Professional Documents
Culture Documents
Source: www.britannica.com/topic/information-system
➢ During this period, the role of IS was mostly to perform activities like
transaction processing, recordkeeping and accounting. IS was mainly used
for electronic data processing (EDP).
INSTRUCTIONAL MATERIAL
Developed by: Mr. Owen Harvey Balocon
Instructor 1
Polytechnic University of the Philippines
Sta. Rosa Branch
Information Assurance and Security 1
➢ This period also marked the development when the focus of organizations
shifted slowly from merely automating basic business processes to
consolidating the control within the data processing function.
➢ During this era, the rapid growth of the intranets, extranets, internet and
other interconnected global networks dramatically changed the capabilities of
IS in business. It became possible to circulate knowledge to different parts of
the world irrespective of time and space.
INSTRUCTIONAL MATERIAL
Developed by: Mr. Owen Harvey Balocon
Instructor 1
Polytechnic University of the Philippines
Sta. Rosa Branch
Information Assurance and Security 1
➢ The Internet and related technologies and applications changed the way
businesses operate and people work. Information systems functions in this
period are still the same just like 50 years ago.
Source: https://adataanalyst.com/information-systems-management/evolution-information-system-
function/
INSTRUCTIONAL MATERIAL
Developed by: Mr. Owen Harvey Balocon
Instructor 1
Polytechnic University of the Philippines
Sta. Rosa Branch
Information Assurance and Security 1
➢ Obviously, there's some overlap here. You can't secure data transmitted
across an insecure network or manipulated by a leaky application. As well,
there is plenty of information that isn't stored electronically that also
needs to be protected. Thus, the infosec pro's remit is necessarily broad.
The basic components of information security are most often summed up by the so-
called CIA triad: confidentiality, integrity, and availability.
INSTRUCTIONAL MATERIAL
Developed by: Mr. Owen Harvey Balocon
Instructor 1
Polytechnic University of the Philippines
Sta. Rosa Branch
Information Assurance and Security 1
• Integrity means maintaining data in its correct state and preventing it from
being improperly modified, either by accident or maliciously. Many of the
techniques that ensure confidentiality will also protect data integrity—after
all, a hacker can't change data they can't access—but there are other tools
that help provide a defense of integrity in depth: checksums can help you
verify data integrity, for instance, and version control software and frequent
backups can help you restore data to a correct state if need be. Integrity also
covers the concept of non-repudiation: you must be able to prove that you've
maintained the integrity of your data, especially in legal contexts.
The means by which these principles are applied to an organization take the
form of a security policy. This isn't a piece of security hardware or software; rather,
it's a document that an enterprise draws up, based on its own specific needs and
quirks, to establish what data needs to be protected and in what ways. These
policies guide the organization's decisions around procuring cybersecurity tools, and
also mandate employee behavior and responsibilities.
Among other things, your company's information security policy should include:
• A statement describing the purpose of the infosec program and your overall
objectives
• Definitions of key terms used in the document to ensure shared
understanding
• An access control policy, determining who has access to what data and
how they can establish their rights
• A password policy
• A data support and operations plan to ensure that data is always available
to those who need it
• Employee roles and responsibilities when it comes to safeguarding data,
including who is ultimately responsible for information security
INSTRUCTIONAL MATERIAL
Developed by: Mr. Owen Harvey Balocon
Instructor 1
Polytechnic University of the Philippines
Sta. Rosa Branch
Information Assurance and Security 1
As should be clear by now, just about all the technical measures associated with
cybersecurity touch on information security to a certain degree, but there it is
worthwhile to think about infosec measures in a big-picture way:
• Technical measures include the hardware and software that protects data
— everything from encryption to firewalls
• Organizational measures include the creation of an internal unit dedicated
to information security, along with making infosec part of the duties of some
staff in every department
• Human measures include providing awareness training for users on proper
infosec practices
• Physical measures include controlling access to the office locations and,
especially, data centers
Source: https://www.csoonline.com/article/3513899/what-is-information-security-definition-principles-and-
jobs.html
1. Computer Hardware:
Physical equipment used for input, output and processing. The hardware structure
depends upon the type and size of the organization. It consists of an input and an
output device, operating system, processor, and media devices. This also includes
computer peripheral devices.
INSTRUCTIONAL MATERIAL
Developed by: Mr. Owen Harvey Balocon
Instructor 1
Polytechnic University of the Philippines
Sta. Rosa Branch
Information Assurance and Security 1
2. Computer Software:
The programs/ application program used to control and coordinate the hardware
components. It is used for analysing and processing of the data. These programs
include a set of instruction used for processing information.
Software is further classified into 3 types:
1. System Software
2. Application Software
3. Procedures
3. Databases:
Data are the raw facts and figures that are unorganized that are later processed to
generate information. Softwares are used for organizing and serving data to the
user, managing physical storage of media and virtual resources. As the hardware
can’t work without software the same as software needs data for processing. Data
are managed using Database management system.
Database software is used for efficient access for required data, and to manage
knowledge bases.
4. Network:
• Networks resources refer to the telecommunication networks like the
intranet, extranet and the internet.
• These resources facilitate the flow of information in the organization.
• Networks consists of both the physical devices such as networks cards,
routers, hubs and cables and software such as operating systems, web
servers, data servers and application servers.
• Telecommunications networks consist of computers, communications
processors, and other devices interconnected by communications media and
controlled by software.
• Networks include communication media, and Network Support.
5. Human Resources:
It is associated with the manpower required to run and manage the system. People
are the end user of the information system, end-user use information produced for
their own purpose, the main purpose of the information system is to benefit the end
user. The end user can be accountants, engineers, salespersons, customers, clerks,
or managers etc. People are also responsible to develop and operate information
systems. They include systems analysts, computer operators, programmers, and
other clerical IS personnel, and managerial techniques.
Source: https://www.geeksforgeeks.org/components-of-information-system/
INSTRUCTIONAL MATERIAL
Developed by: Mr. Owen Harvey Balocon
Instructor 1