CHAPTER 1: Managing Information Technology 6.

Bandwidth

Information Technology - Name of technique 7. Security versus ease of access

which is used for handling and providing the
8. Access to external data services
information
Managing the application portfolio
Information technology management - IT
management is the discipline whereby all of the • Most companies cannot operate without
information technology resources of a firm are software applications – they are critical asset
managed in accordance with its needs and
priorities. • Just as physical infrastructure, software
portfolio needs managed as an asset
CHALLENGES…
Managing the application portfolio
❑ Rapid technological change
A company must know:
❑ Exploding applications and data
❑ What software it owns
❑ Frequent External Shocks
❑ Where it is located
MANAGING THE ASSETS IN AN IS
ORGANIZATON ❑ What it does

IS leadership must manage these organizational ❑ How effective it is

assets: ❑ What condition it is in
❑ Human Resources INFORMATION TECHNOLOGY MANAGEMENT
❑ Organizational data SYSTEM ISSUES

1. Developing effective change management

❑ Physical Infrastructure
system
❑ Application Portfolio
2. Ethical use of IT
Developing Human Resource
3. Determining an outsourcing strategy
Provide specialized IT training for IS
4. Deploying global information systems
professionals and others
5. Ensuring regular performance measurement
Improving the physical infrastructure

Infrastructure management issues addressed

here are:

1. Location Chapter 2 - Information Resource Management

2. The workstation

3. Supported operating systems

4. Redundancy

5. Supported communications p
 • It is more than just protecting hardware and
software from being crashed

• It is protecting the information resources that

keep the company operating

• Goals are to ensure

1. Data integrity, availability and confidentiality

2. Business continuity

Information Technology Security

• Confidentiality

✓Maintaining the privacy of data

• Integrity

✓Detecting that the data is not tampered with

• Authentication
Chapter 3 - Security of Information Technology
✓Establishing proof of identity
What is Security?
• Nonrepudiation
1. Freedom from risk or danger; safety.
✓Ability to prove that the sender sent the data
2. Freedom from doubt, anxiety, or fear;
confidence. • Access Control

3. Something that gives or assures safety 4. Is ✓Access to information resources are regulated
the protection of assets. • Availability
The three main aspects are: ✓Computer assets are available to authorized
• Prevention parties when needed

• Detection

• Re-action Security

Why do we need Security? Measures of Information Technology

• Protect vital information while still allowing Firewall

access to those who need it Digital Certificate /Signature Encryption
• Provide authentication and access control for Anti-Virus
resources
FIREWALL
• Guarantee availability of resources
Information Technology Security
• A firewall stops information being changed or
stolen • It limits entry into a network to
authorized users and content
• Entry can then be controlled by registration
and password
• But employees represent the biggest single
threat to networks
• Employees have access to security procedures
and know where important data is stored
• In cryptography, encryption is the process of
transforming information (referred to as
plaintext) using an algorithm (called a cipher) to
make it unreadable to anyone except those
possessing special knowledge, usually referred
to as a key.
• The reverse process, i.e., to make the
encrypted information readable again, is
referred to as DECRYPTION.
USES OF ENCRYPTION

• Encryption can be used to protect data "at

Digital
rest", such as files on computers and storage
Certificates / Signature devices (e.g. USB flash drives). ➢Digital rights
management systems which prevent
• Digital signatures used to create commercial
unauthorized use or reproduction of
systems using public key encryption often using
copyrighted material and protect software
trusted third parties to send owner
against reverse engineering
identification and copy of public key
• Encryption is also used to protect data in
• Use of digital certificates:
transit
• Secret key (symmetric) encryption (both
• Encryption, by itself, can protect the
parties have an identical key known only to
confidentiality of messages.
them, but not a safe method)

• Public key (asymmetric) encryption (keys used

by sender and receiver are different but related VIRUSES
by a numerical code
Viruses

Worm
Digital Certificates / Signature

Digital certificates may include

• User identification data
• Issuing authority identification and digital
signature • User’s public key
• Expiry date of certificate
• Class of certificate
• Digital identification code for the certificate
ENCRYPTION
• Computer programs that corrupt or delete
files • Sent as attachments or embedded in
other files
• Can spread itself over a network, doesn’t
need to be sent
Types of Virus
Transient Virus
• Attaches itself to specific program
• Is run every time the program is run
Resident Virus

• Once loaded operates for duration of What is Risk?

computer’s use
• A possibility that THREAT exploits a
Logic Bomb VULNERABILITY in an asset and causes damage
or loss to the asset.
• Triggers when a given condition is met, such
as clock on computer matching a specified time • THREAT – Something that can potentially
cause damage to an organization, IT system or
Trojan Horse
network.
• Malicious program that hides within a friendly
• VULNERABILTY – A weakness in the
program
organization, IT Systems or network that can be
What is an Anti Virus? exploited by the threat

• Anti-virus is a software (computer program)

that scans files or your computer's memory for
certain patterns that may indicate an infection.
The patterns it looks for are based on the
signatures, or fingerprints, of known viruses.
Risks in Information and Technology
Once a virus is detected in the wild, the Anti-
Virus companies then release these new
patterns for your Anti virus software to use.
These updates come out daily by some Fraud
vendors. Virus authors are continually releasing Service
new and updated viruses, so it is important that
you have the latest definitions installed on your Interruptions and Delays
computer. Intrusions Information Manipulation
What is an Anti-Virus? Information Theft
Once you have installed an anti virus package, Error
you should scan your entire computer
periodically. Always leave your Anti-virus Denial of Service Attacks
software running so it can provide constant
Malicious Software
protection.
Website
Automatic scans- Depending what software you
choose; you may be able to configure it to Defacements Extortion
automatically scan specific files or directories
and prompt you at set intervals to perform
complete scans. Sniffing Spoofing Con Artists Phishing

Fraud
Risks in Information and Technology • Accessing or using a computer with the intent
to commit a fraudulent or other criminal act. •
Chapter 4
This can refer to illegally obtaining restricted
data or confidential financial information, Website Defacements
damaging or destroying information contained
• Is an act of gaining unauthorized access to an
in a computer.
environment or website. Extortion
Service Interruptions and Delays
• The practice of trying to get something
• An interruption in transmission that renders through force, threats or blackmail Sniffing
the Service unusable due to a total loss of signal
• Process of monitoring and capturing all data
for the Service
packets passing through given network •
Intrusions Sniffers are used by network/system
administrator to monitor and troubleshoot
• the act of wrongfully entering upon, seizing,
network traffic. Attackers use sniffers to capture
or taking possession of the property or
data packets containing sensitive information
information of another individual
such as password, account information etc.
Information Manipulation
Spoofing
• trying to get someone to believe something
• Specific type of cyber-attack in which
untrue is deceit. The type of communication
someone attempts to use a computer, device,
created by such deceitful intent is called a
or network to trick other computer networks by
deceptive message
masquerading as a legitimate entity
Information Theft
Con Artists
• Also known as identity fraud, is a crime in
• A person who cheats or tricks others by
which an imposter obtains key pieces of
persuading them to believe something that is
personally identifiable information (PII), such as
not true
Social Security or driver's license numbers, to
impersonate someone else. Phishing

Error • Type of online scam where criminals

impersonate legitimate organizations via email,
• An act or statement that is not right or true or
text message, advertisement or other means in
proper.
order to steal sensitive information.
• Error is used for failure to follow a model
correctly.
ISO
Denial of Service Attacks
272002:2005 - Defines Information Security as
• An attack meant to shut down a machine or
a prevention of the following:
network, making it inaccessible to its intended
users. Ensuring that

Malicious Software information is accessible only to those

Authorized to have access
• Any type of software that is intended to harm
or hack the user. • Attempt to steal your Safeguarding the
information, or they might simply do it for
accuracy and
malicious reasons.
completeness of information or personal data, and generating
profit
information and

processing methods
Computer Criminals
Ensuring that authorized users have access to
information and

associated assets when required Organized Crime

•Confidentiality • Individuals and groups with ongoing working

•Integrity relationships who make their living

•Availability primarily through activities that one or more

states deem illegal and criminal

Computer Criminals
Hacker
• A person who uses computers to gain
unauthorized access to data
Script Kiddies
• a relatively unskilled individual who uses
scripts or programs, such as a web shell,
Terrorist
• A person who uses unlawful violence and
intimidation, especially against civilians, in the
pursuit of political aims.
Insider
• A person within a group or
organization,
especially someone privy to information
unavailable to

developed by others to attack computer others.

systems and networks and

deface websites,

according to the

programming and

hacking cultures

Cyber-Criminals

• People who use

INFORMATION TECHNOLOGY Contents:
technology to commit malicious activities on
⮚ Introduction
digital systems or
⮚ History of IT
networks with the

intention of stealing sensitive company ⮚ Present role of IT

⮚ Hardware and Software
⮚ Advantages & Disadvantages of IT
⮚ Benefits from IT
1 resources of their seperate offices. In this way
INFORMATION
TECHNOLOGY
Information technology is a contemporary term
that describes the combination of computer
technology (hardware and software) with
telecommunications technology (data, image,
and voice networks).
2 into information
In some companies, this is referred to as
Management Information Services (or MIS) or
simply as Information Services (or IS).
These innovations enable the processing and
storage of enormous amounts of information,
along with rapid distribution of information
through communication networks
 IT has enabled the globalisation of the
economy and competition, and caused large-
scale changes in many industries
 IT is also bringing a major shift in the job
market; resulting in a more polarised
occupational structure, consisting of
highly skilled=well paid jobs
lower skilled=low wages 3
Communication: Basic need for most human
activities
Tarditional- telephone, fax, mail...
In the new information era- e-mail, internet,
video conferencing
The new communication technology enables
people located in different places to work
together as if they were in the same office. Big
multinational companies are already exploiting
this technology to achieve better use of the
projects can be shared between offices with
the application of the best expertise, and
around the clock
4
5
Computer Use
The purpose of a computer is to process data
 Data consist of the raw facts and figures that
are processed into information
 Information is data that has been summarized
or otherwise manipulated for use in desicion
making
Hardware and Software
 Hardware consist of all the machinery and
equipment in a computer system
 Software , or programs , consist of all the
electronic instructions that tell the computer
how to perform a task
6
Hardware and software
revolution
 The diminishing cost of personal computers
has put computing power within the reach of
even the smallest contractors.
 Rapidly developing hardware performance,
coupled with the development of storage
drives with very large volumes, modems,
scanners, and back up devices has made the
computer suitable for storage and distribution
of drawings and other data in electronic
format.
 The evolution of servers, network cards,
modems and routers have linked computers
together providing a forum for community
collaboration.
7 ❖ Telemedicine
Internet
The value of the Internet to construction
companies derives from its ability to easily
connect globally to a vast amount of data,
which would otherwise have taken more time
and money to organise. By exploiting the
resources of the Internet construction
companies can gain the following benefits.
 Acceleration in the distribution of knowledge
resources within and out with the company 
Promotion and marketing for the company
8 was used by those who worked in places like
On-line services: The rapid development of the
Internet and the World Wide Web has enabled
many services that traditionally required face to
face meetings to be delivered on-line.
Internet distance learning: opportunities of
university education, widening access to higher
education (delivering teaching and learning to
people who cannot attend lectures)-increases a
country’s competitiveness in a global market.
E-business: Internet provides a virtual market
place for buyers, suppliers, distributors and
sellers to exchange information, negotiate and
trade
Teleworking: Flexibility in working conditions,
less office space, more productive workers.
9 the world moved into the information age.
How is information technology being used in
education?
❖ E-mail
❖ Distance learning
How are computers being used in health and
medicine?
❖ Robots
How will computers affect my financial matters?
❖ Virtual money
❖ Micro-Credits
10
History and Development of Information
Technology
In the 1960s and 1970s, the term information
technology (IT) was a little known phrase that
banks and hospitals to store information. With
the paradigm shift to computing technology
and "paperless" workplaces, information
technology has come to be a household phrase.
It defines an industry that uses computers,
networking, software programming, and other
equipment and processes to store, process,
transmit, and protect information.
11
Software development and computer
programming were best left to the computer
scientists and mathematical engineers, due to
their complicated nature. As time passed and
technology advanced, such as with the advent
of the personal computer in the 1980s and its
everyday use in the home and the workplace,
12

Modern Technology
By the early 21st century, nearly every child in
the Western world, and many in other parts of
the world, knew how to use a personal
computer. Businesses' information technology
departments have gone from using storage
tapes created by a single computer operator to
interconnected networks of employee
workstations that store information in a server
farm, often somewhere away from the main
business site.
13
Technology facilitate our life
Technology and information may be regarded as
two things are mutually binding. Both support
functions that are fairly similar. Advances in
technology are always facilitate the delivery of
information. The rate information from one
country can spread rapidly to other countries,
even to all countries, through increasingly
sophisticated technology.
Advances in information technology provide
enormous benefit in human survival.
Information technology can provide facilities in
various aspects of life. One area of life that has
a close relationship with the use of information
technology is the world of work.
14
Impact of Advanced Information Technology
Advances in information technology is to be
grateful and appreciated as a remarkable
achievement. Therefore, we must take
advantage of advances in information
technology is to do positive things. Why is that?
In fact, advances in information technology not
only provides a positive effect. Many also
brought along the negative impact of
information technology advances.
15
Here's a positive impact of information
technology development.
 Make it easier for companies or individual
business transaction-based information
technology or so-called E Commerce.
 Simplify access to information needed for
various purposes.
16
Besides positive impacts, advances in
information technology have a negative effect.
 The rapid advancement in information
technology, internet and other media, facilitate
the entry of banned sites and violence.
 Ease of transactions via the Internet will
provide opportunities to perform transacts
forbidden, such as drug and contraband
transactions.
As a result, anything that is required is
completed in quick time to be done by utilizing
flash technology as well. Finally, human life can
not be separated from the flow of information
technology.
17
The Role of IT
 It is accepted that telecommunication is a
basic infrastructure necessary for economic and
social development of a country.
 This is even becoming more strong than ever
as information related economic activities are
growing.  Information and communications
technology may be described as the support of
the central nervous system of complex
societies, transmitting and processing
Thank you for your attention 21
information and commands among the various
parts of such societies.

 Internet plays a fundamental function in IT

role 18

Benefits from IT

Information and communications technology

carries on high promise both in human and
economic terms.

Benefits could be obtained in:

 Education

 Job training

 Health care

 Food security

 Environment management

 Government efficiency

19

IT is useful in all areas Many tourism businesses

are involved in developing their internet
services including traditional travel agents, tour
operators, national tourist offices, airlines,
hotels and other accommodation providers and
car hire firms.

20