1. energy, raw materials telecommunications, and logistics, have identified

1.                 
Why organizations are heavily reliant on
information systems.

Information technology and
organizations stimulus each other depend on organization’s structure, business
processes, politics, culture, environment and management decisions. There is no
ex-ante, readily calculable return on investment for IT security like
homeowner’s insurance or a car with extra air bags, it is money spent today to
relieve the risk and potential cost and impact of events that never emerge.
Thus, IT security should be viewed as a necessary cost of doing business. In
the work on IT and information security with companies in a wide range of
industries, including banking, insurance, defense, aerospace, industrial goods,
energy, raw materials telecommunications, and logistics, have identified a
number of other actions that executives can take to improve the companies’
chances of success. To rival and success in global market, information
technology is important in competitive environment. (Kenneth C. Laudon, Jane P. Laudon, 2018), global investment
in information technology has expanded by 30 percent in the period 2005 to
2015. IT investment now accounts for an estimated 20 percent of all capital
investment. Information systems are
transforming business as mobile digital platform, systems used to improve
customer experience, respond to customer demand, reduce inventories, growing
online newspaper readership, expanding e-commerce and internet advertising, new
federal security and accounting laws. Firms contribute heavily in information
systems to get six strategic business objectives. There are operational
excellence, new products, services, and business models, customer and supplier
intimacy, improved decision making, competitive advantage and survival. IT
platform can lead to changes in business objectives and strategies. Businesses
rely on information systems to help them achieve their goals and to attain
higher profitability. Information systems improved decision making from
accurate information. To achieve the greater efficiency and productivity, the
tool of information technology is an important. IS support organization to
achieve competitive advantage as delivering better performance, charging less
for superior products, responding to customers and suppliers in real time
(Examples: Apple, Walmart, UPS).

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Competitiveness was very often
increased because of great cost savings and better service to clients.
Communication and inter organizational systems seemed to be very important in
this respect. Now a day, organizations are in the rival for improving
their capability in order to survive in the global market. To make effective
and timely decisions that best achieves their organization goals more easy to
get from using the appropriate information of internal and external sources. (Karim, 2011).

(Karim, 2011),
stated
that “information is an arrangement of people, data, process, and information
technology that interact to collect, process, store and provide as output the
information needed to support an organization,” “If the relevant
information required in a decision-making process or an organization planning
is not available at the appropriate time, then there is a good change to be a
poor organization planning and priority of needs, inappropriate decision-making
and defective programming”, (Adebayo, 2007).

In postindustrial organizations, authority
progressively relies on knowledge and competence rather than formal positions with
sufficient information technology. Because of the difficulty to sustain
competitive advantage, organization needs to be continuous innovation. In order
to stay ahead system performing strategic may become tools for survival and
firm value chains.

2.                 
Outline
the various types of security threats to any information systems.

Internet is becoming the domain
platform for life in the 21st century. Organization face related situation
and must struggle with their specific probable threats. Most of the businesses
make risk identification, assessment, and mitigation a high priority. There is
a specific type of threat today for which many companies. Information security is a serious
problem for individuals and organizations because it indications to unlimited
financial losses. Information systems are exposed to different types of
security risks. The type of damage caused by security threats are different as
database integrity security breaches, physical destruction of entire
information systems facility caused by fire, flood, etc. The sources of those
threats can be unwanted activities of reliable employees, hacker’s attack,
accidental mistakes in data entry, etc. Information systems are vulnerable
because of the accessibility of networks can breakdowns hardware problems,
unauthorized changes and programming errors software problems, disasters, use
of networks outside of firm’s control, and loss of portable devices (Kenneth C. Laudon, Jane P. Laudon, 2018). Risks come from easily
by using network open to anyone, size of internet mean abuses can have wide
impact, use of fixed internet address with cable and DSL moderns creates fixed
targets for hackers, unencrypted VOIP, interception and attachments with
malicious software from email. Security is breached easily from radio frequency bands easy to scan,
using service set identifiers, identify access points, broadcast multiple
times, can be identified by sniffer programs, war driving, eavesdroppers drive
by buildings and gain access to network and resources.

Malware
(malicious software) as viruses and worms can operate on their own without
attaching to other computer program files and can spread much more rapidly than
computer viruses. Worms
and viruses spread by drive-by download and destroy data and programs. Malware
that comes with a downloaded file that a user intentionally or unintentionally
requests by E-mail, IM attachments, hackers, request malicious files without
user intervention, delete files, transmit files, install programs running in
the background to monitor user action, & potentially convert the smartphone
into a robot in a botnet to send e-mail & text messages to anyone, mobile
device malware and social network malware.

Hackers &
crackers make intentional disruption, damage of website or information system gain
unauthorized access by finding weaknesses computer systems. Hackers flood a network server or
Web server with many thousands of false communications for spoofing for redirecting
a Web link to an address different from the intended one. It’s very damaging
and difficult to detect. An extremely serious threat because
they can be used to launch very large attacks using many different techniques.
Computers as targets of crime for breaching the confidentiality of protected
computerized data and computer may be instrument of crime theft of trade
secrets or unauthorized copying of software or copyrighted intellectual
property, such as articles, books, music, and video, schemes to defraud, using
e-mail for threats or harassment intentionally attempting to intercept
electronic communication, illegally accessing stored electronic communications,
including e-mail and voice mail, transmitting or possessing child pornography
using a computer. Hackers may be aim for identity
theft as used information to obtain credit, merchandise, or services in the
name of the victim and phishing, evil twins, pharming, click fraud, cyber-terrorism,
cyber-warfare. The sources of threat can be inside or outside the attacked
system. The organizations and their security systems are usually focused on
protecting themselves from threats that are origin from outside the system. The
threats that are coming from inside are often not considered. Because the way
it is possible to determine from what we are protecting information system, it
is possible to more efficiently use limited resources.

 

4.         Prepare
a prevention and risk mitigation plan to organizations so that the organizations
are well prepared to overcome future attacks.

Organizations
have very treasured information assets to protect. Poor security and control
may result in critical allowed liability. Failed computer systems can lead to
significant or total loss of business function. Business must protect not only
their information assets but also those of stakeholders. An organization can be
held liable for unnecessary risk and harm created if the organization fails to
take appropriate protective action to prevent loss of confidential information (Kenneth C. Laudon, Jane P. Laudon, 2018). Security threats come
not only outside from organization but also originate inside an organization. A
security breach may cut into a firm’s market value almost immediately.
Information system controls may be automated or manual controls unique to each
computerized application. To protect the information systems, organization determines
level of risk to firm if specific activity or process is not properly
controlled in organization as types of threat, probability of occurrence during
year, potential losses, value of threat and expected annual loss. Ranks
information risks, identifies acceptable security goals, and identifies
mechanisms for achieving these goals. Set up policies for drives acceptable use
policy (AUP).

 The primary attack technology may or may not cross the firewall as
they are perpetrated. Examples of external threats include socially engineered
attacks, executive impersonations, brand-based attacks with ransomware,
malware, or other payloads, rogue social domain activity, activism and activities
which violate compliance or regulatory requirements. Technology
isn’t the only source for security risks. Psychological and sociological
aspects are also involved (Ponemon Institude, July 2016). Management sets identifying
valid users and controlling access to prevent, respond to cyber attacks and
data breaches. Monitor the occurrence of possible cyber attacks and set up
policies and procedures for employees to follow depend on each company business
unit as IT, Human Resources, Legal. The organization should invest in security
equipment and procedures to deter or prevent cyber attacks. These include the
most up to date IT protection measures, for example: having the company’s
database on a different web server than the application server, applying the
latest security patches, protecting all passwords, using read-only views of
documents and materials when possible, maintaining strict input validation, developing
network security architecture, monitoring activities and procedures of
third-party contractors with access to the computer system (whether direct or
remote), performing network scans to assess activity on the network, comparing
outbound network traffic to baseline operations, choosing names for tables and
fields that are difficult to guess.

If
organization face systems break down, make a plan for recovery disaster as devises
plans for restoration of disrupted services, focuses on restoring business
operations after disaster. Assess financial and organizational impact of each
threat by auditing. . After analyzing and planning, should audit and control
information systems and security information systems.  The most important tools and technologies for
safeguarding information systems are identity management software,
authentication, firewall, Intrusion detection system, antivirus and antispyware
software, unified threat management (UTM) systems, Wired Equivalent Privacy
(WEP) security, Wi-Fi Protected Access (WPA2) specification. In recent years,
new and increased use of technologies such as mobile devices, social media and
cloud computing has increased the risk posed by cyber criminals. Two methods of
encryption are symmetric key encryption and public key encryption. Firms must
ensure providers provide adequate protection and need to include key factors in
Service level agreements (SLAs) before signing with a cloud service provider to
security in the cloud. Security policies should include and cover any special
requirements for mobile devices. Quickly containing any attacks and minimizing
any financial and reputational harm. Some companies delegate responsibility for
computer systems security to their chief information officer who is usually responsible
for protecting access to a company’s information technology (IT) system and the
privacy and security of information on that system. ?

Individual
or organization may receive threats from individuals requesting to have hacked
its computer systems submission to return stolen confidential information in
exchange for property. Companies can determine whether the extortionist has
done what he claims by isolating areas that may be affected to determine if they
have been compromised. And determine the feasibility of restoring critical
systems where a denial of service attack affects critical infrastructure. This includes
assessing whether restoring service will negatively affect collecting evidence
in the investigation and document all aspects of the investigation and secure
and preserve all evidence, including logs of critical system events.
According (NTT Group , 2016), if seventy-seven
percent of organizations lack a recovery plan, then may be their resources
would be better spent on protective measures. This way, companies can detect
the attack in its early stages, and the threats can be managed more
effectively. The cyber incident response plan should address the
recovery of the company’s computer systems by both: Eliminating the
vulnerabilities exploited by the attacker and any
other identified vulnerabilities and bringing the repaired systems back online.
If systems are restored, management should evaluate how the response the executed
the response plan and consider whether the cyber incident response plan can be improved.

Where
an internal investigation leads to evidence of the attacker’s possible
identity, companies should consider preparing formal referrals to law
enforcement for possible criminal prosecution. Companies considering this course
of action can retain white collar crime or intellectual property counsel to
guide them through the investigation, referral and criminal proceedings. The
outcome of a criminal prosecution may depend on the
company’s ability to provide evidence and testimony. Therefore should be
prepared to help the prosecutor present complex computer crime evidence to a
judge and jury.