Why organizations are heavily reliant oninformation systems.Information technology and organizations stimuluseach other depend on organization’s structure, business processes, politics, culture,environment and management decisions. IT security should be viewed as anecessary cost of doing business. In the work on IT and information securitywith companies in a wide range of industries, including banking, insurance,defense, aerospace, industrial goods, energy, raw materials telecommunications,and logistics, have identified a number of other actions that executives cantake to improve the companies’ chances of success.
To rival and success inglobal market, information technology is important in competitive environment. (Kenneth C. Laudon, Jane P. Laudon, 2018), global investmentin information technology has expanded by 30 percent in the period 2005 to2015. IT investment now accounts for an estimated 20 percent of all capitalinvestment. Informationsystems are transforming business as mobile digital platform, systems used toimprove customer experience, respond to customer demand, reduce inventories,growing online newspaper readership, expanding e-commerce and internetadvertising, new federal security and accounting laws. Firms contribute heavilyin information systems to get six strategic business objectives.
There areoperational excellence, new products, services, and business models, customerand supplier intimacy, improved decision making, competitive advantage andsurvival. IT platform can top to changes in business objectives and strategies.Businesses rely on information systems to help them achieve their goals and toattain higher profitability. Information systems improved decision making fromaccurate information.
To achieve the greater efficiency and productivity, thetool of information technology is an important. IS support organization toachieve competitive advantage as delivering better performance, charging lessfor superior products, responding to customers and suppliers in real time(Examples: Apple, Walmart, UPS).Competitiveness was very oftenincreased because of great cost savings and better service to clients.
Communication and inter organizational systems seemed to be very important inthis respect. Now a day, organizations are in the rival for improvingtheir capability in order to survive in the global market. To make effectiveand timely decisions that best achieves their organization goals more easy toget from using the appropriate information of internal and external sources.
(Karim, 2011).(Karim, 2011),statedthat “information is an arrangement of people, data, process, andinformation technology that interact to collect, process, store and provide asoutput the information needed to support an organization,” “If therelevant information required in a decision-making process or an organizationplanning is not available at the appropriate time, then there is a good changeto be a poor organization planning and priority of needs, inappropriatedecision-making and defective programming”, (Adebayo, 2007). Inpostindustrial organizations, authority progressively relies on knowledge andcompetence rather than formal positions with sufficient information technology.
Because of the difficulty to sustain competitive advantage, organization needsto be continuous innovation. In order to stay ahead system performing strategicmay become tools for survival and firm value chains. The reasons to why theinformation system is critical are operation excellence, new products,services, and business models, customer and supplier affection, improveddecision making, competitive advantage, survival. 2. Outlinethe various types of security threats to any information systems.Internetis becoming the domain platform for life in the 21st century.
Organization face related situation and must struggle with their specificprobable threats. The aim of computer securityprofessionals is to attain protection of valuable information and systemresources. A division can be made between the security of system resources andthe security of information or data as the system security, and the informationsecurity or data security. System security is the protection of the hardware andsoftware of a computer system against malicious programs (Spinello, R. and Tavani, H., 2001).
Most of thebusinesses make risk identification, assessment, and mitigation a highpriority. There is a specific type of threat today for which many companies. Information security is a seriousproblem for individuals and organizations because it indications to unlimitedfinancial losses. Information systems are exposed to different types ofsecurity risks. The type of damage caused by security threats are different asdatabase integrity security breaches, physical destruction of entireinformation systems facility caused by fire, flood, etc. The sources of thosethreats can be unwanted activities of reliable employees, hacker’s attack,accidental mistakes in data entry, etc.
Information systems are vulnerablebecause of the accessibility of networks can breakdowns hardware problems,unauthorized changes and programming errors software problems, disasters, useof networks outside of firm’s control, and loss of portable devices (Kenneth C. Laudon, Jane P. Laudon, 2018). Risks come fromeasily by using network open to anyone, size of internet mean abuses can havewide impact, interruption and attachments with malicious software from email.Security is breached easily from radio frequency bands easy to scan. And using serviceset identifiers, identify access points, broadcast multiple times, can beidentified by sniffer programs, war driving, eavesdroppers drive by buildingsand gain access to network and resources. Malware (malicious software) as virusesand worms can operate on their own without attaching to other computer programfiles and can spread much more rapidly than computer viruses. Worms and virusesspread by drive-by download and destroy data and programs.
Malware that comeswith a downloaded file that a user intentionally or unintentionally requests byE-mail, IM attachments, hackers, request malicious files without userintervention, delete files, transmit files, install programs running in thebackground to monitor user action, & potentially convert the smartphone intoa robot in a botnet to send e-mail & text messages to anyone, mobile devicemalware and social network malware. Hackers & crackers make intentionaldisruption, damage of website or information system gain unauthorized access byfinding weaknesses computer systems. Hackers flood a network server or Webserver with many thousands of false communications for spoofing for redirectinga Web link to an address different from the intended one. It’s very damagingand difficult to detect. An extremely serious threat becausethey can be used to launch very large attacks using many different techniques.Computers as targets of crime for breaching the confidentiality of protectedcomputerized data and computer may be instrument of crime theft of tradesecrets or unauthorized copying of software or copyrighted intellectualproperty, such as articles, books, music, and video, schemes to defraud, usinge-mail for threats or harassment intentionally attempting to interceptelectronic communication, illegally accessing stored electronic communications,including e-mail and voice mail, transmitting or possessing child pornographyusing a computer. Hackers may be aim for identitytheft as used information to obtain credit, merchandise, or services in thename of the victim and phishing, evil twins, pharming, click fraud,cyber-terrorism, cyber-warfare. The sources of threat can be inside or outsidethe attacked system.
The organizations and their security systems are usuallyfocused on protecting themselves from threats that are origin from outside thesystem. The threats that are coming from inside are often not considered.Because the way it is possible to determine from what we are protectinginformation system, it is possible to more efficiently use limited resources. 3. Examine the impacts of ransomware on businessorganizations. It will not be amazing if ransomwarechange in a few years.
“TheBitcoin Connection with the exception of some ransomware families thatdemand high amounts, ransomware alternates typically ask for 0.5?5 Bitcoins (asof 2016) in exchange for a decrypt key. This is important for two reasons—somevariants increase the ransom as more time elapses with nonpayment, and theBitcoin exchange rate is on the rise. In January 2016, 1 BTC was worth US$431.Bitcoin’s value has risen dramatically since then, topping out at US$1,082.55at the end of March, 2017” (web link 3).
Ransomware is a type of malware that usesmalicious codes to intrude the system before users notice it, to encrypt importantfiles, to require money using encrypted files as a criminal,and to give fiscal damages to users. The rapid growth of the mobile market hasbeen the main target of hackers to obtain illegal gains by using ransomware.The market share of Korea’s Android OS is approximately 80%of the total shareof smartphone market as shown in Table 1.
Compared to other OS such as iOS,Windows Phone, or Blackberry, Android holds a high market share close tomonopoly, while the others combined have less than 15% share in the mobiledevice market (web link 1). The share of the Android platform is so high thatthe platform is the main target of ransomware attacks. Damage cases ofAndroid-based smartphones are continuously growing recently. Traditionalvaccine system can detect a system if it is infected with ransomware and cureit. However, it cannot prevent attacks by ransomware without obtaininginformation on the ransomware. Inaddition, files cannot be recovered without the encryption key because filesare already encrypted even if the traditional vaccine system can remove the ransomware(web link 2). Users can avoid infections by updating the vaccine system fromtime to time. However, this method has limited efficacy.
Existing vaccinesystem can detect ransomware using intrusion detection method based on files (D. Kim and S. Kim, 2015).However, this approach cannot detect modified ransomware with new patternsbecause it can only prevent ransomware based on analysis information of the ransomware.Therefore, an active instead of a passive prevention method is urgentlyrequired. TABLE 1: Smart device operating system market share Source: “WorldwideQuarterly Mobile Phone Tracker,” IDC, August 2015.
4. Prepare a prevention and risk mitigationplan to organizations so that the organizations are well prepared to overcomefuture attacks.Organizations have verytreasured information assets to protect. Poor security and control may resultin critical allowed liability. Failed computer systems can lead to significantor total loss of business function. Business must protect not only their informationassets but also those of stakeholders. An organization can be held liable forunnecessary risk and harm created if the organization fails to take appropriateprotective action to prevent loss of confidential information (Kenneth C.
Laudon, Jane P. Laudon, 2018). Security threats comenot only outside from organization but also originate inside an organization. Asecurity breach may cut into a firm’s market value almost immediately.Information system controls may be automated or manual controls unique to eachcomputerized application. To protect the information systems, organization determineslevel of risk to firm if specific activity or process is not properlycontrolled in organization as types of threat, probability of occurrence duringyear, potential losses, value of threat and expected annual loss. Ranksinformation risks, identifies acceptable security goals, and identifiesmechanisms for achieving these goals. Set up policies for drives acceptable usepolicy (AUP).
The primary attack technology may or may not cross the firewallas they are executed. Technology isn’t the only source forsecurity risks. Psychological and sociological aspects are also involved (Ponemon Institude, July 2016). Management sets identifyingvalid users and controlling access to prevent, respond to cyber attacks anddata breaches.
Monitor the occurrence of possible cyber attacks and set uppolicies and procedures for employees to follow depend on each company businessunit as IT, Human Resources, Legal. The organization should invest in securityequipment and procedures to deter or prevent cyber attacks. These include themost up to date IT protection measures, for example: having the company’sdatabase on a different web server than the application server, applying thelatest security patches, protecting all passwords, using read-only views ofdocuments and materials when possible, maintaining strict input validation,developing network security architecture, monitoring activities and proceduresof third-party contractors with access to the computer system (whether director remote), performing network scans to assess activity on the network,comparing outbound network traffic to baseline operations, choosing names fortables and fields that are difficult to guess. If organization facesystems break down, make a plan for recovery disaster as devises plans forrestoration of disrupted services, focuses on restoring business operationsafter disaster. Assess financial and organizational impact of each threat byauditing. After analyzing and planning, should audit and control informationsystems and security information systems. The most important tools and technologies for safeguarding informationsystems are identity management software, authentication, firewall, Intrusiondetection system, antivirus and antispyware software, unified threat management(UTM) systems, Wired Equivalent Privacy (WEP) security, Wi-Fi Protected Access(WPA2) specification.
In recent years, new and increased use of technologiessuch as mobile devices, social media and cloud computing has increased the riskposed by cyber criminals. Two methods of encryption are symmetric keyencryption and public key encryption. Firms must ensure providers provideadequate protection and need to include key factors in Service level agreements(SLAs) before signing with a cloud service provider to security in the cloud.
Securitypolicies should include and cover any special requirements for mobile devices. Quicklycontaining any attacks and minimizing any financial and reputational harm. Somecompanies delegate responsibility for computer systems security to their chiefinformation officer who is usually responsible for protecting access to acompany’s information technology (IT) system and the privacy and security ofinformation on that system. ? Individual ororganization may receive threats from individuals requesting to have hacked itscomputer systems submission to return stolen confidential information inexchange for property. Companies can determine whether the extortionist hasdone what he claims by isolating areas that may be affected to determine ifthey have been compromised. And determine the feasibility of restoring criticalsystems where a denial of service attack affects critical infrastructure. Thisincludes assessing whether restoring service will negatively affect collectingevidence in the investigation and document all aspects of the investigation andsecure and preserve all evidence, including logs of critical system events.
According (NTT Group , 2016), if seventy-seven percent oforganizations lack a recovery plan, then may be their resources would be betterspent on protective measures. That’s why companies should detect the attack inits early stages. The cyber incident response plan should address the recoveryof the company’s computer systems by both: Eliminating the vulnerabilitiesexploited by the attacker and any other identified vulnerabilities and bringingthe repaired systems back online. If systems are restored, management shouldevaluate how the response the executed the response plan and consider whetherthe cyber incident response plan can be improved. Where an internalinvestigation leads to evidence of the attacker’s possible identity, companiesshould consider preparing formal referrals to law enforcement for possiblecriminal prosecution. Companies considering this course of action can retainwhite collar crime or intellectual property counsel to guide them through theinvestigation, referral and criminal proceedings.
The outcome of a criminalprosecution may depend on thecompany’s ability to provide evidence and testimony. Therefore should beprepared to help the prosecutor present complex computer crime evidence to ajudge and jury. 5.
Asan employee of a highly connected and globalized world, highlight andcritically those ethical issues that may arise from using connected devices anorganization.Ethical analysis of security and privacyissues in information technology largely takes place in computer ethics whichappeared in the 1980s (Herman T. Tavani , 2004) . Computer ethicsanalyzes right and responsibilities of computer professionals and computerusers. Ethical issues in public policy for information technology developmentand use. Many privacy disputes in today’s society result from tensions betweenpeople’s right to privacy and state and corporate interests in surveillance. Theemployee and organization must know the basic concepts of ethic asresponsibility, accountability, and liability and should well-known andunderstood to Laws, with an ability to appeal to higher authorities.
Theconfuse as a person is injured by a machine controlled by software, it is shouldbe or not such as is it wrong for business to readtheir employee’s e-mail and is it ethically allowable for computer users tocopy copyrighted software? Ethic is mostlyconcerned with rights, harms and interests, it will be considered what privacyis, why it is important and how it is impacted by information technology. Ethical issues require ethic or ethicalanalysis. Ethical analysis aims to get clear on the facts and values in suchcases, and to find a balance between the various values, rights and intereststhat are at stake and to propose or evaluate policies and courses of action. In Western societies respect of a right to personalprivacy. “The right to privacy was first defended by the American justicesSamuel Warren and Louis Brandeis, who defined privacy as “the right to be letalone” (Warren, S. and Brandeis, L, 1890).
Privacy is held to bevaluable for several reasons. It is held to be important because it is believedto protect individuals from all kinds of external threats, such as defamation,ridicule, harassment, manipulation, blackmail, theft, subordination, andexclusion. In the information society, privacy protection is realized throughall kinds of information privacy laws, policies and directives, or dataprotection policies. Along with privacy and property laws, newinformation technologies are challenging existing liability laws and socialpractices for holding individuals and institutions accountable (Kenneth C. Laudon, Jane P. Laudon, 2018).The ethics importance of computersecurity will be assessed, as well as the relation between computer securityand national security. Information security is customarily defined as concernedwith the protection of three aspects of data: their confidentiality, integrityand availability.
Computer security poses ethical issues by exploring therelation between computer security and rights, harms and interests. The mostobservable damage that can occur from breaches of computer security is economicharm. When system security is dented, valuable hardware and software may bedamaged service may become unavailable, resulting in losses of time andresources. That because breaches of information security may come at an evenhigher economic cost.
Stored data may also have personal, cultural or social value,as opposed to economic value, that can be lost when data is corrupted or lost.Any type of loss of system or data security is moreover likely to cause someamount of psychological or emotional damage. Compromises of the confidentiality ofinformation may cause additional harms and rights violations. Third parties maycompromise the confidentiality of information by accessing, copying anddisseminating it. Such actions may, first of all, violate property rights,including intellectual property rights.
In addition to violations of propertyand privacy rights, breaches of confidentiality may also cause a variety ofother harms resulting from the dissemination and use of confidential information,a firm damages its reputation, and compromises of the confidentiality of onlinecredit card transactions undermines trust in the security of online financialtransactions and harms e-banking and e-commerce activity. Compromises of theavailability of information can, when they are prolonged or intentional,violate freedom rights, specifically rights to freedom of information and freespeech. Freedom of information is the right to access and use publicinformation.
Security systems may be so protective of information and systemresources that they discourage or prevent stakeholders from accessinginformation or using services but it may also be discriminatory: they may wronglyexclude certain classes of users from using a system, or may wrongly privilegecertain classes of users over others. A recent concern in computer andnational security has been the possibility of cyberterrorism, which is definedby Herman Tavani as the execution of “politically motivated hacking operationsintended to cause grave harm, that is, resulting in either loss of life orsevere economic loss, or both” (Herman T. Tavani , 2004). A distinctionbetween cyberterrorism and other kinds of cyberattacks may be found in itspolitical nature: cyberterrorism consists of politically motivated operationsthat aim to cause harm. Ethical analysis of privacy and security issues incomputing can help computer professionalsand users recognize and resolve ethical dilemmas and can yield ethical policiesand guidelines for the use of information technology.