1.Critically Discuss on
why organizations are heavily reliant on information systems.
(Kenneth C. Laudon,
systems and technologies are transforming the global environment and
governments sector spending on information systems hardware, software and
telecommunications equipment. Today information system is modeling business
processes on organization. A business process describes the flow of work within
an organization. It is managed and supported by an information system.
Information technology and organizations influence each other. Relationship
influenced by organization’s Structure, Business processes, Politics, Culture,
Environment, Management decisions.
Simon, March and Cyert, Galbraith
proposes the theory: That an organization processes information in order to
reduce task uncertainty, defined as the difference between the amount of
information required to perform the task and the amount of information already
possessed by the organization. Organization structures must then be designed so
that they have the information processing capability required to perform the
task to the desired level of performance.
(Vivek Vyas1, ISSN 0974-2239 Volume 4, Number 17 (2014), pp. 1903-1908) Provide a
theoretical framework for analyzing the information needs of an organization,
the processes by which information is acquired and utilized, and the purposes
which underlie the use of information. Information processing approach to
organizational analysis seeks to understand and predict how organizations
perceive stimuli, interpret them, store, retrieve, and transmit information,
generate judgments, and solve problems.
Systems so essential today for conducting day-to-day business in most advanced
countries as well as achieving strategic business objectives. Information mean
is data, are produce the information that organization need to make decisions,
control operations, analyze problems and create new products or service.
Information system consist of the following components will formulate system for making
decision in various levels of management. Information Systems need to contain
following process –
Data – Input that the system takes to
Hardware – Computer itself and its
peripheral equipment: input, output, storage devices; includes data
Software – Sets of instructions that
tell the computer how to input, process, output and store data
Communication networks – Hardware and
software specializing in transmission and reception of electronic data
People – IS professionals and users who
design, construct, operate and maintain IS
Procedures – Rules to process data, e.g.
priorities in running different applications, security measures, routines for malfunctioning
Strategic approach to
determining information needs is Critical Success Factor, Value Chain Analysis
and Forces Model. Critical success factor (CSF) is the term for an element that
is necessary for an organization or project to achieve its mission. It is a
critical factor or activity required for ensuring the success of a Management
Information System. Information Needs of Organization CSFs include issues vital
to an organization’s current operating activities and to its future success.
((Online), Vol 1, No.2, 2011) Through the MIS, the
information can be used as a strategic weapon to counter threats to business,
make business more competitive, and bring about the organizational transformation
through integration. The basic concept and structure of MIS. Various types of
information management systems such as Transactional Processing System,
Management Reporting System, Decision Support System and Executive Support
System involve in designing and developing of an effective MIS in an
organization. Describe the economic impact of MIS in an organization. MIS is a
management tool to help company management make informed decision for their
business based on information gathered from all business departments. A good
MIS also makes an organization seamless by removing all the communication
2.Outline the various types of security
threats to any information system of an organization.
(Mouna Jouinia, (ANT-2014) ) Information systems
are frequently exposed to various types of threats, different types of damages,
financial losses, security damages, information system destruction.
Organization need to protect firewall system for security threat. Today
challenge in the world security threat to any information system of an
Trojan. Trojan horse is software program, one of the most
complicated threats among all. Trojan horse is based on the huge wooden horse
their Greeks used to trick the Trojans in to opening the gates to their
fortified city during the Trojan War. Most of the popular banking threats come
from the Trojan family such as Zeus. It is often used to steal login important
banking data to compromise your bank account. As a result, a Trojan can cause
many types of damage starting from your own computer to your online account.
SQL Injection attacks . SQL injection attacks have become a major malware
threat. It is more towards infecting a website which is vulnerable to this
attack. What it does is it will gain unauthorized access to the database and
the attacker can retrieve all the valuable information stored in the database.
Malware known as ransomware is proliferating on both desktop and mobile
devices. Ransomware tries to extort money from used by taking control of their
computers or displaying annoying pop-up message.
Spy Ware. It is a
malicious software. These Small programs install themselves surreptitiously on
computers to monitor user web-surfing activity and serve up advertising.
that keeps a record of every keystroke you made on your keyboard. Keylogger is
a very powerful threat to steal people’s login credential such as username and
password. It is also usually a sub-function of a powerful Trojan.
Hacker. Hacker is
an individual who intends to gain unauthorized access to a computer system.
Within the hacking community, the term cracker is typically used to denote a
hacker with criminal intent, although in the public press, the terms hacker and
cracker are used interchangeably.
Spoofing may also
involve redirecting a web link to an address different from the intended one,
with the site masquerading as the intended destination.
Sniffer is a type
of eavesdropping program that monitors information traveling over a network.
When used legitimately, sniffers help identify potential network trouble spots
or criminal activity one networks.
DDoS. One of the most famous thing done by Anonymous, which
is to send millions of traffic to a single server to cause the system to down
with certain security feature disable so that they can do their data stealing.
This kind of trick which is to send a lot of traffic to a machine is known as
Distributed Denial of Service, also known as DDoS.
Botnet. Hacker crate these botnet is something which is
installed by a BotMaster to take control of all the computer bots malware
infection. It mostly infects enough computers, they can use the amassed
resources of the botnet to launch DDoS attacks, phishing campaings, or
unsolicited spam e-mail.
Phishing. A fake website which is designed to look almost like
the actual website is a form of phishing attack. The idea of this attack is to
trick the user into entering their username and password into the fake login
form which serves the purpose of stealing the identity of the victim. In a more
targeted form of phishing called spear phishing, message appear to come from a
trusted source, such as an individual within the recipient’s own company or a
Pharming. Pharming works more or less like phishing but it is a
little tricky here. The other type of pharming is to edit your HOST file where
even if you typed www.google.com on your web browser, it will still redirect
you to another site.
3. Examine the impacts of
ransomware on business organizations.
4. Prepare a prevention and risk
mitigation plan to organization so that the organization are well prepared for
the development of Information and Communication Technologies and increasing
accessibility to the Internet, organizations become vulnerable to various types
of threats. In fact, their information becomes exposed to cyber attacks and
their resulting damages. Threats come from different sources, like employees’
activities or hacker’s attacks. The financial losses caused by security breaches
usually cannot precisely be detected, because a significant number of losses
come from smaller-scale security incidents, caused an underestimation of information
system security risk. Thus, managers need to know threats that influence their
assets and identify their impact to determine what they need to do to prevent
attacks by selecting appropriate countermeasures. Vulnerabilities consist of
weaknesses in a system which can be exploited by the attackers that may lead to
dangerous impact. When vulnerabilities exist in a system, a threat may be
manifested via a threat agent using a particular penetration technique to cause
undesired effects. The financial threat loss to organizations could be
significant. To find these threats, threats sources and specific areas of the
system that may be affected should be known, so the information security assets
can be protected in advance. Thus, effective security classification is necessary
to understand and identify threats and their potential impacts. In fact,
security threats can be observed and classified in different ways by
considering different criteria like source, agents, and motivations. Threats
classification helps identify and organize security threats into classes to
assess and evaluate their impacts, and develop strategies to prevent, or
mitigate the impacts of threats on the system..
Threats to Information Security
Modern technology and society’s
constant connection to the Internet allows more creativity in business than
ever before – including the black market. Cybercriminals are carefully
discovering new ways to tap the most sensitive networks in the world.
Protecting business data is a growing challenge but awareness is the first
step. Here are the top 10 threats to information security today:
Technology with Weak Security –
New technology is being released every day. More times than not, new gadgets
have some form of Internet access but no plan for security. This presents a
very serious risk – each unsecured connection means vulnerability. The rapid
development of technology is a testament to innovators, however security lags
Social Media Attacks –
Cybercriminals are leveraging social media as a medium to distribute a complex
geographical attack called “water holing”.
The attackers identify and infect a cluster of websites they believe members of
the targeted organization will visit2.
Mobile Malware – Security
experts have seen risk in mobile device security since the early stages of
their connectivity to the Internet. The minimal mobile foul play among the long
list of recent attacks has users far less concerned than they should be.
Considering our culture’s unbreakable reliance on cell phones and how little
cybercriminals have targeted them, it creates a catastrophic threat.
Third-party Entry –
Cybercriminals prefer the path of least resistance. Target is the poster child
of a major network attack through third-party entry points. The global
retailer’s HVAC vendor was the unfortunate contractor whose credentials were
stolen and used to steal financial data sets for 70 million customers.
Neglecting Proper Configuration –
Big data tools come with the ability to be customized to fit an organization’s
needs. Companies continue to neglect the importance of properly configuring
security settings. The New York Times recently fell victim to a data breach as
a result of enabling only one of the several critical functionalities needed to
fully protect the organization’s information.
Outdated Security Software –
Updating security software is a basic technology management practice and a
mandatory step to protecting big data. Software is developed to defend against
known threats. That means any new malicious code that hits an outdated version
of security software will go undetected.
Social Engineering –
Cybercriminals know intrusion techniques have a shelf life. They have turned to
reliable non-technical methods like social engineering, which rely on social
interaction and psychological manipulation to gain access to confidential data.
This form of intrusion is unpredictable and effective.
Lack of Encryption –
Protecting sensitive business data in transit and at rest is a measure few
industries have yet to embrace, despite its effectiveness. The health care
industry handles extremely sensitive data and understands the gravity of losing
it – which is why HIPAA compliance requires every computer to be encrypted.
Corporate Data on Personal Devices –
Whether an organization distributes corporate phones or not, confidential data
is still being accessed on personal devices. Mobile management tools exist to
limit functionality but securing the loopholes has not made it to the priority
list for many organizations.
Inadequate Security Technology –
Investing in software that monitors the security of a network has become a
growing trend in the enterprise space after 2014’s painful rip of data
breaches. The software is designed to send alerts when intrusion attempts
occur, however the alerts are only valuable if someone is available to address
them. Companies are relying too heavily on technology to fully protect against attack
when it is meant to be a managed tool.