SlideShare a Scribd company logo

Chris paper

Christian Means
Christian Means
1 of 10
Download to read offline
The Century of Information Technology Christian Means Professor Ramaswamy Srinivasan Computer Ethics May 2, 2009 Securing Information Systems in the 21st Century My academic research on the topic of “Information Systems” has leaded me to understand that it is logical and ethical for any particular company to secure their information system in the 21st century. Every company or business organization must control what goes into their electronic systems and what they allow to flow out of them. If a company is negligent about the sensitive data that their information system holds, there will be severe consequences for the financial operations of that business. What is an Information System? An information system is a well organized computer system within a business organization that collects stores and manipulates data in such a brilliant way that once the information from the system is retrieved by the user, it can be used for making important decisions that affect the growth of many businesses. An information system has many other properties, such as a large storage capacity, and a faster and much easier approach for its users. An information system gives a company the ability to place large amounts of information into it and a massive amount of raw facts to live in. An information system can hold thousands and sometimes, even millions of files of information at one time.(Smith, Martin). For example: An information system is used at a bank institution to record and organize the account records of the general public. Also, they are used at various hospitals and clinics to record and organize the account records of hundreds of patients. An information system provides a faster and much easier approach for our society. Many centuries ago, the society did not have a computerized information system to help them with all the data that they needed to run their businesses. They had to run their businesses with mechanical typewriters and dozens of typed papers in their file cabinets. These papers could become unorganized, lost and easily stolen. Also, if a fire was started in their company buildings, it could burn up their records in a matter of seconds and there would be no way of replacing them. Business men and women in the 21st century can now rely on and become confident upon information systems that allow them to store and process their data much more efficiently and effectively. What Types of Information Systems are There? There are many different types of information systems that businesses in the 21st century use in order to operate their companies. These information systems are the following: Transaction Processing Systems, Management Information Systems, and Decision Support Systems. Like with any type of technology in this world, information systems have become not only easy to work with, but also unique by the way each kind
The Century of Information Technology of information system performs a different type of task in our century’s workforce. (e.g. schools, hospitals, law firms, police stations, etc.). Every company must decide what type of information system is right for them, or what information system will help them with their work endeavors. A Transaction Processing System is used to process standard transactions between a company and their customers. These information systems are used for calculating the summation of bills to customers and sending them invoices, such as when their bills are due. Also, these systems are used by companies to calculate the amount of monies due to staff members according to their hours worked for the company for that week. Transaction Processing Systems are very valuable assets to a company because they allow a company to keep records of what inventory they have and it gives them the information of when they should order more. A Management Information System (MIS) is a type of information system that takes the information from the Transaction Processing System and uses its data to build research information for the management of a business to analyze. The information that this particular system offers to managers allows them to make good decisions on what products in a business are profitable and what products are leaning downhill. A Decision Support System is an information system that is much like a Management Information System. It gives managers information about their company and helps them to make better decisions that they might be uncertain about. The difference is that a Management Information System only gives basic reports about the company, but a Decision Support Systems gives the manager’s options and choices about the business that they may choice to follow. All of these different types of information systems are great for a business, but if the company does not secure them, they can become corrupted and cause the company to lose more than can be gained. How Do You Secure An Information System? I. Equal Responsibility In order to secure a company’s information system, a company must understand who is responsible for securing it. No one likes responsibility, but it is the only way for a person or any type of company to be successful in life and in business. In a business organization, everyone that works there is responsible for securing the company’s information system, from the CIO or CEO to the mail clerk. No employee should be left out and everyone that works for the company should be held accountable. The leaders of the company should set the example or organizational culture for the rest of the staff members. As they notice how the management considers the importance of their information system, the rest of the company will follow his/ her example. II. Identification of Assets
The Century of Information Technology In order to secure a company’s information system, a company must analyze and identify all their possible assets. This decision allows a company to set a division on what particular items in the company are items they need to secure. If a company decides to place barriers and boundaries around items that need no security, that company is wasting their financial dollars on useless materials. (Smith, Martin). Once a company perceives that their information system is one of their assets, they will understand the importance of securing it. III. Value for the Information System In order to secure a company’s information system, a company must learn to value and appreciate their system. If they don’t appreciate it, they will abuse it and act like kids do who do not appreciate their gifts from their parents. A person who drives drunk does not appreciate their life, so they drive anyway. A college student does not study for their final exams because they do not appreciate their education, and what it can do for them in the future. Likewise, companies that do not value and appreciate their information system will not be willing to secure it either. IV. Producing Qualities of Good Information In order to secure a company’s information system, a company must understand how to protect the qualities of good information. Information has three qualities within an information system that must be protected. These qualities are the following: integrity, continuity, and confidentially. (Smith, Martin). The level of integrity an information system must have is very important because a company does not need a computer that lies to them and gives them invalid information. The information the computer gives must be always accurate and never altered in any way. The level of continuity an information system must have is very important because a company needs a computer that can give an output of information when they need it. A company does not want an information system that only gives old suggestions and ideas and never gives updated one. The level of confidentially an information system must have is very important to a company. It can also be important to the general public because no one wants their credit card number or social security number in the hands of a vicious black hacker. An information system should be programmed to only show information to users with authorized privileges and never to unwanted guests. V. Acknowledging Threats & Risks In order to secure a company’s information system, a company must acknowledge all the possible risks that could affect a company, and break down their information system.(Fites, Philip E.). Companies who secure their information systems know exactly how to build them right and manage it right. Good systems are good for a
The Century of Information Technology business and bad ones are expensive and can cause a company to lose a lot of money. Bad systems can cost about 1-10% of a company’s gross income. Even thought information systems are great investments to possess, they can become like “a pain in one’s side or a thorn in one’s hand.” Many of these risks that can break down the information system arrive because of bad decisions of management. The article “Some ad hoc information system issues in South Africa for the New Millennium and suggestions as how to deal with them” defines four specific risks that employers and employees need to be cautious about while working on their task. The first risk occurs when an information system is not designed properly or not intended for its user. When an information system is not built for its users, this can make the users mad and very frustrated at the system. For example: customers at an outside automated teller machine (ATM) find out that they can not withdraw their hard-worked money or check their current balances because the machine is not designed for that type of functionality. It is only designed to take their money and not give it back. That would make any bank user mad, and some users might ever try to break the machine. To stop this risk from happening and to secure the information system, a company must create systems that are tailored for the user. The second risk occurs when the users of the information system lack training about the usability of the system. Employees and workers at a business can not do their part in securing the information system if they are not properly trained to do it. After they have been trained by qualified staff leaders, then they should not have any type of excuses of why they did not secure it. The third risk occurs when a company is impatient concerning buying the latest software and hardware for their information system. They buy and set up their information systems without allowing the system to be tested thoroughly in advance. (Heerden, Joh Van). When they rush and place the latest systems into their businesses to work for them, they soon discover that their system is infected with a virus. This leads me to write about the last risk. The last risk occurs when a company allows unauthorized users to freely walk around their company and touch their computers. When unauthorized user, like black hackers invade your information system, they can leave with a company a virus that could shut down an entire company.(Hadow). Many of these viruses are sent to companies through emails, thumb drives and compact disc. Every company should carry in a safe place a back-up of their system’s software and information to protect them from these nasty computerized “bugs.” ---Computer Bugs: A Terrible Risk--- Insects and small bugs can be a very big problem to a person who is allergic to them. This world that we live in is full of them. An information system, just like the world, can be attacked by small bugs or computer programs called “computer viruses.” All of these malicious programs are extremely bad and a company must prevent them from entering their information system if they are prepared to secure it. These computer viruses are the following: Trojan Horses, Sleepers, Trap Doors, Logic Bombs, and Cancers. A “Trojan Horse” is a malicious computer program that loves to take a company’s sensitive information and send it to other users over the Internet. They hide in the background of their computer system and secretly give out the company’s vital information. A “Sleeper” is another malicious computer program, like
The Century of Information Technology the Trojan Horse, who sleeps for awhile and hides in the background of a company’s system. But when they awake, all the company’s information is gone in a matter of seconds. A “Trap Door” is a computer program that hackers use to hack through all the security features of an information system. A “Logic Bomb” is a computer program that hackers use to erase a company’s entire hard drive of the valuable memory that is stored from within it. Lastly, a “Cancer” is a computer program that hackers will use to slowly eat up a company’s information system.(Smith, Martin). These viruses can be a terrible risk for a company and their information system. To prevent these viruses from entering a company’s information system, they should use a combination of firewalls, proxy servers and anti-virus software to arm their system against aggressive attacks from outsiders. VII. Build a Security Policy In order to secure a company’s information system, a company must develop a well-organized security policy that defines all the values they have concerning securing their information system. Through the use of a security policy, a company is able to prevent exposures to outsiders, detect attempted threats to their information system, and correct any of the causes of threats to their system.(Baskerville, Richard). When designing a security policy a company’s information system, the designers of the policy should never limit the methods of the policy to a single type of procedure. The world of technology is ever-changing and forever increasing and the policies of a company’s security should also be changing and increasing. Like a circular onion that has many layers, a company’s security policy must have many layers of operations in order to secure their information system. These four layers of defense are the following: physical security, software security, document security, and personnel security.(Smith, Martin). Physical Security Every security policy should have some type of physical security that protects a company’s information system from within by securing their territory from without. In medieval times, kings and queens built magnificent castles with large gates to keep their vicious enemies from getting inside of their shiny palaces. Likewise, a company that desires to secure their information system must have physical security to protect them from their enemies such as hackers and unauthorized users of their system. The physical elements that a company must protect are their personal computers, their equipment such as printers, modems and hard drives, and their outside premises. Physical security should be surrounded all over the business, from gates positioned around every company building to smoke detectors positioned throughout their hallways and rooms.(Smith, Martin). Even though physical security is needed to secure a company’s information system, it is not enough security to stop an intruder from getting into their system. This
The Century of Information Technology measurement of security policy only slows the intruder down. Software Security Every security policy should have some type of software security that gives access only to authorized users of a company’s information system. This method of security should be programmed into the computers of a company, allowing users to enter the information system with their knowledge of a username and unique password. Every authorized user should never communicate their password with others.(Smith, Martin). They should keep their usernames personal and absolutely confidential. Their user name and password is the key that unlocks the door to the company’s information system. There is a special type of security software application called “Polivec Builder” that is used by companies to protect their information systems from intruders. It allows companies to build and create customized security policies and guidelines.(Address, Mandy). There is also a special type of software application called “Identity Finder” that brings up a company’s sensitive information and then deletes it for them after each usage. (Brynko, Barbara). By having software security over a company’s information system, a company will be able to know exactly who and what time a user of the system accessed the system. Even though software security is needed to secure a company’s information, software security can only help a company so much. Document Security Every security policy should have some type of document security in order to secure a company’s information system. A company should be concerned with what they do with their company documents because these documents contain sensitive information that has been copied from out of their information system. These documents could be the following: printer output, graphs, flowcharts, floppy disc, CD’s and company USB devices. One way that hackers and malicious users invade an information system is by reading a company’s documents. This allows them to get an understanding of how the company’s information system operates. When they find out how a company’s system operates, it gives them a better chance of taking a system down. All documents at a company must be disposed of in an ethical fashion, such as paper shredding. There should also be some kind of “desk policy” that informs each employee to keep their business documents secured whenever they leave their offices.(Smith, Martin). Personnel Security The most important security measure in information system security is a company’s personnel security. This is because the people who are responsible for securing a company’s information system could be the same people who are tearing it apart. A company should only hire employees who are honest and committed to
The Century of Information Technology securing the system. If an employee is suspected of committing wrongful acts against the company’s information system, try sending them on a two week vacation. The time they spend away from the company will allow the actions they committed to surface to the top. If an employee is caught pursuing wrongful actions against the company, they should be disciplined in an ethical manner, such as demotion or termination. Background checks should be investigated in advance before hiring a new associate to the company. Information from the company’s system should only be seen by those persons with security clearance. Every employee should be supervised by another employee. Company projects should be done in groups, allowing each person in the company to never be left unattended. According to the book, “Commonsense Computer Security”, it states, “the greatest dangers to any system come from those who work from with it.” Case In Point--“Everyone Is a Target” An article wrote by Barry Smith titled “Locking down a computer security” states that “everyone is a potential target for a security breach.” In Gaitherburg, Maryland, there was a company who was a victim to a security breach. In the first breach, a hacker guessed an employee’s email password and sent messages to other employees asking them for sensitive information about the company’s information system. In the second breach, the hacker unleashed a worm virus to one of the city’s Internet servers, reeking havoc on their information system. Companies all over the world have something very important that they must learn to secure and that is their information system. They must secure their information system because there are real threats and risks in this world that will try to tear it apart. A company must strive to protect the qualities of the information that they hold in their information system and follow a security policy that is ethical and carries some type of practical use for their business organization. Works Cited Articles & Books: 1.) Title: “Locking down a computer security” Author: Barry Smith Source: American City & County Oct 2001 vol 116 issue 15 p.14 EbscoHost Database: academic search complete in Ualr library ----------------------------------------------------
The Century of Information Technology 2.) Title: Security police in a box Author: Mandy Andress Source: InfoWorld 10/22/2001, vol.23, issue 43 p.54 ebscoHost Database: academic search complete in Ualr library --------------------------------------------------- 3.) Title: Some ad hoc information system issues in South Africa for the new millennium and suggestions as how to deal with them. Authors: Dan Remenyi, Sam Lubbe, Joh Van Heerden Source:Information technology for Development; 2000 Vol 9 issue 3-4 p.163 Ebscohost Copyright: JohnWiley & Sons, Inc Database: Academic Search complete ----------------------------------------------------- 4.) Title: Data Security for Libraries:Prevent Problems, Don’t Detect Them. Author: Katherine Hadow ebscoHost Source: Feliciter; 2009 Vol. 55 issue 2, p.50-52 5.) Title: designing information systems security Author: Baskerville, Richard. Publisher: John Wiley & Son’s Chichester Editors: Richard Boland and Rudy Hirschheim Copyright: 1988 ---------------------------------------------------- 6.) Title: Security:By the Numbers
The Century of Information Technology Author: Barbara Brynko Source: Information Today; May 2008 vol. 25 issue 5 p.44 EbscoHost ---------------------------------------------------- 7.) Title: Control and Security of Computer Information Systems Authors: Fites, Philip E.; Kratz, Martin P.J.; Brebner, Alan F. Publisher: Computer Science Press, Inc. Copyright: 1989 ------------------------------------------------------ 8.) Smith, Martin R. Ttile: CommonSense computer security:our practical guide to information protection. 2nd edition London Publisher: McGraw-Hill Book Company Copyright : 1993
The Century of Information Technology

Recommended

Management Information Systems MGMT205
Management Information Systems MGMT205Management Information Systems MGMT205
Management Information Systems MGMT205Morenike Adekale, PMP, PMI_SP
 
Ethics
EthicsEthics
Ethicshanimhussein_
 
Information system
Information systemInformation system
Information systemSofttech Engineers Pvt. Ltd.,Pune India (www.softtech-engr.com)
 
Mis and it dependency
Mis and it dependencyMis and it dependency
Mis and it dependencyanijitu
 
Lesson 1
Lesson 1Lesson 1
Lesson 107Deeps
 
Cost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, CourtneyCost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, Courtneycourtneyquinlan
 
Business information system assignment
Business information system assignmentBusiness information system assignment
Business information system assignmentperoro222
 
eBusinessinHealthcare_Final
eBusinessinHealthcare_FinaleBusinessinHealthcare_Final
eBusinessinHealthcare_FinalHeather Tomlin
 

Recommended

Management Information Systems MGMT205
Management Information Systems MGMT205Management Information Systems MGMT205
Management Information Systems MGMT205Morenike Adekale, PMP, PMI_SP
 
Ethics
EthicsEthics
Ethicshanimhussein_
 
Information system
Information systemInformation system
Information systemSofttech Engineers Pvt. Ltd.,Pune India (www.softtech-engr.com)
 
Mis and it dependency
Mis and it dependencyMis and it dependency
Mis and it dependencyanijitu
 
Lesson 1
Lesson 1Lesson 1
Lesson 107Deeps
 
Cost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, CourtneyCost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, Courtneycourtneyquinlan
 
Business information system assignment
Business information system assignmentBusiness information system assignment
Business information system assignmentperoro222
 
eBusinessinHealthcare_Final
eBusinessinHealthcare_FinaleBusinessinHealthcare_Final
eBusinessinHealthcare_FinalHeather Tomlin
 
Lo3=p4, p5, m2, d2
Lo3=p4, p5, m2, d2Lo3=p4, p5, m2, d2
Lo3=p4, p5, m2, d2sparkeyrob
 
Information systems
Information systemsInformation systems
Information systemsAlphonzo Wright
 
1st solve assignment Management information system
1st solve assignment Management information system1st solve assignment Management information system
1st solve assignment Management information systemDanish Saqi
 
Article mis, hapzi ali, nur rizqiana, nanda suharti, nurul, anisa dwi, vin...
Article mis, hapzi ali, nur rizqiana, nanda suharti, nurul, anisa dwi, vin...Article mis, hapzi ali, nur rizqiana, nanda suharti, nurul, anisa dwi, vin...
Article mis, hapzi ali, nur rizqiana, nanda suharti, nurul, anisa dwi, vin...Heru Ramadhon
 
MBA Trim2-Mis Notes
MBA Trim2-Mis NotesMBA Trim2-Mis Notes
MBA Trim2-Mis NotesSaran Samiappan
 
Ai in compliance
Ai in compliance Ai in compliance
Ai in compliance Ebere Ikerionwu
 
Running Head Information System .docx
Running Head Information System .docxRunning Head Information System .docx
Running Head Information System .docxwlynn1
 
[MU630] 003. Business Information System
[MU630] 003. Business Information System[MU630] 003. Business Information System
[MU630] 003. Business Information SystemAriantoMuditomo
 
5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...
5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...
5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...Kavika Roy
 
5Importance of IS-Related Solution in the Busi.docx
5Importance of IS-Related Solution in the Busi.docx5Importance of IS-Related Solution in the Busi.docx
5Importance of IS-Related Solution in the Busi.docxtroutmanboris
 
Running head Key Factors in Computer Information Systems1Ke.docx
Running head Key Factors in Computer Information Systems1Ke.docxRunning head Key Factors in Computer Information Systems1Ke.docx
Running head Key Factors in Computer Information Systems1Ke.docxwlynn1
 
Business System Development to build up an Information Systems for easier to ...
Business System Development to build up an Information Systems for easier to ...Business System Development to build up an Information Systems for easier to ...
Business System Development to build up an Information Systems for easier to ...candrawan123
 
MIS Chapter 1.ppt
MIS Chapter 1.pptMIS Chapter 1.ppt
MIS Chapter 1.pptjemalmohamed4
 

More Related Content

Similar to Chris paper

Lo3=p4, p5, m2, d2
Lo3=p4, p5, m2, d2Lo3=p4, p5, m2, d2
Lo3=p4, p5, m2, d2sparkeyrob
 
1st solve assignment Management information system
1st solve assignment Management information system1st solve assignment Management information system
1st solve assignment Management information systemDanish Saqi
 
Article mis, hapzi ali, nur rizqiana, nanda suharti, nurul, anisa dwi, vin...
Article mis, hapzi ali, nur rizqiana, nanda suharti, nurul, anisa dwi, vin...Article mis, hapzi ali, nur rizqiana, nanda suharti, nurul, anisa dwi, vin...
Article mis, hapzi ali, nur rizqiana, nanda suharti, nurul, anisa dwi, vin...Heru Ramadhon
 
Running Head Information System .docx
Running Head Information System .docxRunning Head Information System .docx
Running Head Information System .docxwlynn1
 
[MU630] 003. Business Information System
[MU630] 003. Business Information System[MU630] 003. Business Information System
[MU630] 003. Business Information SystemAriantoMuditomo
 
5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...
5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...
5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...Kavika Roy
 
5Importance of IS-Related Solution in the Busi.docx
5Importance of IS-Related Solution in the Busi.docx5Importance of IS-Related Solution in the Busi.docx
5Importance of IS-Related Solution in the Busi.docxtroutmanboris
 
Running head Key Factors in Computer Information Systems1Ke.docx
Running head Key Factors in Computer Information Systems1Ke.docxRunning head Key Factors in Computer Information Systems1Ke.docx
Running head Key Factors in Computer Information Systems1Ke.docxwlynn1
 
Business System Development to build up an Information Systems for easier to ...
Business System Development to build up an Information Systems for easier to ...Business System Development to build up an Information Systems for easier to ...
Business System Development to build up an Information Systems for easier to ...candrawan123
 

Similar to Chris paper (13)

Lo3=p4, p5, m2, d2
Lo3=p4, p5, m2, d2Lo3=p4, p5, m2, d2
Lo3=p4, p5, m2, d2
 
Information systems
Information systemsInformation systems
Information systems
 
1st solve assignment Management information system
1st solve assignment Management information system1st solve assignment Management information system
1st solve assignment Management information system
 
Article mis, hapzi ali, nur rizqiana, nanda suharti, nurul, anisa dwi, vin...
Article mis, hapzi ali, nur rizqiana, nanda suharti, nurul, anisa dwi, vin...Article mis, hapzi ali, nur rizqiana, nanda suharti, nurul, anisa dwi, vin...
Article mis, hapzi ali, nur rizqiana, nanda suharti, nurul, anisa dwi, vin...
 
MBA Trim2-Mis Notes
MBA Trim2-Mis NotesMBA Trim2-Mis Notes
MBA Trim2-Mis Notes
 
Ai in compliance
Ai in compliance Ai in compliance
Ai in compliance
 
Running Head Information System .docx
Running Head Information System .docxRunning Head Information System .docx
Running Head Information System .docx
 
[MU630] 003. Business Information System
[MU630] 003. Business Information System[MU630] 003. Business Information System
[MU630] 003. Business Information System
 
5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...
5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...
5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...
 
5Importance of IS-Related Solution in the Busi.docx
5Importance of IS-Related Solution in the Busi.docx5Importance of IS-Related Solution in the Busi.docx
5Importance of IS-Related Solution in the Busi.docx
 
Running head Key Factors in Computer Information Systems1Ke.docx
Running head Key Factors in Computer Information Systems1Ke.docxRunning head Key Factors in Computer Information Systems1Ke.docx
Running head Key Factors in Computer Information Systems1Ke.docx
 
Business System Development to build up an Information Systems for easier to ...
Business System Development to build up an Information Systems for easier to ...Business System Development to build up an Information Systems for easier to ...
Business System Development to build up an Information Systems for easier to ...
 
MIS Chapter 1.ppt
MIS Chapter 1.pptMIS Chapter 1.ppt
MIS Chapter 1.ppt
 

Chris paper

  • 1. The Century of Information Technology Christian Means Professor Ramaswamy Srinivasan Computer Ethics May 2, 2009 Securing Information Systems in the 21st Century My academic research on the topic of “Information Systems” has leaded me to understand that it is logical and ethical for any particular company to secure their information system in the 21st century. Every company or business organization must control what goes into their electronic systems and what they allow to flow out of them. If a company is negligent about the sensitive data that their information system holds, there will be severe consequences for the financial operations of that business. What is an Information System? An information system is a well organized computer system within a business organization that collects stores and manipulates data in such a brilliant way that once the information from the system is retrieved by the user, it can be used for making important decisions that affect the growth of many businesses. An information system has many other properties, such as a large storage capacity, and a faster and much easier approach for its users. An information system gives a company the ability to place large amounts of information into it and a massive amount of raw facts to live in. An information system can hold thousands and sometimes, even millions of files of information at one time.(Smith, Martin). For example: An information system is used at a bank institution to record and organize the account records of the general public. Also, they are used at various hospitals and clinics to record and organize the account records of hundreds of patients. An information system provides a faster and much easier approach for our society. Many centuries ago, the society did not have a computerized information system to help them with all the data that they needed to run their businesses. They had to run their businesses with mechanical typewriters and dozens of typed papers in their file cabinets. These papers could become unorganized, lost and easily stolen. Also, if a fire was started in their company buildings, it could burn up their records in a matter of seconds and there would be no way of replacing them. Business men and women in the 21st century can now rely on and become confident upon information systems that allow them to store and process their data much more efficiently and effectively. What Types of Information Systems are There? There are many different types of information systems that businesses in the 21st century use in order to operate their companies. These information systems are the following: Transaction Processing Systems, Management Information Systems, and Decision Support Systems. Like with any type of technology in this world, information systems have become not only easy to work with, but also unique by the way each kind
  • 2. The Century of Information Technology of information system performs a different type of task in our century’s workforce. (e.g. schools, hospitals, law firms, police stations, etc.). Every company must decide what type of information system is right for them, or what information system will help them with their work endeavors. A Transaction Processing System is used to process standard transactions between a company and their customers. These information systems are used for calculating the summation of bills to customers and sending them invoices, such as when their bills are due. Also, these systems are used by companies to calculate the amount of monies due to staff members according to their hours worked for the company for that week. Transaction Processing Systems are very valuable assets to a company because they allow a company to keep records of what inventory they have and it gives them the information of when they should order more. A Management Information System (MIS) is a type of information system that takes the information from the Transaction Processing System and uses its data to build research information for the management of a business to analyze. The information that this particular system offers to managers allows them to make good decisions on what products in a business are profitable and what products are leaning downhill. A Decision Support System is an information system that is much like a Management Information System. It gives managers information about their company and helps them to make better decisions that they might be uncertain about. The difference is that a Management Information System only gives basic reports about the company, but a Decision Support Systems gives the manager’s options and choices about the business that they may choice to follow. All of these different types of information systems are great for a business, but if the company does not secure them, they can become corrupted and cause the company to lose more than can be gained. How Do You Secure An Information System? I. Equal Responsibility In order to secure a company’s information system, a company must understand who is responsible for securing it. No one likes responsibility, but it is the only way for a person or any type of company to be successful in life and in business. In a business organization, everyone that works there is responsible for securing the company’s information system, from the CIO or CEO to the mail clerk. No employee should be left out and everyone that works for the company should be held accountable. The leaders of the company should set the example or organizational culture for the rest of the staff members. As they notice how the management considers the importance of their information system, the rest of the company will follow his/ her example. II. Identification of Assets
  • 3. The Century of Information Technology In order to secure a company’s information system, a company must analyze and identify all their possible assets. This decision allows a company to set a division on what particular items in the company are items they need to secure. If a company decides to place barriers and boundaries around items that need no security, that company is wasting their financial dollars on useless materials. (Smith, Martin). Once a company perceives that their information system is one of their assets, they will understand the importance of securing it. III. Value for the Information System In order to secure a company’s information system, a company must learn to value and appreciate their system. If they don’t appreciate it, they will abuse it and act like kids do who do not appreciate their gifts from their parents. A person who drives drunk does not appreciate their life, so they drive anyway. A college student does not study for their final exams because they do not appreciate their education, and what it can do for them in the future. Likewise, companies that do not value and appreciate their information system will not be willing to secure it either. IV. Producing Qualities of Good Information In order to secure a company’s information system, a company must understand how to protect the qualities of good information. Information has three qualities within an information system that must be protected. These qualities are the following: integrity, continuity, and confidentially. (Smith, Martin). The level of integrity an information system must have is very important because a company does not need a computer that lies to them and gives them invalid information. The information the computer gives must be always accurate and never altered in any way. The level of continuity an information system must have is very important because a company needs a computer that can give an output of information when they need it. A company does not want an information system that only gives old suggestions and ideas and never gives updated one. The level of confidentially an information system must have is very important to a company. It can also be important to the general public because no one wants their credit card number or social security number in the hands of a vicious black hacker. An information system should be programmed to only show information to users with authorized privileges and never to unwanted guests. V. Acknowledging Threats & Risks In order to secure a company’s information system, a company must acknowledge all the possible risks that could affect a company, and break down their information system.(Fites, Philip E.). Companies who secure their information systems know exactly how to build them right and manage it right. Good systems are good for a
  • 4. The Century of Information Technology business and bad ones are expensive and can cause a company to lose a lot of money. Bad systems can cost about 1-10% of a company’s gross income. Even thought information systems are great investments to possess, they can become like “a pain in one’s side or a thorn in one’s hand.” Many of these risks that can break down the information system arrive because of bad decisions of management. The article “Some ad hoc information system issues in South Africa for the New Millennium and suggestions as how to deal with them” defines four specific risks that employers and employees need to be cautious about while working on their task. The first risk occurs when an information system is not designed properly or not intended for its user. When an information system is not built for its users, this can make the users mad and very frustrated at the system. For example: customers at an outside automated teller machine (ATM) find out that they can not withdraw their hard-worked money or check their current balances because the machine is not designed for that type of functionality. It is only designed to take their money and not give it back. That would make any bank user mad, and some users might ever try to break the machine. To stop this risk from happening and to secure the information system, a company must create systems that are tailored for the user. The second risk occurs when the users of the information system lack training about the usability of the system. Employees and workers at a business can not do their part in securing the information system if they are not properly trained to do it. After they have been trained by qualified staff leaders, then they should not have any type of excuses of why they did not secure it. The third risk occurs when a company is impatient concerning buying the latest software and hardware for their information system. They buy and set up their information systems without allowing the system to be tested thoroughly in advance. (Heerden, Joh Van). When they rush and place the latest systems into their businesses to work for them, they soon discover that their system is infected with a virus. This leads me to write about the last risk. The last risk occurs when a company allows unauthorized users to freely walk around their company and touch their computers. When unauthorized user, like black hackers invade your information system, they can leave with a company a virus that could shut down an entire company.(Hadow). Many of these viruses are sent to companies through emails, thumb drives and compact disc. Every company should carry in a safe place a back-up of their system’s software and information to protect them from these nasty computerized “bugs.” ---Computer Bugs: A Terrible Risk--- Insects and small bugs can be a very big problem to a person who is allergic to them. This world that we live in is full of them. An information system, just like the world, can be attacked by small bugs or computer programs called “computer viruses.” All of these malicious programs are extremely bad and a company must prevent them from entering their information system if they are prepared to secure it. These computer viruses are the following: Trojan Horses, Sleepers, Trap Doors, Logic Bombs, and Cancers. A “Trojan Horse” is a malicious computer program that loves to take a company’s sensitive information and send it to other users over the Internet. They hide in the background of their computer system and secretly give out the company’s vital information. A “Sleeper” is another malicious computer program, like
  • 5. The Century of Information Technology the Trojan Horse, who sleeps for awhile and hides in the background of a company’s system. But when they awake, all the company’s information is gone in a matter of seconds. A “Trap Door” is a computer program that hackers use to hack through all the security features of an information system. A “Logic Bomb” is a computer program that hackers use to erase a company’s entire hard drive of the valuable memory that is stored from within it. Lastly, a “Cancer” is a computer program that hackers will use to slowly eat up a company’s information system.(Smith, Martin). These viruses can be a terrible risk for a company and their information system. To prevent these viruses from entering a company’s information system, they should use a combination of firewalls, proxy servers and anti-virus software to arm their system against aggressive attacks from outsiders. VII. Build a Security Policy In order to secure a company’s information system, a company must develop a well-organized security policy that defines all the values they have concerning securing their information system. Through the use of a security policy, a company is able to prevent exposures to outsiders, detect attempted threats to their information system, and correct any of the causes of threats to their system.(Baskerville, Richard). When designing a security policy a company’s information system, the designers of the policy should never limit the methods of the policy to a single type of procedure. The world of technology is ever-changing and forever increasing and the policies of a company’s security should also be changing and increasing. Like a circular onion that has many layers, a company’s security policy must have many layers of operations in order to secure their information system. These four layers of defense are the following: physical security, software security, document security, and personnel security.(Smith, Martin). Physical Security Every security policy should have some type of physical security that protects a company’s information system from within by securing their territory from without. In medieval times, kings and queens built magnificent castles with large gates to keep their vicious enemies from getting inside of their shiny palaces. Likewise, a company that desires to secure their information system must have physical security to protect them from their enemies such as hackers and unauthorized users of their system. The physical elements that a company must protect are their personal computers, their equipment such as printers, modems and hard drives, and their outside premises. Physical security should be surrounded all over the business, from gates positioned around every company building to smoke detectors positioned throughout their hallways and rooms.(Smith, Martin). Even though physical security is needed to secure a company’s information system, it is not enough security to stop an intruder from getting into their system. This
  • 6. The Century of Information Technology measurement of security policy only slows the intruder down. Software Security Every security policy should have some type of software security that gives access only to authorized users of a company’s information system. This method of security should be programmed into the computers of a company, allowing users to enter the information system with their knowledge of a username and unique password. Every authorized user should never communicate their password with others.(Smith, Martin). They should keep their usernames personal and absolutely confidential. Their user name and password is the key that unlocks the door to the company’s information system. There is a special type of security software application called “Polivec Builder” that is used by companies to protect their information systems from intruders. It allows companies to build and create customized security policies and guidelines.(Address, Mandy). There is also a special type of software application called “Identity Finder” that brings up a company’s sensitive information and then deletes it for them after each usage. (Brynko, Barbara). By having software security over a company’s information system, a company will be able to know exactly who and what time a user of the system accessed the system. Even though software security is needed to secure a company’s information, software security can only help a company so much. Document Security Every security policy should have some type of document security in order to secure a company’s information system. A company should be concerned with what they do with their company documents because these documents contain sensitive information that has been copied from out of their information system. These documents could be the following: printer output, graphs, flowcharts, floppy disc, CD’s and company USB devices. One way that hackers and malicious users invade an information system is by reading a company’s documents. This allows them to get an understanding of how the company’s information system operates. When they find out how a company’s system operates, it gives them a better chance of taking a system down. All documents at a company must be disposed of in an ethical fashion, such as paper shredding. There should also be some kind of “desk policy” that informs each employee to keep their business documents secured whenever they leave their offices.(Smith, Martin). Personnel Security The most important security measure in information system security is a company’s personnel security. This is because the people who are responsible for securing a company’s information system could be the same people who are tearing it apart. A company should only hire employees who are honest and committed to
  • 7. The Century of Information Technology securing the system. If an employee is suspected of committing wrongful acts against the company’s information system, try sending them on a two week vacation. The time they spend away from the company will allow the actions they committed to surface to the top. If an employee is caught pursuing wrongful actions against the company, they should be disciplined in an ethical manner, such as demotion or termination. Background checks should be investigated in advance before hiring a new associate to the company. Information from the company’s system should only be seen by those persons with security clearance. Every employee should be supervised by another employee. Company projects should be done in groups, allowing each person in the company to never be left unattended. According to the book, “Commonsense Computer Security”, it states, “the greatest dangers to any system come from those who work from with it.” Case In Point--“Everyone Is a Target” An article wrote by Barry Smith titled “Locking down a computer security” states that “everyone is a potential target for a security breach.” In Gaitherburg, Maryland, there was a company who was a victim to a security breach. In the first breach, a hacker guessed an employee’s email password and sent messages to other employees asking them for sensitive information about the company’s information system. In the second breach, the hacker unleashed a worm virus to one of the city’s Internet servers, reeking havoc on their information system. Companies all over the world have something very important that they must learn to secure and that is their information system. They must secure their information system because there are real threats and risks in this world that will try to tear it apart. A company must strive to protect the qualities of the information that they hold in their information system and follow a security policy that is ethical and carries some type of practical use for their business organization. Works Cited Articles & Books: 1.) Title: “Locking down a computer security” Author: Barry Smith Source: American City & County Oct 2001 vol 116 issue 15 p.14 EbscoHost Database: academic search complete in Ualr library ----------------------------------------------------
  • 8. The Century of Information Technology 2.) Title: Security police in a box Author: Mandy Andress Source: InfoWorld 10/22/2001, vol.23, issue 43 p.54 ebscoHost Database: academic search complete in Ualr library --------------------------------------------------- 3.) Title: Some ad hoc information system issues in South Africa for the new millennium and suggestions as how to deal with them. Authors: Dan Remenyi, Sam Lubbe, Joh Van Heerden Source:Information technology for Development; 2000 Vol 9 issue 3-4 p.163 Ebscohost Copyright: JohnWiley & Sons, Inc Database: Academic Search complete ----------------------------------------------------- 4.) Title: Data Security for Libraries:Prevent Problems, Don’t Detect Them. Author: Katherine Hadow ebscoHost Source: Feliciter; 2009 Vol. 55 issue 2, p.50-52 5.) Title: designing information systems security Author: Baskerville, Richard. Publisher: John Wiley & Son’s Chichester Editors: Richard Boland and Rudy Hirschheim Copyright: 1988 ---------------------------------------------------- 6.) Title: Security:By the Numbers
  • 9. The Century of Information Technology Author: Barbara Brynko Source: Information Today; May 2008 vol. 25 issue 5 p.44 EbscoHost ---------------------------------------------------- 7.) Title: Control and Security of Computer Information Systems Authors: Fites, Philip E.; Kratz, Martin P.J.; Brebner, Alan F. Publisher: Computer Science Press, Inc. Copyright: 1989 ------------------------------------------------------ 8.) Smith, Martin R. Ttile: CommonSense computer security:our practical guide to information protection. 2nd edition London Publisher: McGraw-Hill Book Company Copyright : 1993
  • 10. The Century of Information Technology