Cyber Security

Unit-1
What is Cyber Security?
The technique of protecting internet-connected systems such as
computers, servers, mobile devices, electronic systems, networks, and
data from malicious attacks is known as cybersecurity. We can divide
cybersecurity into two parts one is cyber, and the other is security.
Cyber refers to the technology that includes systems, networks,
programs, and data. And security is concerned with the protection of
systems, networks, applications, and information. In some cases, it is
also called electronic information security or information
technology security.
 Unit-1
• Information System
• Type of information system
• Development of information system
• CIA model of Information Characteristics
• Introduction to Information Security
• Need of Information Security, Cyber Security, Business need
• Ethical and Professional issues of security.
 Information System

An information system can be defined as a set of interrelated

components that collect, manipulate, store data, distribute
information to support decision making and provide a
feedback mechanism to monitor performance. It may also
help the manager and workers to analyze problems, visualize
complex subject, and create new products. Software,
Hardware, information system users, computer system
connections and information, and the system's housing are all
part of an Information System.
 Components of Information System
The components that must be combined together in order to produce an information system are:
People: Peoples are the most essential part of the information system because without them the system cannot be
operated correctly.
Hardware: It is the part of a physical component of an information system which we can touch. The information
system hardware includes the computer, processors, monitors, printer, keyboards, disk drives, iPads, flash drives, etc.
Software: It is a set of instruction that tells the hardware what to do. It can be used to organize, process and analyze
data in the information system.
Data: Data is a collection of facts. Information systems work with data. These data can be aggregated, indexed, and
organized into tables and files together to form a database. These databases can become a powerful tool for every
businesses information system.
Network: It includes internet, intranet, extranet to provide successful operations for all types of organizations and
computer-based information system.
Procedures: It specifies the policies that govern the operation of an information system. It describes how specific
method of data are processed and analyzed to get the answers for which the information system is designed.
Feedback: It is the component of an information system which defines that an IS may be provided with feedback.
Decision-Making Information System

EIS is designed in such a way that it can be

operated directly by executives without
the need for intermediaries.
1. Executive Information Systems (EIS)
It is a strategic-level information system which is found at the top of the Pyramid. Its primary goal is to provide
information gathered from both internal and external sources to the senior executives and management to analyze the
environment in which the organization operates, and to plan appropriate courses of action for identifying the long-term
trends. It can also be used to monitor organization performance as well as to identify opportunities and problems. EIS is
designed in such a way that it can be operated directly by executives without the need for intermediaries.

•It is concerned for ease of use.

•It supports unstructured decisions.
•It concerned with predicting the future.
•It is highly flexible.
•It is effective.
•It uses both internal and external data sources.
•It is used only at the higher levels of authority.
2. Decision Support Systems
A DSS or Decision Support System is a computer application program used by senior managers to analyze the
business data and presents it in that form in which the users can make business decisions more easily. These systems
are usually interactive and can be used to solve ill-structured problems in an organization. It helps in exchanging the
information within the organization.
The role of Decision Support System are:
•It supports ill-structured or semi-structured decisions.
•It is used by senior managerial levels.
•It has analytical and/or modeling capacity.
•It is concerned with predicting the future.
3. Management Information Systems
MIS or Management Information System is the use of information technology, people, and business processes to record,
store, manipulate, and process data to produce meaningful information. These information helps decision makers to
make day to day decisions correctly and accurately. It is used to make a tactical decision (middle-term decision) to
ensure the smooth running of an organization. It also helps to evaluate the organization's performance by comparing
previous outputs with current output.
The role of Management Information Systems are:
•It is based on internal information flows.
•It supports relatively structured decisions.
•It is inflexible and has a little analytical capacity.
•It is used by lower and middle managerial levels.
•It deals with the past and presents rather than the future.
4. Transaction Processing Systems
TPS or transaction processing system is a type of information processing system for business transactions that involve the
collection, storage, modification and retrieval of all data transaction of an enterprise. The characteristics of a Transaction
Processing System includes reliability, performance, and consistency. A TPS is also known as real-time processing.

The role of Transaction Processing System are:

•It produces the information for other systems.
•It is used by operational personnel plus supervisory levels.
•It is efficiency oriented.
CIA Model of Information Characteristics
• Confidentiality – restrict access to authorized individuals
• Integrity – data has not been altered in an unauthorized manner
• Availability – information can be accessed and modified by
authorized individuals in an appropriate timeframe. Assurance
that the systems responsible for delivering, storing and
processing information are accessible when needed, by those
ty who need them

In
ali

teg
ti

rit
en

y
fid

Information
n

Security
Co

Availability

CIA Model of Information

Development of Information System
Need of Information Security
Need for Information Security
Companies have realized the need and importance of information security and taken steps to be included among
organizations known to have the most secure IT infrastructure. As a result, enormous capital is spent every year
from companies’ budgets to protect the critical information that forms the foundation of their business. Below
are a few reasons why information security is critical to the success of any organization

To prevent data breaches

A data breach resulting in the loss of critical business information is quite common. Due to a large amount of data
stored on company servers, businesses often become the main target of cyber-criminals if the network is
unprotected. The breaches involving business secrets, confidential health information, and intellectual property
can greatly impact the overall health of a business.
To check for compromised credentials and broken authentication
Data breaches and other cyber attacks are usually a result of lax authentication, weak passwords, and poor
certificate or key management. Companies often struggle with assigning permissions to appropriate users or
departments, resulting in identity theft.
To avoid account hijacking
Phishing, fraud, and software exploitations are still very common. Companies relying on cloud services are
especially at risk because they are an easy target for cybercriminals, who can eavesdrop on activities, modify
data and manipulate transactions. These third-party applications can be used by attackers to launch other attacks
as well.
To mitigate cyber threats from malicious insiders
An existing or former employee, a cunning business partner, a system administrator or an intruder can destroy the whole
information infrastructure or manipulate data for their own purpose. Therefore, it is the responsibility of an organization to
take effective measures to control the encryption process and keys. Effective monitoring, logging, and auditing activities
are extremely important to keep everything under control.

Types of Information Security Controls

There are three different types of information security controls used to protect data.
Physical Control: Physical controls are the simplest form of information security. These are the things that can actually
be touch and seen, such as password-protected locks to avoid unauthorized entry to a secure server room, alarm systems,
fences and more.
Administrative Control: These controls mainly involve manual efforts to ensure data security. These include enforcing
policies, standards, guidelines and following procedures to ensure business continuity and data protection. Some of the
examples of administrative controls include disaster recovery plans, internet usage policies and termination procedures.
Technical Control: These controls are considered the most effective of all because they make use of the latest
technologies and systems to limit access to information. Some of the examples of technical controls include firewalls,
anti-virus software, file permissions, access control lists and cutting-edge data security technologies that are hard to
penetrate.
Ethical and Professional issues of security
Ethical issues faced by organizations in information technology are generally
concerned with privacy, property rights, or the effects of an activity on society. Some
of the common ethical issues in the cyber world are as follows:

Privacy
Nowadays, computer users can access different information from various servers
located all over the world. Though the users have their private computer, tools, and
operating system, their network is distributed at a large scale when they try to access
information. As a result, their information is likely to be disclosed to various
organizations, and their privacy is not maintained.

Furthermore, hackers often intrude into the computer system of people and access the
user's information without authorization. Some organizations also sell the information
and data of their users. This also raises the question of user information privacy.
Access right
Lots of industries use computer software and technology to provide services to their
customers. This software should be capable of preventing unauthorized access to the
system.
Especially in payment or banking software, the developers need to create software that
guarantees authorized access and stops malware, viruses, or unauthorized access to the
system.
Prevention of loss
According to this ethical principle, information technology should not be used in a
manner that would cause harm or loss of property, information, ownership, or
destruction of the property. The employees, users, and other public should use all the
equipment with care to prevent any severe loss.
In computer science, ethics are regarded as how professionals
make decisions for professional and social conduct. There are
rules and practices that determine what is right or wrong. Ethical
issues occur when a decision or activity creates a dispute with
society's moral policies. They could be generated due to an
individual or an entire organization.