CHAPTER 1: Managing Information Technology

Information Technology - Name of technique

which is used for handling and providing the
information
Information technology management - IT
management is the discipline whereby all of the
information technology resources of a firm are
managed in accordance with its needs and
priorities.

CHALLENGES…
❑ Rapid technological change
❑ Exploding applications and data
❑ Frequent External Shocks

MANAGING THE ASSETS IN AN IS

ORGANIZATON
IS leadership must manage these organizational
assets:
❑ Human Resources
❑ Organizational data
❑ Physical Infrastructure
❑ Application Portfolio
❑ How effective it is
❑ What condition it is in

INFORMATION TECHNOLOGY MANAGEMENT

SYSTEM ISSUES
1. Developing effective change management
system
2. Ethical use of IT
3. Determining an outsourcing strategy
4. Deploying global information systems
5. Ensuring regular performance measurement

Chapter 2 - Information Resource Management

Chapter 3 - Security of Information Technology
 • It limits entry into a network to authorized
What is Security? users and content
1. Freedom from risk or danger; safety. • Entry can then be controlled by registration
2. Freedom from doubt, anxiety, or fear; and password
confidence. • But employees represent the biggest single
3. Something that gives or assures safety 4. Is threat to networks
the protection of assets. • Employees have access to security procedures
The three main aspects are: and know where important data is stored
• Prevention
• Detection 2. Digital Certificates / Signature
• Re-action • Digital signatures used to create commercial
Why do we need Security? systems using public key encryption often using
• Protect vital information while still allowing trusted third parties to send owner
access to those who need it identification and copy of public key
• Provide authentication and access control for • Use of digital certificates:
resources Secret key (symmetric) encryption (both
• Guarantee availability of resources parties have an identical key known only to
them, but not a safe method)
Information Technology Security Public key (asymmetric) encryption (keys
• It is more than just protecting hardware and used by sender and receiver are different but
software from being crashed related by a numerical code
• It is protecting the information resources that
keep the company operating Digital certificates may include
• Goals are to ensure • User identification data
1. Data integrity, availability & confidentiality • Issuing authority identification and digital
2. Business continuity signature
• User’s public key
Information Technology Security • Expiry date of certificate
• Confidentiality • Class of certificate
✓Maintaining the privacy of data • Digital identification code for the certificate
• Integrity
✓Detecting that the data is not tampered with ENCRYPTION
• Authentication • In cryptography, encryption is the process of
✓Establishing proof of identity transforming information (referred to as
• Nonrepudiation plaintext) using an algorithm (called a cipher) to
✓Ability to prove that the sender sent the data make it unreadable to anyone except those
• Access Control possessing special knowledge, usually referred
to as a key.
✓Access to information resources are regulated
• The reverse process, i.e., to make the
• Availability
encrypted information readable again, is
✓Computer assets are available to authorized
referred to as DECRYPTION.
parties when needed
USES OF ENCRYPTION
• Encryption can be used to protect data "at
Security Measures of Information Technology
rest", such as files on computers and storage
1. FIREWALL
devices (e.g. USB flash drives).
• A firewall stops information being changed or
➢Digital rights management systems which
stolen
prevent unauthorized use or reproduction of
copyrighted material and protect software Once you have installed an anti-virus package,
against reverse engineering you should scan your entire computer
• Encryption is also used to protect data in periodically. Always leave your Anti-virus
transit software running so it can provide constant
• Encryption, by itself, can protect the protection.
confidentiality of messages.
Automatic scans- Depending what software you
VIRUSES choose; you may be able to configure it to
Viruses automatically scan specific files or directories
• Computer programs that corrupt or delete and prompt you at set intervals to perform
files complete scans.
• Sent as attachments or embedded in other
files Chapter 4: Risk in Information and Technology
Worm
• Can spread itself over a network, doesn’t need What is Risk?
to be sent • A possibility that THREAT exploits a
VULNERABILITY in an asset and causes damage
Types of Viruses or loss to the asset.
Transient Virus
• Attaches itself to specific program • THREAT – Something that can potentially
• Is run every time the program is run cause damage to an organization, IT system or
network.
• VULNERABILTY – A weakness in the
Resident Virus organization, IT Systems or network that can be
• Once loaded operates for duration of exploited by the threat
computer’s use Risks in Information and Technology
Logic Bomb
• Triggers when a given condition is met, such
as clock on computer matching a specified time
Trojan Horse
• Malicious program that hides within a friendly
program

What is an Anti-Virus?
• Anti-virus is a software (computer program)
that scans files or your computer's memory for
certain patterns that may indicate an infection.
The patterns it looks for are based on the
signatures, or fingerprints, of known viruses.
Once a virus is detected in the wild, the Anti-
Virus companies then release these new
patterns for your Anti-virus software to use.
These updates come out daily by some vendors. Fraud
Virus authors are continually releasing new and • Accessing or using a computer with the intent
updated viruses, so it is important that you have to commit a fraudulent or other criminal act.
the latest definitions installed on your • This can refer to illegally obtaining restricted
computer. data or confidential financial information,
damaging or destroying information contained
in a computer.
Service Interruptions and Delays
• An interruption in transmission that renders
the Service unusable due to a total loss of signal
for the Service
Intrusions
• the act of wrongfully entering upon, seizing,
or taking possession of the property or
information of another individual
Information Manipulation
• trying to get someone to believe something
untrue is deceit. The type of communication
created by such deceitful intent is called a
deceptive message
Information Theft
• Also known as identity fraud, is a crime in
which an imposter obtains key pieces of
personally identifiable information (PII), such as
Social Security or driver's license numbers, to
impersonate someone else.
Error
• An act or statement that is not right or true or
proper.
• Error is used for failure to follow a model
correctly.
Denial of Service Attacks
• An attack meant to shut down a machine or
network, making it inaccessible to its intended
users.
Malicious Software
• Any type of software that is intended to harm
or hack the user.
• Attempt to steal your information, or they
might simply do it for malicious reasons.
Website Defacements
• Is an act of gaining unauthorized access to an
environment or website. Extortion
• The practice of trying to get something
through force, threats or blackmail Sniffing
• Process of monitoring and capturing all data
packets passing through given network
• Sniffers are used by network/system
administrator to monitor and troubleshoot
network traffic. Attackers use sniffers to capture
data packets containing sensitive information
such as password, account information etc.
Spoofing
• Specific type of cyber-attack in which
someone attempts to use a computer, device, or
network to trick other computer networks by
masquerading as a legitimate entity
Con Artists
• A person who cheats or tricks others by
persuading them to believe something that is
not true
Phishing
• Type of online scam where criminals
impersonate legitimate organizations via email,
text message, advertisement or other means in
order to steal sensitive information.
ISO 272002:2005
- Defines Information Security as a prevention
of the following:
•Confidentiality
Ensuring that information is accessible only to
those Authorized to have access
•Integrity
Safeguarding the accuracy and completeness of
information and processing methods
•Availability
Ensuring that authorized users have access to
information and associated assets when
required
Computer Criminals
Hacker
• A person who uses computers to gain
unauthorized access to data
Script Kiddies
• a relatively unskilled individual who uses
scripts or programs, such as a web shell,
developed by others to attack computer
systems and networks and deface websites,
according to the programming and hacking
cultures
Cyber-Criminals
• People who use technology to commit
malicious activities on digital systems or
networks with the intention of stealing sensitive
company information or personal data, and
generating profit
Organized Crime
• Individuals and groups with ongoing working
relationships who make their living
primarily through activities that one or more
states deem illegal and criminal
Terrorist
• A person who uses unlawful violence and
intimidation, especially against civilians, in the
pursuit of political aims.
Insider
• A person within a group or organization,
especially someone privy to information
unavailable to others.
CHAPTER 5: INFORMATION TECHNOLOGY
INFORMATION TECHNOLOGY
- is a contemporary term that describes the
combination of computer technology (hardware
and software) with telecommunications
technology (data, image, and voice networks).
In some companies, this is referred to as
Management Information Services (or MIS) or
simply as Information Services (or IS). These
innovations enable the processing and storage
of enormous amounts of information, along
with rapid distribution of information through
communication networks
 IT has enabled the globalization of the
economy and competition, and caused large-
scale changes in many industries
 IT is also bringing a major shift in the job
market; resulting in a more polarized
occupational structure, consisting of
highly skilled=well paid jobs
lower skilled=low wages
Communication: Basic need for most human
activities
Traditional- telephone, fax, mail...
In the new information era- e-mail, internet,
video conferencing
The new communication technology enables
people located in different places to work
together as if they were in the same office. Big
multinational companies are already exploiting
this technology to achieve better use of the
resources of their separate offices. In this way
projects can be shared between offices with the
application of the best expertise, and around
the clock
Computer Use
The purpose of a computer is to process data
into information
 Data consist of the raw facts and figures that
are processed into information
 Information is data that has been summarized
or otherwise manipulated for use in decision
making
Hardware and Software
 Hardware consists of all the machinery and
equipment in a computer system
 Software, or programs , consist of all the
electronic instructions that tell the computer
how to perform a task
Hardware and software revolution
 The diminishing cost of personal computers
has put computing power within the reach of
even the smallest contractors.
 Rapidly developing hardware performance,
coupled with the development of storage drives
with very large volumes, modems, scanners,
and back up devices has made the computer
suitable for storage and distribution of drawings
and other data in electronic format.
 The evolution of servers, network cards,
modems and routers have linked computers
together providing a forum for community
collaboration.
Internet
The value of the Internet to construction
companies derives from its ability to easily
connect globally to a vast amount of data,
which would otherwise have taken more time
and money to organize. By exploiting the
resources of the Internet construction
companies can gain the following benefits.
 Acceleration in the distribution of knowledge
resources within and out with the company 
Promotion and marketing for the company
On-line services: The rapid development of the
Internet and the World Wide Web has enabled
many services that traditionally required face to
face meetings to be delivered on-line.
Internet distance learning: opportunities of
university education, widening access to higher
education (delivering teaching and learning to
people who cannot attend lectures)-increases a
country’s competitiveness in a global market.
E-business: Internet provides a virtual market
place for buyers, suppliers, distributors and
sellers to exchange information, negotiate and
trade
Teleworking: Flexibility in working conditions,
less office space, more productive workers.
How is information technology being used in
education?
❖ E-mail
❖ Distance learning
How are computers being used in health and
medicine?
❖ Telemedicine
❖ Robots
How will computers affect my financial matters?
❖ Virtual money
❖ Micro-Credits
History and Development of Information
Technology
In the 1960s and 1970s, the term information
technology (IT) was a little known phrase that
was used by those who worked in places like
banks and hospitals to store information. With
the paradigm shift to computing technology and
"paperless" workplaces, information technology
has come to be a household phrase. It defines
an industry that uses computers, networking,
software programming, and other equipment
and processes to store, process, transmit, and
protect information.
Software development and computer
programming where best left to the computer
scientists and mathematical engineers, due to
their complicated nature. As time passed and
technology advanced, such as with the advent
of the personal computer in the 1980s and its
everyday use in the home and the workplace,
the world moved into the information age.
Modern Technology
By the early 21st century, nearly every child in
the Western world, and many in other parts of
the world, knew how to use a personal
computer. Businesses' information technology
departments have gone from using storage
tapes created by a single computer operator to
interconnected networks of employee
workstations that store information in a server
farm, often somewhere away from the main
business site.
Technology facilitate our life
Technology and information may be regarded as
two things are mutually binding. Both support
functions that are fairly similar. Advances in
technology are always facilitate the delivery of
information. The rate information from one
country can spread rapidly to other countries,
even to all countries, through increasingly
sophisticated technology.
Advances in information technology provide
enormous benefit in human survival.
Information technology can provide facilities in
various aspects of life. One area of life that has
a close relationship with the use of information
technology is the world of work.
Impact of Advanced Information Technology
Advances in information technology is to be
grateful and appreciated as a remarkable
achievement. Therefore, we must take
advantage of advances in information
technology is to do positive things.
Why is that?
In fact, advances in information technology not
only provides a positive effect. Many also
brought along the negative impact of
information technology advances.
Here's a positive impact of information
technology development.
 Make it easier for companies or individual
business transaction-based information
technology or so-called E Commerce.
 Simplify access to information needed for
various purposes.
Besides positive impacts, advances in
information technology have a negative effect.
 The rapid advancement in information
technology, internet and other media, facilitate
the entry of banned sites and violence.
 Ease of transactions via the Internet will
provide opportunities to perform transacts
forbidden, such as drug and contraband
transactions.
As a result, anything that is required is
completed in quick time to be done by utilizing
flash technology as well. Finally, human life
cannot be separated from the flow of
information technology.
The Role of IT
 It is accepted that telecommunication is a
basic infrastructure necessary for economic and
social development of a country.
 This is even becoming more strong than ever
as information related economic activities are
growing.  Information and communications
technology may be described as the support of
the central nervous system of complex societies,
transmitting and processing information and
commands among the various parts of such
societies.
 Internet plays a fundamental function in IT
role
Benefits from IT
Information and communications technology
carries on high promise both in human and
economic terms.
Benefits could be obtained in:
 Education
 Job training
 Health care
 Food security
 Environment management
 Government efficiency
IT is useful in all areas Many tourism businesses
are involved in developing their internet
services including traditional travel agents, tour
operators, national tourist offices, airlines,
hotels and other accommodation providers and
car hire firms.