INFORMATION

MANAGEMENT
ASSIGNMENT
R.KARTHIKEYAN
I YEAR MBA
2 marks:

1) What is the role of internet security?

The role of internet security is to safeguard digital information and systems from
unauthorized access, attacks, or damage. It involves implementing measures like firewalls,
encryption, and antivirus tools to protect against cyber threats and ensure the confidentiality,
integrity, and availability of data.

2)Define Intranet?
An intranet is a private network within an organization that uses internet protocols and
technologies. It allows employees to share information, collaborate, and access internal resources
like documents, databases, and communication tools. Intranets are used to facilitate efficient
communication and collaboration among members of an organization while maintaining a secure
and controlled environment.
3)Define disaster management?
Disaster management, also known as emergency management or crisis management, involves the
systematic planning, coordination, and implementation of measures to mitigate the impact of disasters.

4)What is denial of service?

A Denial of Service (DOS) is a cyber-attack where the objective is to disrupt the normal functioning
of a computer system, network, or online service by overwhelming it with a flood of illegitimate requests
or traffic.

5)Provide any two example for Computer crime?

1.Identity Theft: This involves stealing someone's personal information, such as Social Security
numbers, credit card details, or passwords, with the intention of impersonating the victim for fraudulent
purposes.
2.Malware Attacks: Malicious software, or malware, is designed to harm or exploit computer
systems. Examples include viruses, worms, and ransomware.
10 marks:
6) Write short notes on significance of knowledge based decision support system?
1.Informed Decision-Making: - Knowledge-based DSS integrates data and expertise, providing
decision-makers with comprehensive information for making informed choices.
2. Complex Problem Solving: - It excels in handling complex problems by utilizing domain-
specific knowledge to analyze intricate scenarios and recommend effective solutions.
3. Improved Strategic Planning: - The system supports strategic planning by offering insights
derived from a wealth of accumulated knowledge, helping organizations align decisions with long-term
goals.
4. Enhanced Efficiency: - Knowledge-based DSS automates decision processes, increasing
operational efficiency and reducing the time required for decision-making.
5. Adaptability to Change: - In dynamic environments, the system's ability to learn and adapt
enables organizations to respond effectively to changes in markets, technologies, or regulatory
landscapes
. 6. Facilitation of innovation: - by leveraging accumulated knowledge, the DSS stimulates
innovation by providing a platform for creative problem-solving and ideation.
7. Risk management: - it aids in risk assessment and mitigation by analyzing potential risks based
on historical data and expert knowledge, enabling proactive risk management strategies.
8. Cross-functional collaboration: - knowledge-based DSS promotes collaboration across
various departments and levels within an organization, fostering a holistic approach to decision-
making.
9. Continuous learning: - the system's learning capabilities allow it to evolve over time, adapting
to new information and improving its decision-making accuracy through continuous learning
processes.
10. Competitive advantage: - organizations leveraging knowledge-based DSS gain a competitive
edge by making strategic decisions based on a deep understanding of their industry, market trends,
and internal capabilities.
7)Discuss the need for internet security in information methods and explain the control measures of
information system?
Internet security is crucial in information systems to safeguard against various threats, such as
unauthorized access, data breaches, and cyber-attacks. It ensures the confidentiality, integrity, and
availability of sensitive information. Control measures are implemented to mitigate risks and enhance
overall system security.
1. Authentication: - Verify the identity of users, devices, or systems through passwords, biometrics, or
multi-factor authentication.
2. Encryption: - Protect data by converting it into a secure code that can only be deciphered with the
appropriate encryption key.
3. Firewalls: - Establish a barrier between a trusted internal network and untrusted external networks,
monitoring and controlling incoming and outgoing network traffic.
4. Antivirus Software: - Detect and remove malicious software to prevent it from compromising the
system.
5. Intrusion detection and prevention systems (IDPS): - monitor network and/or system activities
for malicious activities or security policy violations, taking preventive actions if necessary.
6. Regular software updates: - keep operating systems, applications, and security software up to
date to patch vulnerabilities and strengthen defenses.
7. Access control: - limit and manage user access to systems and data based on their roles and
responsibilities, reducing the risk of unauthorized access.
8. Security policies and procedures: - establish clear guidelines for handling information,
defining roles and responsibilities, and ensuring compliance with security standards.
9. Security awareness training: - educate users about potential security threats, safe online
practices, and the importance of adhering to security policies.
10. Incident Response Plan: - Develop a plan outlining steps to be taken in case of a security
incident, facilitating a swift and effective response to minimize damage.
11. Regular Audits and Monitoring: - Conduct routine audits to assess the effectiveness of
security controls and monitor system activities for signs of potential security breaches.
12. Physical Security Measures: - Protect physical access to servers and network infrastructure to
prevent unauthorized individuals from tampering with hardware.
8)Illustrate the types of is vulnerabilities with remedial measures with suitable example?
1. Software Vulnerabilities: - Example: Unpatched software with known vulnerabilities. -
Remedial Measures: Regularly update software and apply security patches to fix known
vulnerabilities. Employ automated tools to scan for and identify outdated software.
2. Weak Authentication: - Example: Using easily guessable passwords or not implementing
multi-factor authentication. - Remedial Measures: Encourage strong, unique passwords and
implement multi-factor authentication to enhance user verification.
3. Insufficient Access Controls: - Example: Allowing unnecessary privileges to users, leading to
unauthorized access. - Remedial Measures: Implement the principle of least privilege, regularly
review and adjust user permissions based on roles and responsibilities.
4. Phishing Attacks: - Example: Deceptive emails tricking users into revealing sensitive
information. - Remedial Measures: Conduct regular phishing awareness training, use email
filtering systems, and implement robust spam filters.
5. Malware Threats: - Example: Downloading and executing malicious software. - Remedial
Measures: Install reputable antivirus software, keep systems updated, and educate users on safe
browsing habits.
6. Social engineering: - example: manipulating individuals into divulging confidential
information. - Remedial measures: educate employees on social engineering tactics, establish
clear communication protocols, and verify identities before sharing sensitive information.
7. Lack of data encryption: - example: transmitting sensitive data over unsecured networks
without encryption. - Remedial measures: implement encryption protocols (Example: SSL/TLS)
for data in transit and use encryption for sensitive data at rest.
8. Unsecured APIS: - example: exploiting vulnerabilities in poorly secured application
programming interfaces (APIS). - Remedial measures: regularly assess and secure APIS, validate
user input, and implement proper authentication and authorization controls.
9. Inadequate logging and monitoring: - example: failing to detect suspicious activities in real-
time. - Remedial measures: implement robust logging mechanisms, regularly review logs, and
employ intrusion detection systems for timely detection of security incidents.
10. Physical security risks: - example: unauthorized access to servers or network infrastructure.
- Remedial Measures: Implement access controls, surveillance, and physical security measures to
restrict and monitor physical access to critical infrastructure.
9)List and explain different types of computer network?
1. Local area network (LAN): - A LAN is a network that covers a small geographical area,
typically within a single building or campus. It allows for high-speed data transfer and resource
sharing among connected devices.
2. Wide area network (WAN): - wans cover a larger geographical area, often connecting lans
across cities, countries, or even continents. The internet is an example of a global WAN.
3. Metropolitan area network (MAN): - A MAN spans a city or a large campus, providing
connectivity between multiple lans. It offers higher data transfer rates than wans and is suitable for
interconnecting various local networks within a specific metropolitan area.
4. Personal area network (PAN): - pans are small, personal networks designed for individual
users. Examples include connecting personal devices like smartphones, laptops, and tablets using
technologies like bluetooth or infrared.
5. Campus area network (CAN): - A CAN interconnects lans within a specific academic or
corporate campus. It enables efficient communication and resource sharing between different
departments or buildings within the same geographical area.
6.Intranet: - an intranet is a private network within an organization that uses internet protocols
and technologies. It facilitates internal communication, collaboration, and information sharing
among employees.
7. Extranet: - similar to an intranet, an extranet extends network access to external users, such as
customers, partners, or suppliers. It allows controlled access to certain parts of an organization's
network.
8. Client-server network: - in a client-server network, resources and services are distributed
between clients (end-user devices) and servers (centralized systems). Clients request services, and
servers provide them, facilitating efficient resource management.
9. Peer-to-peer network: - in a peer-to-peer network, all connected devices have equal status, and
each device can act as both a client and a server. It is commonly used for file sharing and
collaborative tasks.
10. Virtual private network (VPN): - A VPN enables secure communication over a public
network, such as the internet. It establishes a private, encrypted connection between remote users
and a private network, ensuring confidentiality and data integrity.