1. This will be able to guide how to protectcustomer data and handle any potential loss of sensitive information. (YTL, 2017) Being thevictim of a ransomware attack is stressful and worrying for any business.Ransomware is a type of malicious software from cryplovirology that threatensto publish the victim’s data or perpetually block access to it unless a ransomis paid. The attacker generates a key pair and places the malware.Onlinecommerce is growing at 6 percent annually, three times the growth oftraditional offline retail. Businesses are using information technology tosense and respond to rapidly changing customer demand, reduce inventories tothe most possible levels to get to market faster.
Global ecommerce and Internetadvertising continue to expand. Google’s online. These changes in informationtechnology and systems consumer behavior, and commerce have spurred the annualgrowth of digital information to over 5 Exabyte’s of a mobile digital businessplatform based on smartphones and tablet computers, big data businessanalytics. E-commerceis changing how firms design, produce, and deliver their products and services.Growth in social commerce is spurred by powerful growth of the mobile platform.What makes information systems so essential today information systems are essentialfor conducting day-to-day business in most advanced countries as will asachieving strategic business objectives, specifically, business firms investheavily in information systems to achieve six strategic business objectives;operational excellence new products, services, and business models; customerand supplies intimacy; improved decision making; competitive advantage; andsurvival.
Informationtechnology (IT) consists of all the hardware and software that a firm needs touse in order to achieve its business objectives. “Information systems” are morecomplex and can be best understood by looking at them from both a technologyand a business perspective. By information we mean data that have been shapedinto a form that is meaningful and useful to human beings.Thereactivities in an information system produce the information that organizationneed to make decision, control operations, analyze problems and create newproducts or services.
The field of management information systems (MIS) triesto achieve this broader information systems literacy. Let’s examine each of thedimensions of information systems _ organizations, management, and informationtechnology. Information has a structure that is composed of different levelsand specialties.Seniormanagement makes long – range strategic decisions about products and servicesas well as ensures financial performance of the firm. Middle management, andoperational management are responsible for monitoring the daily activities ofthe business. Computer hardware is the physical equipment used for input,processing, and output activities in an information system.Datamanagement technology consists of the software governing the organization ofdata on physical storage media. The world’s largest and most widely usednetwork is the Internet.
Operations research focuses on mathematical techniquesfor optimizing selected parameters of organizations, such as transportation,inventory control, and transaction costs. As important part of the informationsystems field is concerned with behavioral issues that arise in the developmentand long _term maintenance of information systems.Theallows many businesses to buy, sell, advertise, and solicit customer feedbackonline. The Internet has stimulated globalization by dramatically reducing thecosts of producing, buying, and selling goods on a global scale. Newinformation system trends include the emerging mobile digital platform, bigdata and cloud computing. Oncewe are fully aware of the nature of the attack and have decided how we will respondcontacting all affected stakeholders is a must. Individuals or organization arenot encouraged to pay the ransom, as this does not guarantee files will be released.Europeancompanies infected with WannaCry are at risk of lawsuits and regulatoryenforcement action if they haven’t adopted appropriate technical.
While theinfected computer can still be used, the risk of losing valuable data canimpact productivity. (Alvarez, 2018)2. The security threats to any informationsystem of an organization. A successful organization should have the followingmultiple layers of security in place to protect its operation:· Physicalsecurity· Personnelsecurity· Operationssecurity· Communicationssecurity· Networksecurity· InformationsecurityItis achieved via the application of policy, education, training and awareness,and technology. (Cengage)If you are reallyinterested to find out these threats, I have them here and do get yourself acup of coffee before you start. The types of computer security threats Trojan,Virus, Adware, Backdoor, wabbits. Exploit, How to remove virus are Botnet, Diaker, Dropper, foke AV, Phirhing,Cookies, bluesnarfing, Blue Jacking DDoS. Here’s a quick explanation of some ofthe common security threats you may come across: As a rule, an organization cangreatly reduce its vulnerability to security threats by implementing a comprehensiveprivacy and data security plan.
There are technical data security toinformation systems and non-technical cyber security threats to informationsystems.Non- existentSecurity Architecture. It is important to note that having a firewall alone isnot sufficient to ensure the safety of a network.
Un _ patchedClient Side Software and Applications. Keeping up with soft ware updates andupgrades, in addition to applying manufacturer-recommended patches, minimizes,many of the vulnerabilities. Mitigation: Toreduce the ability of malicious actors to compromise or destroy anorganization’s security system.
” Phishing ” and Targeted Attacks (“Spear Phishing”). Onceinfected emails are opened, the user’s matching can be compromised. Internet Websites; malicious code can be transferred to a computer through browsingwebpages that have not undergone security updates. Poor Canfiguration Management; Any computer connected to the network, whether at workor at home that does not follow configuration management policy. MitigationEstablish a configuration management policy for connecting any hardware to thenetwork.
Mobile devicesUse of mobile devices, such as laptops or handheld devices, includingsmartphone users, is exploding. Botnets. Botnetsare networks of compromised computers used by hackers for malicious purposes,usually criminal in nature. Zero-day Attacks. A zero-day attack is athreat aimed at exploiting a software application vendor becomes aware of it.· Non-technicalcyber security threats to information systems.· Inside. An insider is defined as someone legitimate access to thenetwork.
· Poor Passwords. Implementing a policy on strong userpasswords is critical to data protection. · Physical Security. Physical security is essential topreventing unauthorized access to sensitive data as well as protecting anorganization’s personnel and resources.· Mitigation. Establish and enforce a physicalsecurity system.
· Insufficient Backup and Recovery. Lack of a robust data backup andrecovery solution puts an organization’s data at risk.· Improper Destruction Paper documents.
Such as reports and catalogs may containsensitive data.· Social Media. Using organization’s devices and networkresources to access social media websites pores a high data security threats.
· Social Engineering. Breaking into a network does not requiretechnical skills. (Data Security: Top Threats to Data Protection, 2011)Vulnerabilitiesconsist of weaknesses in a system that can be exploited by the attackers thatmay lead to dangerous impact.
Threats classification helps identify and organizesecurity threats into classes to access and evaluate their developed strategiesto prevent, or mitigate the impacts of threats on the system. Security threat frequency;It shows the frequency of security threat occurrence. Area of security threatactivity; it represents the domain that is being affected by the threat likephysical security. Security threat source; the origin of threat either Internalof external. Destruction of information, corruption of information, theft orloss of information, disclosure of information, denial of use, elevation ofprivilege and illegal usage. Wildfire, flooding, earthquakes and tidal wavesare caused by accidental external natural phenomena and allow. (Jouini, 2014)While we have ahost of technical solutions to the problems enumerated above, the biggestvector for the importation of all things bad remains the uninformed userswithin our enterprises. (Sanchez, 2010) 3.
What is ransomware. Simply put, it’smalicious software that locks down date unless a ransom is paid, hence thename. It’s relatively new as far as malicious software goes; the first thingyou should always do is contact a security professional. Ransomware attacks can be complex and actingwithout the advice of a professional could potentially cause more harm thangood. Imagineit’s an otherwise typical day. You wake up head into the office, pour yourselfa cup of office, and settle in to get some critical work dome before its due.Maybe you opened on attachment that you weren’t expecting maybe you were luredto a website that downloaded the virus. Other common ways crooks trick you intodownloading ransomware include.
Imagine for a moment that you receive a phonecall from a client to hear that hundreds of their computers have been infectedwith ransomware, knocking critical systems offline and putting theirorganization’s entire operations at risk to your business’ revenues or reputationas well as ensuring that you will be able to address any legal requirements asa result of your ransomware attack. A ransomware attack creates two hardchoices for a business; either pay the ransom, or spend multiple daysrecovering locked files. As an individual user, you should ensure that you’reusing a fully- updated version of windows. If you’re on an older release due toa company policy. (Arora, 2017)Whenit comes to ransomware attack, what matters most is how quickly you’re able toget back to help you identify where the ransomware attack came from and containit to limit the damage. You may have heard of attacks on hospitals thatrendered their entire medical suite useless, all for the hackers to get acouple bucks and probably notoriety within a hacking community.
Consider thathospitals are probably more guarded than you. The worldwide ransomware attackthat affected banks, hospitals and other companies heightens corporateregulatory and litigation risks, privacy attorneys told Bloomberg BNA. You havea legal responsibility to inform them even if their personal data has not been stolen.This type of attack is becoming increasingly common and is constantly evolvinginto new, more advanced strains.
Many companies are unaware of threat it poses;however; it is important to protect your organization and your data, againstransomware. (Cengage) Ransomwarehistorically Microsoft office, Adobe PDF and image files have been targeted, butMA fee predicts that additional types of files will become target as ransomwarecontinues to evolve. According to e scan antivirus reports 2017 India was oneof the worst affected by cyber attack.
As well as having a response pain yourbusiness should also have a comprehensive recovery plan in place. It isgenerally spread using some form of social engineering; victims are trickedinto downloading an mail attachment or clicking a link. (The Business Guide to Ransomware, 2018) Determiningthe primary attack is critical to understanding what the attacker’s primarycampaign is targeting and ensures that you aren’t missing the actual attack byfocusing solely on the ransomware. Individuals with a Hotmail account canaccess their email and send email from any location as long as they areconnected to the Internet.
Infrastructureoperations which can include provisioning the customer’s desktop environment,as well as operating data centers to host the applications. Organizations ofall types are looking to build ‘digital strategies’ or ‘digital business strategies’.Organization such as banks, online travel agencies, tax authorities, andelectronic bookshops can be seen as IT companies given the central role oftheir information systems. Ransomware can have serious implication; takeprecautions sooner rather than later. Here are tips to reduce the chances ofbeing affected and to happen: The impact that web site administrators arefacing is twofold.
Insurance attacks are generally available in both cyber andkidnap and ransom policies. 4. Prepare a prevention and riskmitigation plan to organizations so that the organizations are well preparedfor future attacks.
General controls govern the design, security, and use ofcomputer programs and the security of data files in general throughout theorganization’s information technology infrastructure. Application controls arespecific controls unique to each computerized application, such as payroll ororder processing. Application controls can be classified as:(1) Input controls(2) Processing controls(3) Output controls (Laudon K. C., 2018)A risk assessmentdetermines the level of risk to the firm if a specific activity or process isnot properly controlled. (Laudon K.
C., 2018) Business continuity planning focuses on how the companycan restore business operations after a disaster strikes. As informationsystems audit examines the firm’s overall security environment as well ascontrols governing individual information systems. There are various ways to dothis.
Which helps organizations identify vulnerabilities and threats to theircritical information and plan protection strategies. Any service is at least ascritical as the most important service depending on it. (Sanchez, 2010) Absorb the attack. This implies thatadditional capacity has already been planned for, installed,and tested before an attack begins. Degrade services. The critical serviceshave been identified, it nay be possible to design the network, systems.
Shut down services. It is plausiblethat an organization could decide to simply shut down all services until anattack has subsided. These need to be in place ahead oftime. It is also important to have communication plans in place. Survivabilityis the ability of a network computing system to provide essential services inthe presence attacks and failures, and to recover full services in a timelymanner. The technical issues by discussing general principles that applies tothe survivability subjective:- Separate,or compartmentalize, critical services wherever practical.
– Overprovisionas much as possible. – Minimizeyour “target cross- section.”Attackers knowthis, and as a result many DoS agents use small packets in their attacks.There is adistinct risk that adding capacity to one part of the network may just expose abottleneck elsewhere, or even has a cascade effect. The primary objectives are to (1)present a small initial target and (2) limit the damage that an attack on that on thattarget can have. Include these;- Disableunneeded services. As an example of the “principle of least privilege, allservices that are not expressly required for business operations should bedisabled.- Hidethe internals of your network.
In many situations, there little need forexternal users to be able to gather information about internal networkconfigurations.- Filterall non-essential traffic as close to the source as possible.Monitoringongoing operations to be able to detect anomalous behavior.
Preparing theorganization to react among these are;- Cultivatean analysis capability- Createan incident response plan – Developan ongoing relationship with your upstream providerCreate anincident response plan an incident response plan is vital to the successfulhandling of any incident. Every organization needs not only a response plan,but also a team that will implement it. So, a key factor for success will bethe support of senior management.
Organizations should not feel that every position in the response teamneeds to be filled by in-house staff. The composition of the team also needs tobe regularly reviewed. Teams should adopt the model of: plan, do, check. (Preparing for future attacks, 2018) Plan – Establish objectives, policies andprocedures to meet the requirements of the Business.Do – Implement these policies and procedures.Check – Verify if these are effective atmeeting objectives in practice.Act – Take action to modify plans according to experience gainedto refine and Improve.Internet serviceprovider (s) may be in a far more advantageous position to mitigate the attackthan you are.
Here are some items you might want to ask for: – Visibility of their backbone performance data. – Relief from per-bit rate pricing in the event of attack. – Rate limiting. – Protocol or port blocking. – Response-time commitments for support.Attack tools arecontrolled in a variety of ways; some earlier tools established listeningports. Continuously monitor inbound and outbound network traffic to identifyunusual activity or trends that could indicate attacks and the compromise ofdata. Using media rich games ad simulations, we design, build, and host highlyinteractive and engaging courses that hold a user’s attention regardless of thesubject matter.
5. Those ethical issues that mayarise from using connected devices in an organization; ethical, social andpolitical issues are closely linked. Imagine society as a calm pond on asummer’s day, a delicate ecosystem in partial equilibrium with individuals.Toss a rock into the center of the pond. Individual actors are confronted withnew situations not often covered by the old rules. It may years to developetiquette, expectations and social responsibility, politically correctattitudes rules.
These lapses in ethical and business judgment occurred acrossa broad spectrum of industries. Ethical issues in information systems have beengiven new urgency by the rise of the Internet and e- commerce.AModel for Thinking About Ethical, Social, and Political Issues are closelylinked. Five moral dimensions of the information age; 1. Work with littlesupervision, yet seek guidance as needed.
(TRUSTWORTHINESS) 2. Use good manners, be courteousand polite. (TRUSTWORTHINESS) 3. Performing duties, fulfillingresponsibilities, keeping up his words, and not Hurting others are thecharacteristics of a gentleman. 4. Refuse to lay cheat,deceive, manipulate, exploit or take advantage of others. (TRUSTWORTHINESS) 5.
Accountability and control:Who can and will be held accountable and liable for the harm done to individualand collective information and property rights. (five moral values)Key technologytrends that raise ethical issues, the doubling of computing power every 18months has made it possible for most organizations to use information systemsfor their core production processes. Basic concept:responsibility, accountability and liability responsibility is a key element ofethical action. Accountability is a feature of systems and social institutions;it means that mechanisms are in place to determine who took action and who isresponsible. Liability extends the concept of responsibility further to thearea of laws it is a feature of political systems. (Laudon K.
C., 2018) – The golden Rule is doing unto others, as you would have them do untoyou. – Immanuel Kant’s categorical imperative if an action is not right foreveryone to take. – The slipperyslope rule is an action cannot be taken repeatedly, it is not right to take at all.- Utilitarianprinciple the action takes achieves the higher or greater value.
– Risk aversionprinciple takes the action that produces the least harm or the least Potential cost. -The ethical no-free-lunch rule isassume that virtually all tangible and Intangibleobjects are owned by someone else unless a specific declaration otherwise.Internetchallenges to privacy posed new challenges for the protection of individual.Cookies are smalltext files deposited on a computer hard drive when a user visits websites thevisitor’s web browser software. Web beacons, also called web bugs (or simplytracking files) are tiny software programs that keep a record of users’ onlineclick streams.
Other spyware can secretly install itself on an Internet user’scomputer by piggybacking on larger application. Challenges to intellectualproperty rights is digital media differ from books, periodicals, and othermedia in terms of ease of replication; ease of transmission; ease ofalteration; compactness- making theft easy; and difficulties in establishinguniqueness. (Laudon K. C., 2018)