UNIT-4

Information Systems and its Importance

An information system is a combination of software, hardware,

and telecommunication networks to collect useful data,
especially in an organization. Many businesses use information
technology to complete and manage their operations, interact
with their consumers, and stay ahead of their competition.
What is an information system?
An information system (IS) is an interconnected set of components used to
collect, store, process and transmit data and digital information. At its core, it is
a collection of hardware, software, data, people and processes that work
together to transform raw data into useful information. An IS supports a variety
of business objectives such as improved customer service or increased
efficiency.
People often use the term "information system" interchangeably with
"computer system," but these systems are not the same. While computer
systems are part of an IS, they do not encompass all the components and
processes that make up an IS, such as people and processes. "Information
technology" (IT) is another similar term, but IT focuses on the technical aspects
of the hardware and software that support enterprise computing. An IS, on the
other hand, focuses on how people use IT and data to manage and make
decisions within an organization.
What is the importance of Information systems?
In conclusion, having systems in place is an important
aspect of running a successful organization. Systems can
help to streamline processes, improve quality, increase
accountability, enhance decision-making, improve
communication, increase adaptability, and ensure
compliance.
In addition to decision-making, IS supports knowledge
management and communication. IT allows data sharing to
take place between different departments, providing
consistent data for analysis by a variety of teams. An IS
supports various business functions such as accounting,
finance, marketing, human resources, operations and supply
chain management. It can also enable new business models
and opportunities, such as e-commerce, social media and
artificial intelligence (AI).
Types of information systems
Businesses can optimize their operations with five types of IS.
Management information systems (MIS) are computerized systems that collect, store,
process and present data to support management decision-making. For example, an MIS in a
hospital may collect data on patient admissions, treatments and outcomes to help its
administrators make decisions about resource allocation and process improvements.
Knowledge work systems (KWS) are computer-based systems that support knowledge
workers, such as researchers, analysts and consultants, by helping them create reports and
presentations. For example, a KWS used by a marketing team may help create marketing
materials, analyze customer data and track marketing campaigns.
Decision support systems (DSS) and business intelligence (BI) provide users with the
ability to explore and analyze data to gain insights into business performance. For example, a
system used by a retail chain may collect and analyze data on customer demographics,
buying behavior and sales performance to guide changes in inventory management and
marketing campaigns.
Transaction processing systems (TPS) support operational processes that produce and
consume data. For example, a TPS used by a bank may process customer transactions,
such as deposits and withdrawals, and maintain account balances.
Executive information systems (EIS), a type of DSS, provide senior executives with access to high-level
information about the organization. EIS provides executives with real-time information and analytical
tools to support strategic decision-making. For example, an EIS intended for a CEO may provide
information on the company's financial performance, market trends and competitive landscape.

Managing information systems

Effective management and maintenance of an IS requires a deep understanding of the system's
capabilities, as well as the needs and requirements of the users who rely on it. Professionals working
in IS must become experts in the existing system and adapt to changing technologies and business
needs. In order to run the system effectively, they must understand the disciplines included in
managing the IS, and often hire specialists for each area.
System security
Security is critical for an IS because it is vulnerable to threats such as hacking, viruses, malware and
unauthorized access. IS administrators must implement and maintain a wide range of tools and
measures, including access control, firewalls, intrusion detection and prevention systems, antivirus
software and data encryption. They must also make sure they apply security patches and updates
promptly to fix any vulnerabilities in the system. Regular security audits and vulnerability assessments
should also be conducted to identify and mitigate any potential security risks.
ROLE OF SECURITY IN INTERNET AND WEB-SERVICES
Activities on the Internet includes:
1. Online shopping
2. Bank Transactions
and many more.
Security for websites includes mainly 2 things:
1. Authentication: – It refers to the process of recognizing the
identity of the user
2. Authorization: – It refers to the process of providing access to
various resources – database, printers, etc)
Web Service –
1. Allows a website to communicate with other websites – irrespective of the programming
languages used.
2. Web-Services can be accessed by any applications because the web-services complies with the
common industry standards such as: –
1. Simple Object Access Protocols (SOAP)
2. Web Services Description Language (WSDL)
3. A Web-Services does not have a UI – it only contains the logic for providing specific services to its
customers.
4. A Web-Service provides an abstraction between the customer (client) & the provider of the web-
services.
5. Web-Services overcome the difficulties as they can be shared among multiple websites without
the need to install them on each individual client machine.
Advantages of Web-Services: –
1. Web-Services are simple to use
2. Web-Services are loosely coupled
3. Web-Services do not carry any state information with them – thus enabling multiple requests to
be processed simultaneously.
Securing Web-Services
Web-Service requests & responses are sent as XML documents (Text-format).
Preventing access / modifications by the unauthorized in the following ways: –
a) Using Encryption & Message-Based Security: – Encryption is the process of
scrambling the text that your web-service contains so that only the intended user
is able to decrypt (or understands) – convert the encrypted data back into its
original form – with the help of the keys.
Message-Based Security allows you to send encrypted Messages to anyone
without worrying about the decryption of the messages by a Malicious user.
It can be easily detected that any modifications had been made in the message
(or not) – because the Signature (private-key) attached to the message becomes
invalid.
b) Using Authentication & Access control for Web-Services: – Authentication is
the process of validating a user against the user-credentials provided by the user.
What are the 3 Principles of Information Security?
The basic tenets of information security are confidentiality, integrity and
availability. Every element of the information security program must be designed
to implement one or more of these principles.
Information security is the process of securing data from unauthorized access,
usage, interruption, modification, or deletion. The core principles of information
security are: Confidentiality, Integrity, Availability.
Together, these three principles are known as the CIA triad.
Other principles of information security include:
•Non-repudiation
•Accountability
•Authenticity
•Risk management
•Data classification
•Business continuity (BC) and disaster recovery (DR)
•Change management
Confidentiality
Confidentiality aims at protecting information from unofficial broadcasting and
unauthorized access to people. The goal here is to keep sensitive data confidential
and guarantee its access by authorized individuals with relevant rights.
Cryptography is used to maintain confidentiality.
Integrity
Data integrity aims to maintain the information’s consistency, accuracy, and
authenticity. Also, it seeks to continuously safeguard data from being altered.
Availability
The third principle reflects the ease, through which authorized individuals can easily
read the data with minimum interruptions. The main purpose of availability is to
provide data, technological infrastructure, and applications when the organization
needs them.
Data stored on the cloud is an example of availability. Herein authorized individuals
can easily access data from any device connected to the system.
Together these three InfoSec principals coordinate with one another to offer
stability and effectiveness in an organization.
What are the Different Classifications of Information Security?
There are different categories of information security used depending on the type of information to be
protected.
The most used are as follows:
Application Security
Application security aims at protecting applications and different application programming interfaces (APIs).
These security strategies help identify and stop bugs and different intrusions in the applications.
Application security includes documentation, approval, encoding, and monitoring of application security.
Companies also use coding methods to reduce vulnerabilities, scanners for the detection of unknown
vulnerabilities, and a web application firewall to protect shared applications from different types of attacks.
Infrastructure Security
In an infrastructure where one element is connected to another, there is an elevated risk of vulnerabilities across
the systems. So, if one part of the infrastructure is infected, there is a high risk for all other dependent
components.
Here, infrastructure security plays a significant role in lowering the percentage of damage from cybercrimes,
natural calamities, and other malfunctions. Infrastructure security aims at protecting infrastructure components:
client appliances, mobile appliances, servers, and data centers network. Infrastructure security further points
towards reducing the reliance on components while allowing them to intercommunicate.
Cryptography
In cryptography, data or information is encrypted to safeguard the information. Herein codes are applied to
protect specific information from cyber risk. Encrypted data is only available to authorized users with the
correct encryption key.
Different encryption algorithms and technologies are used to encrypt confidential information while storing
and transmitting.

Vulnerability Management
The main idea behind vulnerability management is to locate and fix vulnerabilities before the data or
information is exploited. It primarily aims to decrease the inherent threats in an application or system. The
lesser the vulnerability in a system, the more protected the data and other important resources are.
Cloud Security
Cloud security work similarly to infrastructure security, focusing more on cloud computing, cloud-connected
elements, and data. It mainly aims at protecting vulnerabilities coming from online shared environments.
Incident Response
The incident response aims to reduce the harm in the systems due to cyber-attacks, system failures, human
errors, or natural disasters. This is done by determining, analyzing, and responding to different threats by
applying a set of tools and procedures.