Site Loader
Rock Street, San Francisco

Information technology
and organizations stimulus each other depend on organization’s structure, business
processes, politics, culture, environment and management decisions.
There is no ex-ante, readily calculable return on investment for IT security
like homeowner’s insurance or a car with extra air bags, it is money spent
today to relieve the risk and potential cost and impact of events that never
emerge. Thus, IT security should be viewed as a necessary cost of doing
business. In the work on IT and information security with companies in a wide
range of industries, including banking, insurance, defense, aerospace,
industrial goods, energy, raw materials telecommunications, and logistics, have
identified a number of other actions that executives can take to improve the
companies’ chances of success. To rival and success in global market, information
technology is important in competitive environment. (Kenneth C. Laudon, Jane P. Laudon, 2018), global investment
in information technology has expanded by 30 percent in the period 2005 to
2015. IT investment now accounts for an estimated 20 percent of all capital
investment. Information systems are
transforming business as mobile digital platform, systems used to improve
customer experience, respond to customer demand, reduce inventories, growing
online newspaper readership, expanding e-commerce and internet advertising, new
federal security and accounting laws. Firms contribute heavily in information
systems to get six strategic business objectives. There are operational
excellence, new products, services, and business models, customer and supplier
intimacy, improved decision making, competitive advantage and survival. IT
platform can lead to changes in business objectives and strategies. Businesses
rely on information systems to help them achieve their goals and to attain
higher profitability. Information systems improved decision making from
accurate information. To achieve the greater efficiency and productivity, the
tool of information technology is an important. IS support organization to
achieve competitive advantage as delivering better performance, charging less
for superior products, responding to customers and suppliers in real time
(Examples: Apple, Walmart, UPS).

Competitiveness was very often
increased because of great cost savings and better service to clients.
Communication and inter organizational systems seemed to be very important in
this respect. Now a day, organizations are in the rival for improving
their capability in order to survive in the global market. To make effective
and timely decisions that best achieves their organization goals more easy to
get from using the appropriate information of internal and external sources. (Karim, 2011).

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

(Karim, 2011),
that “information is an arrangement of people, data, process, and information
technology that interact to collect, process, store and provide as output the
information needed to support an organization,” “If the relevant
information required in a decision-making process or an organization planning
is not available at the appropriate time, then there is a good change to be a
poor organization planning and priority of needs, inappropriate decision-making
and defective programming”, (Adebayo, 2007).

In postindustrial
organizations, authority progressively relies on knowledge and competence
rather than formal positions with sufficient information technology. Because
of the difficulty to sustain competitive advantage, organization needs to be
continuous innovation. In order to stay ahead system performing strategic may
become tools for survival and firm value chains.


security is a serious problem for individuals and organizations because it indications
to unlimited financial losses. Information systems are exposed to different
types of security risks. The type of damage caused by security threats are
different as database integrity security breaches, physical destruction of
entire information systems facility caused by fire, flood, etc. The sources of
those threats can be unwanted activities of reliable employees, hacker’s
attack, accidental mistakes in data entry, etc. Information systems are
vulnerable because of the accessibility of networks can breakdowns hardware
problems, unauthorized changes and programming errors software problems,
disasters, use of networks outside of firm’s control, and loss of portable
devices (Kenneth C. Laudon, Jane P. Laudon, 2018). Risks come from easily
by using network open to anyone, size of internet mean abuses can have wide
impact, use of fixed internet address with cable and DSL moderns creates fixed
targets for hackers, unencrypted VOIP, interception and attachments with
malicious software from email. Security is breached easily from radio frequency
bands easy to scan, using SSIDs (service set identifiers), identify access
points, broadcast multiple times, can be identified by sniffer programs, war
driving, eavesdroppers drive by buildings and try to detect SSID and gain
access to network and resources, Once access point is breached, intruder can
gain access to networked drives and files.

(malicious software) as viruses and worms can operate on their own without
attaching to other computer program files and can spread much more rapidly than
computer viruses. Worms and viruses spread by drive-by download and destroy
data and programs as well as disrupt or even halt the operation of computer
networks. Malware that comes with a downloaded file that a user intentionally
or unintentionally requests by E-mail, IM attachments, hackers, request
malicious files without user intervention, delete files, transmit files,
install programs running in the background to monitor user action, &
potentially convert the smartphone into a robot in a botnet to send e-mail
& text messages to anyone, mobile device malware and social network malware.

Hackers & crackers make intentional disruption,
defacement, destruction of website or corporate information system gain
unauthorized access by finding weaknesses in the security protections employed
by Web sites and computer systems. Hackers flood a network server or Web server
with many thousands of false communications for spoofing for redirecting a Web
link to an address different from the intended one. It’s very damaging and
difficult to detect. An extremely serious threat because
they can be used to launch very large attacks using many different techniques.
Computers as targets of crime for breaching the confidentiality of protected
computerized data and computer may be instrument of crime theft of trade
secrets or unauthorized copying of software or copyrighted intellectual
property, such as articles, books, music, and video, schemes to defraud, using
e-mail for threats or harassment intentionally attempting to intercept
electronic communication, illegally accessing stored electronic communications,
including e-mail and voice mail, transmitting or possessing child pornography
using a computer. Hackers may be aim for identity
theft as used information to obtain credit, merchandise, or services in the
name of the victim and phishing, evil twins, pharming, click fraud, cyber-terrorism,
cyber-warfare. The sources of threat can be inside or outside the attacked
system. The organizations and their security systems are usually focused on
protecting themselves from threats that are origin from outside the system. The
threats that are coming from inside are often not considered. Because the way
it is possible to determine from what we are protecting information system, it
is possible to more efficiently use limited resources.

have very treasured information assets to protect. Poor security and control
may result in critical allowed liability. Failed computer systems can lead to
significant or total loss of business function. Business must protect not only
their information assets but also those of stakeholders. An organization can be
held liable for unnecessary risk and harm created if the organization fails to
take appropriate protective action to prevent loss of confidential information (Kenneth C. Laudon, Jane P. Laudon, 2018). Security threats come
not only outside from organization but also originate inside an organization. A
security breach may cut into a firm’s market value almost immediately.
Information system controls may be automated or manual controls unique to each
computerized application. To protect the information systems, organization determines
level of risk to firm if specific activity or process is not properly
controlled in organization as types of threat, probability of occurrence during
year, potential losses, value of threat and expected annual loss. Ranks
information risks, identifies acceptable security goals, and identifies
mechanisms for achieving these goals. Set up policies for drives acceptable use
policy (AUP).

 Management sets identifying valid users and controlling
access to prevent, respond to cyber attacks and data breaches. ? Monitor the occurrence of
possible cyber attacks and set up policies and procedures for employees to
follow depend on each company business unit as IT, Human Resources, Legal. The organization
should invest in security equipment and procedures to deter or prevent cyber
attacks. These include the most up to date IT protection measures, for example:
having the company’s database on a different web server than the application
server, applying the latest security patches, protecting all passwords, using
read-only views of documents and materials when possible, maintaining strict
input validation, developing network security architecture, monitoring
activities and procedures of third-party contractors with access to the
computer system (whether direct or remote), performing network scans to assess
activity on the network, comparing outbound network traffic to baseline
operations, choosing names for tables and fields that are difficult to guess.

monitoring the company’s computer is logs to discover any incidents, creating a
database to track all reported incidents and creating a risk rating to classify
all reported incidents as low, medium or high risk to facilitate an appropriate

organization face systems break down, make a plan for recovery disaster as devises
plans for restoration of disrupted services, focuses on restoring business
operations after disaster. Both types of plans needed to identify firm’s most
critical systems for business impact analysis to determine impact of an outrage
and management must determine which systems restored first. After the analyzing
and planning, should audit information systems and security and examines firm’s
overall security environment as well as controls governing individual
information systems. Assess financial and organizational impact of each threat
by auditing. The most important tools and technologies for safeguarding
information systems are identity management software, authentication, firewall,
Intrusion detection system, antivirus and antispyware software, unified threat
management (UTM) systems, Wired Equivalent Privacy (WEP) security, Wi-Fi
Protected Access (WPA2) specification. Identifying the management software as automates
keeping track of all users and privileges and authenticates users, protecting
identities, controlling access. Authentication set password systems, tokens, smart
cards, biometric authentication and multi-step process such as face recognition
and password. Data transfer to secure by methods of Secure Sockets Layer (SSL)
and successor Transport Layer Security (TLS). Two methods of encryption are symmetric
key encryption and public key encryption. Firms must ensure providers provide
adequate protection and need to include key factors in Service level agreements
(SLAs) before signing with a cloud service provider to security in the cloud. Security
policies should include and cover any special requirements for mobile devices. In
recent years, new and increased use of technologies such as mobile devices,
social media and cloud computing has increased the risk posed by cyber
criminals. Quickly containing any attacks and minimizing any financial and
reputational harm. Some companies delegate responsibility for computer systems
security to their chief information officer who is usually responsible for
protecting access to a company’s information technology (IT) system and the
privacy and security of information on that system. ?

Individual or
organization may receive threats from individuals requesting to have hacked its
website or computer systems submission to return stolen confidential
information in exchange for money or property. Companies
can determine whether the extortionist has done what he claims by isolating
areas that may be affected to determine if they have been compromised. And determine
the feasibility of restoring critical systems where a denial of service attack
affects critical infrastructure. This includes assessing whether restoring
service will negatively affect collecting evidence in the investigation and document
all aspects of the investigation and secure and preserve all evidence,
including logs of critical system events.
            The cyber incident response plan should address the recovery of the
company’s computer systems by both: Eliminating the vulnerabilities exploited by the attacker and
other identified vulnerabilities and bringing the repaired systems back online.
If systems are restored, management should determine what cyber
security management improvements are needed to prevent similar incidents from
evaluate how the response team executed the
response plan and consider whether the cyber incident response plan can be improved.

Where an
internal investigation leads to evidence of the attacker’s possible identity,
companies should consider preparing formal referrals to law enforcement for
possible criminal prosecution. Companies considering this course of action can
retain white
collar crime or intellectual property counsel to guide them through the
investigation, referral and criminal proceedings. The outcome of a criminal
prosecution may depend on the
company’s ability to provide evidence and testimony. Therefore should be
prepared to help the prosecutor present complex computer crime evidence to a
judge and jury.

Post Author: admin


I'm Eunice!

Would you like to get a custom essay? How about receiving a customized one?

Check it out