This document contains a copyright notice for an educational presentation on information systems prepared by Arianto Muditomo for Perbanas Institute. It states that the presentation materials are for non-commercial educational use only and cannot be altered or used for commercial purposes without written permission. The document lists references used in the presentation and provides an outline of the presentation topics, which include information systems in business, IT strategic planning, business intelligence and decision support, ethics and security, e-business and e-commerce, and knowledge management.

1. © 2017 Arianto Muditomo All Rights Reserved
Copyright Notice:
This presentation is prepared by Author for Perbanas Institute as a part of Author Lecture Series. It is to be used for educational and non-
commercial purposes only and is not to be changed, altered, or used for any commercial endeavor without the express written permission from
Author and/or Perbanas Institute. Appropriate legal action may be taken against any person, organization, or entity attempting to misrepresent,
charge, or profit from the educational materials contained here.
Authors are allowed to use their own articles without seeking permission from any person, organization, or entity.

2. arianto.muditomo@2017
Referrences:
1) Baltzan, Paige 2014. Business Driven Information Systems. 4th Edition. New York: McGraw-Hill.
2) Pearlson, Keri E. And Saunders Carol S. 2013. Managing and Using Information Systems: A Strategic Approach. 5th Ed.
Danvers: John Wiley & Sons.
3) Turban, Efraim, Volonino, Linda, and Wood, Gregory 2013. Information Technology for Management. 9th Edition.
Hoboken: John Wiley & Sons.
4) Turban, Efraim, Strauss, Judy, and Lai, Linda 2016. Social Commerce: Marketing and Technology Management. Hidelberg:
Springer.
5) Xu, Jun and Quaddus, Mohammed 2013. Managing Information Systems: Ten Essential Topics. Amsterdam: Atlantis Press.
6) Turban, Rainer: Introduction to Information Systems Enablig and Transforming Business 2nd Ed., John Wiley & Sons.2009
7) Kenneth C. Laudon and Jane P. Laudon, Management Information Systems, Managing The Digital Firm, Pearson: Prentice
Hall 2006
8) Business information systems : technology, development and management for the e-business / Paul Bocij, Andrew
Greasley and Simon Hickie. – Fifth edition., © Pearson Education Limited 2015
1
• Session #1: Information System in Business
• Session #2: IT Strategic Planning
• Session #3: Business Information System
• Session #4: Business Intelligence & Decision Support
• Session #5: Ethics, Privacy and Security
• Session #6: e-Business and e-Commerce
• Session #7: Knowledge Management
• Session #8: Enterprise Information System

3. arianto.muditomo@2017
2
§ Describe the major ethical issues related to information technology and identify situations
in which they occur.
§ Identify the many threats to information security.
§ Understand the various defense mechanisms used to protect information systems.
§ Explain IT auditing and planning for disaster recovery.

4. arianto.muditomo@2017
#4 CHECK POINT
PRE-LEARNING TEST
3
§ What do you know about Code Ethics?
§ What is Privacy?
§ Please identify the many threats to information security.

5. arianto.muditomo@2017
§ Ethics refers to the principles of right and wrong that individuals use to make choices to
guide their behaviors. Deciding what is right or wrong is not always easy or clear-cut. For
this reason, many companies and professional organizations develop their own codes of
ethics.
§ A code of ethics is a collection of principles that is intended to guide decision making by
members of the organization.
4
Responsibility means that you accept the consequences of your
decisions and actions.
Accountability refers to determining who is responsible for
actions that were taken.
Liability is a legal concept that gives individuals the right to
recover the damages done to them by other individuals,
organizations, or systems.

6. arianto.muditomo@2017
5

7. arianto.muditomo@2017
6
Privacy Issues
• What information about oneself should an
individual be required to reveal to others?
• What kind of surveillance can an employer use on
its employees?
• What types of personal information can people
keep to themselves and not be forced to reveal to
others?
• What information about individuals should be
kept in databases, and how secure is the
information there?
Accuracy Issues
• Who is responsible for the authenticity, fidelity, and
accuracy of the information collected?
• How can we ensure that the information will be
processed properly and presented accurately to
users?
• How can we ensure that errors in databases, data
transmissions, and data processing are accidental
and not intentional?
• Who is to be held accountable for errors in
information, and how should the injured parties be
compensated?
Property Issues
• Who owns the information?
• What are the just and fair prices for its exchange?
• How should one handle software piracy (copying
copyrighted software)?
• Under what circumstances can one use proprietary
databases?
• Can corporate computers be used for private
purposes?
• How should experts who contribute their
knowledge to create expert systems be
compensated?
• How should access to information channels be
allocated?
Accessibility Issues
• Who is allowed to access information?
• How much should companies charge for permitting
accessibility to information?
• How can accessibility to computers be provided for
employees with disabilities?
• Who will be provided with equipment needed for
accessing information?
• What information does a person or an organization
have a right or privilege to obtain, under what
conditions, and with what safeguards?

8. arianto.muditomo@2017
PRIVACY
Privacy is the right to be left alone and to be free of unreasonable
personal intrusions.
v Information privacy is the right to determine when, and to what
extent, information about yourself can be gathered and/or
communicated to others.
v Privacy rights apply to individuals, groups, and institutions.
7

9. arianto.muditomo@2017
§ Data aggregators, digital dossiers, and
profiling
§ Electronic Surveillance
§ Personal Information in Databases
§ Information on Internet Bulletin Boards,
Newsgroups, and Social Networking
Sites
8
Privacy Codes and Policies
= Privacy policies or privacy codes are an organization’s guidelines
for protecting the privacy of customers, clients, and employees.
How to Protect?

10. arianto.muditomo@2017
PRIVACY POLICY
9

11. arianto.muditomo@2017
THREATS TO INFORMATION SECURITY
A number of factors contribute to the increasing vulnerability of
organizational information assets, which are
10
• Today’s interconnected, interdependent, wirelessly
networked business environment
• Government legislation
• Smaller, faster, cheaper computers and storage devices
• Decreasing skills necessary to be a computer hacker
• International organized crime taking over cyber-crime
• Downstream liability
• Increased employee use of unmanaged devices
• Lack of management support

12. arianto.muditomo@2017
11
Information
systems
controls are
the procedures,
devices, or
software aimed
at preventing a
compromise to
the system.
Organizations
have many
information
resources
(These
resources are
subject to a
huge number
of threats. )
The exposure
of an
information
resource is
the harm, loss,
or damage that
can result if a
threat
compromises
that resource.
A threat to an
information
resource is
any danger to
which a system
may be
exposed
Risk is the
likelihood that
a threat will
occur
A system’s
vulnerability
is the
possibility that
the system will
suffer harm by
a threat

13. arianto.muditomo@2017
12
FIGURE 3.1
Security threats.
[6] p. 86

14. arianto.muditomo@2017
Whitman and Mattord (2003) classified threats into five general categories to help
us better under- stand the complexity of the threat problem.
13
Unintentional
acts
• Human errors
• Social
Engineering,
Reverse Social
Engineering,
and Social Data
Mining.
• Deviations in the
Quality of
Service by
Service
Providers
• Environmental
Hazards
Natural disasters
• Natural disasters
include floods,
earthquakes,
hurricanes,
tornadoes,
lightning, and in
some cases, fires.
In many cases,
these disasters—
sometimes
referred to as acts
of God— can
cause
catastrophic
losses of systems
and data.
Technical
failures
•Technical failures
include problems
with hardware and
software. The
most common
hardware
problem is a crash
of a hard disk
drive.
Management
failures
•Management
failures involve a
lack of funding for
information secu-
rity efforts and a
lack of interest in
those efforts. Such
lack of leadership
will cause the
information
security of the
organization to
suffer.
Deliberate acts
• Espionage or
trespass
• Information
extortion
• Sabotage or
vandalism
• Theft of
equipment or
information
• Identity theft
• Compromises to
intellectual
property
• Software attacks
• Supervisory
control and data
acquisition
(SCADA) attacks
• Cyber-terrorism
and cyber-
warfare

15. arianto.muditomo@2017
14
BCP, Backup &
Recovery
Control
Risk
Management
IS
Auditing
• Risk acceptance: Accept the potential risk, continue operating with no
controls, and absorb any damages that occur.
• Risk limitation: Limit the risk by implementing controls that minimize the
impact of the threat.
• Risk transference: Transfer the risk by using other means to compensate
for the loss, such as by purchasing insurance.
• Physical Control
• Access Control
• Communication Control
• Application Control
• Types of Auditors
& Audits
• How is auditing
executes?
• Hot-site
• Warm-site
• Cold-site
• Off-site data storage

16. arianto.muditomo@2017
THE DIFFICULTIES IN PROTECTING
INFORMATION RESOURCES
§ Hundreds of potential threats exist.
§ Computing resources may be situated in many locations.
§ Many individuals control information assets.
§ Computer networks can be located outside the organization and may be difficult to
protect.
§ Rapid technological changes make some controls obsolete as soon as they are installed.
§ Many computer crimes are undetected for a long period of time so it is difficult to learn
from experience.
§ People tend to violate security procedures because the procedures are inconvenient.
§ The amount of computer knowledge necessary to commit computer crimes is usually
minimal. As a matter of fact, one can learn hacking for free on the Internet.
§ The cost of preventing hazards can be very high.Therefore, most organizations simply
cannot afford to protect against all possible hazards.
§ It is difficult to conduct a cost-benefit justification for controls before an attack occurs
because it is difficult to assess the value of a hypothetical attack.
15

17. arianto.muditomo@2017
16
§ What do know about Code Ethics?
A code of ethics is a collection of principles that is intended to guide decision making by
members of the organization.
§ What is Privacy?
Privacy is the right to be left alone and to be free of unreasonable personal intrusions.
§ Please identify the many threats to information security.
Unintentional threats include human errors, environmental hazards, and computer system
failures.
Intentional threats include espionage, extortion, vandalism, theft, software attacks, and
compromises to intellectual property.
Software attacks include viruses, worms,Trojan horses, logic bombs, back doors, denial–of–
service, alien software, phishing, and pharming.
A growing threat is cyber-crime, which includes identity theft and phishing attacks.

18. © 2017 Arianto Muditomo All Rights Reserved