As I stated earlier, I spend the first day of my information systems class discussing exactly what the term means. Many students understand that an information system has something to do with databases or spreadsheets. Others mention computers and e-commerce. And they are all right, at least in part: information systems are made up of different components that work together to provide value to an organization.
The first way I describe information systems to students is to tell them that they are made up of five components: hardware, software, data, people, and process. The first three, fitting under the category technology , are generally what most students think of when asked to define information systems. But the last two, people and process, are really what separate the idea of information systems from more technical fields, such as computer science. In order to fully understand information systems, students must understand how all of these components work together to bring value to an organization.
Technology can be thought of as the application of scientific knowledge for practical purposes. From the invention of the wheel to the harnessing of electricity for artificial lighting, technology is a part of our lives in so many ways that we tend to take it for granted. As discussed before, the first three components of information systems – hardware, software, and data – all fall under the category of technology. Each of these will get its own chapter and a much lengthier discussion, but we will take a moment here to introduce them so we can get a full understanding of what an information system is.
Information systems hardware is the part of an information system you can touch – the physical components of the technology. Computers, keyboards, disk drives, iPads, and flash drives are all examples of information systems hardware. We will spend some time going over these components and how they all work together in chapter 2.
Software is a set of instructions that tells the hardware what to do. Software is not tangible – it cannot be touched. When programmers create software programs, what they are really doing is simply typing out lists of instructions that tell the hardware what to do. There are several categories of software, with the two main categories being operating-system software, which makes the hardware usable, and application software, which does something useful. Examples of operating systems include Microsoft Windows on a personal computer and Google’s Android on a mobile phone. Examples of application software are Microsoft Excel and Angry Birds. Software will be explored more thoroughly in chapter 3.
The third component is data. You can think of data as a collection of facts. For example, your street address, the city you live in, and your phone number are all pieces of data. Like software, data is also intangible. By themselves, pieces of data are not really very useful. But aggregated, indexed, and organized together into a database, data can become a powerful tool for businesses. In fact, all of the definitions presented at the beginning of this chapter focused on how information systems manage data. Organizations collect all kinds of data and use it to make decisions. These decisions can then be analyzed as to their effectiveness and the organization can be improved. Chapter 4 will focus on data and databases, and their uses in organizations.
Besides the components of hardware, software, and data, which have long been considered the core technology of information systems, it has been suggested that one other component should be added: communication. An information system can exist without the ability to communicate – the first personal computers were stand-alone machines that did not access the Internet. However, in today’s hyper-connected world, it is an extremely rare computer that does not connect to another device or to a network. Technically, the networking communication component is made up of hardware and software, but it is such a core feature of today’s information systems that it has become its own category. We will be covering networking in chapter 5.
When thinking about information systems, it is easy to get focused on the technology components and forget that we must look beyond these tools to fully understand how they integrate into an organization. A focus on the people involved in information systems is the next step. From the front-line help-desk workers, to systems analysts, to programmers, all the way up to the chief information officer (CIO), the people involved with information systems are an essential element that must not be overlooked. The people component will be covered in chapter 9.
The last component of information systems is process. A process is a series of steps undertaken to achieve a desired outcome or goal. Information systems are becoming more and more integrated with organizational processes, bringing more productivity and better control to those processes. But simply automating activities using technology is not enough – businesses looking to effectively utilize information systems do more. Using technology to manage and improve processes, both within a company and externally with suppliers and customers, is the ultimate goal. Technology buzzwords such as “business process reengineering,” “business process management,” and “enterprise resource planning” all have to do with the continued improvement of these business procedures and the integration of technology with them. Businesses hoping to gain an advantage over their competitors are highly focused on this component of information systems. We will discuss processes in chapter 8.
Data and information protection comprise the third and most important pillar of a sound cyber security strategy. It is crucial to consider the ‘CIA triad’ when considering how to protect our data.
The three-pillar approach to cyber securityThis is the third and final article in a series addressing the three-pillar approach to cyber security. The first two pillars are ‘people’ and ‘process’, The last pillar is ‘data and information’.
Data and information protection is the most technical and tangible of the three pillars. The data we gather comes from multiple sources, such as information technology (IT), operational technology (OT), personal data and operational data. It must be properly managed and protected every step of the way.
When we discuss data and information, we must consider the CIA triad. The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security.
The three components of the CIA triad are discussed below:
Availability is a major challenge in collaborative environments, as such environments must be stable and continually maintained. Such systems must also allow users to access required information with little waiting time. Redundant systems may be in place to offer a high level of fail-over. The concept of availability can also refer to the usability of a system.
Information security refers to the preservation of integrity and secrecy when information is stored or transmitted. Information security breaches occur when information is accessed by unauthorized individuals or parties. Breaches may be the result of the actions of hackers, intelligence agencies, criminals, competitors, employees or others. In addition, individuals who value and wish to preserve their privacy are interested in information security.
The CIA triad describes three crucial components of data and information protection which can be used as guides for establishing the security policies in an organization. Establishing and maintaining the organization’s security policies can be a daunting task, but using the three-pillared strategic approach to cyber security can help you identify and manage cyber security risks in a methodic and comprehensive manner.
Previous: Can steel be gold colored?
Comments
Please Join Us to post.
0