The 7 Things I Know About Cyber Security After 25 Years | April 2024
BVRM 402 IMS UNIT V
1. Jagannath Institute of Management Sciences
Vasant Kunj-II, New Delhi - 110070
Subject: Information Management System
Department of Management Studies
Created By: Dr. Nilima Thakur
Dr. Nilima Thakur
3. Dr. Nilima Thakur
Contents
Database Concept
Data Warehousing & Data Mining
Centralised & Distributed processing
Security & External Issues
Control issues in MIS
Security Hazards
Ethical Issues
Technical Solutions for Privacy protection
4. Database concepts
Database : Every organization has information that it must store and manage to
meet its requirements. For example, a corporation must collect and maintain human
resources records for its employees. This information must be available to those
who need it. An information system is a formal system for storing and processing
information.
An information system could be a set of cardboard boxes containing manila folders
along with rules for how to store and retrieve the folders. However, most companies
today use a database to automate their information systems. A database is an
organized collection of information treated as a unit. The purpose of a database is
to collect, store, and retrieve related information for use by database applications.
Dr. Nilima Thakur
5. Dr. Nilima Thakur
What is Data Warehousing?
Data warehousing is the process of constructing and using a data warehouse. A data
warehouse is constructed by integrating data from multiple heterogeneous sources that
support analytical reporting, structured and/or ad hoc queries, and decision making.
Data warehousing involves data cleaning, data integration, and data consolidations.
6. Dr. Nilima Thakur
Data Warehouse Information
There are decision support technologies that help utilize the data available in a data warehouse. These
technologies help executives to use the warehouse quickly and effectively. They can gather data, analyze it, and
take decisions based on the information present in the warehouse. The information gathered in a warehouse can
be used in any of the following domains −
• Tuning Production Strategies − The product strategies can be well tuned by repositioning the products and
managing the product portfolios by comparing the sales quarterly or yearly.
• Customer Analysis − Customer analysis is done by analyzing the customer's buying preferences, buying time,
budget cycles, etc.
• Operations Analysis − Data warehousing also helps in customer relationship management, and making
environmental corrections. The information also allows us to analyze business operations.
7. Dr. Nilima Thakur
Integrating Heterogeneous Databases
To integrate heterogeneous databases, we have two approaches −
● Query-driven Approach
● Update-driven Approach
8. Dr. Nilima Thakur
Query-Driven Approach
This is the traditional approach to integrate heterogeneous databases. This approach was
used to build wrappers and integrators on top of multiple heterogeneous databases. These
integrators are also known as mediators.
Process of Query-Driven Approach
● When a query is issued to a client side, a metadata dictionary translates the query
into an appropriate form for individual heterogeneous sites involved.
● Now these queries are mapped and sent to the local query processor.
● The results from heterogeneous sites are integrated into a global answer set.
Disadvantages
● Query-driven approach needs complex integration and filtering processes.
● This approach is very inefficient.
● It is very expensive for frequent queries.
● This approach is also very expensive for queries that require aggregations.
9. Dr. Nilima Thakur
Update-Driven Approach
This is an alternative to the traditional approach. Today's data warehouse systems follow update-driven approach
rather than the traditional approach discussed earlier. In update-driven approach, the information from multiple
heterogeneous sources are integrated in advance and are stored in a warehouse. This information is available for
direct querying and analysis.
Advantages
This approach has the following advantages −
● This approach provide high performance.
● The data is copied, processed, integrated, annotated, summarized and restructured in semantic data store in
advance.
● Query processing does not require an interface to process data at local sources.
10. Dr. Nilima Thakur
Functions of Data Warehouse Tools and Utilities
The following are the functions of data warehouse tools and utilities −
● Data Extraction − Involves gathering data from multiple heterogeneous sources.
● Data Cleaning − Involves finding and correcting the errors in data.
● Data Transformation − Involves converting the data from legacy format to warehouse format.
● Data Loading − Involves sorting, summarizing, consolidating, checking integrity, and building indices and
partitions.
● Refreshing − Involves updating from data sources to warehouse.
Note − Data cleaning and data transformation are important steps in improving the quality of data and data mining
results.
11. A data warehouse is never static; it evolves as the business expands. As the business
evolves, its requirements keep changing and therefore a data warehouse must be
designed to ride with these changes. Hence a data warehouse system needs to be
flexible.
Ideally there should be a delivery process to deliver a data warehouse. However data
warehouse projects normally suffer from various issues that make it difficult to complete
tasks and deliverables in the strict and ordered fashion demanded by the waterfall
method. Most of the times, the requirements are not understood completely. The
architectures, designs, and build components can be completed only after gathering
and studying all the requirements.
Dr. Nilima Thakur
12. Data Mining is a process used by organizations to extract specific data from huge databases to
solve business problems. It primarily turns raw data into useful information.
Data Mining is similar to Data Science carried out by a person, in a specific situation, on a
particular data set, with an objective.
This process includes various types of services such as text mining, web mining, audio and video
mining, pictorial data mining, and social media mining.
It is done through software that is simple or highly specific. By outsourcing data mining, all the
work can be done faster with low operation costs. Specialized firms can also use new technologies
to collect data that is impossible to locate manually. There are tonnes of information available on
various platforms, but very little knowledge is accessible.
The biggest challenge is to analyze the data to extract important information that can be used to
solve a problem or for company development. There are many powerful instruments and
techniques available to mine data and find better insight from it.
Database---> Information base---> Knowledge base(Commercialise towards demand creation and
generate earnings.
Dr. Nilima Thakur
13. What is Data Mining?
The process of extracting information to identify patterns, trends, and useful data that
would allow the business to take the data-driven decision from huge sets of data is
called Data Mining.
In other words, we can say that Data Mining is the process of investigating hidden
patterns of information to various perspectives for categorization into useful data, which
is collected and assembled in particular areas such as data warehouses, efficient
analysis, data mining algorithm, helping decision making and other data requirement to
eventually cost-cutting and generating revenue.
Data mining is the act of automatically searching for large stores of information to find
trends and patterns that go beyond simple analysis procedures. Data mining utilizes
complex mathematical algorithms for data segments and evaluates the probability of
future events. Data Mining is also called Knowledge Discovery of Data (KDD).
Dr. Nilima Thakur
14. Types of Data Mining
Data mining can be performed on the following types of data:
1. Relational Database:
A relational database is a collection of multiple data sets formally organized by tables,
records, and columns from which data can be accessed in various ways without having
to recognize the database tables. Tables convey and share information, which facilitates
data searchability, reporting, and organization.E.g SQL, Oracle 9i,Fox Pro
1. Data warehouses:
A Data Warehouse is the technology that collects the data from various sources within
the organization to provide meaningful business insights. The huge amount of data
comes from multiple places such as Marketing and Finance. The extracted data is
utilized for analytical purposes and helps in decision- making for a business
organization. The data warehouse is designed for the analysis of data rather than
transaction processing.
Dr. Nilima Thakur
15. Data Repositories:
The Data Repository generally refers to a destination for data storage. However, many IT
professionals utilize the term more clearly to refer to a specific kind of setup within an IT
structure. For example, a group of databases, where an organization has kept various kinds
of information.
Object-Relational Database:
A combination of an object-oriented database model and relational database model is called
an object-relational model. It supports Classes, Objects, Inheritance, etc.
One of the primary objectives of the Object-relational data model is to close the gap
between the Relational database and the object-oriented model practices frequently utilized
in many programming languages, for example, C++, Java, C#, and so on.
Transactional Database:
A transactional database refers to a database management system (DBMS) that has the
potential to undo a database transaction if it is not performed appropriately. Even though
this was a unique capability a very long while back, today, most of the relational database
Dr. Nilima Thakur
16. Advantages of Data Mining
● The Data Mining technique enables organizations to obtain knowledge-based data.
● Data mining enables organizations to make lucrative modifications in operation and
production.
● Compared with other statistical data applications, data mining is a cost-efficient.
● Data Mining helps the decision-making process of an organization.
● It Facilitates the automated discovery of hidden patterns as well as the prediction of
trends and behaviors.
● It can be induced in the new system as well as the existing platforms.
● It is a quick process that makes it easy for new users to analyze enormous amounts of
data in a short time.
Dr. Nilima Thakur
17. Disadvantages of Data Mining
● There is a probability that the organizations may sell useful data of customers
to other organizations for money. As per the report, American Express has
sold credit card purchases of their customers to other organizations.
● Many data mining analytics software is difficult to operate and needs advance
training to work on.
● Different data mining instruments operate in distinct ways due to the different
algorithms used in their design. Therefore, the selection of the right data
mining tools is a very challenging task.
● The data mining techniques are not precise, so that it may lead to severe
consequences in certain conditions.
Dr. Nilima Thakur
18. Data Mining Applications
Data Mining is primarily used by
organizations with intense consumer
demands- Retail, Communication,
Financial, marketing company, determine
price, consumer preferences, product
positioning, and impact on sales, customer
satisfaction, and corporate profits. Data
mining enables a retailer to use point-of-
sale records of customer purchases to
develop products and promotions that help
the organization to attract the customer.
Dr. Nilima Thakur
19. Centralised & Distributed data Processing
CENTRALIZED: If someone has access to the server with the information, any data can
be added, modified and deleted.
DISTRIBUTED: All data is distributed between the nodes of the network. If something
is added, edited or deleted in any computer, it will be reflected in all the computers in
the network.
Dr. Nilima Thakur
20. Distributed Data Processing –
in this method the computing-processing ability is distributed across different locations
by multiple computers. This is in contrast to a system where one server manages all
other connected systems. One example is the use of Remote Procedure Call (RPC),
this is a procedure that will execute another address space on another computer on
the network.
Centralized Data Processing –
this is when processing is performed on one computer or in a cluster of computers in
a single location. This is the process when one server manages all other services on
the network. This involves the use of what are known as “dumb terminals”, which
sends or receives input and output only; all processing is done on the central
computer.
Dr. Nilima Thakur
21. Security & External Issues in MIS
As computers and other digital devices have become essential to business and
commerce, they have also increasingly become a target for attacks. In order for a
company or an individual to use a computing device with confidence, they must first
be assured that the device is not compromised in any way and that all communications
will be secure.
The fundamental concepts of information systems security
Measures that can be taken to mitigate security threats.
focusing on how organizations can stay secure.
Several different measures that a company can take to improve security .
Reviewing security precautions that individuals can take in order to secure their
personal computing environment.
Dr. Nilima Thakur
23. Confidentiality
When protecting information, we want to be able to restrict access to those who are allowed to see it;
everyone else should be disallowed from learning anything about its contents. This is the essence of
confidentiality. For example, federal law requires that universities restrict access to private student
information. The university must be sure that only those who are authorized have access to view the grade
records.
Dr. Nilima Thakur
24. Integrity
Integrity is the assurance that the information being accessed has not been altered and
truly represents what is intended. Just as a person with integrity means what he or she
says and can be trusted to consistently represent the truth, information integrity means
information truly represents its intended meaning. Information can lose its integrity
through malicious intent, such as when someone who is not authorized makes a change to
intentionally misrepresent something. An example of this would be when a hacker is
hired to go into the university’s system and change a grade.
Integrity can also be lost unintentionally, such as when a computer power surge corrupts
a file or someone authorized to make a change accidentally deletes a file or enters
incorrect information.
Dr. Nilima Thakur
25. Availability
Information availability is the third part of the CIA triad. Availability means that information can be
accessed and modified by anyone authorized to do so in an appropriate timeframe. Depending on the type
of information, appropriate timeframe can mean different things. For example, a stock trader needs
information to be available immediately, while a sales person may be happy to get sales numbers for the
day in a report the next morning. Companies such as Amazon.com will require their servers to be
available twenty-four hours a day, seven days a week. Other companies may not suffer if their web servers
are down for a few minutes once in a while.
Dr. Nilima Thakur
26. Tools for Information Security
In order to ensure the confidentiality, integrity, and availability of information, organizations
can choose from a variety of tools. Each of these tools can be utilized as part of an overall
information-security policy, as a technical solution for privacy protection.
Authentication
The most common way to identify someone is through their physical appearance, but how do
we identify someone sitting behind a computer screen or at the ATM? Tools for
authentication are used to ensure that the person accessing the information is, indeed, who
Dr. Nilima Thakur
27. Access Control
Once a user has been authenticated, the next step is to ensure that they can only access the information resources
that are appropriate. This is done through the use of access control. Access control determines which users are
authorized to read, modify, add, and/or delete information. Several different access control models exist. Here we
will discuss two: the access control list (ACL) and role-based access control (RBAC).
For each information resource that an organization wishes to manage, a list of users who have the ability to take
specific actions can be created. This is an access control list, or ACL. For each user, specific capabilities are
assigned, such as read, write, delete, or add. Only users with those capabilities are allowed to perform those
functions. If a user is not on the list, they have no ability to even know that the information resource exists.
Dr. Nilima Thakur
28. Encryption
Many times, an organization needs to transmit information over the Internet or transfer it on
external media such as a CD or flash drive. In these cases, even with proper authentication and
access control, it is possible for an unauthorized person to get access to the data.
Encryption is a process of encoding data upon its transmission or storage so that only authorized
individuals can read it.
This encoding is accomplished by a computer program, which encodes the plain text that needs to
be transmitted; then the recipient receives the cipher text and decodes it (decryption). In order for
this to work, the sender and receiver need to agree on the method of encoding so that both parties
can communicate properly. Both parties share the encryption key, enabling them to encode and
decode each other’s messages. This is called symmetric key encryption. This type of encryption is
Dr. Nilima Thakur
29. Sidebar: Password Security
So why is using just a simple user ID/password not considered a secure method of authentication? It turns out that
this single-factor authentication is extremely easy to compromise. Good password policies must be put in place in
order to ensure that passwords cannot be compromised. Below are some of the more common policies that
organizations should put in place.
1. Require Passwords
2. Change Passwords regularly
3. Train not share Password
Dr. Nilima Thakur
30. Backups
Another essential tool for information security is a comprehensive backup plan for the entire
organization. Not only should the data on the corporate servers be backed up, but individual computers
used throughout the organization should also be backed up. A good backup plan should consist of several
components.
Dr. Nilima Thakur
31. BACKUP-PLAN
A full understanding of the organizational information resources. What information
does the organization actually have? Where is it stored? Some data may be stored on
the organization’s servers, other data on users’ hard drives, some in the cloud, and
some on third-party sites.
Regular backups of all data. The frequency of backups should be based on how
important the data is to the company, combined with the ability of the company to
replace any data that is lost.
Offsite storage of backup data sets.
Test of data restoration.
Universal Power Supply (UPS).
Alternate, or “hot” sites.
Dr. Nilima Thakur