MIS Contemporary Topic (Part 02)

5. Information Security & Information Systems Security

What is Information Security?

Information security, sometimes abbreviated to infosec, is a set of practices intended to keep data
secure from unauthorized access or alterations, both when it's being stored and when it's being
transmitted from one machine or physical location to another. It is sometimes referred to as data
security. As knowledge has become one of the 21st century's most important assets, efforts to
keep information secure have correspondingly become increasingly important.

What is Information Systems Security?

Information system security refers to the processes involved with keeping the elements of
information systems safe from unauthorized access, theft or damage. Although IS security is a subset
of INFOSEC, IS security is as much important as INFOSEC for an organization since information is
nowadays stored in the computer system rather than in hardcopy for easier access. Therefore, if
information system is not secured, information is not secured and therefore, there will be a breach in
the security. IS security mainly deals with risks, threats and vulnerabilities.

Internet Threats and How system can be affected?

Malware programs
Malware programs are those which are specifically designed to gain unauthorized access, disrupt
or damage to a computer system, client or network. They are designed to enter a computer by the
user unconsciously with an ability to replicate themselves to gain access easily, destroy files/data
and disrupt the performance of the system or even may cause to system crash. They are often
spread over the Internet from files of downloaded software from unknown source; from files
attached to e-mail transmissions; or online ads. Most of the malware programs encountered by
business organization are designed to gather information and transmit regular reports back to the
developer of the program.
Virus – A computer virus is a type of malicious software program that replicates itself by modifying
other computer programs when executed and gain access to the computer.

Trojan horse – A Trojan horse is a malware which appears to be legitimate but take control of
the computer to damage, disrupt or steal data of the system or the network.

Worms – Worms are also designed to replicate other programs in system to gain control over the
system. Worms are standalone malware that can spread itself to the network to access it unlike
viruses that need a host to execute them.
Hacking
Hacking is one of the most common security risks related to computerized information systems.
It is a process in which someone intends to gain unauthorized access by bypassing a computer
system. Hackers gain unauthorized access by finding weaknesses in the security protections
websites and computer systems employ often taking advantage of various features of the Internet
that make it an open system and easy to use. Crackers are, on the other hand, can destroy, steal or
even prevent authorized users from accessing this system for personal gains. There are several
hacking attacks.

Phishing – Phishing is the most notable hacking incidents which defines the fraudulent attempt
to obtain sensitive information by disguising itself as a trustworthy entity.

Spoofing – Spoofing involves impersonating as another device or user on a network to gain

access and launch a large cyber-attack like stealing data, attacking hosting server or bypassing
access controls.
Sniffing – Sniffing refers to monitoring and capturing all data packets passing through a
network. Although sniffing is used to troubleshoot network traffic, attackers use sniffers to
capture important data such as credit card information, account password etc.

DDOS Attack – Known as Distributed denial-of-service attack, it is a malicious attempt to disrupt

normal traffic of a targeted server, service or network by overwhelming the target or its surrounding
infrastructure with a flood of internet traffic. DDOS results in victims being unable to access systems
and network resources. This is one of the most common attack as almost 80 percent of the world’s
malware are delivered by botnet, the main weapon in DDOS attack.

Cyber Vandalism
Cyber vandalism generally is a process of damaging any online content in a malicious manner. It
involves adding, removing or modifying a content which is offensive. Cyber vandalism,
however, only seeks to damage, destroy or disable data, computers or networks. Logic bomb is
the most notable cyber vandalism which refers to a piece of code intentionally inserted into a
software system which sets off a malicious function when some conditions are met.

Cyber Theft
Cyber theft refers to the illegal act of taking and using something without the owner’s permission
which is carried out by means of computers or the internet. There are several types of Cyber
theft. Data theft, identity theft, physical theft etc. are the notable ones.
Data theft basically involves making copies of important files or information with or without
causing any harm to the originals. Most of the organizations are vulnerable to data theft as their
activities heavily rely upon access to corporate databases. Identity theft, whereas, is a crime in
which an imposter obtains key pieces of personal information to impersonate someone else. The
imposter phishes up by fake websites or businesses that request confidential information.
IS Security in context of BD-ICT Act

BD-ICT Act was enacted in 2006 to provide legal recognition and security of Information and
Communication Technology. Chapter 4, 5, 6 and 7 of this Act mainly focuses on securing
electronic records and digital signatures which states that –
• Within a certain verification time, a security procedure should be applied for electronic
record to be deemed as secure electronic records/digital signatures. (Section 16, 17)
• Any person may make an application for a license to issue digital signature certificates
before fulfilling requirements and the license needs to be renewed when the certified period is
over. [Section 22(1), (2), 24]

• The subscriber shall apply required security procedure to ensure the purity of digital
signature certificate issued by a certifying authority. (Section 41)

• Punishment for tampering source code, hacking computer system, failing to surrender
license, unauthorized access to protected systems (From Section 54 to Section 67)

How IS can be secured

Information is one of the most vital assets of an organization since all the daily actions of
employees and employers are depending on information. Therefore, appropriate measures ought
to be implemented to secure information system to keep information safe. They are –

Implementing a proper system

Models like V-Model, SLDC (System Development Life Cycle), RAD (Rapid Application
Development) etc. ought to be properly implemented so that IS can be used effectively and
secured for many years.

IS Controls
IS controls is a set of the methods and devices that are used to ensure the accuracy, validity and
propriety of information system activities. It is mainly used to monitor and maintain quality and
security of the IS activities. Companies need to know what controls they must have in place for
IS security.

Developing security policy

A security policy consists of statements ranking information risks, identifying acceptable
security goals and identifying the mechanisms for achieving these goals. The security policy
drives other policies determining acceptable use of the firm’s information resources and which
members of the company have access to its information assets which can also be called Acceptable
Use Policy (AUP).
Assessing Risk
Risk assessment determines the level of the risk of a company if a specific activity or process is
not properly controlled. Although not all risk can be measured or averted, it is important to
understand the risk so that initiatives can be taken to avert future risks.

Business Continuity Planning

Business continuity planning focuses on how the company can restore business operations after
the disaster strikes. If somehow IS services is disrupted, it is very important to restore the
services as soon as possible by focusing on technical issues keeping systems up and running.

Firewall
Firewall is normally a network security system that monitors and controls incoming and
outgoing network traffic based on predetermined security rules. Firewalls have been the
foundation of network security being the first line defense and establishing a barrier between
secured internal networks and untrusted outside networks. All messages or unknown files must
pass through the firewall which examines and blocks those that don’t meet the specified security
criteria. There are several types of firewall such as packet filtering, web application firewall,
proxy server etc. Firewall in IS can be a big weapon to protect information of the company from
being theft or damaged by hackers.

Anti-Virus
Antivirus are the most-common software programs which are used to detect, prevent, and
remove malwares in any device. They have a heuristic checking option in which they scan
programs/files for types of unusual behavior that helps to indicate viruses, terminates them from
executing and pushes in to quarantine. It is recommended for companies to use antivirus in their
devices or systems to protect sensitive information resided in them being hacked or theft which
provides convenience and cost-efficiency eventually.

Identity Management Software

Identity Management software can be used with a view to increasing security and productivity of
a company. They also ensure regulatory compliance and optimize user experiences.

MIS Audit
MIS Audit is an examination of the controls within an IT infrastructure. The evaluation of
obtained result determines if the IS are safeguarding assets, maintaining data integrity and
operating effectively to achieve goals.
 6. Telecommunication & Infrastructure of Telecommunication

Telecommunication companies in Bangladesh:

The mobile market in Bangladesh involves some licensed mobile operators: Grameenphone,
Robi (which recently merged with Airtel), Banglalink and state-owned Teletalk. Currently,
virtual network operators (MVNOs) do not operate in Bangladesh, however the BTRC has been
assessing the feasibility of allowing them to enter the market.
The mobile market of Bangladesh underwent its first major in-country consolidation in 2016,
following the merger of Robi (Axiata) with Airtel, which created the second largest operator by
the number of connections. At the end of 2017, Grameenphone held a 46% share of total
connections, followed by Robi (28%), Banglalink (23%), and Teletalk (3%). CDMA-based
Citycell (Pacific Bangladesh) had effectively been closed since the final quarter of 2016; the
BTRC suspended its operating license due to the nonpayment of dues.
 7. E-Business, E-Commerce, E-Government, E-Marketing, E-Learning (Web based
learning), E-Book, OER, Data quality & Data administration, Domotics (Home
Automation), Smart Vehicles, IoT (Internet of Things)

E-Business:
The use of the web, Internet, intranets, extranets etc. to conduct business is known as “E-
Business” (Electronic Business). It is composed of wide range of business processes, such as:
Supply chain management, electronic order processing and customer relationship management.
Example: Fiverr, Upwork, eBay etc.

E-Commerce:
The buying and selling of goods and services or, the transmitting of funds or, data over an
electronic network, primarily the internet is called “E-Commerce” (Electronic Commerce). There
are 6 basic types of e-commerce. They are: Business-to-Business (B2B), Business-to-Consumer
(B2C), Consumer-to-Consumer (C2C), Consumer-to-Business (C2B), Business-to-
Administration (B2A) and Consumer-to-Administration (C2A). It can be said that, “All e-
commerce are e-businesses but, all e-businesses are not e-commerce”.
Example: Amazon, Flipkart, etc.

E-Government:
The use of technological communication devices, such as: Computers, internet etc. to provide
public services to citizens and other persons in a country or, region is called “E-Government”
(Electronic Government). There are four types of e-government services. They are: Government-
to-Citizen (G2C), Government-to-Business (G2B), Government-to-Employee (G2E), and
Government-to-Government (G2G).
Example: E-procurement, filling of tax returns, ID renew etc.

E-Marketing:
“E-Marketing” (Electronic Marketing) is the process of marketing a product or, service using the
Internet. It is also known as “Internet Marketing”,” Web Marketing”, “Digital Marketing”, or,
“Online Marketing”. It ensures easy monitoring of the marketing activities as well as fast paced
transactions with minimum time.
Example: Social media marketing, affiliate marketing, content marketing, e-mail marketing etc.

E-Learning (Web-Based Learning):

A learning system based on formalized teaching with the help of electronic resources is known
as “E-Learning” (Web-Based Learning). The major components of E-learning are the use of
computers and the Internet.
Example: Coursera, Datacamp and various other online institutions that provide students with
learning opportunities.

E-Book:
A book publication made available in digital form consisting texts, images or, both, readable on
the flat-panel display of computers or, other electronic devices is called an “E-Book” (Electronic
Book).

OER:
Open educational resources (OER) are freely accessible, openly licensed text, media and other
digital assets that are useful for teaching, learning, and assessing. They are also used for research
purposes.
Example: Coursera, EdX etc.

Data Quality & Data Administration:

The state of qualitative and quantitative information that helps in the decision-making process is
called “Data Quality”. Again, the process by which data is monitored, maintained and managed
is called “Data Administration”.

Domotics (Home Automation):

A network of hardware, communication and electronic interfaces that work to integrate everyday
devices with one another via the Internet is called “Domotics” (Home automation). Each device
has sensors and is connected through WiFi and can be managed by smart phones or, tablets
either from home or, from outside.
Example: Automatically turning down the air conditioning systems when the external
temperature drops.

Smart Vehicles:
The vehicles that have advanced electronics and may use artificial intelligence to enhance or,
automate its control are called “Smart Vehicles”.
Example: Smart Fortwo car.

IOT (Internet of Things):

A computing concept that describes the idea of everyday physical objects being connected to the
internet and being able to identify themselves to other devices is called “Internet of Things”
(IOT).
Example: Smart phones, electronic appliances and gadgets that can be operated with the help of
internet.
 8. Virtual Reality, Augmented Reality (AR), Block Chain,

Quantum Computing, Distributed cloud

Virtual Reality

Virtual Reality (VR) is the use of computer technology to create a simulated environment. Inside
of putting a screen in front of the user, VR serves as an immersive experience that allows users
to interact with 3D worlds. The computer serves as a gatekeeper to the artificial world as it
stimulates the user’s senses such as vision, hearing and touch. Leaders in the VR field include
HTC Vive, Oculus Rift and PlayStation VR.

Virtual Reality can be applied in training and education. It can be used to train medical students
for complex surgeries, to train astronauts for space travel and for military training. VR aids
prototyping, assembly and performance use-cases in engineering and robotics. Virtual Reality
Exposure Therapy (VRET), combined with behavioral therapy, is used to treat PTSD and
phobias. VR is also used for entertainment in video games and cinema.

In business, VR can be used as an alternative channel for digital marketing. It can be applied to
online shopping, to simulate the steps of a purchase. Companies can use VR for efficient
recruitment by engaging them in scenarios of different problems. VR can also make
communication easier by allowing teams to attend meetings in a virtual environment instead of
having to physically travel.

Augmented Reality

Augmented Reality (AR) is an interactive experience of a real world environment where real-
world objects are enhanced using computer generated perceptual information. AR is a
combination of real and virtual worlds, allowing real time interaction and accurate 3D
registration of virtual and real objects. Leading companies in augmented reality include Apple,
Microsoft, Niantic, Zappar and Lucyd.

AR can be used for design and modeling, allowing professionals to visualize their final product
beforehand. An industrial use of AR is in repair and maintenance, to suggest potential fixes and
point out trouble areas. AR can also aid in classroom education by providing a rich learning
environment for students.

A smart phone or a tablet can be an AR platform to create a shopping environment for customers
to compare prices and look up information. AR presents an opportunity to reduce costs and
increase efficiency in business logistics including transportation, warehousing and route
optimization.
Blockchain

Blockchain is a series of records, called blocks, which are stored in a public database referred to
as the chain. The blocks are linked using cryptography. They have three parts. They store
information about a transaction, about who is participating in the transaction and also store
information that distinguishes them from the other blocks.

Blockchain technology can be used to create a permanent, public, transparent ledger system for
compiling data on sales. Blockchain technology has also been adopted in the distribution of
music. Blockchain domain names are also being used.

Blockchain is being widely used in the financial industry, implementing distributed ledgers for
use in banking. The technology can also be used to pay employee their salaries. Blockchain can
also improve efficiency and transparency of supply chains by allowing retailers, wholesalers and
manufacturers to quickly find out the inefficiencies in the system.

Quantum Computing

Quantum computing is the use of quantum-mechanical phenomena such as superposition and

entanglement to perform computation. Quantum computing harnesses and exploits the laws of
quantum mechanics to process information. Quantum computing uses quantum bits, or qubits, to
encode information as 0s, 1s or both.

Investors and analysts can turn to quantum computing to evaluate a large distribution of
outcomes in a financial market. It can also perform financial operations such as arbitrage,
outpacing the capacity of a digital computer. Quantum computing can also be applied in other
areas of business such as portfolio optimization, asset pricing, risk analysis, market predictions
and valuations of stocks and bonds.

Distributed Cloud

Distributed cloud is a file system that allows several clients to have access to data and support
operations. It has a geographically dispersed infrastructure that primary runs services at the
network’s edge. The distributed cloud model reduces latency, network congestion and risk of
data loss.

Distributed cloud can reduce wide-area traffic. Autonomously moving trucks can locally process
data from on-board and road sensors, with their path being monitored from a distributed cloud.

Distributed cloud can be used by teams working together from different geographical locations,
by having access to the same resources and the work done by their peers. In the same way, it can
also be used in education.