Information refers to data that has undergone a series of processing steps and become meaningful facts and conclusions in a given context processed from available data. The system refers to the various groups of interdependent items that interact regularly in performing and accomplishing any given task. A computer-based information system defines a collection of all the interrelated components that acquire, store, process, manipulate, manage, control and disseminate information and provide a feedback mechanism to the organization. This integrated system consists of hardware, software, data, people, and different procedures that interact to generate information that is used for short and long-term decision-making. It is the feedback information that the organizations rely on to make strategic decisions that will help the organization to achieve its goals. Any given organization consists of various hierarchical levels that require specific information systems that help in processing and disseminating information.
Types of Information Systems
- Office information systems – these enhance the productivity of office employees such as word processing and spreadsheet.
- Transaction processing systems – used to store and process the daily transactions within an organization.
- Management information systems – integrated with transaction systems provide managers with accurate and organized information for the decision-making process.
- Expert systems – systems that store the knowledge of human experts while acting like humans to provide information and decisions.
The process to ensure Confidentiality, Integrity, and Availability
Confidentiality is a principle that is applied in information systems and refers to all the processes and procedures that restrict access to both information and the entire system and only guarantees access to only authorized members of the organization. Integrity on the other hand is an information security principle that ensures that the information stored within an information system is complete or has its whole structure, and the system’s hardware and software are logically complete. Moreover, the availability of an information system refers to the degree of operability of any system in terms of time. For an organization to benefit from its investment in information systems there should exist policies that guarantee the confidentiality of its information and computer systems, integrity of the availability of the system.
Information systems are efficient in processing tasks within minimal time spans, providing a strategic advantage to organizations. However, information systems face numerous threats and risks from both internal and external forces. The use of information systems and the internet has greatly increased computer crime in organizations and the entire society. Today, computer crime has become global as criminals develop sophisticated intrusion methods that can easily pass unnoticed due to duality of the computer, as it is used to commit the crime and being the object of the crime (Stair, Reynolds, 2011, p.411). For a computer criminal to gain access, information about identification and passwords need to be known.
A computer criminal (hacker) gets information from the internet where there are such websites that provide information about hacking into other systems and eventually use such information to gain access to any computer system, networks, information, and data without a person’s knowledge.
The process will involve encryption, which refers to the process of hiding information by using specific encryption algorithms, where only the parties involved have a mechanism of accessing and retrieving the information hence preventing unauthorized access of organization’s information. The organization should adopt and develop its own encryption and decryption mechanisms to ensure information security. The organization should maintain a role-based system access list of all the employees and should constantly destroy passwords and access IDs of employees who have been given other responsibilities and transferred to other departments within the same organization in order to limit access to systems they no longer use. Strong and currently updated Anti-virus (downloading of latest virus definitions from the internet) and anti-malware software should be installed to safeguard computers from spy-wares and viruses and prevent network-based attacks.
Firewalls should be installed to limit and prevent unauthorized external access to a company’s or organizations intranet. Intrusion detection refers to the detection of unwanted traffic on a host device and on the network. The software is installed either on a given network (to analyze and monitor network traffic and other processes across the network) or installed in each host machine where the software analyzes and monitors system specific settings. Host-based intrusion systems are installed on the protected systems are used to monitoring and analyzing what other functioning processes on the system such as system calls, network traffic and help to eliminate suspicious processes from the system (Vacca, 2010).
To ensure the availability of information systems within an organization, policies should ensure regular checking and servicing of all the computer systems, ensure that faulty parts are replaced and other upgrades of the hardwares and software are carried out by only authorized systems administrators. The policy should also restrict that no installations should be done to the systems without prior permission. Each system should have a password that allows a person to access and use its resources. The passwords should be of reasonable length and should consist of alphanumeric characters as this ensures unequal chances of system hacking. Installations of Intrusion detection software systems on the computers help to detect unwanted congestion on the network and also the computer and hence improving the performance and reliability of the system (Max Wu, 2009).
Because of digital technology replacing other forms, organizations have heavily invested in the numerous information systems in order to compete favorably in the global market. Information systems have brought about an increased processing, manipulation, storage, and dissemination of information within organizations. This has brought about an increase in threats and risks that face both the information and the computer systems.
Various policies and practices should be developed and implemented by the organizations in order to achieve the desired goals. It should be noted that the policies and measures should also be considered in terms of the costs and their effectiveness. Information is very vital to any organization and there should be stern policies to ensure that it is only available to authorized persons at the time required, computer-based information systems should also be protected by the organizations policies to ensure an efficient and reliable interrelation of the elements and the organizations realization of short and long-term goals.
Stair, R. and Reynolds, G. (2011). Fundamentals of Information Systems. 2011.
Vacca, J. R. (2010). Managing Information Security. MA: Syngress. 2010.
Wu, T. M. (2009). Intrusion Detection Systems. Web.