2. Abdisalam Issa-Salwe, Thames Valley University
2
Topic list
Security
Physical threats
Physical access control
Building controls into an information
system
3. Abdisalam Issa-Salwe, Thames Valley University
3
Security
Security in information management
context means the protection of data
from accidental or deliberate threats
which might cause unauthorised
modification, disclosure or destruction
of data, and the protection of the
information system from the
degradation or non-availability of
services
4. Abdisalam Issa-Salwe, Thames Valley University
4
Physical threats
Fire
Water
Weather
Lighting
Terrorist activity
Accidental damage
5. Abdisalam Issa-Salwe, Thames Valley University
5
Physical access control
Personal identification numbers (PINs)
Door locks
Card entry systems
Computer theft
6. Abdisalam Issa-Salwe, Thames Valley University
6
Building control into an information system
Control can be classified into:
Security control:
about protection of data from accidental or
deliberate threats
Integrity control:
in the context of security is preserved when data
is the same as in source documents and has not
been accidentally or intentionally altered,
destroyed or disclosed
System integrity: operating conforming to the
design specification despite attempts (deliberate
or accidental) to make it have incorrectly.
Contingency controls:
It is an unscheduled interruption of computing
services that requires measures outside the day-
to-day routing operating procedures
7. Abdisalam Issa-Salwe, Thames Valley University
7
Building control into an information system (cont)…
Data will maintain its integrity if it
is complete and not corrupt. This
means that:
The original input of the data
must be controlled
Any processing and storage
should be set up so that they are
complete and correct
8. Abdisalam Issa-Salwe, Thames Valley University
8
Building control into an information system (cont)…
Input control should ensure the
accuracy, completeness and validity:
Data verification involves ensuring data
entered matches source documents
Data validating involves ensuring that
data entered is not incomplete or
unreasonable. Various checks:
Check digits
Control totals
Hash totals
Range checks
Limit checks
9. Abdisalam Issa-Salwe, Thames Valley University
9
Privacy and data protection
Privacy:
The right of the individual to control the
use of information about him or her,
including information on financial status,
health and lifestyle (I.e. prevent
unauthorised disclosure).
10. Abdisalam Issa-Salwe, Thames Valley University
10
Data protection principles
Personal data is information about a
living individual, including expression
of opinion about him or her. Data
about organisation is not personal data
Data users are organisation or
individuals who control personal data
and the use of personal data
A data subject is an individual who is
the subject of personal data
11. Abdisalam Issa-Salwe, Thames Valley University
11
Internet security issue
Establishing organisation links to the
Internet brings numerous security
dangers
Corruptions such as viruses on a single
computer can spread through the network
to all the organisation's computer
Hacking: involves attempting to gain
unauthorised access to a computer system
12. Abdisalam Issa-Salwe, Thames Valley University
12
Type of virus/program
File virus: Files viruses infect program files
Boot sector or ‘stealth’ virus: the book
sector is the part of every hard disk and
diskette. The stealth virus hides from virus
detection programs by hiding themselves
in boot records or files.
Trojan: it is a small program that performs
unexpected function. It hides itself inside a
‘valid’ program.
Logic bomb: a logic bomb is a program
that is executed when a specific act is
performed.
13. Abdisalam Issa-Salwe, Thames Valley University
13
Type of virus/program (cont…)
Time bomb: a time bomb is a program
that is activated at a certain time or
data, such as Friday the 13th or April
1st
Worm: it is a type of virus that can
replicate (copy) itself and use
memory, but cannot attach itself to
other programs
Droppers: it is a program that installs
a virus while performing another
function
14. Abdisalam Issa-Salwe, Thames Valley University
14
Type of virus/program (cont…)
Macro virus: it is a piece of self-
replicating cod written in an
application’s ‘macro’ language.
Example, Melissa was a well publicised
macro virus
15. Abdisalam Issa-Salwe, Thames Valley University
15
Information systems and accountants
Accountants track companies’
expenses, as well as prepare, analyze
and verify financial documents. They
look for ways to run businesses more
efficiently, keep public records and
make sure taxes are paid properly.
Public accountants perform audits and
prepare taxes for corporations,
government agencies, nonprofits and
individuals.
16. Abdisalam Issa-Salwe, Thames Valley University
16
Information systems and accountants (cont…)
Management accountants are members of
the executive team who record and analyze
information about budgets, costs and assets.
Their work may support strategic planning or
product development. They may also write
financial reports for stockholders, creditors
or government agencies.
Government accountants and auditors
maintain and examine government records,
or they audit private businesses or
individuals on the government's behalf.
Internal auditors are fiscal police officers.
They verify the accuracy of an organization's
financial records and look for waste,
mismanagement and fraud.