MIS Short Notes for exam

Module 03

Ethical Issues and Privacy
Ethical issues in Information Systems (IS) revolve around how data is collected, used, and shared. These issues often intersect with privacy concerns, as organizations must balance the need for data with respecting individuals’ rights.

• Data Privacy: Concerns the protection of personal information from unauthorized access and misuse. Privacy laws, like the GDPR (General Data Protection Regulation) in Europe, require organizations to handle personal data responsibly.
• Informed Consent: Users should be informed about how their data will be used and must consent to its collection. Ethical concerns arise when organizations collect data without clear consent or use it in ways that were not disclosed.
• Data Ownership: Who owns the data collected by organizations? Ethical dilemmas arise over the use of customer data, especially when it’s sold or shared with third parties.
• Surveillance: Excessive monitoring of employees, customers, or citizens can infringe on privacy rights. Ethical considerations include balancing security needs with individual freedoms.
• Digital Divide: The gap between those who have access to digital technologies and those who do not. Ethical concerns include ensuring equitable access to information and technology.

2. Information Security
Information Security involves protecting information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. It aims to ensure:

• Confidentiality: Ensuring that sensitive information is accessed only by authorized individuals.
• Integrity: Protecting information from being altered or tampered with.
• Availability: Ensuring that information is accessible to authorized users when needed.

Key components of information security include:

• Authentication: Verifying the identity of users before granting access to systems or data.
• Encryption: Encoding data to protect it from unauthorized access.
• Firewalls: Systems that control incoming and outgoing network traffic based on security rules.
• Intrusion Detection Systems (IDS): Tools that monitor networks or systems for suspicious activity or policy violations.

3. Threats to Information Systems (IS), and Security Controls
Information Systems face various threats that can compromise their security:

• Malware: Malicious software like viruses, worms, trojans, and ransomware that can damage or disrupt systems.
• Phishing: Fraudulent attempts to obtain sensitive information by pretending to be a trustworthy entity.
• Social Engineering: Manipulating individuals into divulging confidential information or performing actions that compromise security.
• Insider Threats: Risks posed by employees or other trusted individuals who misuse their access to harm the organization.
• Denial of Service (DoS) Attacks: Overloading a system with traffic to make it unavailable to users.

Security Controls are measures implemented to protect information systems from threats:

• Preventive Controls: Measures like firewalls, encryption, and access controls that prevent security incidents.
• Detective Controls: Systems like IDS and security audits that identify and report security breaches.
• Corrective Controls: Actions taken to repair damage or restore systems after a security incident, such as data backups and disaster recovery plans.
• Administrative Controls: Policies, procedures, and training that govern the secure use of information systems.