home

=**UGANDA MANAGEMENT INS****TITUTE [UMI]** =

**INFORMATION AND COMMUNICATION TECHNOLOGY DEPARTMENT**
'We Empower People to Excel'

**Module:** MANAGEMENT INFORMATION SYSTEMS **Course:** DLTM **(Weekend UMI)** **Date:** 16 October – 5 November 2011 **Venue:** ROOM -47 (MAIN BUILDING –NEAR THE COMPUTER LABS **Time:** 08:30am – 4:30pm **Module Leader:** JENNIFER ROSE ADUWO

**16 October 2011** || Introduction to Database Management Microsoft Access - Basic Concepts **Jennifer Rose Aduwo** ||  || Creating Tables in Design View **Jennifer Rose Aduwo** ||  || Creating Forms using the wizard **Jennifer Rose Aduwo** || **22 October 2011** || <span style="font-family: Times New Roman,serif; font-size: 150%;">Creating Queries using the wizard
 * <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**Date/Time** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**08:30 – 10:30am** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**B** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**11:00am – 01:00pm** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**L** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**02:00-04:00pm** ||
 * <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**Sunday**
 * <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">Saturday

<span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**Jennifer Rose Aduwo** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**R** || <span style="font-family: Times New Roman,serif; font-size: 150%;">Creating Reports using the wizard <span style="font-family: Times New Roman,serif; font-size: 150%;">**Jennifer Rose Aduwo** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**U** || * <span style="font-family: Times New Roman,serif; font-size: 150%;">Creating a menu screen <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**Jennifer Rose Aduwo** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**23 October 2011** || * <span style="font-family: Times New Roman,serif; font-size: 150%;">Creating a Switchboard (Menu screen) <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**Jennifer Rose Aduwo** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**E** || <span style="font-family: Times New Roman,serif; font-size: 150%;">Revision <span style="font-family: Times New Roman,serif; font-size: 150%;">**Jennifer Rose Aduwo** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**N** || <span style="font-family: Times New Roman,serif; font-size: 150%;">**Ms –access Assessment Test** <span style="font-family: Times New Roman,serif; font-size: 150%;">**Jennifer Rose Aduwo** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**29 October 2011** || <span style="font-family: Times New Roman,serif; font-size: 150%;">Introduction to Information Systems
 * <span style="font-family: Times New Roman,serif; font-size: 150%;">Filtering and Sorting
 * <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**Sunday**
 * <span style="font-family: Times New Roman,serif; font-size: 150%;">Filtering and Sorting
 * <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**Saturday**

<span style="font-family: Times New Roman,serif; font-size: 150%;">**Walter Okello** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**A** || <span style="font-family: Times New Roman,serif; font-size: 150%;">System concepts <span style="font-family: Times New Roman,serif; font-size: 150%;">Types of information systems

<span style="font-family: Times New Roman,serif; font-size: 150%;">**Walter Okello** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**C** || <span style="font-family: Times New Roman,serif; font-size: 150%;">Information Systems Planning and Selection

<span style="font-family: Times New Roman,serif; font-size: 150%;">**Walter Okello** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**30 October 2011** || <span style="font-family: Times New Roman,serif; font-size: 150%;">Systems Development and Evaluation
 * <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**Sunday**

<span style="font-family: Times New Roman,serif; font-size: 150%;">**Walter Okello** ||  || <span style="font-family: Times New Roman,serif; font-size: 150%;">Systems Development and Evaluation

<span style="font-family: Times New Roman,serif; font-size: 150%;">**Walter Okello** ||  || <span style="font-family: Times New Roman,serif; font-size: 150%;">Implementing and Managing Systems (Hardware & Software & Data Resources)

<span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**Walter Okello** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**5 November 2011** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: justify;">Information Systems Security Management
 * <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**Saturday**

<span style="font-family: Times New Roman,serif; font-size: 150%;">**Kabugo David** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**K** || <span style="font-family: Times New Roman,serif; font-size: 150%;">Information Systems Security Management/Ethics and Social Issues in Information Systems

<span style="font-family: Times New Roman,serif; font-size: 150%;">**Kabugo David** || <span style="display: block; font-family: Times New Roman,serif; font-size: 150%; text-align: center;">**H** || <span style="font-family: Times New Roman,serif; font-size: 150%;">Ethics and Social Issues in Information Systems <span style="font-family: Times New Roman,serif; font-size: 150%;">End of Module evaluation <span style="font-family: Times New Roman,serif; font-size: 150%;">**Kabugo David** ||

<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">**Saturday 5 November 2011:**

**<span style="font-family: 'Arial Black',Gadget,sans-serif;">By Kabugo David ** <span style="display: block; font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%; text-align: center;">[PhD_Candidate, University of Cape Town], <span style="display: block; font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%; text-align: center;">[MSc.ICT University of Cape Town], <span style="display: block; font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%; text-align: center;">[M.Ed.ICT, Makerere University], <span style="display: block; font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%; text-align: center;">[PGD.ISD, U-Ghent Beligium], <span style="display: block; font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%; text-align: center;">[BA.Education, Makerere]

**<span style="font-family: 'Arial Black',Gadget,sans-serif;">Information Security **

<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">Information Security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.

<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">The risks to these assets can be calculated by analysis of the following issues:
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">//Threats to your assets//. These are unwanted events that could cause the deliberate or accidental loss, damage or misuse of the assets
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">//Vulnerabilities//. How susceptible your assets are to attack
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">//Impact//. The magnitude of the potential loss or the seriousness of the event.

<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">**Information Security Management System (ISMS)**: <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">An information security management system (ISMS) is a set of policies concerned with [|information security] management or [|IT related risks]. The idioms arose primarily out of [|ISO 27001].

<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">The governing principle behind an ISMS is that an organization should design, implement and maintain a coherent set of policies, processes and systems to manage risks to its [|information assets], thus ensuring acceptable levels of information security risk.

<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">As with all management processes, an ISMS must remain effective and efficient in the long term, adapting to changes in the internal organization and external environment. ISO/IEC 27001 therefore incorporates the typical "Plan-Do-Check-Act" ([|PDCA]), or Deming cycle, approach:
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">The **Plan** phase is about designing the ISMS, assessing information security risks and selecting appropriate controls.
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">The **Do** phase involves implementing and operating the controls.
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">The **Check** phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS.
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">In the **Act** phase, changes are made where necessary to bring the ISMS back to peak performance

Need for a ISMS
<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">Security experts say and statistics confirm that: <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">These facts inevitably lead to the conclusion that:
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">information technology security administrators should expect to devote approximately one-third of their time addressing technical aspects. The remaining two-thirds should be spent developing policies and procedures, performing security reviews and analyzing risk, addressing contingency planning and promoting security awareness;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">security depends on people more than on technology;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">employees are a far greater threat to information security than outsiders;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">security is like a chain. It is as strong as its weakest link;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">the degree of security depends on three factors: the risk you are willing to take, the functionality of the system and the costs you are prepared to pay;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">security is not a status or a snapshot but a running process.

<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">**The ISMS Framework**

<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">

<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">**Security administration is a management and NOT a purely technical issue**

<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">The establishment, maintenance and continuous update of an ISMS provide a strong indication that a company is using a systematic approach for the identification, assessment and management of information security risks. Furthermore such a company will be capable of successfully addressing information confidentiality, integrity and availability requirements which in turn have implications for:
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">business continuity;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">minimization of damages and losses;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">competitive edge;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">profitability and cash-flow;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">respected organization image;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">legal compliance

<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">Chief objective of Information Security Management is to implement the appropriate measurements in order to eliminate or minimize the impact that various security related [|threats] and [|vulnerabilities] might have on an organization. In doing so, Information Security Management will enable implementing the desirable qualitative characteristics of the services offered by the organization (i.e. availability of services, preservation of data confidentiality and integrity etc.)

<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">Large organizations or organizations such as banks and financial institutes, telecommunication operators, hospital and health institutes and public or governmental bodies have many reasons for addressing information security very seriously. Legal and regulatory requirements which aim at protecting sensitive or personal data as well as general public security requirements impel them to devote the utmost attention and priority to information security risks.

<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">Under these circumstances the development and implementation of a separate and independent management process namely an Information Security Management System is the one and only alternative.


 * 1) <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">Definition of Security Policy,
 * 2) <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">Definition of ISMS Scope,
 * 3) <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">Risk Assessment (as part of Risk Management),
 * 4) <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">Risk Management,
 * 5) <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">Selection of Appropriate [|Controls] and
 * 6) <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">Statement of Applicability

<span class="mw-headline" style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">Critical success factors for ISMS
<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">To be effective, the ISMS must:
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">have the continuous, unshakeable and visible support and commitment of the organization’s top management;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">be managed centrally, based on a common strategy and policy across the entire organization;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">be an integral part of the overall management of the organization related to and reflecting the organization’s approach to Risk Management, the control objectives and controls and the degree of assurance required;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">have security objectives and activities be based on business objectives and requirements and led by business management;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">undertake only necessary tasks and avoiding over-control and waste of valuable resources;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">fully comply with the organization philosophy and mindset by providing a system that instead of preventing people from doing what they are employed to do, it will enable them to do it in control and demonstrate their fulfilled accountabilities;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">be based on continuous training and awareness of staff and avoid the use of disciplinary measures and “police” or “military” practices;
 * <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">be a never ending process;

**ETHICS IN AN INFORMATION SOCIETY 1**

media type="custom" key="11156482"

**ETHICS AND SOCIAL ISSUES IN INFORMATION SYSTEMS 2**

media type="custom" key="11156876"

**ETHICS, SOCIAL MEDIA ISSUES AND INFORMATION SECURITY3**



<span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">**REFERENCES** <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">http://en.wikipedia.org/wiki/Information_security_management. Retrieved on 3/Nov/2011 <span style="font-family: 'Arial Black',Gadget,sans-serif; font-size: 150%;">http://www.slideshare.net/belsis/introduction-to-information-security. Retrieved on 3/Nov/2011