Analytical Ability and Digital

Awareness
 MODULE 4:

 Web Surfing: An Overview: working of Internet, Browsing the Internet, E-Mail, Components of E-
Mail, Address Book, Troubleshooting in E-Mail, Browsers: Netscape Navigator, Microsoft Internet
Explorer, Google Chrome, Mozilla Firefox, Tor, Search Engines like Google, DuckDuckGo etc.,
Visiting web sites: Downloading.
 Cyber Security: Introduction to Information System, Type of information system, CIA model of
Information Characteristics, Introduction to Information Security, Need of Information Security,
Cyber Security, phishing, spamming, fake news, general issues related to cyber security, Business
need, Ethical and Professional issues of security.
 MODULE 4:
Web Surfing and Cyber Security

Part 2 Cyber Security

DATA AND INFORMATION
• Data: Data is defined as a collection of individual facts or statistics. Data
can come in the form of text, observations, figures, images, numbers, graphs,
or symbols.
• Information: Information is defined as knowledge gained through study,
communication, research, or instruction. Essentially, information is the result
of analyzing and interpreting pieces of data. Whereas data is the individual
figures, numbers, or graphs, information is the perception of those pieces of
knowledge.

INFORMATIO
DATA PROCESSING
N
 INFORMATION SYSTEM

 Set of interrelated components that collect, process, store and distribute data and
information, and provide a feedback mechanism to meet an objective.
 An information system is a set of interrelated components that works together to collect,
process, store and breakdown the information to support decision making.
 Arrangement of people, data, processes, interfaces, networks and technology that interact
to support and improve both day-to-day operations in a business as well as support the
problem-solving and decision-making needs of management.
TYPES OF INFORMATION SYSTEM
 1. Transaction Processing System (TPS)
 2. Management Information System (MIS)
 3. Decision Support System (DSS)
 4. Executive Information System (EIS)
 5.  Knowledge Management Systems
 6. Office Automation System
1 Transaction Processing Systems

 A transaction processing system ensures that all of the contractual, transactional, and
customer relationship data is stored in a safe location and accessible to everyone who
needs it. It also assists in the processing of sales order entries, payroll, shipping, sales
management, or other routine transactions needed to maintain operations.

By utilizing a TPS, organizations can have a high level of reliability and accuracy in their
user/customer data while minimizing the potential for human error.
 It helps
in automate repetitive information processing activities within organizations •Increases
speed •Increases accuracy • Greater efficiency • Supports the monitoring, collection,
storage, processing, and dissemination of the organization’s basic business transactions
2 Management Information Systems

 A management information system uses various transaction data from a TPS to help middle
management optimize planning and decision-making.
 Most of the report formats encompass summaries of annual sales data, performance data, or
historical records. This provides a secure and systemized way for managers to meet their
targets and oversee business units.
 Management Information Systems are specially designed to help middle managers and
supervisors make decisions, plan, and control the workflow. The MIS pulls transactional data
from various Transactional Processing Systems, compiles the information, and presents it in
reports and displays.
 Focus on the information requirements of low to middle level managers
 Some examples of MIS • Sales management systems
• Inventory control systems • Budgeting systems
 3 Decision Support System (DSS)

 A decision support system processes data to assist in management decision-making. It

stores and gathers the information required for management to take the proper actions at
the correct time. For example, a bank manager can use a DSS to assess the evolving loan
trends to determine which yearly loan targets to meet.

Decision models are programmed into the IS to analyze and summarize large quantities of
information and put it into a visual that makes it understandable
4 Executive Information System (EIS)

 Executive support systems are similar to a DSS but are primarily used by executive leaders
and owners to optimize decision-making.
 An executive support system provides better telecommunication functionality and a bigger
computing functionality.
 Graphics software is integrated within an ESS to display data about tax regulations, new
competitive startups, internal compliance issues, and other relevant executive information.
This allows leaders to track internal performance, monitor the competition, and pinpoint
growth opportunities.
 5 Knowledge Management Systems

 A knowledge management system stores and extracts information to help users enhance
their knowledge and optimize collaboration efforts to complete tasks. Examples of
documents found in a knowledge management system include employee training materials,
company policies, and procedures, or answers to customer questions.

A KMS is used by employees, customers, management, and other various stakeholders

involved with the organization. It ensures that technical abilities are integrated throughout
the company while providing visuals to help employees make sense of the data they see.
6 Office Automation System

 An office automation system is a network of various tools, technologies, and people

required to conduct clerical and managerial tasks.

Typical examples of functions performed by an OAS include printing documents, mailing

paperwork, mailing, maintaining a company calendar, and producing reports. Primarily, an
office automation system assists in enhancing communication among different departments
so everyone can collaborate to complete a task.
  By utilizing an office automation system, businesses can improve communication between
workers, streamline managerial activities, and optimize knowledge management.
 CYBER SECURITY
 Cyber security is the application of technologies, processes and
controls to protect systems, networks, programs, devices and
data from cyber attacks. It aims to reduce the risk of cyber attacks
and protect against the unauthorised exploitation of systems,
networks and technologies.
 Cyber security is the name for the safeguards taken to avoid or
reduce any disruption from an attack on data, computers or
mobile devices. Cyber security covers not only safeguarding
confidentiality and privacy, but also the availability and integrity of
data, both of which are vital for the quality and safety of care.
 Cyber security is a constantly changing area with lots of jargon
and sometimes can seem quite confusing. However, many
effective and relatively simple steps can be taken to protect
information and protect you and your organization. 
 Spam is unsolicited email, instant messages, or social media messages. These
messages are fairly easy to spot and can be damaging if you open or respond. Spam
emails are also known as junk emails; these emails are unsolicited messages which
are bulk and sent with an expectation of getting a small amount of interaction.
 Phishing is an email sent from an Internet criminal disguised as an email from a
legitimate, trustworthy source. The message is meant to lure you into revealing
sensitive or confidential information. Phishing is a fraudulent action of sending spam
emails by imitating to be from any legitimate source. Such mails have a strong
subject line with attachments like an invoice, job offers, big offers from reputable
shipping services, or any important mail from higher officials of the company. The
phishing scam attacks are the most common cyber-attacks that aim to steal sensitive
data. Like Login credentials, credit card numbers, bank account information, and so
on. 
 Spoofing describes a criminal who impersonates another individual or organization,
with the intent to gather personal or business information. In simple words, Email
spoofing is manipulating the email header's from-address in such a way that when an
email is to send it will look as it has come from a legitimate source. 
CIA model

 The CIA triad refers to an information security model made up of the three main components: confidentiality,
integrity and availability.
 The three components of the CIA triad are
 Confidentiality involves the efforts of an organization to make sure data is kept secret or private. To accomplish
this, access to information must be controlled to prevent the unauthorized sharing of data—whether intentional or
accidental. For example, those who work with an organization’s finances should be able to access the spreadsheets,
bank accounts, and other information related to the flow of money. However, the vast majority of other employees—
and perhaps even certain executives—may not be granted access.
 Integrity Integrity involves making sure your data is trustworthy and free from tampering. The integrity of your data
is maintained only if the data is authentic, accurate, and reliable. For example, if your company provides information
about senior managers on your website, this information needs to have integrity. If it is inaccurate, those visiting the
website for information may feel your organization is not trustworthy.
 Availability: This means that the information is available to authorized users when it is needed.  for example, there
is a power outage and there is no disaster recovery system in place to help users regain access to critical systems,
availability will be compromised.
Information Security

 Information Security is basically the practice of preventing unauthorized access, use,

disclosure, disruption, modification, inspection, recording or destruction of information.
Information security ensures good data management. It involves the use of technologies,
protocols, systems and administrative measures to protect the confidentiality, integrity and
availability of information. Information is the most valuable asset of an organization, and
any breach can destroy its reputation and continuity.
 Need for Information Security
 1)      To prevent data breaches- A data breach resulting in the loss of critical business information is
quite common. Due to a large amount of data stored on company servers, businesses often become the
main target of cyber-criminals if the network is unprotected. The breaches involving business secrets,
confidential health information, and intellectual property can greatly impact the overall health of a
business.
 2)      To check for compromised credentials and broken authentication- Data breaches and other
cyber attacks are usually a result of lax authentication, weak passwords, and poor certificate or key
management. Companies often struggle with assigning permissions to appropriate users or
departments, resulting in identity theft.
 3)      To avoid account hijacking- Phishing, fraud, and software exploitations are still very common.
Companies relying on cloud services are especially at risk because they are an easy target for
cybercriminals, who can eavesdrop on activities, modify data and manipulate transactions. These third-
party applications can be used by attackers to launch other attacks as well.
 4)      To mitigate cyber threats from malicious insiders- An existing or former employee, a cunning
business partner, a system administrator or an intruder can destroy the whole information infrastructure
or manipulate data for their own purpose. Therefore, it is the responsibility of an organization to take
effective measures to control the encryption process and keys. Effective monitoring, logging, and
auditing activities are extremely important to keep everything under control.
Types of Information Security Controls

 There are three different types of information security controls used to protect data.
 Physical Control: Physical controls are the simplest form of information security. These are
the things that can actually be touch and seen, such as password-protected locks to avoid
unauthorized entry to a secure server room, alarm systems, fences and more.
 Administrative Control: These controls mainly involve manual efforts to ensure data
security. These include enforcing policies, standards, guidelines and following procedures to
ensure business continuity and data protection. Some of the examples of administrative
controls include disaster recovery plans, internet usage policies and termination procedures.
 Technical Control: These controls are considered the most effective of all because they
make use of the latest technologies and systems to limit access to information. Some of the
examples of technical controls include firewalls, anti-virus software, file permissions, access
control lists and cutting-edge data security technologies that are hard to penetrate.
Ethics in information security

 Ethics can be defined as a moral code by which a person lives. For corporations, ethics can
also include the framework you develop for what is or isn’t acceptable behavior within
your organization. 
 In computer security, cyber-ethics is what separates security personnel from the hackers.
It’s the knowledge of right and wrong, and the ability to adhere to ethical principles while
on the job. 
 Simply put, actions that are technically compliant may not be in the best interest of the
customer or the company, and security professionals need to be able to judge these matters
accordingly. 
Key principles in computer ethics

 The Association for Computing Machinery (ACM) has created a Code of Ethics and Professional
Conduct for those who work in computer systems. This code includes:
 1) General Ethical Principles: These ground rules detail honesty, respect for privacy issues and
intellectual property rights, and refrain from discrimination and other potential forms of harm. 
 2) Professional Responsibilities: This portion of the code refers to a professional’s responsibility to
the field by performing the work to the best of his or her ability and maintaining a high level of
competence. This category also mentions the increase of public awareness of their work and the
ability to accept review when needed. 
 3) Professional Leadership Principles: Computer science professionals are asked to work towards the
public good, improve working life for their colleagues, and encourage other members of the field to
learn and grow. 
 These principles are merely suggestions, but they provide a good starting place for discussing ethics
within the field.