Session-3.pdf

Full Transcript

Fundamentals of Information Systems Management 4H2MSI Fundamentals of Data Management including Information & data security, ethics and sustainability considerations Course Objectives & Roadmap 1 Fundamentals of Information Systems, including their composition and functions in organizations 2 Integrated Mgt. Systems & Software (ERP, CRM, SCM, etc.) are applied in organizations 3 Foundations of Data Management including data Security, Ethics and Sustainability considerations Today we are here! 4H2MSI: Fundamentals of Information Systems Management 3 4 Analysis and evaluation of Information Systems Acquisition and Deployment in Organizations Today’s Plan ▪ PART 1: Data; data management ▪ PART 2: Data storage; cloud computing ▪ PART 3: Information and data security ▪ PART 4: Ethical issues 4H2MSI: Fundamentals of Information Systems Management PART 1: Data; Data Management What is data? Data ▪ Raw facts ▪ Just number(s) and /or text ▪ Context is not always provided 4H2MSI: Fundamentals of Information Systems Management What is data? Data Symbols Text Numbers Images Videos Bits and Bytes Measurements Facts Observations 4H2MSI: Fundamentals of Information Systems Management Data are commonly understood to be the raw material produced by abstracting the world into categories, measures and other representational forms – numbers, characters, symbols, images, sounds, electromagnetic waves, bits – that constitute the building blocks from which information and knowledge are created. How is data different from information? Data ▪ Raw facts ▪ Just number and text ▪ Context is not always provided 4H2MSI: Fundamentals of Information Systems Management Information ▪ Data with context ▪ Processed data ▪ Value-added to data o Summarized o Organized o Analyzed What is data? Raw data Data Transformation Organizing - Regrouping - clustering Analyzing - Summarizing - Manipulating Contextualizing Information Properties of information – Intrinsic / Inherent § Intangibility & non-rivalrousness § Multiple re-uses § Marginal costs of reproduction - almost zero § Use/exploitation is capability-based Databases In a company, data is typically stored in relational databases. What is a database ? How about relational databases? How are they structured? Databases ▪ A database is a collection of information that is organized and stored digitally, so that it can be easily accessed, managed and updated. ▪ In companies, it's used to store and manage large amounts of data, such as customer information, sales records, or inventory data for example. ▪ There are many different types of databases, including relational databases, document databases, and key-value stores, each with their unique features and benefits. ▪ Here, we will focus on relational databases. Relational Databases A relational database is a data model based on storing data as an organized collection of interrelated tables containing data: ▪ Each database has tables in it, with rows (records) and columns (fields) ▪ Each table contains data that has a direct logic between each other ▪ Each table has a primary key that enables records in that table to be uniquely identified ▪ Tables are linked using the primary keys of other tables referred to as foreign keys. It is this linking of tables using related data that gives rise to the term “relational database”. Database Products Customers Orders Relational Databases Relational Databases: Table properties Relational Databases: Table Interface One example: A database from a company which: ▪ Has employees (listed in employees' table) ▪ Located somewhere (in offices' table) ▪ Sell products (listed in products' table) ▪ To customers (listed in customers' table) … ▪ Relational Databases: Schema Interface One example: A database from a company which: ▪ Has employees (listed in employees' table) ▪ Located somewhere (in offices' table) ▪ Sell products (listed in products' table) ▪ To customers (listed in customers' table) … ▪ Relational Databases..and of course, it could be much more complicated, such as this one PART 3: Data Storage & Cloud Computing Data Management To perform analytics, a clear data management model needs to be set up first Data management: The process of collecting, storing, organizing, and maintaining data in a secure manner to ensure its quality, accessibility, and usability for various purposes within an organization. A typical Data Management model CHANNELS - INTRANET / EXTRANET / WEB / MOBILES QUERIES ANALYSIS ANALYTICS RELIES ON DATA WAREHOUSE DATA LAKE Effective data management is essential for businesses to generate business intelligence => insights to make informed decisions => improve performance, competitiveness, etc. DATA MINING TOOLS SIMULATION DIFFUSION/ COMMUNICATION DATA STORAGE DATA MARTS EXTRACT, TRANSFORM, LOAD (ETL) DATA SOURCES & SUPPLY TOOLS EXTERNALLY INTERNALLY METHODS SUPPLY Data Management & Business Intelligence To perform analytics, a clear data management model needs to be set up first Data management: The process of collecting, storing, organizing, and maintaining data in a secure manner to ensure its quality, accessibility, and usability for various purposes within an organization. Effective data management is essential for businesses to generate business intelligence => insights to make informed decisions => improve performance, competitiveness, etc. The core of data management is to create business intelligence A typical business intelligence process Data Management: A Pipeline Model Analytics: Data Analytics ▪ Analytics – more specifically data analytics – are the processes of sifting through massive datasets to discover, interpret, and communicate significant patterns, insights and knowledge in data ▪ Analytics processes use data, information technology, statistical analysis, quantitative methods, mathematical or computer-based models to find meaningful patterns in data. The end goal is to help managers gain improved insight about their business operations and make better, fact-based decisions. Business Analytics, Methods, Models and Decisions, Evans, 2013 Big Data Computing: A Guide for Business and Technology Managers, V.Kale, 2016 Analytics: Business Analytics ▪ Business analytics – therefore refers to the application of analytics to business data. It focuses on generating insights that positively influence business decisions, courses of action, and performance. It “transforms data into action though analysis and insights”. ▪ Organizations may apply analytics to business data to describe past trends, diagnose problems, predict future course, and prescribe actions – all of which help to improve business performance. Business Analytics, Methods, Models and Decisions, Evans, 2013 Big Data Computing: A Guide for Business and Technology Managers, V.Kale, 2016 What is Business Intelligence? A technology perspective to BI from IBM § Business Intelligence (BI) are actionable insights that can enhance decision-making and provide organizations with competitive advantage over others. § Organizations create BI systems and BI processes to support the production of business intelligence. § The Business Intelligence Process is therefore an enterprise-wide organization of a suite of technologies for analyzing current and historical data, with the objective of improving strategic decision-making and providing a competitive advantage. Business intelligence (BI) appliction is software that ingests business data and presents it in user-friendly views such as reports, dashboards, charts and graphs. BI tools enable business users to access different types of data — historical and current, third-party and in-house, as well as semi-structured data and unstructured data like social media. Users can analyze this information to gain insights into how the business is performing. https://www.ibm.com/topics/business-intelligence Types of Data Analytics Descriptive analytics: § Answers the question: “What happened?” § The process and set of techniques used to analyze current and historical data to identify trends and relationships. § Can be used to to analyze and report on past and current performance § Basic statistical software, such as Microsoft Excel or data visualization tools, such as Tableau, PowerBI can help parse data, identify trends and relationships between variables. Diagnostic analytics: § Answers the question: “Why did this happen?” - used to determine the causes of trends and correlations between variables in a dataset. § It can be viewed as a logical next step after using descriptive analytics to identify trends. § Diagnostic analysis can be done manually, using an algorithm, or with statistical software. Types of Data Analytics Predictive analytics: § Answers the question: “What might happen in the future?” § - used to analyze data to predict future trends and events. It uses historical data to forecast potential scenarios that can help drive strategic decisions. § - can be conducted manually or using machine-learning algorithms. Either way, historical data is used to make assumptions about the future. § Regression analysis is often used to determine the relationship between variables Prescriptive analytics: § § § § Answers the question: “What should we do next?” - used to analyze data to determine an optimal course of action. Generates recommendations for next steps, valuable for data-driven decision-making. Probabilities, decision trees, machine-learning algorithms are often used to identify possible options and make recommendations on optimal choices for decision makers Business Analytics: Real-life tools § Be ready for learning new platforms / systems § Data cleaning, manipulation & data issue tracking § The right tool should effectively answer specific business needs PART 2: Data storage, cloud computing & sustainability Data Storage Physical Storage: on-premise; off-premise & cloud storage Sustainable computing 4H2MSI: Fundamentals of Information Systems Management Data Storage ▪ Methods and technologies used to store and retain digital information ▪ This can include traditional storage methods such as traditional hard disk drives (HHD) and solid-state drives (SSD) on local servers, as well as newer methods like cloud storage and blockchain storage. ▪ The type of data storage used will depend on the amount of data to be stored, the required access speed and the need for data security and redundancy. 4H2MSI: Fundamentals of Information Systems Management What is Cloud Storage? § A method of storing data on remote servers accessed over the internet, rather than on a local computer system or physical storage device. § Often, data is stored on servers that are owned and operated by a third-party, known as a Cloud Service Provider (CSP), and can be accessed from anywhere with an internet connection and access rights. § Cloud storage is often used as an alternative to traditional storage methods. Its benefits include scalability, accessibility, and cost-effectiveness. Source : https://www.thoughtworks.com/insights/articles/green-cloud Cloud storage can be divided into three main categories: Infrastructure as a service (IaaS), Platform as a service (PaaS), and Software as a service (SaaS). 4H2MSI: Fundamentals of Information Systems Management Types of Cloud Storage IaaS: PaaS: SaaS: Infrastructure as a Service Platform as a Service Software as a Service IaaS offers the basic infrastructure of cloud computing: servers with storage space and network connectivity. IaaS accounts for the largest share of the cloud services market. PaaS combines cloud infrastructure and platforms that help developers build their own applications. SaaS is the licensing and delivery of software supported by infrastructure, platforms and applications that are hosted by the cloud services provider. Often, end users only need access rights to log in and use the service 4H2MSI: Fundamentals of Information Systems Management Traditional & Cloud Storage Options 4H2MSI: Fundamentals of Information Systems Management Main Cloud Computing Companies 4H2MSI: Fundamentals of Information Systems Management PART 3: Information and Data Security Data & Information Systems Security 4H2MSI: Fundamentals of Information Systems Management Information Security (InfoSec) and IT security § Two distinct concepts: § InfoSec refers to the protection of data, no matter its form. This can refer to securing data stored electronically, as well as physical security measures such as locking filing cabinets or requiring access keys to enter an office § IT security refers to protecting data and other assets in technological systems (usually digital but also other electronic). It can be divided into two main areas, targeted malicious attacks and system disruptions: § Cybersecurity protects the organization from unauthorized access and malicious attacks designed to steal data and other sensitive information or block the access to the systems § General security: Protection from security issues that are non-malicious in nature, such as server failures, faulty hardware components or natural disasters 4H2MSI: Fundamentals of Information Systems Management Types of IT Security: Vocabulary Cybersecurity - the practice of protecting computer systems and networks from unauthorized access, use, disclosure, disruption, modification, or destruction § Endpoint security - to protect a network’s endpoints, such as desktops, laptops and mobile devices, from malicious activity § Cloud security - is the strategy and solutions that protect the cloud infrastructure, and any service or application hosted within the cloud environment, from cyber threats § Network security - to protect the network and critical infrastructure from cyberattacks and malicious activity. It includes measures designed to deny unauthorized access of resources and data § Application security - to reduce vulnerability at the application level to prevent data or code within the app from being stolen, leaked or compromised 4H2MSI: Fundamentals of Information Systems Management Common Cyber-attacks 4S1ISW: Introduction to Information Systems and Web Common Cyber-attacks § Malware (malicious software) is any program or code that is created with the intent to do harm to a computer, network or server (viruses, ransomware, keyloggers, trojans, worms and spyware) § Phishing is a type of cyberattack that uses email, SMS, phone or social media to entice a victim to share personal information — such as passwords or account numbers — or to install a malicious file 4H2MSI: Fundamentals of Information Systems Management Common Cyber-attacks § Distributed Denial-of-Service (DoS/DDoS) an attack that renders a service or a system (e.g., server, network resource, or even a specific transaction) unavailable by flooding the resource with requests. § Botnets - a network of compromised computers that are supervised by a command and control (C&C) channel. The person who operates the C&C infrastructure (hacker uses the bots, to launch attacks designed to crash a target’s network, inject malware, or or execute CPU-intensive tasks. 4H2MSI: Fundamentals of Information Systems Management Data Security: CIA Triad Availability Data and information is available when required. 4H2MSI: Fundamentals of Information Systems Management Confidentiality Ensures that data or information is only accessible to authorized people Integrity Assuring data or information can be trusted Data Security: Threats What data security threats do organisations face? 4H2MSI: Fundamentals of Information Systems Management Data Security: People Threats § Human Carelessness … with laptops, web sites, emails, password selection, office security, getting rid of old computers … § …also intentional malice – e.g. disgruntled employees § Physical access (including contractors, e.g. security or cleaning) § Social Engineering (e.g. impersonation, shoulder surfing, phishing, etc.) 4H2MSI: Fundamentals of Information Systems Management Data Security: Social Engineering e.g., Phishing Phishing: An attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords. 4H2MSI: Fundamentals of Information Systems Management Data Security: Social Engineering e.g., Phishing Phishing: An attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords. 4H2MSI: Fundamentals of Information Systems Management Data Security: Social Engineering e.g., Phishing Phishing: An attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords. 4H2MSI: Fundamentals of Information Systems Management Cybersecurity Costs Gartner Forecasted Worldwide Security and Risk Management Spending to Exceed $150 Billion in 2021 Market Segment 2020 2021 Growth (%) Application Security Cloud Security Data Security 3,333 3,738 12.2 595 841 41.2 2,981 3,505 17.5 Identity Access Management 12,036 13,917 15.6 Infrastructure Protection 20,462 23,903 16.8 Integrated Risk Management 4,859 5,473 12.6 Network Security Equipment 15,626 17,020 8.9 Other Information Security Software 2,306 2,527 9.6 Security Services 65,070 72,497 11.4 Consumer Security Software 6,507 6,990 7.4 133,776 150,409 Total Information Security & Risk Management End User Spending by Segment, 2020-2021 (Millions of U.S. Dollars) Source: Gartner (May 2021) 4H2MSI: Fundamentals of Information Systems Management PART 4: Ethical issues Information and Ethical Issues Ethics are: Principles that guide people on deciding/choosing what’s right and wrong to guide their behaviors. 4H2MSI: Fundamentals of Information Systems Management Ethical Frameworks § Utilitarian Approach: An ethical action is the one that provides the most good or does the least harm. § Rights Approach: An ethical action is the one that best protects and respects the moral rights of the affected parties. § Fairness Approach: Ethical actions treat all human beings equally, or, if unequally, then fairly, based on some defensible standard. For example, most people might believe it is fair to pay people higher salaries if they work harder or if they contribute a greater amount to the firm. § Common Good Approach: Respect and compassion for all others is the basis for ethical actions. § Virtue approach: The morality of an action is based on whether that action itself is right or wrong under a series of rules, rather than the consequences of that action. 4H2MSI: Fundamentals of Information Systems Management Ethics in Organizations Code of Ethics – this is used by organizations to provide employees with a guide to decide when faced with ethical issues Fundamental Tenets of Ethics Responsibility: means that you accept the consequences of your decisions and actions. Accountability: refers to determining who is responsible for actions that were taken. Liability: is a legal concept that gives individuals the right to recover the damages done to them by other individuals, organizations, or systems. What is Unethical is not necessarily Illegal 4H2MSI: Fundamentals of Information Systems Management Why do Information Systems raise ethical issues ? Examples of Ethical Questions: "Is it ever ethical for a government to censor or control the flow of information to its citizens? If so, under what circumstances? If not, why not?" "Should individuals have the right to complete online anonymity, or are there situations where revealing one's identity is an ethical obligation? What are the implications for privacy and accountability?" 4H2MSI: Fundamentals of Information Systems Management Why do Information Systems raise ethical issues ? Examples of Ethical Questions: "In the age of social media, where misinformation spreads rapidly, what ethical responsibilities do individuals and platforms have in curbing the spread of false information? How can these responsibilities be balanced with freedom of speech?" "When is it acceptable for companies to collect and use personal data for profit? What ethical guidelines should govern the collection and use of personal information in the digital age?" 4H2MSI: Fundamentals of Information Systems Management Information and Ethical Issues The 5 dimensions: ▪ Information privacy issues the right to determine when, and to what extent, information about you can be gathered and/or communicated to others. ▪ Information property rights involve the protection of valuable information products as intellectual property through individual ownership ▪ Information accuracy issues involve the authenticity, fidelity, and correctness of information that is collected and processed. ▪ Information accessibility issues revolve around who should have access to information and whether a fee should be paid for this access. 4H2MSI: Fundamentals of Information Systems Management Ethics: Information Rights Information rights: ▪ Most European and U.S. privacy laws include principles governing the collection and use of information ▪ They're based on mutuality interest between the organization(s) holding private information and the individuals concerned. For example, the European "General Data Protection Regulation" (GDPR): ▪ Require companies to inform people when they collect information about them and disclose how it will be stored and used ▪ Requires informed consent of customer ▪ EU member nations cannot transfer personal data to countries without similar privacy protection (e.g., U.S.) 4H2MSI: Fundamentals of Information Systems Management Ethics: Information Privacy Rights Court Decisions in Many Countries have followed two rules: ▪ The right of privacy is not absolute. ▪ Privacy must be balanced against the needs of society. ▪ The public’s right to know supersedes the individual’s right of privacy. 4H2MSI: Fundamentals of Information Systems Management Thank you for your attention!