Professional Documents
Culture Documents
CyberSecurity Ch1
CyberSecurity Ch1
Page | 1
Unit 1. Elements of Information Security
1.1 Basics of Information system
1.2 Types of Information System
1.3 Nature of Information Systems
1.4 Meaning of Information Security
1.5 Basic Principles of Information Security
Almost all programs in business require students to take a course in something called
information systems. But what exactly does that term mean? Let’s take a look at some of the
more popular definitions, first from Wikipedia and then from a couple of textbooks:
“Information systems (IS) is the study of complementary networks of hardware and software
that people and organizations use to collect, filter, process, create, and distribute data.”[1]
“Information systems are combinations of hardware, software, and telecommunications
networks that people build and use to collect, create, and distribute useful data, typically in
organizational settings.”[2]
“Information systems are interrelated components working together to collect, process, store,
and disseminate information to support decision making, coordination, control, analysis, and
viualization in an organization.”[3]
As you can see, these definitions focus on two different ways of describing information systems:
the components that make up an information system and the role that those components play in an
organization. Let’s take a look at each of these.
Many organizations work with large amounts of data. Data are basic values or facts and are
organized in a database. Many people think of data as synonymous with information; however,
information actually consists of data that has been organized to help answers questions and to
solve problems. An information system is defined as the software that helps organize and
analyze data. So, the purpose of an information system is to turn raw data into useful
information that can be used for decision making in an organization.
There are some general types of information systems. For example, a database management
system (DBMS) is a combination of software and data that makes it possible to organize and
analyze data. DBMS software is typically not designed to work with a specific organization or a
specific type of analysis. Rather, it is a general-purpose information system. Another example is
an electronic spreadsheet. This is a tool for basic data analysis based on formulas that define
relationships among the data. For example, you can use a spreadsheet to calculate averages for a
set of values or to plot the trend of a value over time.
Page | 2
In contrast, there are a number of specialized information systems that have been specifically
designed to support a particular process within an organization or to carry out very specific
analysis tasks. For example, enterprise resource planning (ERP) is an information system
used to integrate the management of all internal and external information across an entire
organization. Another example is a geographic information system (GIS), which is used to
manage and analyze all types of geographical data. Expert systems are another example of
information systems. An experts system is designed to solve complex problems by following the
reasoning of an expert.
While information systems may differ in how they are used within an organization, they
typically contain the following components:
Page | 3
Decision support systems (DSS)
Specifically designed to help management make decisions in situations where there is
uncertainty about the outcomes of those decisions.
DSS use tools and techniques to help gather relevant information and analyse the options and
alternatives. DSS often involves use of complex spreadsheet and databases to create "what-if"
models.
Knowledge management systems (KMS)
Exist to help businesses create and share information. They are typically used in
businesses where employees create new knowledge and expertise, which can then be shared by
other people in the organisation to create further commercial opportunities. Good examples
include firms of lawyers, accountants and management consultants.
KMS are built around systems which allow efficient categorisation and distribution of
knowledge. For example, the knowledge itself might be contained in word processing
documents, spreadsheets, PowerPoint presentations. internet pages etc. To share the knowledge,
a KMS would use group collaboration systems, such as an intranet.
Transaction processing systems (TPS)
Designed to process routine transactions efficiently and accurately.
A business will have several TPS; for example:
Billing systems to send invoices to customers
Systems to calculate the weekly and monthly payroll and tax payments
Production and purchasing systems to calculate raw material requirements
Stock control systems to process all movements into, within and out of the business
Office automation systems
Try to improve the productivity of employees who need to process data and information.
Perhaps the best example is the wide range of software systems that exist to improve the
productivity of employees working in an office (for example, Microsoft Office XP), or systems
that allow employees to work from home or whileon the move.
1.3 Nature (Changing) of Information Systems
Types of attacks
Attacks are grouped into two types:
Passive attacks: does not involve any modification to the contents of an original message
Active attacks: the contents of the original message are modified in some ways.
Page | 7