MIS chapter 5+6.pdf

Full Transcript

Chapter Five

The MIS Program Algorithms

1. Introduction
In the previous chapter (Chapter 4), we discussed two main types of programs
designed for Management Information Systems (MIS):

1. Ready-made programs or Off-the-shelf programs.

2. Programs built from scratch using a programming language.
This chapter concentrates on the latter type of MIS programs developed from the
ground up to fulfill specific requirements. In this context, we emphasize the
professional methods for constructing the optimal MIS program.

2. The Importance of Program Algorithms
When developing an optimal MIS program, avoiding immediate coding is crucial, a
common pitfall known as the "Rush to Code" problem. This approach often results
in error-prone and unprofessional programs that require extensive modifications,
leading to increased costs and time constraints.

Indeed, algorithms serve as a solution to this issue. They are typically presented in
structured formats such as pseudocode, flowcharts, or programming languages.
By providing a blueprint for writing code, algorithms enable developers to
implement solutions in diverse programming languages and environments.

Effective program algorithms are clear, concise, and efficient, leading to better code
readability, maintainability, and performance.

They are essential for software development as they guide developers in designing
solutions to complex problems and implementing them systematically and logically.

Furthermore, program algorithms help programmers in the following fields:

1. Clarity and Readability:

Program algorithms enable programmers to express algorithmic ideas clearly and
understandably.

2. Algorithm Design:

Before diving into coding, it's crucial to conceptualize and design algorithms
effectively. Program algorithms allow programmers to focus on the logic and flow
of their algorithms without being distracted by the syntactical nuances of a particular
programming language.

3) Portability and Flexibility:

Program algorithms can be easily translated into any programming language. This
flexibility allows programmers to explore different implementation strategies and
choose the most suitable language for their projects.

3. How to create Program Algorithms?
Creating program algorithms includes several steps to solve problems or perform
tasks effectively. The following is a simplified guide to creating program algorithms:

1) Understand the problem:

Begin by thoroughly understanding the issue you need to solve. Clearly define the
problem statement, inputs, and desired outputs.

2) Break Down the Problem:

Break down the problem into smaller, more manageable sub-problems or steps.
This process helps simplify complex problems and makes them easier to solve.

3) Design the Algorithm:

Determine the logical steps required to solve each sub-problem. Use techniques like
sequential execution, conditionals (if-else statements), loops (for, while), and
recursion as needed.

4) Choose an Algorithmic Approach:

Select an appropriate algorithmic approach. There are two main types of algorithmic
approaches, they are:
 A) Pseudocode: Pseudocode is a plain language description of the algorithm's
steps.
B) Flowchart: Flowcharts use graphical symbols to represent the algorithm's
flow.

3.1 Writing the Pseudocode Program Algorithms:
The Pseudocode algorithm is a simplified, informal language that describes the
coding process for solving a problem.

Pseudocode uses a simple way that is easy to understand and implement, unlike
actual programming languages. It includes the structure and sequential steps for the
coding.

Simple Example of Pseudocode
We need to write a program (code) to calculate a rectangle's area.

* Write the pseudocode for this problem before starting coding:

1- Input (Read) the rectangle length.
2- Input (Read) the rectangle width.
3- Area = Length * Width.
4- Print Area. (The Output)

3.2 Designing the Flowchart Program Algorithms:
Flowcharts are graphical representations of algorithms or processes, utilizing various
symbols and connectors to illustrate the flow of control within a program. They
provide a visual roadmap for understanding the logical sequence of operations,
making them an invaluable tool for understanding problems and easy to code.
The following are some of the main flowchart’s symbols:

Simple Example of Flowchart

We need to write a program (code) that calculates the summation of two numbers A
&B.

* Design the flowchart for this problem before starting coding:
Figure: The flowchart of the summation of two numbers A&B.
[https://www.visualparadigm.com/tutorials/flowchart-tutorial/]
 Simple Example of Flowchart

We need to write a program (code) that determines if the weather is (Above
Freezing), or if it is (Below Freezing), based on the temperature:

If it is less than 32 (F): The weather is Below Freezing.

If it equals or exceeds 32 (F): The weather is Above Freezing.

* Design the flowchart for this problem before starting coding:

Figure: The flowchart of the previous problem. [https://www.rff.com/flowchart_samples.php]
 Chapter Six
The Cybersecurity of MIS Programs

1. Introduction
In contemporary times, cybercrimes such as threats, hacking, and attacks have
emerged as significant challenges in the digital landscape. Management
Information Systems (MIS) play a pivotal role in various aspects of our digital
 existence, notably within the realm of business operations. Hence, the
implementation of robust security measures within MIS becomes imperative.

Without robust security protocols, MIS risks failing to fulfill its intended objectives,
thereby exposing organizations to potential financial losses and operational
disruptions. Consequently, it is crucial to identify and address key security concerns
to mitigate the challenges.

Therefore, what specific security considerations must be addressed to safeguard MIS
and other information systems against these formidable threats?

This chapter answers this question, presenting optimal solutions for the information
security challenges.

2. What is Cybersecurity?
Cybersecurity is the practice of protecting systems, networks, and programs from
digital threats & attacks which are typically aimed at accessing, changing, or
destroying sensitive information, extorting money from users, or interrupting normal
business processes.

Cybersecurity attacks have the following types:

1. Malware:

Malicious software designed to damage, disrupt, or gain unauthorized access
to computer systems.

2. Phishing:
 Fraudulent attempts to obtain sensitive information by pretending to be a
trustworthy entity in electronic communications.

3. Ransomware:

A type of malware that locks or encrypts a user's data, demanding a ransom
to restore access.

4. Man-in-the-Middle (MitM) Attacks:

Where attackers secretly intercept and relay messages between two parties.

5. Denial of Service (DoS) Attacks:

Overwhelming a system with traffic to make it unavailable to its intended
users.

6. SQL Injection:

Inserting malicious SQL code into a query to manipulate or access a database.

7. Zero-Day Exploits:

Attacks that occur on the same day a vulnerability is discovered and before a
fix is implemented.

3. Cybersecurity Strategies

For having MIS with a high level of cybersecurity, the following cybersecurity
strategies should be soundly done:

1. Risk Assessment: Identifying and prioritizing potential risks to the
organization’s information and systems.
 2. Security Policies: Establishing rules and procedures to protect an
organization's information assets.

3. Encryption: Using cryptographic techniques to protect data confidentiality
and integrity.

4. Regular Updates and Patch Management: Keeping software up to date to
protect against vulnerabilities.

5. Monitoring and Detection: Continuously monitoring systems for suspicious
activity and potential threats.

Now, we will highlight points (2) & (3) for practical clarifications.
3.1 The Security Policies:
In the environment of MIS, we should strongly pay attention to the following
actions as a part of the security policy:

A- Creating strong passwords.
B- Using up-to-date antiviruses.
C- Using the firewalls.

A) Creating strong passwords:

Creating strong passwords is a crucial aspect of MIS cybersecurity, the strong
passwords should have the following criteria:

1- Length: Password contains at least (8) characters. Longer passwords are
generally stronger.

2- Complexity: Password uses a mix of uppercase and lowercase letters, numbers,
and special characters.
3- Unpredictability: Avoid easily guessable information such as names, birthdays,
or common words.

In this approach, the password is difficult to be guessed or hacked.

Examples

No Password The Strong Level
1 mnM45o Rejected & weak, it has less
than (8) elements.

2 9oR5kMt@ Accepted
3 KoR@5r_4 Accepted & Strong
4 12345678 Rejected, it is a common
one.

3.1.a Checking the power of passwords online using an open-source tool

Nowadays, you can test & check online how secure the password is & what is the
expected time to guess or hack it.

Many online tools are available as open-source programs. The following is one of
them:
 Tool Name Password Monster
Tool URL https://www.passwordmonster.com/

The interface of the tool is as follows:
 Example (1)

1) Test the password: mnM45o

The Result

Analytics the Results

1) The password is weak.
2) The estimated time for guessing /tracking: is (10:31) minutes.
 Example (2)

Test the password: KoR@5r_4

The Result

Analytics the Results

1) The password is strong.
2) The estimated time for guessing /tracking: (4) months.

B) Using up-to-date antiviruses:

Antivirus software plays a fundamental role in protecting against a wide range of
cyber threats.
Antivirus software provides a necessary line of defense to protect personal and
organizational data. It helps ensure the security of sensitive information, maintains
system performance, and supports overall cybersecurity hygiene.

Regular updates and continuous improvements in detection technologies are
essential to keeping up with the evolving threat landscape, making antivirus software
a cornerstone of effective cybersecurity strategies.

Examples of Antivirus Software

1)Norton Antivirus:

Developed by Norton LifeLock, Norton Antivirus is known for its comprehensive
protection features, including real-time threat protection, and password manager.
It uses a combination of signature-based and heuristic-based detection methods.

2) McAfee Total Protection:

McAfee offers a suite of security features, including antivirus, and identity theft
protection. It employs machine learning and global threat intelligence to detect and
prevent malware.
3) Kaspersky Anti-Virus:

Kaspersky provides robust protection against a wide range of threats, using advanced
detection technologies and real-time scanning. It also offers features such as vulnerability
scanning and system cleanup tools.

4) Bitdefender Antivirus Plus:

Bitdefender is known for its high detection rates and minimal impact on system
performance. It includes features like multi-layer ransomware protection, antiphishing, and
secure online banking tools.

5) Windows Defender:

Built into Windows operating systems, Windows Defender provides essential antivirus
protection with real-time scanning and automatic updates. It integrates seamlessly with the
operating system, offering a user-friendly and efficient solution.

C) Using the firewalls:

The firewalls act as strong antivirus for individual PCs, servers as well as computer
networks. But in general, they are designed for servers & network systems.

Firewalls play a crucial role in safeguarding networks by monitoring and controlling traffic,
enforcing access policies, and preventing potential threats.

Their ability to provide robust protection makes them an indispensable part of any
comprehensive cybersecurity strategy.
Firewalls have two types:

1) Firewall as a software.
2) Firewall as hardware.

The firewall software: Is suitable for individual PCs, and servers and maybe for small
networks. While the hardware firewalls are designed for computer network systems,
particularly for large networks.

The Hardware firewalls: These are physical devices that are installed between a network
and the gateway. They protect all the devices on the network by filtering traffic entering
or leaving the network.

Examples of Software Firewalls

The Firewall Software The Best Use
Windows Defender Firewall 1- Servers.
2- Personal PCs.
Zone Alarm 1- Servers.
2- Personal PCs.
Norton Personal Firewall Proper for Personal PCs.
Examples of Hardware Firewalls

The Firewall Software The Best Use

1- Cisco ASA
2- Fortinet FortiGate Computer Network Systems
3- Palo Alto Networks

The Firewall Types

Software Fire wall Hardware Firewall

Suitable for Suitable for
1. Individual PCs Large Computer
Network Network Systems
2. Servers
3. May for
Small Networks

Figure 1: The Firewall Type
3.3 The Encryption

Encryption is a specific method within cryptography focused on converting plaintext into
ciphertext to ensure confidentiality, secure communication, and data protection.

Encryption is also named as (ciphering). The opposite process of encryption is decryption,
which is also called (deciphering).

Encryption involves two main processes:

 Encryption (Ciphering): The process of converting plaintext into ciphertext using
an algorithm and an encryption key.

 Decryption (Deciphering): The process of converting ciphertext back into plaintext
using a decryption key.

Figure 2: The Encryption & Decryption Processes. [https://techdifferences.com/differencebetween-
encryption-and-decryption.html]
There are two primary types of encryptions:

A) Symmetric Encryption: Uses the same key for

both encryption and decryption.

B) Asymmetric Encryption:

Uses a pair of keys—one public key for encryption and one private key for
decryption.

So, Asymmetric encryption is more complex & secure than symmetric.

Figure 3: Asymmetric & Symmetric Encryption.
 Examples of Symmetric Encryption Algorithms

The examples of algorithms and methods that are used for symmetric encryptions are:

A) Substitution Method.
B) Transposition Method.

Examples of Asymmetric Encryption Algorithms

The examples of algorithms and methods that are used for Asymmetric encryptions
are:

A) RSA Method.
B) Diffie-Hellman Method.

The next section presents application examples of symmetric encryption in both methods:
substitution and transposition algorithms.
4. Application Examples of Symmetric Encryption
This section presents application examples of symmetric encryption in both methods:

A) Substitution Algorithm.
B) Transposition Algorithm.

4.1 Application Example of Substitution Symmetric Algorithm
Substitution encryption is a method of encrypting a message by replacing each element of
the plaintext with another element.

This technique is used to obfuscate the original message and make it unreadable to
unauthorized parties.

Example: Caesar Cipher

We need to encrypt the message "HELLO", using a Caesar cipher with a shift of 3:

H -> K

E -> H

L -> O

L -> O

O -> R

So, "HELLO" becomes "KHOOR".
4.2 Application Example of Transposition Symmetric Algorithm
Transposition encryption is a method of hiding a message by rearranging the order of its letters. This
technique also is used to obfuscate the original message and make it unreadable to
unauthorized parties.

Example

We need to encrypt the message "Jerusalem", using a Transposition Symmetric
Algorithm with key: ORCAD:

1) Number the key letters according to alphabetical order starting from number
(1):

2) Write the message normally from left to right to be ordered as columns under
the numbers, as follows:

3) Read the columns one by one starting from number (1), as follows:
um re s ja el
So, the encrypted message (The Cipher Text) is: umresjael

4) To decrypt, reverse the steps using the same key and method to rearrange the
ciphertext back to its original plaintext form.