Chap 4- Bos Notes

8/15/2019 Chap 4- Bos Notes

1/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E

Business Organisation SkillChapter 4: Security and Understanding Information MGT !!

1.0 Information Security and Acuracy

Information security means protecting information and information

systems from unauthorized access, use, disclosure, disruption,

modification or destruction. Information leaked out will cause loss, law

suits or even bankruptcy for business and loss of privacy for individual.

Information Accuracy

Information accuracy today is a concern because many users

access information maintained by other people or companies, such as

on the Internet. For example, the information appear on the Web may

be incorrect and unreliable. Be aware that the company providing

access to the information may not be the creator of the information.

In addition to concerns about the accuracy of computer input,

some individuals and organizations raise uestions about the ethics of

using computers to alter output, primarily graphical output such as

retouched photographs. !sing graphics euipment and software, users

easily can digitize photographs and then add, change, or remove

images.

"ne group that completely opposes any manipulation of an

image is the #ational $ress $hotographers %ssociation. It believes that

allowing even the slightest alteration eventually could lead to

misrepresentative photographs. "thers believe that digital photograph

retouching is acceptable as long as the significant content or meaning of

the photograph does not change. &igital retouching is an area in which

legal precedents so far have not been established.

1.1 Need for Security, Accuracy and Piracy

For over twenty years information security has held that confidentiality,

integrity and availability 'known as the (I% triad) as the core principles

of information security. *he need to protect information to ensure its

confidentiality, integrity, and availability to those whom need it for

1


2/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E


making critical personal, business, or government decisions becomes

more important.

(a) Confidentiality

(onfidentiality is the property of preventing disclosure of information to

unauthorized individuals or systems. For example, a credit card

transaction on the Internet reuires the credit card number to be

transmitted from the buyer to the merchant and from the merchant to a

transaction processing network. *he system attempts to enforce

confidentiality by encrypting the card number during transmission, by

limiting the places where it might appear 'in databases, log files,backups, printed receipts, and so on), and by restricting access to the

places where it is stored. If an unauthorized party obtains the card

number in any way, a breach of confidentiality has occurred.

Breaches of confidentiality take many forms. $ermitting someone to

look over your shoulder at your computer screen while you have

confidential data displayed on it could be a breach of confidentiality. If a

laptop computer containing sensitive information about a company+s

employees is stolen or sold, it could result in a breach of confidentiality.

iving out confidential information over the telephone is a breach of

confidentiality if the caller is not authorized to have the information.

(onfidentiality is necessary 'but not sufficient) for maintaining the

privacy of the people whose personal information a system holds

(b) Integrity

In information security, integrity means that data cannot be modified

without authorization. *his is not the same thing as referential integrity

in databases. Integrity is violated when an employee accidentally or with

malicious intent deletes important data files, when a computer virus

infects a computer, when an employee is able to modify his own salary

in a payroll database, when an unauthorized user vandalizes a web site,

2


3/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E


when someone is able to cast a very large number of votes in an online

poll, and so on.

*here are many ways in which integrity could be violated without

malicious intent. In the simplest case, a user on a system could mis-

type someone+s address. "n a larger scale, if an automated process is

not written and tested correctly, bulk updates to a database could alter

data in an incorrect way, leaving the integrity of the data compromised.

Information security professionals are tasked with finding ways to

implement controls that prevent errors of integrity.

(c) Availability

For any information system to serve its purpose, the information must

be available when it is needed. *his means that the computing systems

used to store and process the information, the security controls used to

protect it, and the communication channels used to access it must be

functioning correctly. igh availability systems aim to remain available at

all times, preventing service disruptions due to power outages,

hardware failures, and system upgrades. /nsuring availability also

involves preventing denial-of-service attacks.

(d) Consumer Privacy

*here has been a growing concern about the increase of reported fraud

and identify theft. (onsumers need to be aware of the threats that could

result in these crimes, and what their role is against them. (onsumersmust also be cautious about giving their information to companies that

do not appear to follow standard security practices to protect

information.

3


4/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E


1. !ec"ni#ues to Secure Information

Aut"entication

•

act of establishing or confirming something 'or someone) asauthentic , that is, that claims made by or about the sub0ect are

true.

$ire%all

• part of a computer system or network that is designed to block

unauthorized access while permitting authorized

communications. It is a device or set of devices configured to

permit, deny, encrypt, decrypt, or proxy all 'in and out) computer

traffic between different security domains based upon a set of

rules and other criteria.

Antivirus soft%are

• used to prevent, detect, and remove malware, including

computer viruses, worms, and tro0an horses. 1uch programs may

also prevent and remove adware, spyware, and other forms of

malware.

&ncry'tion

• process of transforming information 'referred to as plaintext)

using an algorithm 'called cipher) to make it unreadable to

anyone except those possessing special knowledge, usually

referred to as a key.

andatory access control

• type of access control by which the operating system constrains

the ability of a subject or initiator to access or generally perform

some sort of operation on an object or target

4


5/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E


ac*u'

• making copies of data so that these additional copies may be

used to restore the original after a data loss event. *hese

additional copies are typically called 2backups

.0 Sources of Information

$rimary sources vs. secondary sources

Information can be divided into primary and secondary sources.

% 'rimary source of information is a firsthand or eyewitness account

of an event. It is also raw data or facts which were gathered at an

event. *hey are direct sources of information. $rimary sources include

diaries, letters, newspapers articles reported from an event, public

documents, laws, court records, speeches, statistics, 3interviews and4

surveys, logs, 3personal4 0ournals, 3scientific research articles4, etc. %

$rimary 1ource of Information is actual evidence presented without

any analysis or interpretation.

% secondary source of information is something which comes after

the fact. It is literature that analyzes, interprets, relates or evaluates a

primary source or other primary sources. *extbooks, encyclopedias,

dictionaries, any book or article which is an interpretation of events, or

of primary sources are considered secondary sources.

1tatistics

+escri'tive statistics describe some feature's) of the participants

involved in a study. For example, the statistical information generated

from student evaluations of instruction available on-line

'http566oira.tennessee.edu6sais6) are presented as descriptive

statistics. *his kind of statistical information generally takes the form

of means 'averages), percentages or freuencies. 1imply put,

descriptive statistics describe a population 'in this case, the students

enrolled in a particular course) but do not claim to represent the views

5


6/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E


of the entire population 'all students enrolled at the !niversity of

*ennessee).

Inferential statistics differ from descriptive statistics in one very

important aspect. When using this kind of statistic, we seek to take

information from a sample '7,888 registered voters) of a population

'97:,888,888 registered voters) and make inferences or claims about

those same features in the entire population. %s we discussed about

the information derived from descriptive statistics, it is essential that

you make appropriate and ethical use of information derived from

inferential statistics. In particular, use caution about making claims

about a population from a sample of responses. 1tatistics mustrepresent what they claim to measure and they must be from a

reliable source.

Interviews and6or surveys

;ou may choose an expert in the field or someone who has had

experience doing what your speech is about. "r, you may want to

survey a group of people to gather more information. "ne advantageof using this method is that the information gathered from

survey6interview respondents tends not to be available from any other

source. owever, a limitation of this method of gathering supporting

material is that it can be a time-consuming, labor-intensive activity.

1cholarly sources vs. popular sources

Sc"olarly sources of information are generally the most crediblesources of secondary information. *he characteristics of scholarly

sources as defined by /mory


7/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E


>ay include graphs, charts, etc. related to the topic

"ften are peer reviewed by an editorial board or experts

$ublished by a professional organization or society, university,

research center, or scholarly press '1cholarly and popular sources,section 9)

% peer-reviewed source has been sub0ect to a ?blind@ review by other

experts in the field to determine if the manuscript is worthy of

publication. 1ince the material is anonymously reviewed prior to

acceptance for publication, peer-reviewed publications are believed to

be the most reliable sources of information. /xamples of scholarly,

peer-reviewed 0ournals include *he #ew /ngland Aournal of

>edicine, uman (ommunication =esearch, *he %cademy of

>anagement =eview, and *he Aournal of $ersonality and 1ocial

$sychology.

Po'ular sources are written for a more general audience. /mory


8/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E



9/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E


must have the sponsoring organization '>ayo (linic, *he (enters for

&isease (ontrol and $revention, etc.). If neither is present you may

not use the website. It should be a red-flag that the site may not be

credible.

.0 Process of Presenting Information

Collect data

-rganie data

!abulate data

+escribe data

/e'resent data

.1 Presenting information gra'"ically

%s discussed earlier in (hapter 9, there are few ways information can

be delivered. raphical approach also can be used to give a visual

dimension to the data. Following are the few types of graphs.• Bar raphs

Bar charts 6 graphs also display numeric data aslines or bars of

represantative length. 1cales or marked values at the bootom or

side of the graphic convey the meaning of the graph.

9

http://www.blueclaw-db.com/download/barchart_demo.mdbhttp://www.blueclaw-db.com/download/barchart_demo.mdb


10/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E


•


11/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E


• 1catter diagrams

$lot of the paired 'x,y) data with a horizontal x-axis and a vertical

yaxis. *he data are paired in a way that matches each value from

one set with a corresponding value from a second data set

.0 Sim'le Statistical tec"ni#ues

1tatistics is a set of methods that are used to collect, analyze, present,

and interpret data. 1tatistical methods are used in a wide variety of

occupations and help people identify, study, and solve many complex

problems. In the business and economic world, these methods enable

decision makers and managers to make informed and better decisions

about uncertain situations.

ast amounts of statistical information are available in today+s global

and economic environment because of continual improvements in

computer technology. *o compete successfully globally, managers and

decision makers must be able to understand the information and use iteffectively. 1tatistical data analysis provides hands on experience to

11


12/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E


promote the use of statistical thinking and techniues to apply in order

to make educated decisions in the business world.

(omputers play a very important role in statistical data analysis. *he

statistical software package, 1$11, offers extensive data-handling

capabilities and numerous statistical analysis routines that can analyze

small to very large data statistics. *he computer will assist in the

summarization of data, but statistical data analysis focuses on the

interpretation of the output to make inferences and predictions.

"ur primary goal is to use data for predicition and decision making. We

must describe a set of data numerically which will provide us withnecessary tools for statistical inference.

/ange

*he range is the difference between the lowest value and the highest

value5 the maximum minus the minimum. For the data, the maximum is

G.GH: and the minimum is .5

=ange J '>aximum - >inimum) J 'G.GH: - .) J K.9H:

*he range depends only on the extreme values in the data set.

>istakes in data, such as reversing digits 'e.g. :7 for 7:) or omitting

digits 'e.g. 97 for 97) may produce extreme values. % measure of the

spread of data which is not so much affected by extreme values as the

range is to take values :L in from either end, or 96M in from either end.

edian

*he median is a number which is greater than half the data values and

less than the other half. If there are an odd number of values, the

median is the middle one when they are sorted in order of magnitude. If

there are an even number of values, the median is the average of the

two middle values.

12


13/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E


/.g. K, K.H, ., H, :.

%rranged in order of magnitude these are

., :., , K.H, H

median

ode

*he mode is the value or category which occurs most freuently. If

several data values occur with the same maximal freuency, they are all

modes.

/.g. ., :., , , K.H, H, G.G

mode J K

ean

*his is denoted by x 'read as +x bar+) and defined as the arithmetic mean

of all the data values.

x J x9 N x7 N x N ... N xn 6 n

/.g. x J . N :. N K N K.H N H N G.G 6 K

x J K.:

Sim'le Probability

In general, the probability of an event is the number of favorable

outcomes divided by the total number of possible outcomes.

$robabilityJ 'O of favorable outcomes) 6 'O of possible outcomes)

13


14/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E


&2am'le 1

What is the probability that a card drawn at random from a deck of cards

will be an aceP

Solution

In this case there are four favorable outcomes5

'9) the ace of spades

'7) the ace of hearts

') the ace of diamonds

'M) the ace of clubs.

1ince each of the :7 cards in the deck represents a possible outcome,

there are :7 possible outcomes. *herefore, the probability is M6:7 or

969.

3.0 +ata Statistic Analysis

1tudying a problem through the use of statistical data analysis usually

involves four basic steps.

9. &efining the problem

7. (ollecting the data

. %nalyzing the data

M. =eporting the results

Defining the Problem

%n exact definition of the problem is imperative in order to obtain

accurate data about it. It is extremely difficult to gather data without a

clear definition of the problem.

Collecting the Data

14


15/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E


&esigning ways to collect data is an important 0ob in statistical data

analysis. *wo important aspects of a statistical study are5

$opulation - a set of all the elements of interst in a study

1ample E a subset of the population

1tatistical inference is refer to extending your knowledge obtain from a

random sample from a population to the whole population. It is 0ust not

feasible to test the entire population, so a sample is the only realistic

way to obtain data because of the time and cost constraints. &ata can

be either uantitative or ualitative. Qualitative data are labels or names

used to identify an attribute of each element. Quantitative data are

always numeric and indicate either how much or how many.

&ata can be collected from existing sources or obtained through

observation and experimental studies designed to obtain new data. In

an experimental study, the variable of interest is identified. *hen one or

more factors in the study are controlled so that data can be obtained

about how the factors influence the variables. In observational studies,

no attempt is made to control or influence the variables of interest. %

survey is perhaps the most common type of observational study.

%nalyzing the &ata

1tatistical data analysis divides the methods for analyzing data into two

categories5 exploratory methods and confirmatory methods. /xploratory

methods are used to discover what the data seems to be saying by

using simple arithmetic and easy-to-draw pictures to summarize data.

(onfirmatory methods use ideas from probability theory in the attempt

to answer specific uestions. $robability is important in decision making

because it provides a mechanism for measuring, expressing, and

analyzing the uncertainties associated with future events. *he ma0ority

of the topics addressed in this course fall under this heading.

=eporting the =esults

15


16/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E


*hrough inferences, an estimate or test claims about the characteristics

of a population can be obtained from a sample. *he results may be

reported in the form of a table, a graph or a set of percentages.

Because only a small collection 'sample) has been examined and not

an entire population, the reported results must reflect the uncertainty

through the use of probability statements and intervals of values.

*o conclude, a critical aspect of managing any organization is planning

for the future. ood 0udgment, intuition, and an awareness of the state

of the economy may give a manager a rough idea or 2feeling2 of what is

likely to happen in the future. owever, converting that feeling into a

number that can be used effectively is difficult. 1tatistical data analysis

helps managers forecast and predict future aspects of a business

operation. *he most successful managers and decision makers are the

ones who can understand the information and use it effectively.

.0 usiness Information

Business Information is one of the three main segments of the

Information Industry. *he other two segments are 1cientific, *echnical R

>edical '?1*>@) and /ducational R *raining content.

*he primary forms of business information include5

• #ews

• >arket =esearch

• (redit and Financial Information

• (ompany and /xecutive $rofiles

• Industry, (ountry and /conomic %nalysis

• I* =esearch

While Wall 1treetDs thirst for information traditionally drove the business

information market, its use is much more widespread today. In addition

to the financial markets, business information is used heavily for sales

16


17/17

C

H

O

O

L

O

F

C

O

M

P

U

T

E

R

T

U

D

I

E


and marketing, competitive intelligence, strategic planning, human

resources and many other strategic business functions.

*oday, there are more than 788 providers of business information. While

the Internet has made it easier for business information publishers to

deliver content directly to their users, there remains a strong market for

aggregators of such content which package business information in

ways to meet an industry or customerDs workflow.

4.0 &2ercise

9) What Is SInformation 1ecurityDP7) What are the needs for maintaining information security and

accuracyP

) &escribe the methods use to secure information.

17

Documents

Chap 4- Bos Notes