The document provides an overview of information systems and information security, defining their roles and components in organizational management. It highlights the need for data collection, security measures, and risk analysis to safeguard information while emphasizing various types of information systems, their development, and the significance of cyber security. Key elements discussed include the system development life cycle, threats to information systems, and the importance of ensuring confidentiality, integrity, and availability.

1. CYBER SECURITY
INTRODUCTION (UNIT-1)

2. INFORMATION SYSTEM
Information System refers to the knowledge or fact about any particular
subject/person or thing. The various aspects including like gathering,
handling, processing, storing, encrypting, releasing & disposing of data
for completing the transmission.
Information System is an integrated structure that compiles the services
of software, human resources and physical components of technology
to gather, store, process & retrieve the information whenever required,
in a useful form. This information is used by an individual or an
organization for planning, decision-making & various purposes for the
smooth running of the organization.

3. NEED FOR INFORMATION SYSTEM
Collection & storage of various types of data in accounts
Keeping record of employees
Customer Relationship Management
Planning
Preparing Alternative Course of Action
Decision-Making
Faster communication of a message among the employees
Competitive Advantage over other organization

4. TYPES OF INFORMATION SYSTEM
Executive Support System
Expert System
Decision Support System
Management Information
System
Office Information System
Transaction Processing
System

5. ELEMENTS OF INFORMATION SYSTEM
Connection
Media &
Network
Methods
Information
Human
Resource
Hardware
Software

6. DEVELOPMENT OF INFORMATION SYSTEM
Development of Information System has been interpreted as an
organized collection of concept, methods or techniques or set of goal
oriented procedure which are intending to guide the work in the
corporation of various parties involved in the guiding of an information
system.
“The desirable result or objective of the whole process of development
is to implement a functioning system, which will satisfy the end user in
its functionality and uses interfaces.”

7. SYSTEM DEVELOPMENT LIFE CYCLE
Identify
Problems
Information
Collecting Data
Analyzing
System Needs
& Budget
Designing The
System
Software
Development
Testing,
Monitoring Or
Evaluating
Hardware
Selection
Implementation
Follow-Up

8. INTRODUCTION TO INFORMATION SECURITY
According to Merriam-Webster’s online dictionary, information is
defined as:
“ Knowledge obtained from investigation, study, or instruction,
intelligence, news, facts, data, a signal or character (as in a
communication system or computer) representing data, something (as a
message experimental data, or a picture) which justifies change in a
construct (as a plan or theory) that represents physical or mental
experience or another construct.”
And Security is defined as:
“freedom from danger, safety; freedom from fear or anxiety.”
Thus, Information Security can be defined as:
“Measures adopted to prevent the unauthorized use, misuse,
modification or denial of use of knowledge, facts, data or capabilities.”

9. NEED FOR INFORMATION SECURITY
 To secure information about the type of hardware/software the
organization is working on.
To control access to personal details of employees like control files,
password, address, phone number, etc.
To secure the information about the future plans & strategies of the
organization.
To secure the detailed information of the security plans of the
organization.
To secure information about the network connection, system
configuration and the encryption algorithms used by the organization.

10. INFORMATION SECURITY = CONFIDENTIALITY +
INTEGRITY + AVAILABILITY + AUTHENTICATION

11. BASIC PILLARS OF INFORMATION SECURITY
Confidentiality
Integrity
Availability

12. THREATS TO INFORMATION SYSTEM
NATURAL DISASTERS: Information can be lost, down time or loss
of productivity can occur, and damage to hardware can disrupt other
essential services.
HUMAN THREATS: Malicious Threats consist of inside attacks by
malicious employees & outside attacks by non-employees just looking
to harm and disrupt an organization. It can gain access in many ways
such as:
Viruses
Worm
Trapdoors
Logic Bombs
Mail Bombing
Zombie
Trojan Horse

13. INFORMATION ASSURANCE
Information Assurance is the process which ensures
confidentiality, integrity, availability, authentication and non-
repudiation of information system by using physical, technical and
administrative controls. This is not only valid for digital form of
data but it is also valid for analog form of data.

14. CYBER SECURITY
Cyber Security is more about monitoring behaviors and our cyber
monitoring efforts. Cyber Security refers to techniques and
technologies designed to protect computers, networks and data from
attacks, vulnerabilities and unauthorized access launched via internet
by cyber criminals. It applies security measures to ensure
confidentiality, integrity & availability of data. It specializes in the
area of network behavior analysis.

15. SECURITY RISK ANALYSIS
A risk analysis is the process of identifying the assets you wish to
protect and the potential threats against them. Risk Analysis is most
important process of risk management. It identifies & evaluate the risk
which have to be eliminated, controlled or accept it.
It is the concept that forms the basis for what we call security. If we
talk in terms of security then we can say that, risk is the potential for
less that requires protection. If there is no risk, there is no need of
security.
Risk= Threat * Vulnerability * Asset

16. SUBMITTED BY: SAMANVAY JAIN
Roll No: 1605470077
Batch: MBA 4th Sem.
(2017-18)
THANK YOU
Submitted To: Ms. Sandhya Singh
(Lecturer)