Managing Data, Ethics, and Security in Modern Information Systems

Information System Threats and Ethical Foundations

Threats to Information Systems

Threats to Information Systems can be divided into unintentional (non-deliberate) and deliberate threats:

• Unintentional Threats: These occur without malicious intent but still cause serious risks. Examples include human errors (carelessness with laptops, weak passwords, unsafe internet use, mishandling devices) and social engineering (manipulating employees into giving confidential information).
• Deliberate Threats: These are intentional attacks aimed at harming systems. Examples include:
  • Espionage and trespass (illegal access)
  • Information extortion
  • Sabotage and vandalism (defacing websites)
  • Theft of equipment or information
  • Identity theft
  • Software attacks (viruses, worms, phishing)
  • Alien software (adware, spyware)
  • Cyberterrorism
  • Intellectual property compromises

Four Widely Used Ethical Standards

Four widely used ethical standards are:

1. Utilitarian Approach: The ethical action is the one that produces the most good or causes the least harm.
2. Rights Approach: The ethical action is the one that best protects and respects the moral rights of all affected parties.
3. Fairness Approach: Ethical action should treat all human beings equally; if not equally, then fairly based on a defensible standard.
4. Common Good Approach: Emphasizes interlocking relationships in society and the need to maintain conditions that are beneficial to everyone.

Ethics and the General Ethical Framework

Ethics refers to principles of right and wrong that individuals use to guide their behavior and decision-making. The general ethical framework involves five steps:

1. Recognize the Issue: Identify if the situation involves a choice between right and wrong and consider legal aspects.
2. Get the Facts: Collect all relevant information and consult stakeholders.
3. Evaluate Alternative Actions: Assess options against ethical standards (utilitarian, rights, fairness, common good).
4. Make a Decision and Test It: Choose the option that best addresses the issue.
5. Act and Reflect: Implement the decision, evaluate its outcome, and learn from it.

The Fundamental Tenets of Ethics

The fundamental tenets of ethics in corporate environments are:

• Responsibility: Accepting the consequences of decisions and actions.
• Accountability: Identifying who is responsible for specific actions or decisions.
• Liability: A legal principle allowing individuals or organizations to recover damages caused by others.

These tenets ensure ethical responsibility, protect stakeholders, and enforce corporate accountability in MIS practices.

Code of Ethics

A Code of Ethics is a formal collection of principles that guide behavior and decision-making in an organization. It:

• Sets clear expectations for employees regarding ethical conduct.
• Promotes integrity, fairness, and responsibility in handling information.
• Helps resolve ethical dilemmas by providing reference standards.
• Builds trust among employees, customers, and stakeholders.

For example, companies use codes to regulate data privacy, software usage, and corporate responsibility.

Ethical Issues in Information Technology

Ethical issues in Information Technology fall into four categories:

1. Privacy Issues: Concerns about collection, storage, and dissemination of personal information.
2. Accuracy Issues: Ensuring correctness, authenticity, and reliability of data.
3. Property Issues: Ownership and value of information, including copyrights and patents.
4. Accessibility Issues: Determining who has access to information and whether access requires payment.

Each category directly affects trust, fairness, and security in MIS applications.

Privacy Protection and Security Controls

Privacy Fundamentals

Privacy is the right to be left alone and free from unreasonable intrusion. Information privacy is the right to control when, how, and to what extent personal data is shared.

Two Rules for Privacy

Privacy is not absolute; it must be balanced against the needs of society. The public’s right to know can override an individual’s right to privacy. Thus, privacy protection requires balance between personal rights and collective interests.

Major Threats to Privacy

Major threats to privacy include:

• Electronic Surveillance: Monitoring through CCTV, smartphones as sensors, facial recognition, and geotagging.
• Personal Information in Databases: Concerns about accuracy, access rights, security, data sharing, and update delays.
• Internet and Social Media: Blogs, forums, and social networking sites raise issues of misinformation, offensive content, and free speech versus privacy conflicts.
• Corporate Data Handling: Improper collection, use, or selling of personal information without consent.
• International Issues: Differences in privacy laws, trans-border data flows, and frameworks like U.S. Safe Harbor.

Together, these threats endanger individual freedom and trust in digital systems.

Electronic Surveillance

Electronic surveillance is one of the most serious threats to privacy. It involves constant monitoring of individual activities using emerging technologies:

• Smartphones act as sensors, tracking location and activities.
• Companies like Google and Facebook use facial recognition and tagging in photos.
• Governments and organizations conduct ACLU-reported surveillance, increasing intrusion into personal lives.

Although used for security, surveillance raises ethical concerns about misuse, lack of consent, and erosion of personal freedom. It highlights the tension between society’s need for security and the individual’s right to privacy.

Security Control Mechanisms

Organizations use several controls to protect information systems:

1. Physical Controls: Safeguards like locks, guards, alarms, and access restrictions.
2. Access Controls: Authentication (passwords, biometrics, tokens) and authorization (assigning rights/privileges).
3. Communication Controls: Firewalls, anti-malware systems, encryption, VPNs, whitelisting/blacklisting, TLS, and employee monitoring.
4. Business Continuity Planning: Ensures systems operate during and after disasters with recovery strategies.
5. Information Systems Auditing: Examines inputs, outputs, and processes to verify system integrity (internal/external audits).

Together, these controls minimize risks, ensure data security, and maintain business continuity.

Data Management, Big Data, and Knowledge Systems

Challenges in Data Management

Managing data is challenging because organizations face exponential growth of information. Data is often scattered across departments and generated from multiple sources such as internal systems, personal inputs, and external platforms like blogs and podcasts. Over time, data degrades due to errors, duplication, or corruption, while media issues cause data rot. Security, integrity, and compliance with changing legal requirements further complicate management. Inconsistencies and redundancy lead to inefficiency. Additionally, companies struggle with “data hoarding,” where unused data is stored unnecessarily, resulting in wasted storage and difficulty in retrieval.

Data Governance and Master Data Management (MDM)

Data governance is the enterprise-wide approach of managing information consistently to ensure quality, accuracy, and security. It relies heavily on Master Data Management (MDM), which ensures a “single version of truth” across business processes. Master data includes entities like customers, employees, or vendors, while transaction data captures specific activities, e.g., “Samsung TV sold by Bill Roberts.” A governance framework integrates these, ensuring synchronization across systems. For example, in a retail company, maintaining consistent customer details across sales, support, and billing prevents duplication and enhances decision-making.

Big Data Definition and Need

Big Data refers to vast, complex datasets that cannot be efficiently handled by traditional database systems. According to Gartner, it includes diverse, high-volume, high-velocity information requiring advanced processing for insights and decision-making. The need for Big Data arises because organizations must analyze massive information flows from transactions, sensors, and social media. It enables predictions, business trend analysis, fraud detection, and even monitoring disease outbreaks. Without Big Data tools, organizations would miss opportunities for deeper insights, competitive advantage, and innovation.

Big Data Characteristics (The Three Vs)

The key characteristics of Big Data are:

• Volume: Huge quantities of data generated from multiple sources like sensors, social media, and enterprise systems.
• Velocity: Speed at which data flows into organizations, e.g., real-time transaction or streaming video.
• Variety: Diversity of data formats, including structured data (databases), unstructured data (videos, images), and semi-structured (XML, JSON).

Together, these three Vs make traditional systems inadequate, requiring new technologies for processing and analysis.

Big Data Challenges

Big Data comes with challenges:

• Untrusted sources: Data may be external or poorly structured, lowering reliability.
• Dirty data: Incomplete, inaccurate, or duplicate records complicate analysis.
• Constant change: Data streams evolve rapidly, and quality may vary as collection conditions change.

These issues make it difficult to ensure accuracy and consistency, demanding cleansing, validation, and advanced management techniques before analysis.

Ways to Use Big Data in the Organization

Organizations can leverage Big Data in several ways:

• Creating transparency: Making relevant data available across departments for better decisions.
• Enabling experimentation: Testing strategies to discover needs and improve performance.
• Customer segmentation: Using analytics to personalize products and services.
• Decision automation: Supporting or replacing human judgment with algorithms.
• Innovation: Developing new products, services, and business models.
• Comprehensive analysis: Analyzing more data instead of relying only on samples.

Generic Data Warehouse Environment

A generic data warehouse environment includes:

• Source systems: Internal and external data sources.
• Data integration technology (ETL): Extracting, transforming, and loading data into the warehouse.
• Storage systems: Centralized repository for structured data.
• Metadata: Data about data ensuring context and understanding.
• Data quality measures: Ensuring accuracy and reliability.
• Governance: Policies ensuring compliance and management.
• Users: Business analysts, managers, and decision-makers accessing data.

Knowledge Definition and Types

Knowledge is contextual, relevant, and useful information that forms part of organizational memory. It represents intellectual capital or assets. Two types are:

• Explicit knowledge: Formal, structured, fact-based knowledge stored in documents, manuals, and databases.
• Tacit knowledge: Subjective, experience-based insights, skills, and intuition accumulated by individuals.

For example, a technical manual is explicit, while the problem-solving ability of an experienced engineer is tacit.

Knowledge Management System (KMS) Cycle

The Knowledge Management System (KMS) cycle has six steps:

1. Identify new knowledge: Discover new ways of doing things.
2. Capture knowledge: Represent valuable knowledge.
3. Store knowledge: Save in structured formats.
4. Share knowledge: Make it accessible anytime, anywhere.
5. Refine knowledge: Adapt according to changing contexts.
6. Review regularly: Ensure relevance and accuracy.

This cycle is continuous because knowledge evolves with organizational and environmental changes.

Decision Support and Business Intelligence

Decision Making Phases

Decision making has three phases:

1. Intelligence phase: Identifying and understanding the problem or opportunity.
2. Design phase: Developing possible alternatives and models.
3. Choice phase: Selecting the best solution among alternatives.

Managers repeat these phases as needed because decision-making is dynamic, iterative, and influenced by available information.

Multidimensional Analysis (OLAP)

Multidimensional analysis, often implemented through OLAP (Online Analytical Processing), enables examining data across multiple perspectives or dimensions, e.g., sales by product, region, and time simultaneously. It allows complex calculations, trend discovery, and scenario comparisons, supporting better strategic insights. This approach is superior to two-dimensional tabular data as it reveals deeper patterns and relationships.

Decision Support Systems (DSS) Purpose and Analysis Types

Decision Support Systems (DSS) help managers analyze complex, semi-structured, or unstructured problems. Their purpose is to improve the quality and speed of decision-making by using models and analytical tools. DSS provides:

• Sensitivity analysis: Studying how changes in inputs affect outputs.
• What-if analysis: Predicting outcomes of hypothetical scenarios.
• Goal-seeking analysis: Working backward from desired outcomes to find necessary inputs.

Dashboards

Dashboards provide real-time, user-friendly visualization of key performance indicators. Capabilities include:

• Easy access to timely information.
• Customizable views tailored for different users.
• Integration of data from multiple sources.
• Trend analysis and alerts for deviations.
• Drill-down features to explore data in detail.

Dashboards transform complex data into actionable insights, enhancing monitoring and strategic decision-making.

Information Systems and Organizational Strategy

Importance of Information Systems (IS)

Information Systems (IS) are essential in business because they help organizations manage data, improve decision-making, and enhance efficiency. Businesses operate in highly competitive environments where quick access to accurate information is critical. IS reduces costs, supports customer service, and increases productivity. For example, Amazon uses IS in its Enterprise Resource Planning (ERP) and Transaction Processing Systems (TPS) to manage inventory, process millions of daily transactions, and provide personalized recommendations. This enables Amazon to handle globalization, powerful customers, and technological pressures effectively.

Knowledge Workers and IS Support

Knowledge workers include financial analysts, lawyers, accountants, and consultants who rely on timely and accurate information for decision-making. Information Systems provide support through:

• Office Automation Systems (OAS): Help clerical and managerial staff with document management.
• Business Intelligence (BI) Systems: Support complex, non-routine decisions with analytical tools.
• Expert Systems (ES): Replicate the decision-making ability of human experts.
• Dashboards: Offer real-time performance indicators.

For instance, a financial analyst in a bank uses BI systems to analyze market data and predict investment trends, improving both speed and accuracy in decision-making.

Data, Information, and Knowledge Hierarchy

• Data: Raw facts, such as customer purchase records.
• Information: When organized, data becomes meaningful. For example, sales data sorted by region shows which areas are performing well.
• Knowledge: When information is combined with experience and analysis, it becomes knowledge. For instance, recognizing that a product sells better in festive seasons and using this insight for marketing strategy.

Thus, a supermarket can collect transaction data, convert it into sales reports (information), and then derive knowledge to stock more goods during peak demand.

Computer-Based Information System (CBIS) Components

A Computer-Based Information System (CBIS) is an information system that uses computer technology to perform some or all of its intended tasks. The six components are:

1. Hardware – physical devices like computers and servers.
2. Software – programs and applications used for processing.
3. Database – organized collection of data.
4. Network – communication systems for sharing data.
5. Procedures – methods for using the system effectively.
6. People – users who operate and benefit from the system.

Information Technology Impacts on Organizations

Information Technology impacts organizations in several ways:

• Impacts entire industries: Transforming sectors like banking, healthcare, and retail.
• Reduces middle managers: IT enables one manager to supervise more employees through dashboards and remote tools.
• Changes manager’s job: Real-time decision-making increases stress but improves efficiency.
• Impacts employees’ health: Repetitive strain injuries and carpal tunnel syndrome are common, but ergonomics can reduce risks.
• Provides opportunities for disabled people: Adaptive technologies increase inclusivity.

Thus, IT reshapes organizational structure, employee roles, and industry competitiveness.

IT Strategies to Counter Competitive Forces

Organizations use IT to counter competitive forces through five main strategies:

1. Cost Leadership: Reducing costs to offer lower prices (e.g., Walmart using IS for supply chain).
2. Differentiation: Offering unique products or services.
3. Innovation: Introducing new products or services (e.g., Apple’s ecosystem).
4. Operational Effectiveness: Improving internal processes for efficiency.
5. Customer Orientation: Focusing on customer satisfaction and loyalty.

These strategies help firms increase market share, profitability, and sustainability.

Business-IT Alignment

Business–IT alignment is the integration of IT with business strategy, mission, and goals. It ensures that IT investments directly contribute to business success. Characteristics of excellent alignment include:

• Viewing IT as an engine of innovation.
• Prioritizing customer service.
• Rotating business and IT professionals across roles.
• Having clear goals shared across the organization.
• Ensuring IT staff understand business processes.
• Building an inclusive and vibrant culture.

When alignment is strong, companies achieve better efficiency, innovation, and competitive advantage.