2. Information Systems (IS)
An information system(IS) is typically considered to be a set of
interrelated elements or components that
collect(input), manipulate(processes), and disseminate (output)
data and information and provide a feedback mechanism to meet
an objective.
Information Systems Security
It refers to the policies, procedures, and technical measures
adopted to prevent potential threats to IS resources.
3. IS Security Threats
A threat to an information resource is any danger
to which a system may be exposed.
•
•
•
•
•
•
Human errors or failures
Manipulation of data/systems
Theft of data/system
Destruction from virus
Technical; failure/errors of systems
Natural disasters like
flood, fire, earthquake, etc
4. 1. Human Errors or Failures
Unintentional errors
Entry of wrong data
Accidental deletion
Modification of data
Storage of data in unprotected areas like desktop, website, trash bin
Disclosing of confidential data
These errors may happen because of;
Lack of experience
Improper training
5. 2. Manipulation of data/systems
This category of threats happens because of Deliberate
acts to harm the data or IS of an organization.
An unauthorized individual gains an access to the
private/confidential or important data of an organization.
Intentionally do some wrong acts like delete, corrupt or
steal the data.
6. 3. Theft of data/systems
It is a deliberate attempt of some person to steal the
important data of an organization.
Thieves may steal physical items like entire pc, circuit
boards & memory chips, the theft of electronic data pose
a greater challenge.
Telecommunication networks are highly misused by
computer experts.
The person who intercepts the communication lines to
steal data without the knowledge of the owner of the
data is known as hacker.
7. 4. Destruction from virus
Deliberate software attack
This kind of attack happens when a person or a group write
software to attack data or IS of and organization with the
purpose to damage, destroy, or deny service to the target
systems.
The programme which is written with an intent to attack
data or IS is known as malicious code or malicious
software or malware.
Eg: viruses and worms, Trojan horses, logic-bombs etc.
8. The computer viruses are the secret instructions inserted into
programs or data that run during ordinary tasks. The secret
instructions may destroy or alter data as well as spread within or
between computer systems.
Worms refers to a program which replicates itself constantly
and penetrates a valid computer system.
Trojan horses refers to illegal programs contained within
another useful or beneficial program, that hide their true nature
or sleeps until some specific event occurs hen triggers the
illegal program becomes infected which is not known to
the user. Many viruses can be hidden in Trojan horses,
but Trojan horses do no have the ability to replicate
themselves.
9. Logic bombs or time bomb is a kind of programme that executes
when certain conditions are met. It is similar to Trojan horse in its
ability to damage data but it activates at a particular time.
10. 5. Technical failure/ errors of systems
Manufacturing defects in the hardware or the hidden faults in the
software.
Unique combinations of certain software and hardware may give
new errors.
Technological obsolescence.
11. 6. Natural disasters
Not because of unintentional or deliberate acts.
Threats include fire, flood, earthquake, lightning etc.