The document discusses key concepts regarding operating systems, applications, databases, and information and communication technology (ICT) security. It provides definitions and examples of operating systems, applications, and databases. It also outlines several important aspects of ICT security that senior management should be aware of, including that security is a management issue, not all information assets require the same level of protection, and threats can come from both inside and outside an organization. Managerial implications for ICT security include identifying critical assets, assessing risks, and balancing security risks and costs.

1. Instructor: Timon Odhiambo Odingo
ICT, Crime and Security

2. ∗ Operating systems
∗ An operating system or OS is a software program that enables
the computer hardware to communicate and operate with the
computer software. Without a computer operating system, a
computer and software programs would be useless. The picture
to the right is an example ofMicrosoft Windows XP, a popular
operating system and what the box may look like if you were to
purchase it from a local retail store.

3. ∗ Operating system types
∗ As computers have progressed and developed so have the
operating systems. Below is a basic list of the different operating
systems and a few examples of operating systems that fall into
each of the categories. Many computer operating systems will
fall into more than one of the below categories.
∗ GUI - Short for Graphical User Interface, a GUI Operating System
contains graphics and icons and is commonly navigated by using
a computer mouse. See the GUIdefinition for a complete
definition. Below are some examples of GUI Operating Systems.

4. ∗ Operating system types
∗ Windows 98
Windows CE
∗ Multi-user - A multi-user operating system allows for multiple
users to use the same computer at the same time and different
times. See the multi-user definition for a complete definition for
a complete definition. Below are some examples of multi-user
operating systems.

5. Linux and
Variants(Ubuntu, Fedora, Kubuntu, Debain,
UnixMac OSMS-DOS
IBM OS/2 Warp
Unix and Variants
Windows CEWindows 3.x
Windows 95Windows 98
Windows 98 SEWindows ME
Windows NTWindows 2000
Windows XPWindows Vista
Windows 7
Windows 8Windows 8.1

6. Applications:
∗Application software is all the computer software that causes a
computer to perform useful tasks beyond the running of the
computer itself. A specific instance of such software is called
a software application, application program, application orapp.[1]
∗The term is used to contrast such software with system software,
which manages and integrates a computer's capabilities but does
not directly perform tasks that benefit the user. The system
software serves the application, which in turn serves the user.
∗Examples include accounting software, enterprise software,
graphics software, media players, and office suites. Many
application programs deal principally with documents.

7. Applications:
∗. Many application programs deal principally with documents.
Applications may be bundled with the computer and its system
software or published separately, and can be coded as university
projects.[2]
∗Application software applies the power of a particular
computing platform or system software to a particular purpose.
∗Some applications are available in versions for several different
platforms; others have narrower requirements and are thus called,
for example, a Geography application for Windows, an Android
application for education, or Linux gaming. Sometimes a new and
popular application arises which only runs on one platform,
increasing the desirability of that platform. This is called a
killer application.

8. Applications:
∗An application suite consists of multiple applications bundled
together. They usually have related functions, features and user
interfaces, and may be able to interact with each other, e.g. open
each other's files. Business applications often come in suites, e.g.
Microsoft Office, LibreOffice and iWork, which bundle together a
word processor, a spreadsheet, etc.; but suites exist for other
purposes, e.g. graphics or music.
∗Enterprise software addresses the needs of an entire
organization's processes and data flow, across most all
departments, often in a large distributed environment. (Examples
include financial systems, customer relationship management
(CRM) systems and supply chain management software).
Departmental Software is a sub-type of enterprise software with a
focus on smaller organizations and/or groups within a large
organization. (Examples include travel expense management and
IT Helpdesk.)

9. Applications:
∗management and IT Helpdesk.)
∗Enterprise infrastructure software provides common capabilities
needed to support enterprise software systems. (Examples include
databases, email servers, and systems for managing networks and
security.)
∗Information worker software lets users create and manage
information, often for individual projects within a department, in
contrast to enterprise management. Examples include
time management, resource management, documentation tools,
analytical, and collaborative. Word processors, spreadsheets, email
and blog clients, personal information system, and individual media
editors may aid in multiple information worker tasks.

10. Applications:
∗Content access software is used primarily to access content
without editing, but may include software that allows for content
editing. Such software addresses the needs of individuals and
groups to consume digital entertainment and published digital
content. (Examples include media players, web browsers, and help
browsers.)
∗Educational software is related to content access software, but
has the content and/or features adapted for use in by educators or
students. For example, it may deliver evaluations (tests), track
progress through material, or include collaborative capabilities.
∗Simulation software simulates physical or abstract systems for
either research, training or entertainment purposes.

11. Applications:
∗Media development software generates print and electronic media
for others to consume, most often in a commercial or educational
setting. This includes graphic-art software, desktop publishing
software, multimedia development software, HTML editors, digital-
animation editors, digital audio and video composition, and many
others.[10]
∗Product engineering software is used in developing hardware and
software products. This includes computer-aided design (CAD),
computer-aided engineering (CAE), computer language editing and
compiling tools, integrated development environments, and
application programmer interfaces.
∗Applications can also be classified by computing platform such as
a particular operating system, delivery network such as in
cloud computing and Web 2.0 applications, or delivery devices such
as mobile apps for mobile devices.

12. Applications:
∗The operating system itself can be considered application
software when performing simple calculating, measuring,
rendering, and word processing tasks not used to control hardware
via command-line interface or graphical user interface. This does
not include application software bundled within operating systems
such as a software calculator or text editor.
∗Information worker software

13. Applications:
∗. Many application programs deal principally with documents.
Applications may be bundled with the computer and its system
software or published separately, and can be coded as university
projects.[2]
∗Application software applies the power of a particular
computing platform or system software to a particular purpose.
∗Some applications are available in versions for several different
platforms; others have narrower requirements and are thus called,
for example, a Geography application for Windows, an Android
application for education, or Linux gaming. Sometimes a new and
popular application arises which only runs on one platform,
increasing the desirability of that platform. This is called a
killer application.

14. ∗ A database is an organized collection of data. The data are typically
organized to model relevant aspects of reality in a way that
supports processes requiring this information. For example,
modelling the availability of rooms in hotels in a way that supports
finding a hotel with vacancies.
∗ Database management systems (DBMSs) are specially designed
software applications that interact with the user, other applications,
and the database itself to capture and analyze data. A general-
purpose DBMS is a software system designed to allow the
definition, creation, querying, update, and administration of
databases. Well-known DBMSs include MySQL, MariaDB,
PostgreSQL, SQLite, Microsoft SQL Server, Microsoft Access, Oracle
, SAP HANA, dBASE, FoxPro, IBM DB2, LibreOffice Base, FileMaker
Pro andInterSystems Caché. A database is not
generally portable across different DBMSs, but different DBMSs can
interoperate by using standards such as SQL and ODBC or JDBC to
allow a single application to work with more than one database.

15. ICT Security Introduction
∗ Good security in an organization starts at the top, not
with firewalls, shielded cables or biometrics.
∗ Senior management has a much more significant role
to play in achieving security than they may think.

16. Security vs. Privacy
∗ Privacy deals with the degree of control that an
entity, whether a person or organization, has over
information about itself.
∗ Security deals with vulnerability to unauthorized
access to content.

17. What Should
Sr. Management Know?
∗ Security is not a technical issue; it is a
management issue
∗ Total security is a myth.
∗ Not all information is of equal value
∗ it is not technically possible to protect all
information assets
∗ Stakeholders will be increasingly less tolerant
of cyber-related vulnerabilities

18. Threats
∗ Numerous adversaries are aligned against any firm's
information, systems, and the critical infrastructures that
support them.
∗ disgruntled current or former employees
∗ Hackers
∗ virus writers
∗ criminal groups
∗ those engaged in corporate espionage
∗ Terrorists
∗ foreign intelligence services
∗ information warfare by foreign militaries and various other actors.

19. Barriers to Security
∗ The worldwide diffusion of the Internet opens up new
business opportunities (e.g., 3-R Framework)
∗ It also increases an organization's vulnerability since
so many more individuals of unknown origin and
intent now have access to its systems

20. Clue IT In!
∗ Organizations commonly look for technical
certification when hiring IT staff, but how often is any
effort made to educate new security workers on the
organization's strategic focus or to communicate to
them the criticality levels of their information assets?

21. Critical Infrastructures
∗ Critical Infrastructure Protection
∗ Government-Industry Collaboration
∗ Management's Role in Critical Infrastructure
Protection
∗ To recognize that critical infrastructure protection
is an essential component of corporate governance
as well as organizational security

22. Organization
∗ Structure leads to locus of ownership of data and processes
∗ Business Environment: threats are based on…
∗ Value of the firm's intellectual property
∗ The degree of change the firm is facing
∗ Its accessibility
∗ Its industry position
∗ Culture
∗ SOPs
∗ Education, Training, and Awareness

23. Technology
∗ Firewalls and Intrusion Detection
∗ Password Layering
∗ Public Key Infrastructure
∗ Secure Servers
∗ VPNs

24. Ok, So What?
Managerial Implications
∗ Asset Identification
∗ Risk Assessment
∗ The Control Environment
∗ Physical
∗ Data
∗ Implementation
∗ Operations
∗ Administrative
∗ Application System Controls

25. Balancing Risks and Costs
∗ Step 1: Identify information assets at an appropriate level of
aggregation
∗ Step 2: Identify the financial consequences of these information
assets being compromised, damaged, or lost
∗ Step 3: Identify the costs of implementing the control
mechanisms that are being proposed to enhance organizational
security
∗ Step 4: Estimate overall risk based on the likelihood of
compromise
∗ Step 5: Estimate the benefits expected by implementing the
proposed security mechanisms
∗ Step 6: Compare the expected benefits obtained in Step 5 with
the cost estimates obtained in Step 3