Documentos de Académico
Documentos de Profesional
Documentos de Cultura
15.1 Introduction
In the earlier unit you have learnt about Database Management systems
which gave you full description of how DB functions. You have also leanrt
about advantages and disadvantages of DBMS. In the last unit you have
learnt about the designing of DBMS. You have learnt the basic concepts of
DBMS like data, information, entity, instance and attributes. In this unit you
wil learn about how to handle security issues and what are the ethical
challenges existing in MIS. Information systems operate in real world
situation or environments which are always changing and there are lots of
problems or pitfalls present inevitably. Information systems are vulnerable to
various threats and abuses. Some of these are memory, communication
links, terminals, etc. So like any other asset the resources of information
systems i.e. hardware, software and data, need to e protected preferable by
built in control to assure their quality and security. This is one of the reasons
to enforce control on management information systems.
Learning Objective:
After going through this unit, you will able to:
1. Explain control issues in management information systems
2. Describe administrative control
3. Explain the security hazards which is very damaging if not taken care of.
4. Explain ethics in business information system
Establish Actual
standard of Measure Vs Corrective
performance performance Standard Action
Corrective
Action
analysts and programmers are not allowed to files, which are maintained in
the library and the responsibility is given to DBA. Finally, a production
control system may monitor the progress of information processing, data
entry and the quality of input data.
Standard procedures are developed and maintained manually and built in
software help display so that every one knows what to do. It promotes
uniformity and minimize the chance of error and fraud. It should be kept up-
to-date so that correct processing of each activity is made possible.
Authorization requirements – the formal review must take place before
authorization is given on getting a request for some system development,
changes or system conversion. For example, if program change is done by
maintenance programmer, it should be approved by the affected
department’s manger as well as from the manager of programming and
manager of computer operation. Thus conversion to new hardware and
software, installation of newly developed information system, or change to
existing program is subject to a formal notification so that accuracy and
integrity of information processing operation can be maintained.
15.2.10 Physical Facility Control
Physical facility control is methods that protect physical facilities and their
contents from loss and destruction. Computer centers are prone to many
hazards such as accidents, thefts, fire, natural disasters, sabotage,
vandalization, unauthorized used, industrial espionage, destructions etc..
Therefore physical safeguards and various control procedures are required
to protect the hardware, software and vital data resources of computer using
organizations.
15.2.11 Physical Protection Control
Many type of controlling techniques such as one in which only authorized
personnel are allowed to access to the computer centre exist today. Such
techniques include identification badges of information services, electronic
door locks, security alarm, security policy, closed circuit TV and other
detection systems fire detection and extinguishing system., fire proof
storage vaults for the protection of files, emergency power systems,
humidity temperature and dust control etc., are installed to protect the
computer centre.
reduced. This can be done with the help of following methods – guard
and special escorts, sign-in/sign out, badges, closed circuit monitors,
paper shredders, one way emergency door and a combination of various
approach or control devices.
b) Physical location: Location of computer system is an important
consideration in security planning.
This can be achieved by having any one of them
1. Locating the computer centre at remote location that is distant from
airport, heavy traffic, and steam boiler.
2. The computer centre can be located in a separate building
3. The computer site should not contain any sign identified by an
outsider.
4. Power and communication lines are under ground. Air intake devices
should be duly fenced and placed very high.
5. Back up of the system is kept at a distant or places other than
computer centre.
c) Physical Protection: Additional protective measures should be
considered in the overall protection plan.
These items are
1. Dumps and devices
2. Emergency power (UPS) are maintained
3. Adequate and separate air conditioner, humidity control devices are
there to control environment.
4. The equipments in computer system are covered by plastic cover
when not in use.
5. Fire and smoke detectors are kept to protect against fire break
downs.
15.3.2 Procedural Security Techniques
Physical security deals with a number of hazards like fire, natural disaster,
etc. while procedural controls deals with access control only. Sometimes
procedural techniques take the help of physical techniques. Procedural
techniques comprises of the following ways:
a) Integrity – In the context of security the integrity means the assurance
that the system is functionally correct and complete. The absence of
If one can put these information sets together and analyse, it may reveal
personal data, and the behaviour traits of an individual. This information
then can be used proactively for relation building and business promotions.
Tools to monitor visits to website have become popular because of their
ability to track the visitors and their usage of website. Many websites ask
information about the visitors and visitor is volunteered to register the
information. But personal information can be collected without the
knowledge of the visitor using 'cookies.' The technology produces tiny files
deposited on computer hard disc known as 'cookies.' These cookies are
designed to collect the data about visitors and retain it for future guidance.
'Web bug' is another tool, which provides server capability to monitor the
behaviour of the visitor. Web bugs are tiny graphic files inserted in e-mail
messages and web pages, which monitor the visitor behaviour. These tiny
files identify the visitor, and keep track of pages visited and trans-nit this
information to website monitor computer.
To contain these practices, website owner provides facility on-site by
displaying boxes, which shows how the site would be using the information
and gives option to visitor to 'Opt-Out' or 'Opt-In.' When the visitor chooses
'Opt-Out' the permission to collect and use the information is accorded by
the visitor. If choice is 'Opt-In' then visitor has not given consent to collect
and use information.
It is also a practice in web community to declare on site organisation's
privacy policy for visitors’ review. 'Trustee' seals back such publication. This
seal is a stamp of confirmation that organisation has agreed to adhere to
established privacy principles of disclosure, choice, access and security.
Such publications are also known as Legal notice, disclaimer, and privacy
policy.
If a visitor wants self-generated technical solutions to safeguard privacy of
information, privacy protection tools are available. The presence of cookies
can be controlled using 'Cookie Crusher' tools, which come along with
browser. Similarly 'Blocking ads' tools control or block the ads, which pop up
based on visitor's interest. Encryption technology helps scramble message
or data so that nobody can read and understand.
15.6 Summary
After going through this unit student would have understood the control
issues in management information systems. They also learn about the ways
in which administrative department exercise control over systems. Students
would also know about the security hazards which is very damaging if not
taken care of and also the ethics in business.
Activity 1
15.8 Answers
7. True
8. False
9. True
10. True
11. False
12. False