Polytechnic University of the Philippines

Sta. Rosa Branch

Information Assurance and Security 1

LESSON 1: HISTORY, SECURITY, AND COMPONENTS OF INFORMATION

SYSTEM

I. Definition of Information System

Information system, an integrated set of components for collecting, storing,

and processing data and for providing information, knowledge, and digital products.
Business firms and other organizations rely on information systems to carry out and
manage their operations, interact with their customers and suppliers, and compete
in the marketplace.

Source: www.britannica.com/topic/information-system

II. History of Information System

1950 – 1960: Electronic Data Processing, Transaction Processing System

➢ During this period, the role of IS was mostly to perform activities like
transaction processing, recordkeeping and accounting. IS was mainly used
for electronic data processing (EDP).

➢ EDP is described as the use of computers in recording, classifying,

manipulating, and summarizing data. It is also called information processing
or automatic data processing.

➢ Transaction Processing System (TPS) was the first computerized system

developed to process business data. TPS was mainly aimed at clerical staff of
an organisation. The early TPS used batch processing data which was
accumulated over a period and all transactions were processed afterward.

1960 to 1970: Management Information Systems

➢ Usually, MIS generates three basic types of information which are:

• Detailed information reports typically confirm transaction-processing
activities. A detailed Order Report is an example of a detailed report.
• Summary information establishes data into a format that an individual can
review quickly and easily.
• Exception information report information by filtering data that is an exception
inventory report. Exception reports help managers save time because they
do not have to search through a detailed report for exceptions.

INSTRUCTIONAL MATERIAL
Developed by: Mr. Owen Harvey Balocon
Instructor 1
 Polytechnic University of the Philippines
Sta. Rosa Branch
Information Assurance and Security 1

➢ This period also marked the development when the focus of organizations
shifted slowly from merely automating basic business processes to
consolidating the control within the data processing function.

1970 to 1980: Decision Support Systems

➢ In this era, a major advancement was an introduction of the personal

computers (PC). With the introduction of PCs, there was the distribution of
computing or processing power across the organization. IS function
associated strongly with management rather than a technical approach in an
organisation. The role focused on “interactive computer-based system” to aid
decision-makers in solving problems.

➢ This new role of information systems to provide interactive ad-hoc support

for the decision-making process to managers and other business
professionals is called Decision Support Systems (DSS). DSS serve the
planning, management and operations level of an organization usually senior
management.

1980 to 1990: Executive Information Systems

➢ This period gave rise to departmental computing due to many organisations

purchasing their own hardware and software to suit their departmental
needs. Instead of waiting for indirect support of centralized corporate service
department, employees could use their own resources to support their job
requirements.

➢ This trend led to new challenges of data incompatibility, integrity and

connectivity across different departments. Further, top executives were
neither using DSS nor MIS hence executive information systems (EIS) or
executive support systems (ESS) were developed.

➢ EIS offers decision making facilities to executives through providing both

internal and external information relevant to meeting the strategic goals of
the organization. These are sometimes considered as a specific form of DSS.

1990 to 2000: Knowledge Management Systems

➢ During this era, the rapid growth of the intranets, extranets, internet and
other interconnected global networks dramatically changed the capabilities of
IS in business. It became possible to circulate knowledge to different parts of
the world irrespective of time and space.

INSTRUCTIONAL MATERIAL
Developed by: Mr. Owen Harvey Balocon
Instructor 1
 Polytechnic University of the Philippines
Sta. Rosa Branch
Information Assurance and Security 1

➢ This period also saw an emergence of enterprise resource planning (ERP)

systems. ERP is an organization-specific form of a strategic information
system that incorporates all components of an organisation including
manufacturing, sales, resource management, human resource planning and
marketing.

➢ Moreover, there was a breakthrough in the development and application of

artificial intelligence (AI) techniques to business information systems. Expert
systems (ES) and knowledge management systems (KMS) interconnected to
each other.

2000 – present: E-Business

➢ The Internet and related technologies and applications changed the way
businesses operate and people work. Information systems functions in this
period are still the same just like 50 years ago.

➢ The difference is greater connectivity across similar and dissimilar system

components. There is great network infrastructure, higher level of integration
of functions across applications and powerful machines with higher storage
capacity. Many businesses use Internet technologies and web-enable
business processes to create innovative e-business applications. E-
business is simply conducting business process using the internet.

Source: https://adataanalyst.com/information-systems-management/evolution-information-system-
function/

INSTRUCTIONAL MATERIAL
Developed by: Mr. Owen Harvey Balocon
Instructor 1
 Polytechnic University of the Philippines
Sta. Rosa Branch
Information Assurance and Security 1

III. Security of Information System

Key Information Security Concepts

3.1 Definition of Information Security

➢ Information security, sometimes abbreviated to infosec, is a set of practices

intended to keep data secure from unauthorized access or alterations, both
when it's being stored and when it's being transmitted from one machine or
physical location to another. You might sometimes see it referred to as data
security. As knowledge has become one of the 21st century's most important
assets, efforts to keep information secure have correspondingly become
increasingly important.

3.2 Information security vs. cybersecurity

➢ Because information technology has become the accepted corporate

buzzphrase that means, basically, "computers and related stuff," you will
sometimes see information security and cybersecurity used
interchangeably. Strictly speaking, cybersecurity is the broader practice of
defending IT assets from attack, and information security is a specific
discipline under the cybersecurity umbrella. Network security and
application security are sister practices to infosec, focusing on networks
and app code, respectively.

➢ Obviously, there's some overlap here. You can't secure data transmitted
across an insecure network or manipulated by a leaky application. As well,
there is plenty of information that isn't stored electronically that also
needs to be protected. Thus, the infosec pro's remit is necessarily broad.

3.3 Information security principles

The basic components of information security are most often summed up by the so-
called CIA triad: confidentiality, integrity, and availability.

• Confidentiality is perhaps the element of the triad that most immediately

comes to mind when you think of information security. Data is confidential
when only those people who are authorized to access it can do so; to ensure
confidentiality, you need to be able to identify who is trying to access data
and block attempts by those without authorization. Passwords, encryption,
authentication, and defense against penetration attacks are all techniques
designed to ensure confidentiality.

INSTRUCTIONAL MATERIAL
Developed by: Mr. Owen Harvey Balocon
Instructor 1
 Polytechnic University of the Philippines
Sta. Rosa Branch
Information Assurance and Security 1

• Integrity means maintaining data in its correct state and preventing it from
being improperly modified, either by accident or maliciously. Many of the
techniques that ensure confidentiality will also protect data integrity—after
all, a hacker can't change data they can't access—but there are other tools
that help provide a defense of integrity in depth: checksums can help you
verify data integrity, for instance, and version control software and frequent
backups can help you restore data to a correct state if need be. Integrity also
covers the concept of non-repudiation: you must be able to prove that you've
maintained the integrity of your data, especially in legal contexts.

• Availability is the mirror image of confidentiality: while you need to make

sure that your data can't be accessed by unauthorized users, you also need
to ensure that it can be accessed by those who have the proper permissions.
Ensuring data availability means matching network and computing resources
to the volume of data access you expect and implementing a good backup
policy for disaster recovery purposes.

3.4 Information security policy

The means by which these principles are applied to an organization take the
form of a security policy. This isn't a piece of security hardware or software; rather,
it's a document that an enterprise draws up, based on its own specific needs and
quirks, to establish what data needs to be protected and in what ways. These
policies guide the organization's decisions around procuring cybersecurity tools, and
also mandate employee behavior and responsibilities.

Among other things, your company's information security policy should include:
• A statement describing the purpose of the infosec program and your overall
objectives
• Definitions of key terms used in the document to ensure shared
understanding
• An access control policy, determining who has access to what data and
how they can establish their rights
• A password policy
• A data support and operations plan to ensure that data is always available
to those who need it
• Employee roles and responsibilities when it comes to safeguarding data,
including who is ultimately responsible for information security

INSTRUCTIONAL MATERIAL
Developed by: Mr. Owen Harvey Balocon
Instructor 1
 Polytechnic University of the Philippines
Sta. Rosa Branch
Information Assurance and Security 1

3.4 Information security measures

As should be clear by now, just about all the technical measures associated with
cybersecurity touch on information security to a certain degree, but there it is
worthwhile to think about infosec measures in a big-picture way:
• Technical measures include the hardware and software that protects data
— everything from encryption to firewalls
• Organizational measures include the creation of an internal unit dedicated
to information security, along with making infosec part of the duties of some
staff in every department
• Human measures include providing awareness training for users on proper
infosec practices
• Physical measures include controlling access to the office locations and,
especially, data centers

Source: https://www.csoonline.com/article/3513899/what-is-information-security-definition-principles-and-
jobs.html

IV. Components of an Information System

An Information system is a combination of hardware and software and

telecommunication networks that people build to collect, create and distribute
useful data, typically in an organization. It defines the flow of information within the
system. The objective of an information system is to provide appropriate
information to the user, to gather the data, process the data and communicate
information to the user of the system.

1. Computer Hardware:
Physical equipment used for input, output and processing. The hardware structure
depends upon the type and size of the organization. It consists of an input and an
output device, operating system, processor, and media devices. This also includes
computer peripheral devices.

INSTRUCTIONAL MATERIAL
Developed by: Mr. Owen Harvey Balocon
Instructor 1
 Polytechnic University of the Philippines
Sta. Rosa Branch
Information Assurance and Security 1

2. Computer Software:
The programs/ application program used to control and coordinate the hardware
components. It is used for analysing and processing of the data. These programs
include a set of instruction used for processing information.
Software is further classified into 3 types:
1. System Software
2. Application Software
3. Procedures

3. Databases:
Data are the raw facts and figures that are unorganized that are later processed to
generate information. Softwares are used for organizing and serving data to the
user, managing physical storage of media and virtual resources. As the hardware
can’t work without software the same as software needs data for processing. Data
are managed using Database management system.
Database software is used for efficient access for required data, and to manage
knowledge bases.

4. Network:
• Networks resources refer to the telecommunication networks like the
intranet, extranet and the internet.
• These resources facilitate the flow of information in the organization.
• Networks consists of both the physical devices such as networks cards,
routers, hubs and cables and software such as operating systems, web
servers, data servers and application servers.
• Telecommunications networks consist of computers, communications
processors, and other devices interconnected by communications media and
controlled by software.
• Networks include communication media, and Network Support.

5. Human Resources:
It is associated with the manpower required to run and manage the system. People
are the end user of the information system, end-user use information produced for
their own purpose, the main purpose of the information system is to benefit the end
user. The end user can be accountants, engineers, salespersons, customers, clerks,
or managers etc. People are also responsible to develop and operate information
systems. They include systems analysts, computer operators, programmers, and
other clerical IS personnel, and managerial techniques.

Source: https://www.geeksforgeeks.org/components-of-information-system/

INSTRUCTIONAL MATERIAL
Developed by: Mr. Owen Harvey Balocon
Instructor 1