1. An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data to minimize risk and ensure business continuity. 2. Common information security threats include viruses, worms, Trojans, spam, privilege escalation, spyware, adware, rootkits, botnets, and logic bombs. These threats pose problems for many corporations and individuals. 3. Errors in computer systems can be caused by operator error, hardware or software issues, data errors, accidental information disclosure, physical damage, or inadequate system performance. Proper testing helps detect and correct errors.

1. Unit - 4
SECURITY, CONTROL AND
REPORTING

2. Security
Meaning
An information security management system (ISMS) is a set of policies and procedures for
systematically managing an organization's sensitive data. The goal of an ISMS is to
minimize risk and ensure business continuity by pro-actively limiting the impact of a
security breach.
It protects the organisation's ability to function. It enables the safe operation of applications
implemented on the organisation's IT systems. It protects the data the organisation collects
and uses. It safeguards the technology the organisation uses.
Example
Pass cards or codes for access to buildings, user ids and passwords for network login, and
finger print

3. Threat to information system
Meaning
Information security threats are a problem for many corporations and
individuals. Viruses, worms, Trojans, and spam are ubiquitous, but they
are just the tip of the iceberg. Other common information security threats
include privilege escalation, spyware, adware, rootkits, botnets, and logic
bombs.
Example
Software attacks, theft of intellectual property, identity theft, theft of
equipment or information.

4. Accidents and Malfunctions
Causes of Accidents
 Operator Error – Inattention, nonconformance (wrong code)
 Hardware Malfunction - computer won't turn on (CPU, System)
 Software Bugs - Bugs can be the result of incorrect communication about the
project and its requirements. (Wrong Program)
 Data Errors – Incorrect Phone number Address
 Accidental Disclosure of Information – (Gmail, web)
 Damage to physical facilities – Damage by fire flood etc.
 Inadequate system performance – when a system cannot handle the task that is
requited (2GB Pen drive)

5. Computer crime
 Hacking - A more common and classic motivation for hacking into a system would be
to steal personal information for identity theft, including social security numbers, credit
cards, bank accounts, and more. (page, software, web page)
 Cyber Theft - Email and internet fraud. Identity fraud (where personal information is
stolen and used). Theft of financial or card payment data. Theft and sale of corporate
data. (Bank)
 Unauthorized use at work - computer network without authorization (Login id)
 Piracy - Websites that make software available for free download or in exchange for
others.
 Computer Viruses

6. Error detection
Meaning
Error detection is the detection of errors caused by noise or
other impairments during transmission from the transmitter
to the receiver. Error correction is the detection of errors and
reconstruction of the original, error-free data.

7. Role of information management in ERP
Meaning (Enterprise resource planning)
It’s refers to a type of software that organizations use to manage day-to-day business
activities such as accounting, procurement, project management, risk management and
compliance, and supply chain operations.
ERP facilitates information flow between all business functions, and manages
connections to outside stakeholders. Order Processing: Order to cash, order entry, credit
checking, pricing, available to promise, inventory, shipping, sales analysis and reporting,
sales commissioning.

8. Role of information management in ERP
1 Functional areas
Financial accounting: General ledger, fixed asset, payables including vouchering,
matching and payment, receivables cash application and collections, cash management,
financial consolidation.
Management accounting: Budgeting, costing, cost management, activity based costing.
Human resources: Recruiting, training, fostering, payroll, benefits,diversity management,
retirement, separation.
Manufacturing: Engineering, bill of materials, work orders, scheduling, capacity,
workflow management, quality control, manufacturing process, manufacturing projects,
manufacturing flow, product life cycle management.

9. Role of information management in ERP
2 Components
 Transactional database
 Management portal/dashboard
 Business intelligence system
 Customizable reporting
 Resource planning and scheduling
 Analyzing the product
 External access via technology such as web services
 Search
 Document management
 Messaging/chat/wiki
 Workflow management


10. Role of information management in ERP
3 Connectivity to plant floor information
ERP systems connect to real time data and transaction data in a variety of
ways. These systems are typically configured by systems integrators, who
bring unique knowledge on process, equipment, and vendor solutions.
Direct integration ERP systems have connectivity (communications to
plant floor equipment) as part of their product offering. This requires that
the vendors offer specific support for the plant floor equipment their
customers operate. ERP vendors must be experts in their own products and
connectivity to other vendor products, including those of their competitors.

11. Role of information management in ERP
4 Implementation
ERP's scope usually implies significant changes to staff work processes
and practices. Generally, three types of services are available to help
implement such changes consulting, customization, and support.
Implementation time depends on business size, number of modules,
customization, the scope of process changes, and the readiness of the
customer to take ownership for the project. Modular ERP systems can be
implemented in stages. The typical project for a large enterprise takes about
14 months and requires around 150 consultants. Small projects can require
months; multinational and other large implementations can take years.
Customization can substantially increase implementation times.

12. Role of information management in ERP
5 Process preparation
Implementing ERP typically requires changes in existing business processes. Poor
understanding of needed process changes prior to starting implementation is a main reason
for project failure. The problems could be related to the system, business process,
infrastructure, training, or lack of motivation.
 Linking current processes to the organization's strategy
 Analyzing the effectiveness of each process
 Understanding existing automated solutions

13. Testing
It is hoped that it perform properly, However, some errors always occur. The main purpose
of testing in information system is to find the Errors and correct them. A successful test is
one which finds error.
Classification of Information system Test
1) Unit Test
It is a method by which individual unit of source code are tested to determine if they are fit
for use.
2) Integration testing
It is performed to ensure that the modules combine together correctly to achieve a
product that meet its specification.

14. Types of Integration Testing
a) Big bang integration testing
In big bang integration testing all components or modules is integrated
simultaneously, after which everything is tested as a whole.
b) Top – Down Integration Testing
Testing takes places from top to bottom, following control flow or architectural
structure.
c) Bottom Up
Testing takes place from the bottom of the control flow upwards.
d) Mixed Integration test
It is called sandwiched testing. Top down and bottom up mixed.

15. 4) Validation testing
After integration testing, validation succeeds when software functions expected
by the customer.
Types of Validation Testing
Alpha Testing – Developer Testing
Beta Testing – Customer Test
5) System Testing
In system testing the behavior of whole system /product is tested as defined by
the scope of the development project or product

16. Error detection
Meaning
In networking, error detection refers to the techniques used to detect noise or other
impairments introduced into data while it is transmitted from source to destination.
Error detection ensures reliable delivery of data across vulnerable networks.
Classes of Error Detection Techniques
1) Static Analysis – The analysis of requirements, design, code or other items either
manually or automatically, without executing the subject of the analysis to
determine.
Code walk-through
Code Inspection
2) Dynamic Analysis – Sizing, timing analysis and prototyping.
3) Formal Analysis – It can be used as an error detection technique. (formal
specification language.

17. Error Detection in phases of lifecycle

18. Control
Meaning
Information Systems controls are a set of procedures and technological
measures to ensure secure and efficient operation of information within an
organization. Both general and application controls are used for safeguarding
information systems.
Input – Process - Output

19. Software Audit
Meaning
A software audit is an internal or external review of a software program to check
its quality, progress or adherence to plans, standards and regulations. The process
is conducted by either internal teams or by one or more independent auditors.
Audit Roles and Responsibility
Client – Provides authority to initiate the audit.
Audit Management – Audit plan
Lead Auditor – Responsible for the overall conduct and success.
Auditors – Creating Checklist, interview questions and other audit tools.
Auditee Management – Work with Lead auditor
Auditee – Providing appropriate and accurate answer to the auditors.
Escort - Ensuring that the auditor complies with company rules.

20. User Interface
Meaning
The point of human-computer interaction and communication in a device. This can
include display screens, keyboards, a mouse and the appearance of a desktop. It is also the
way through which a user interacts with an application or a website.
Types of Interfaces
Natural – Language Interface – MS office
Question - Answer Interface – what type and size of vehicle do you need?
Menu Driven interfaces – Menu Option
Form – Fill Interface – Job application Forms
Command - Language Interface - Language based Syntax
Graphical User interfaces

21. Reporting
Types of Reporting
Detail Reporting
Summary Reporting
Exception Reporting

22. Ethics in IT
Meaning
Information technology ethics is the study of the ethical issues arising
out of the use and development of electronic technologies. Its goal is to
identify and formulate answers to questions about the moral basis of
individual responsibilities and actions, as well as the moral underpinnings
of public policy.
Ethical Responsibility of Business Professionals
1) Egoism
2) Natural Law
3) Utilitarianism
4) Respect for persons
5) Ethical Values

23. Important of Business Ethics in IT
Ethical issues related to implementation and use of ICT (Information and
Communication Technology) is important since these issues constitutes the
conditions for human attitudes and values specifying human actions and
behavior, and implying conditions for usefulness and maintenance of such
systems.
Ethical Guidelines
1) Proportionality
2) Informed consent
3) Justice
4) Minimized Risk

24. Difference Between Sniffing and Spoofing
Spoofing in network security involves fooling a computer or network by
using a falsified IP address, redirecting internet traffic at the DNS (Domain
Name System) level, or faking ARP (Address Resolution Protocol) data
within a local access network (LAN).
After all, let us consider the difference between sniffing and spoofing.
Sniffing collects data packets, analyzes network traffic, and sends those
packets to the targeted traffic. Spoofing is the theft of the user’s data. After
that, it distributes malware, and phishing attacks make all sorts of data theft
thanks to this data. Spoofing is when an attacker uses a foreign IP address
and creates a TCP/IP. Sniffing, in turn, the attacker (the program) swindles
between two packet transfer points and deceives the system by pretending
to be one of those points, tracking and thus stealing the data sent between
two points.