SlideShare a Scribd company logo

Unit - 4 Security in information system .pptx

Download as PPTX, PDF
S
SharumathiR1

Unit - 4 Security in information system

Business
1 of 24
Unit - 4 SECURITY, CONTROL AND REPORTING
Security Meaning An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach. It protects the organisation's ability to function. It enables the safe operation of applications implemented on the organisation's IT systems. It protects the data the organisation collects and uses. It safeguards the technology the organisation uses. Example Pass cards or codes for access to buildings, user ids and passwords for network login, and finger print
Threat to information system Meaning Information security threats are a problem for many corporations and individuals. Viruses, worms, Trojans, and spam are ubiquitous, but they are just the tip of the iceberg. Other common information security threats include privilege escalation, spyware, adware, rootkits, botnets, and logic bombs. Example Software attacks, theft of intellectual property, identity theft, theft of equipment or information.
Accidents and Malfunctions Causes of Accidents  Operator Error – Inattention, nonconformance (wrong code)  Hardware Malfunction - computer won't turn on (CPU, System)  Software Bugs - Bugs can be the result of incorrect communication about the project and its requirements. (Wrong Program)  Data Errors – Incorrect Phone number Address  Accidental Disclosure of Information – (Gmail, web)  Damage to physical facilities – Damage by fire flood etc.  Inadequate system performance – when a system cannot handle the task that is requited (2GB Pen drive)
Computer crime  Hacking - A more common and classic motivation for hacking into a system would be to steal personal information for identity theft, including social security numbers, credit cards, bank accounts, and more. (page, software, web page)  Cyber Theft - Email and internet fraud. Identity fraud (where personal information is stolen and used). Theft of financial or card payment data. Theft and sale of corporate data. (Bank)  Unauthorized use at work - computer network without authorization (Login id)  Piracy - Websites that make software available for free download or in exchange for others.  Computer Viruses
Error detection Meaning Error detection is the detection of errors caused by noise or other impairments during transmission from the transmitter to the receiver. Error correction is the detection of errors and reconstruction of the original, error-free data.
Role of information management in ERP Meaning (Enterprise resource planning) It’s refers to a type of software that organizations use to manage day-to-day business activities such as accounting, procurement, project management, risk management and compliance, and supply chain operations. ERP facilitates information flow between all business functions, and manages connections to outside stakeholders. Order Processing: Order to cash, order entry, credit checking, pricing, available to promise, inventory, shipping, sales analysis and reporting, sales commissioning.
Role of information management in ERP 1 Functional areas Financial accounting: General ledger, fixed asset, payables including vouchering, matching and payment, receivables cash application and collections, cash management, financial consolidation. Management accounting: Budgeting, costing, cost management, activity based costing. Human resources: Recruiting, training, fostering, payroll, benefits,diversity management, retirement, separation. Manufacturing: Engineering, bill of materials, work orders, scheduling, capacity, workflow management, quality control, manufacturing process, manufacturing projects, manufacturing flow, product life cycle management.
Role of information management in ERP 2 Components  Transactional database  Management portal/dashboard  Business intelligence system  Customizable reporting  Resource planning and scheduling  Analyzing the product  External access via technology such as web services  Search  Document management  Messaging/chat/wiki  Workflow management 
Role of information management in ERP 3 Connectivity to plant floor information ERP systems connect to real time data and transaction data in a variety of ways. These systems are typically configured by systems integrators, who bring unique knowledge on process, equipment, and vendor solutions. Direct integration ERP systems have connectivity (communications to plant floor equipment) as part of their product offering. This requires that the vendors offer specific support for the plant floor equipment their customers operate. ERP vendors must be experts in their own products and connectivity to other vendor products, including those of their competitors.
Role of information management in ERP 4 Implementation ERP's scope usually implies significant changes to staff work processes and practices. Generally, three types of services are available to help implement such changes consulting, customization, and support. Implementation time depends on business size, number of modules, customization, the scope of process changes, and the readiness of the customer to take ownership for the project. Modular ERP systems can be implemented in stages. The typical project for a large enterprise takes about 14 months and requires around 150 consultants. Small projects can require months; multinational and other large implementations can take years. Customization can substantially increase implementation times.
Role of information management in ERP 5 Process preparation Implementing ERP typically requires changes in existing business processes. Poor understanding of needed process changes prior to starting implementation is a main reason for project failure. The problems could be related to the system, business process, infrastructure, training, or lack of motivation.  Linking current processes to the organization's strategy  Analyzing the effectiveness of each process  Understanding existing automated solutions
Testing It is hoped that it perform properly, However, some errors always occur. The main purpose of testing in information system is to find the Errors and correct them. A successful test is one which finds error. Classification of Information system Test 1) Unit Test It is a method by which individual unit of source code are tested to determine if they are fit for use. 2) Integration testing It is performed to ensure that the modules combine together correctly to achieve a product that meet its specification.
Types of Integration Testing a) Big bang integration testing In big bang integration testing all components or modules is integrated simultaneously, after which everything is tested as a whole. b) Top – Down Integration Testing Testing takes places from top to bottom, following control flow or architectural structure. c) Bottom Up Testing takes place from the bottom of the control flow upwards. d) Mixed Integration test It is called sandwiched testing. Top down and bottom up mixed.
4) Validation testing After integration testing, validation succeeds when software functions expected by the customer. Types of Validation Testing Alpha Testing – Developer Testing Beta Testing – Customer Test 5) System Testing In system testing the behavior of whole system /product is tested as defined by the scope of the development project or product
Error detection Meaning In networking, error detection refers to the techniques used to detect noise or other impairments introduced into data while it is transmitted from source to destination. Error detection ensures reliable delivery of data across vulnerable networks. Classes of Error Detection Techniques 1) Static Analysis – The analysis of requirements, design, code or other items either manually or automatically, without executing the subject of the analysis to determine. Code walk-through Code Inspection 2) Dynamic Analysis – Sizing, timing analysis and prototyping. 3) Formal Analysis – It can be used as an error detection technique. (formal specification language.
Error Detection in phases of lifecycle
Control Meaning Information Systems controls are a set of procedures and technological measures to ensure secure and efficient operation of information within an organization. Both general and application controls are used for safeguarding information systems. Input – Process - Output
Software Audit Meaning A software audit is an internal or external review of a software program to check its quality, progress or adherence to plans, standards and regulations. The process is conducted by either internal teams or by one or more independent auditors. Audit Roles and Responsibility Client – Provides authority to initiate the audit. Audit Management – Audit plan Lead Auditor – Responsible for the overall conduct and success. Auditors – Creating Checklist, interview questions and other audit tools. Auditee Management – Work with Lead auditor Auditee – Providing appropriate and accurate answer to the auditors. Escort - Ensuring that the auditor complies with company rules.
User Interface Meaning The point of human-computer interaction and communication in a device. This can include display screens, keyboards, a mouse and the appearance of a desktop. It is also the way through which a user interacts with an application or a website. Types of Interfaces Natural – Language Interface – MS office Question - Answer Interface – what type and size of vehicle do you need? Menu Driven interfaces – Menu Option Form – Fill Interface – Job application Forms Command - Language Interface - Language based Syntax Graphical User interfaces
Reporting Types of Reporting Detail Reporting Summary Reporting Exception Reporting
Ethics in IT Meaning Information technology ethics is the study of the ethical issues arising out of the use and development of electronic technologies. Its goal is to identify and formulate answers to questions about the moral basis of individual responsibilities and actions, as well as the moral underpinnings of public policy. Ethical Responsibility of Business Professionals 1) Egoism 2) Natural Law 3) Utilitarianism 4) Respect for persons 5) Ethical Values
Important of Business Ethics in IT Ethical issues related to implementation and use of ICT (Information and Communication Technology) is important since these issues constitutes the conditions for human attitudes and values specifying human actions and behavior, and implying conditions for usefulness and maintenance of such systems. Ethical Guidelines 1) Proportionality 2) Informed consent 3) Justice 4) Minimized Risk
Difference Between Sniffing and Spoofing Spoofing in network security involves fooling a computer or network by using a falsified IP address, redirecting internet traffic at the DNS (Domain Name System) level, or faking ARP (Address Resolution Protocol) data within a local access network (LAN). After all, let us consider the difference between sniffing and spoofing. Sniffing collects data packets, analyzes network traffic, and sends those packets to the targeted traffic. Spoofing is the theft of the user’s data. After that, it distributes malware, and phishing attacks make all sorts of data theft thanks to this data. Spoofing is when an attacker uses a foreign IP address and creates a TCP/IP. Sniffing, in turn, the attacker (the program) swindles between two packet transfer points and deceives the system by pretending to be one of those points, tracking and thus stealing the data sent between two points.

Recommended

INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)Partha_bappa
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docxLynellBull52
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperMohd Anwar Jamal Faiz
 

Recommended

INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)Partha_bappa
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docxLynellBull52
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperMohd Anwar Jamal Faiz
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1Nutan Kumar Panda
 
Eng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestEng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestHank Eng, CISSP, CISA, CISM
 
Inspace technologies
Inspace technologiesInspace technologies
Inspace technologiesVigneshvaran Guru✔
 
Intro softwareeng
Intro softwareengIntro softwareeng
Intro softwareengPINKU29
 
Technology Audit | IT Audit | ERP Audit | Database Security
Technology Audit | IT Audit | ERP Audit | Database Security Technology Audit | IT Audit | ERP Audit | Database Security
Technology Audit | IT Audit | ERP Audit | Database Security Arish Roy
 
Unit Iii
Unit IiiUnit Iii
Unit IiiRam Dutt Shukla
 
Effects of IT on internal controls
Effects of IT on internal controlsEffects of IT on internal controls
Effects of IT on internal controlsLou Foja
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
DIRECTIONSRate each statement by how well the behavior describe.docx
DIRECTIONSRate each statement by how well the behavior describe.docxDIRECTIONSRate each statement by how well the behavior describe.docx
DIRECTIONSRate each statement by how well the behavior describe.docxcuddietheresa
 
Systematic Review Automation in Cyber Security
Systematic Review Automation in Cyber SecuritySystematic Review Automation in Cyber Security
Systematic Review Automation in Cyber SecurityYogeshIJTSRD
 
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docxCMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docxmccormicknadine86
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3grimesjo
 
Creating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesCreating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesDiane M. Metcalf
 
Penetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityPenetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityKaran Patel
 
Enterprise resource planning (erp) systems
Enterprise resource planning (erp) systemsEnterprise resource planning (erp) systems
Enterprise resource planning (erp) systemsStefi Merin
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the EnterpriseADGP, Public Grivences, Bangalore
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability ManagementGFI Software
 
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptxESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptxhamzaalkhairi802
 
Saipraveen_Cirrculum_Vitae
Saipraveen_Cirrculum_VitaeSaipraveen_Cirrculum_Vitae
Saipraveen_Cirrculum_VitaeSaipraveen Gottuparthy
 
Defect effort prediction models in software
Defect effort prediction models in softwareDefect effort prediction models in software
Defect effort prediction models in softwareIAEME Publication
 
SOFTWARE AUDIT in information system.pptx
SOFTWARE AUDIT in information system.pptxSOFTWARE AUDIT in information system.pptx
SOFTWARE AUDIT in information system.pptxSharumathiR1
 
Foreign pensions funds.pptx
Foreign pensions funds.pptxForeign pensions funds.pptx
Foreign pensions funds.pptxSharumathiR1
 

More Related Content

Similar to Unit - 4 Security in information system .pptx

Intro softwareeng
Intro softwareengIntro softwareeng
Intro softwareengPINKU29
 
Technology Audit | IT Audit | ERP Audit | Database Security
Technology Audit | IT Audit | ERP Audit | Database Security Technology Audit | IT Audit | ERP Audit | Database Security
Technology Audit | IT Audit | ERP Audit | Database Security Arish Roy
 
Effects of IT on internal controls
Effects of IT on internal controlsEffects of IT on internal controls
Effects of IT on internal controlsLou Foja
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
DIRECTIONSRate each statement by how well the behavior describe.docx
DIRECTIONSRate each statement by how well the behavior describe.docxDIRECTIONSRate each statement by how well the behavior describe.docx
DIRECTIONSRate each statement by how well the behavior describe.docxcuddietheresa
 
Systematic Review Automation in Cyber Security
Systematic Review Automation in Cyber SecuritySystematic Review Automation in Cyber Security
Systematic Review Automation in Cyber SecurityYogeshIJTSRD
 
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docxCMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docxmccormicknadine86
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3grimesjo
 
Creating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesCreating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesDiane M. Metcalf
 
Penetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityPenetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityKaran Patel
 
Enterprise resource planning (erp) systems
Enterprise resource planning (erp) systemsEnterprise resource planning (erp) systems
Enterprise resource planning (erp) systemsStefi Merin
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability ManagementGFI Software
 
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptxESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptxhamzaalkhairi802
 
Defect effort prediction models in software
Defect effort prediction models in softwareDefect effort prediction models in software
Defect effort prediction models in softwareIAEME Publication
 

Similar to Unit - 4 Security in information system .pptx (20)

Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1
 
Eng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestEng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-Latest
 
Inspace technologies
Inspace technologiesInspace technologies
Inspace technologies
 
Intro softwareeng
Intro softwareengIntro softwareeng
Intro softwareeng
 
Technology Audit | IT Audit | ERP Audit | Database Security
Technology Audit | IT Audit | ERP Audit | Database Security Technology Audit | IT Audit | ERP Audit | Database Security
Technology Audit | IT Audit | ERP Audit | Database Security
 
Unit Iii
Unit IiiUnit Iii
Unit Iii
 
Effects of IT on internal controls
Effects of IT on internal controlsEffects of IT on internal controls
Effects of IT on internal controls
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
DIRECTIONSRate each statement by how well the behavior describe.docx
DIRECTIONSRate each statement by how well the behavior describe.docxDIRECTIONSRate each statement by how well the behavior describe.docx
DIRECTIONSRate each statement by how well the behavior describe.docx
 
Systematic Review Automation in Cyber Security
Systematic Review Automation in Cyber SecuritySystematic Review Automation in Cyber Security
Systematic Review Automation in Cyber Security
 
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docxCMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
 
Creating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesCreating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware Practices
 
Penetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityPenetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber Security
 
Enterprise resource planning (erp) systems
Enterprise resource planning (erp) systemsEnterprise resource planning (erp) systems
Enterprise resource planning (erp) systems
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptxESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
 
Saipraveen_Cirrculum_Vitae
Saipraveen_Cirrculum_VitaeSaipraveen_Cirrculum_Vitae
Saipraveen_Cirrculum_Vitae
 
Defect effort prediction models in software
Defect effort prediction models in softwareDefect effort prediction models in software
Defect effort prediction models in software
 

More from SharumathiR1

SOFTWARE AUDIT in information system.pptx
SOFTWARE AUDIT in information system.pptxSOFTWARE AUDIT in information system.pptx
SOFTWARE AUDIT in information system.pptxSharumathiR1
 
Foreign pensions funds.pptx
Foreign pensions funds.pptxForeign pensions funds.pptx
Foreign pensions funds.pptxSharumathiR1
 
Lecture 1 Introduction.ppsx
Lecture 1 Introduction.ppsxLecture 1 Introduction.ppsx
Lecture 1 Introduction.ppsxSharumathiR1
 
'Venture Capital'.pptx
'Venture Capital'.pptx'Venture Capital'.pptx
'Venture Capital'.pptxSharumathiR1
 
diiscriminant analysis1.pptx
diiscriminant analysis1.pptxdiiscriminant analysis1.pptx
diiscriminant analysis1.pptxSharumathiR1
 
Entrepreneurship development.pptx
Entrepreneurship development.pptxEntrepreneurship development.pptx
Entrepreneurship development.pptxSharumathiR1
 

More from SharumathiR1 (8)

SOFTWARE AUDIT in information system.pptx
SOFTWARE AUDIT in information system.pptxSOFTWARE AUDIT in information system.pptx
SOFTWARE AUDIT in information system.pptx
 
Foreign pensions funds.pptx
Foreign pensions funds.pptxForeign pensions funds.pptx
Foreign pensions funds.pptx
 
Lecture 1 Introduction.ppsx
Lecture 1 Introduction.ppsxLecture 1 Introduction.ppsx
Lecture 1 Introduction.ppsx
 
'Venture Capital'.pptx
'Venture Capital'.pptx'Venture Capital'.pptx
'Venture Capital'.pptx
 
diiscriminant analysis1.pptx
diiscriminant analysis1.pptxdiiscriminant analysis1.pptx
diiscriminant analysis1.pptx
 
Entrepreneurship development.pptx
Entrepreneurship development.pptxEntrepreneurship development.pptx
Entrepreneurship development.pptx
 
Power Diode.pdf
Power Diode.pdfPower Diode.pdf
Power Diode.pdf
 
Unit I.pdf
Unit I.pdfUnit I.pdf
Unit I.pdf
 

Recently uploaded

(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCRsoniya singh
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadAyesha Khan
 
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDF
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDFCATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDF
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDFOrient Homes
 
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry BelcherA.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry BelcherPerry Belcher
 
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfCatalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfOrient Homes
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurSuhani Kapoor
 
Investment analysis and portfolio management
Investment analysis and portfolio managementInvestment analysis and portfolio management
Investment analysis and portfolio managementJunaidKhan750825
 
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...lizamodels9
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfOrient Homes
 
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / NcrCall Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncrdollysharma2066
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 

Recently uploaded (20)

(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
 
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDF
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDFCATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDF
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDF
 
KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)
 
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry BelcherA.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
 
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfCatalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
 
Investment analysis and portfolio management
Investment analysis and portfolio managementInvestment analysis and portfolio management
Investment analysis and portfolio management
 
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdf
 
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / NcrCall Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 

Unit - 4 Security in information system .pptx

  • 1. Unit - 4 SECURITY, CONTROL AND REPORTING
  • 2. Security Meaning An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach. It protects the organisation's ability to function. It enables the safe operation of applications implemented on the organisation's IT systems. It protects the data the organisation collects and uses. It safeguards the technology the organisation uses. Example Pass cards or codes for access to buildings, user ids and passwords for network login, and finger print
  • 3. Threat to information system Meaning Information security threats are a problem for many corporations and individuals. Viruses, worms, Trojans, and spam are ubiquitous, but they are just the tip of the iceberg. Other common information security threats include privilege escalation, spyware, adware, rootkits, botnets, and logic bombs. Example Software attacks, theft of intellectual property, identity theft, theft of equipment or information.
  • 4. Accidents and Malfunctions Causes of Accidents  Operator Error – Inattention, nonconformance (wrong code)  Hardware Malfunction - computer won't turn on (CPU, System)  Software Bugs - Bugs can be the result of incorrect communication about the project and its requirements. (Wrong Program)  Data Errors – Incorrect Phone number Address  Accidental Disclosure of Information – (Gmail, web)  Damage to physical facilities – Damage by fire flood etc.  Inadequate system performance – when a system cannot handle the task that is requited (2GB Pen drive)
  • 5. Computer crime  Hacking - A more common and classic motivation for hacking into a system would be to steal personal information for identity theft, including social security numbers, credit cards, bank accounts, and more. (page, software, web page)  Cyber Theft - Email and internet fraud. Identity fraud (where personal information is stolen and used). Theft of financial or card payment data. Theft and sale of corporate data. (Bank)  Unauthorized use at work - computer network without authorization (Login id)  Piracy - Websites that make software available for free download or in exchange for others.  Computer Viruses
  • 6. Error detection Meaning Error detection is the detection of errors caused by noise or other impairments during transmission from the transmitter to the receiver. Error correction is the detection of errors and reconstruction of the original, error-free data.
  • 7. Role of information management in ERP Meaning (Enterprise resource planning) It’s refers to a type of software that organizations use to manage day-to-day business activities such as accounting, procurement, project management, risk management and compliance, and supply chain operations. ERP facilitates information flow between all business functions, and manages connections to outside stakeholders. Order Processing: Order to cash, order entry, credit checking, pricing, available to promise, inventory, shipping, sales analysis and reporting, sales commissioning.
  • 8. Role of information management in ERP 1 Functional areas Financial accounting: General ledger, fixed asset, payables including vouchering, matching and payment, receivables cash application and collections, cash management, financial consolidation. Management accounting: Budgeting, costing, cost management, activity based costing. Human resources: Recruiting, training, fostering, payroll, benefits,diversity management, retirement, separation. Manufacturing: Engineering, bill of materials, work orders, scheduling, capacity, workflow management, quality control, manufacturing process, manufacturing projects, manufacturing flow, product life cycle management.
  • 9. Role of information management in ERP 2 Components  Transactional database  Management portal/dashboard  Business intelligence system  Customizable reporting  Resource planning and scheduling  Analyzing the product  External access via technology such as web services  Search  Document management  Messaging/chat/wiki  Workflow management 
  • 10. Role of information management in ERP 3 Connectivity to plant floor information ERP systems connect to real time data and transaction data in a variety of ways. These systems are typically configured by systems integrators, who bring unique knowledge on process, equipment, and vendor solutions. Direct integration ERP systems have connectivity (communications to plant floor equipment) as part of their product offering. This requires that the vendors offer specific support for the plant floor equipment their customers operate. ERP vendors must be experts in their own products and connectivity to other vendor products, including those of their competitors.
  • 11. Role of information management in ERP 4 Implementation ERP's scope usually implies significant changes to staff work processes and practices. Generally, three types of services are available to help implement such changes consulting, customization, and support. Implementation time depends on business size, number of modules, customization, the scope of process changes, and the readiness of the customer to take ownership for the project. Modular ERP systems can be implemented in stages. The typical project for a large enterprise takes about 14 months and requires around 150 consultants. Small projects can require months; multinational and other large implementations can take years. Customization can substantially increase implementation times.
  • 12. Role of information management in ERP 5 Process preparation Implementing ERP typically requires changes in existing business processes. Poor understanding of needed process changes prior to starting implementation is a main reason for project failure. The problems could be related to the system, business process, infrastructure, training, or lack of motivation.  Linking current processes to the organization's strategy  Analyzing the effectiveness of each process  Understanding existing automated solutions
  • 13. Testing It is hoped that it perform properly, However, some errors always occur. The main purpose of testing in information system is to find the Errors and correct them. A successful test is one which finds error. Classification of Information system Test 1) Unit Test It is a method by which individual unit of source code are tested to determine if they are fit for use. 2) Integration testing It is performed to ensure that the modules combine together correctly to achieve a product that meet its specification.
  • 14. Types of Integration Testing a) Big bang integration testing In big bang integration testing all components or modules is integrated simultaneously, after which everything is tested as a whole. b) Top – Down Integration Testing Testing takes places from top to bottom, following control flow or architectural structure. c) Bottom Up Testing takes place from the bottom of the control flow upwards. d) Mixed Integration test It is called sandwiched testing. Top down and bottom up mixed.
  • 15. 4) Validation testing After integration testing, validation succeeds when software functions expected by the customer. Types of Validation Testing Alpha Testing – Developer Testing Beta Testing – Customer Test 5) System Testing In system testing the behavior of whole system /product is tested as defined by the scope of the development project or product
  • 16. Error detection Meaning In networking, error detection refers to the techniques used to detect noise or other impairments introduced into data while it is transmitted from source to destination. Error detection ensures reliable delivery of data across vulnerable networks. Classes of Error Detection Techniques 1) Static Analysis – The analysis of requirements, design, code or other items either manually or automatically, without executing the subject of the analysis to determine. Code walk-through Code Inspection 2) Dynamic Analysis – Sizing, timing analysis and prototyping. 3) Formal Analysis – It can be used as an error detection technique. (formal specification language.
  • 17. Error Detection in phases of lifecycle
  • 18. Control Meaning Information Systems controls are a set of procedures and technological measures to ensure secure and efficient operation of information within an organization. Both general and application controls are used for safeguarding information systems. Input – Process - Output
  • 19. Software Audit Meaning A software audit is an internal or external review of a software program to check its quality, progress or adherence to plans, standards and regulations. The process is conducted by either internal teams or by one or more independent auditors. Audit Roles and Responsibility Client – Provides authority to initiate the audit. Audit Management – Audit plan Lead Auditor – Responsible for the overall conduct and success. Auditors – Creating Checklist, interview questions and other audit tools. Auditee Management – Work with Lead auditor Auditee – Providing appropriate and accurate answer to the auditors. Escort - Ensuring that the auditor complies with company rules.
  • 20. User Interface Meaning The point of human-computer interaction and communication in a device. This can include display screens, keyboards, a mouse and the appearance of a desktop. It is also the way through which a user interacts with an application or a website. Types of Interfaces Natural – Language Interface – MS office Question - Answer Interface – what type and size of vehicle do you need? Menu Driven interfaces – Menu Option Form – Fill Interface – Job application Forms Command - Language Interface - Language based Syntax Graphical User interfaces
  • 21. Reporting Types of Reporting Detail Reporting Summary Reporting Exception Reporting
  • 22. Ethics in IT Meaning Information technology ethics is the study of the ethical issues arising out of the use and development of electronic technologies. Its goal is to identify and formulate answers to questions about the moral basis of individual responsibilities and actions, as well as the moral underpinnings of public policy. Ethical Responsibility of Business Professionals 1) Egoism 2) Natural Law 3) Utilitarianism 4) Respect for persons 5) Ethical Values
  • 23. Important of Business Ethics in IT Ethical issues related to implementation and use of ICT (Information and Communication Technology) is important since these issues constitutes the conditions for human attitudes and values specifying human actions and behavior, and implying conditions for usefulness and maintenance of such systems. Ethical Guidelines 1) Proportionality 2) Informed consent 3) Justice 4) Minimized Risk
  • 24. Difference Between Sniffing and Spoofing Spoofing in network security involves fooling a computer or network by using a falsified IP address, redirecting internet traffic at the DNS (Domain Name System) level, or faking ARP (Address Resolution Protocol) data within a local access network (LAN). After all, let us consider the difference between sniffing and spoofing. Sniffing collects data packets, analyzes network traffic, and sends those packets to the targeted traffic. Spoofing is the theft of the user’s data. After that, it distributes malware, and phishing attacks make all sorts of data theft thanks to this data. Spoofing is when an attacker uses a foreign IP address and creates a TCP/IP. Sniffing, in turn, the attacker (the program) swindles between two packet transfer points and deceives the system by pretending to be one of those points, tracking and thus stealing the data sent between two points.