Chap 4- Bos Notes
-
Upload
lecturersyaima -
Category
Documents
-
view
230 -
download
0
Transcript of Chap 4- Bos Notes
-
8/15/2019 Chap 4- Bos Notes
1/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
1.0 Information Security and Acuracy
Information security means protecting information and information
systems from unauthorized access, use, disclosure, disruption,
modification or destruction. Information leaked out will cause loss, law
suits or even bankruptcy for business and loss of privacy for individual.
Information Accuracy
Information accuracy today is a concern because many users
access information maintained by other people or companies, such as
on the Internet. For example, the information appear on the Web may
be incorrect and unreliable. Be aware that the company providing
access to the information may not be the creator of the information.
In addition to concerns about the accuracy of computer input,
some individuals and organizations raise uestions about the ethics of
using computers to alter output, primarily graphical output such as
retouched photographs. !sing graphics euipment and software, users
easily can digitize photographs and then add, change, or remove
images.
"ne group that completely opposes any manipulation of an
image is the #ational $ress $hotographers %ssociation. It believes that
allowing even the slightest alteration eventually could lead to
misrepresentative photographs. "thers believe that digital photograph
retouching is acceptable as long as the significant content or meaning of
the photograph does not change. &igital retouching is an area in which
legal precedents so far have not been established.
1.1 Need for Security, Accuracy and Piracy
For over twenty years information security has held that confidentiality,
integrity and availability 'known as the (I% triad) as the core principles
of information security. *he need to protect information to ensure its
confidentiality, integrity, and availability to those whom need it for
1
-
8/15/2019 Chap 4- Bos Notes
2/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
making critical personal, business, or government decisions becomes
more important.
(a) Confidentiality
(onfidentiality is the property of preventing disclosure of information to
unauthorized individuals or systems. For example, a credit card
transaction on the Internet reuires the credit card number to be
transmitted from the buyer to the merchant and from the merchant to a
transaction processing network. *he system attempts to enforce
confidentiality by encrypting the card number during transmission, by
limiting the places where it might appear 'in databases, log files,backups, printed receipts, and so on), and by restricting access to the
places where it is stored. If an unauthorized party obtains the card
number in any way, a breach of confidentiality has occurred.
Breaches of confidentiality take many forms. $ermitting someone to
look over your shoulder at your computer screen while you have
confidential data displayed on it could be a breach of confidentiality. If a
laptop computer containing sensitive information about a company+s
employees is stolen or sold, it could result in a breach of confidentiality.
iving out confidential information over the telephone is a breach of
confidentiality if the caller is not authorized to have the information.
(onfidentiality is necessary 'but not sufficient) for maintaining the
privacy of the people whose personal information a system holds
(b) Integrity
In information security, integrity means that data cannot be modified
without authorization. *his is not the same thing as referential integrity
in databases. Integrity is violated when an employee accidentally or with
malicious intent deletes important data files, when a computer virus
infects a computer, when an employee is able to modify his own salary
in a payroll database, when an unauthorized user vandalizes a web site,
2
-
8/15/2019 Chap 4- Bos Notes
3/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
when someone is able to cast a very large number of votes in an online
poll, and so on.
*here are many ways in which integrity could be violated without
malicious intent. In the simplest case, a user on a system could mis-
type someone+s address. "n a larger scale, if an automated process is
not written and tested correctly, bulk updates to a database could alter
data in an incorrect way, leaving the integrity of the data compromised.
Information security professionals are tasked with finding ways to
implement controls that prevent errors of integrity.
(c) Availability
For any information system to serve its purpose, the information must
be available when it is needed. *his means that the computing systems
used to store and process the information, the security controls used to
protect it, and the communication channels used to access it must be
functioning correctly. igh availability systems aim to remain available at
all times, preventing service disruptions due to power outages,
hardware failures, and system upgrades. /nsuring availability also
involves preventing denial-of-service attacks.
(d) Consumer Privacy
*here has been a growing concern about the increase of reported fraud
and identify theft. (onsumers need to be aware of the threats that could
result in these crimes, and what their role is against them. (onsumersmust also be cautious about giving their information to companies that
do not appear to follow standard security practices to protect
information.
3
-
8/15/2019 Chap 4- Bos Notes
4/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
1. !ec"ni#ues to Secure Information
Aut"entication
•
act of establishing or confirming something 'or someone) asauthentic , that is, that claims made by or about the sub0ect are
true.
$ire%all
• part of a computer system or network that is designed to block
unauthorized access while permitting authorized
communications. It is a device or set of devices configured to
permit, deny, encrypt, decrypt, or proxy all 'in and out) computer
traffic between different security domains based upon a set of
rules and other criteria.
Antivirus soft%are
• used to prevent, detect, and remove malware, including
computer viruses, worms, and tro0an horses. 1uch programs may
also prevent and remove adware, spyware, and other forms of
malware.
&ncry'tion
• process of transforming information 'referred to as plaintext)
using an algorithm 'called cipher) to make it unreadable to
anyone except those possessing special knowledge, usually
referred to as a key.
andatory access control
• type of access control by which the operating system constrains
the ability of a subject or initiator to access or generally perform
some sort of operation on an object or target
4
-
8/15/2019 Chap 4- Bos Notes
5/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
ac*u'
• making copies of data so that these additional copies may be
used to restore the original after a data loss event. *hese
additional copies are typically called 2backups
.0 Sources of Information
$rimary sources vs. secondary sources
Information can be divided into primary and secondary sources.
% 'rimary source of information is a firsthand or eyewitness account
of an event. It is also raw data or facts which were gathered at an
event. *hey are direct sources of information. $rimary sources include
diaries, letters, newspapers articles reported from an event, public
documents, laws, court records, speeches, statistics, 3interviews and4
surveys, logs, 3personal4 0ournals, 3scientific research articles4, etc. %
$rimary 1ource of Information is actual evidence presented without
any analysis or interpretation.
% secondary source of information is something which comes after
the fact. It is literature that analyzes, interprets, relates or evaluates a
primary source or other primary sources. *extbooks, encyclopedias,
dictionaries, any book or article which is an interpretation of events, or
of primary sources are considered secondary sources.
1tatistics
+escri'tive statistics describe some feature's) of the participants
involved in a study. For example, the statistical information generated
from student evaluations of instruction available on-line
'http566oira.tennessee.edu6sais6) are presented as descriptive
statistics. *his kind of statistical information generally takes the form
of means 'averages), percentages or freuencies. 1imply put,
descriptive statistics describe a population 'in this case, the students
enrolled in a particular course) but do not claim to represent the views
5
-
8/15/2019 Chap 4- Bos Notes
6/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
of the entire population 'all students enrolled at the !niversity of
*ennessee).
Inferential statistics differ from descriptive statistics in one very
important aspect. When using this kind of statistic, we seek to take
information from a sample '7,888 registered voters) of a population
'97:,888,888 registered voters) and make inferences or claims about
those same features in the entire population. %s we discussed about
the information derived from descriptive statistics, it is essential that
you make appropriate and ethical use of information derived from
inferential statistics. In particular, use caution about making claims
about a population from a sample of responses. 1tatistics mustrepresent what they claim to measure and they must be from a
reliable source.
Interviews and6or surveys
;ou may choose an expert in the field or someone who has had
experience doing what your speech is about. "r, you may want to
survey a group of people to gather more information. "ne advantageof using this method is that the information gathered from
survey6interview respondents tends not to be available from any other
source. owever, a limitation of this method of gathering supporting
material is that it can be a time-consuming, labor-intensive activity.
1cholarly sources vs. popular sources
Sc"olarly sources of information are generally the most crediblesources of secondary information. *he characteristics of scholarly
sources as defined by /mory
-
8/15/2019 Chap 4- Bos Notes
7/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
>ay include graphs, charts, etc. related to the topic
"ften are peer reviewed by an editorial board or experts
$ublished by a professional organization or society, university,
research center, or scholarly press '1cholarly and popular sources,section 9)
% peer-reviewed source has been sub0ect to a ?blind@ review by other
experts in the field to determine if the manuscript is worthy of
publication. 1ince the material is anonymously reviewed prior to
acceptance for publication, peer-reviewed publications are believed to
be the most reliable sources of information. /xamples of scholarly,
peer-reviewed 0ournals include *he #ew /ngland Aournal of
>edicine, uman (ommunication =esearch, *he %cademy of
>anagement =eview, and *he Aournal of $ersonality and 1ocial
$sychology.
Po'ular sources are written for a more general audience. /mory
-
8/15/2019 Chap 4- Bos Notes
8/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
-
8/15/2019 Chap 4- Bos Notes
9/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
must have the sponsoring organization '>ayo (linic, *he (enters for
&isease (ontrol and $revention, etc.). If neither is present you may
not use the website. It should be a red-flag that the site may not be
credible.
.0 Process of Presenting Information
Collect data
-rganie data
!abulate data
+escribe data
/e'resent data
.1 Presenting information gra'"ically
%s discussed earlier in (hapter 9, there are few ways information can
be delivered. raphical approach also can be used to give a visual
dimension to the data. Following are the few types of graphs.• Bar raphs
Bar charts 6 graphs also display numeric data aslines or bars of
represantative length. 1cales or marked values at the bootom or
side of the graphic convey the meaning of the graph.
9
http://www.blueclaw-db.com/download/barchart_demo.mdbhttp://www.blueclaw-db.com/download/barchart_demo.mdb
-
8/15/2019 Chap 4- Bos Notes
10/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
•
-
8/15/2019 Chap 4- Bos Notes
11/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
• 1catter diagrams
$lot of the paired 'x,y) data with a horizontal x-axis and a vertical
yaxis. *he data are paired in a way that matches each value from
one set with a corresponding value from a second data set
.0 Sim'le Statistical tec"ni#ues
1tatistics is a set of methods that are used to collect, analyze, present,
and interpret data. 1tatistical methods are used in a wide variety of
occupations and help people identify, study, and solve many complex
problems. In the business and economic world, these methods enable
decision makers and managers to make informed and better decisions
about uncertain situations.
ast amounts of statistical information are available in today+s global
and economic environment because of continual improvements in
computer technology. *o compete successfully globally, managers and
decision makers must be able to understand the information and use iteffectively. 1tatistical data analysis provides hands on experience to
11
-
8/15/2019 Chap 4- Bos Notes
12/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
promote the use of statistical thinking and techniues to apply in order
to make educated decisions in the business world.
(omputers play a very important role in statistical data analysis. *he
statistical software package, 1$11, offers extensive data-handling
capabilities and numerous statistical analysis routines that can analyze
small to very large data statistics. *he computer will assist in the
summarization of data, but statistical data analysis focuses on the
interpretation of the output to make inferences and predictions.
"ur primary goal is to use data for predicition and decision making. We
must describe a set of data numerically which will provide us withnecessary tools for statistical inference.
/ange
*he range is the difference between the lowest value and the highest
value5 the maximum minus the minimum. For the data, the maximum is
G.GH: and the minimum is .5
=ange J '>aximum - >inimum) J 'G.GH: - .) J K.9H:
*he range depends only on the extreme values in the data set.
>istakes in data, such as reversing digits 'e.g. :7 for 7:) or omitting
digits 'e.g. 97 for 97) may produce extreme values. % measure of the
spread of data which is not so much affected by extreme values as the
range is to take values :L in from either end, or 96M in from either end.
edian
*he median is a number which is greater than half the data values and
less than the other half. If there are an odd number of values, the
median is the middle one when they are sorted in order of magnitude. If
there are an even number of values, the median is the average of the
two middle values.
12
-
8/15/2019 Chap 4- Bos Notes
13/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
/.g. K, K.H, ., H, :.
%rranged in order of magnitude these are
., :., , K.H, H
median
ode
*he mode is the value or category which occurs most freuently. If
several data values occur with the same maximal freuency, they are all
modes.
/.g. ., :., , , K.H, H, G.G
mode J K
ean
*his is denoted by x 'read as +x bar+) and defined as the arithmetic mean
of all the data values.
x J x9 N x7 N x N ... N xn 6 n
/.g. x J . N :. N K N K.H N H N G.G 6 K
x J K.:
Sim'le Probability
In general, the probability of an event is the number of favorable
outcomes divided by the total number of possible outcomes.
$robabilityJ 'O of favorable outcomes) 6 'O of possible outcomes)
13
-
8/15/2019 Chap 4- Bos Notes
14/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
&2am'le 1
What is the probability that a card drawn at random from a deck of cards
will be an aceP
Solution
In this case there are four favorable outcomes5
'9) the ace of spades
'7) the ace of hearts
') the ace of diamonds
'M) the ace of clubs.
1ince each of the :7 cards in the deck represents a possible outcome,
there are :7 possible outcomes. *herefore, the probability is M6:7 or
969.
3.0 +ata Statistic Analysis
1tudying a problem through the use of statistical data analysis usually
involves four basic steps.
9. &efining the problem
7. (ollecting the data
. %nalyzing the data
M. =eporting the results
Defining the Problem
%n exact definition of the problem is imperative in order to obtain
accurate data about it. It is extremely difficult to gather data without a
clear definition of the problem.
Collecting the Data
14
-
8/15/2019 Chap 4- Bos Notes
15/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
&esigning ways to collect data is an important 0ob in statistical data
analysis. *wo important aspects of a statistical study are5
$opulation - a set of all the elements of interst in a study
1ample E a subset of the population
1tatistical inference is refer to extending your knowledge obtain from a
random sample from a population to the whole population. It is 0ust not
feasible to test the entire population, so a sample is the only realistic
way to obtain data because of the time and cost constraints. &ata can
be either uantitative or ualitative. Qualitative data are labels or names
used to identify an attribute of each element. Quantitative data are
always numeric and indicate either how much or how many.
&ata can be collected from existing sources or obtained through
observation and experimental studies designed to obtain new data. In
an experimental study, the variable of interest is identified. *hen one or
more factors in the study are controlled so that data can be obtained
about how the factors influence the variables. In observational studies,
no attempt is made to control or influence the variables of interest. %
survey is perhaps the most common type of observational study.
%nalyzing the &ata
1tatistical data analysis divides the methods for analyzing data into two
categories5 exploratory methods and confirmatory methods. /xploratory
methods are used to discover what the data seems to be saying by
using simple arithmetic and easy-to-draw pictures to summarize data.
(onfirmatory methods use ideas from probability theory in the attempt
to answer specific uestions. $robability is important in decision making
because it provides a mechanism for measuring, expressing, and
analyzing the uncertainties associated with future events. *he ma0ority
of the topics addressed in this course fall under this heading.
=eporting the =esults
15
-
8/15/2019 Chap 4- Bos Notes
16/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
*hrough inferences, an estimate or test claims about the characteristics
of a population can be obtained from a sample. *he results may be
reported in the form of a table, a graph or a set of percentages.
Because only a small collection 'sample) has been examined and not
an entire population, the reported results must reflect the uncertainty
through the use of probability statements and intervals of values.
*o conclude, a critical aspect of managing any organization is planning
for the future. ood 0udgment, intuition, and an awareness of the state
of the economy may give a manager a rough idea or 2feeling2 of what is
likely to happen in the future. owever, converting that feeling into a
number that can be used effectively is difficult. 1tatistical data analysis
helps managers forecast and predict future aspects of a business
operation. *he most successful managers and decision makers are the
ones who can understand the information and use it effectively.
.0 usiness Information
Business Information is one of the three main segments of the
Information Industry. *he other two segments are 1cientific, *echnical R
>edical '?1*>@) and /ducational R *raining content.
*he primary forms of business information include5
• #ews
• >arket =esearch
• (redit and Financial Information
• (ompany and /xecutive $rofiles
• Industry, (ountry and /conomic %nalysis
• I* =esearch
While Wall 1treetDs thirst for information traditionally drove the business
information market, its use is much more widespread today. In addition
to the financial markets, business information is used heavily for sales
16
-
8/15/2019 Chap 4- Bos Notes
17/17
C
H
O
O
L
O
F
C
O
M
P
U
T
E
R
T
U
D
I
E
Business Organisation SkillChapter 4: Security and Understanding Information MGT !!
and marketing, competitive intelligence, strategic planning, human
resources and many other strategic business functions.
*oday, there are more than 788 providers of business information. While
the Internet has made it easier for business information publishers to
deliver content directly to their users, there remains a strong market for
aggregators of such content which package business information in
ways to meet an industry or customerDs workflow.
4.0 &2ercise
9) What Is SInformation 1ecurityDP7) What are the needs for maintaining information security and
accuracyP
) &escribe the methods use to secure information.
17