has a strong record of major intelligence "firsts",
including the accurate forecasting of, for example, the 1990 Iraqi invasion of Kuwait.
This was only one of hundreds of major successes by GIS.
GIS is accessible only through password entry or computer IP recognition, to ensure
maximum privacy. The system is fully on-line through the Internet, and keyword
searchable. It is strenuously non-partisan, given that it provides product for use by
governments worldwide. Its confidential data, intelligence and analysis system was built
up since 1972 for professional use by senior policymakers, intelligence officials and
military research establishments worldwide. The system is based on intelligence and
analysis undertaken as a result of massive field collection (HUMINT); and on extensive
research and analysis, using primary and open sources intelligence (OSINT), including
considerable "open-but-difficult source" OSINT. The System is designed to provide a
comprehensive global data system both for governments without extensive global
collection and analysis systems as well as for analysts in industrialized states seeking
independent, finished intelligence on literally every country and territory in the world.

Q:-6 Is there any difference between Threats and Attacks? Explain in detail.

Ans- An attack is the deliberate act that exploits the vulnerabilities where as the threat
is when the organization is in the danger of being attacked. an attack takes places only
if there are vulnerabilities and it is accomplished by the threat agent in the instance of
threat damage can takes place to the information system or physical asset.
A threat is a possible event that can harm an information system. Information level
threats are threats that can involve the dissemination of information in such a way that
organizations, their operations and their reputations may be affected. And attacks can
be represented by the relation among threat, vulnerability and damage.