The Computer Simulation Techniques - Case Study Example

Information Security Introduction: Computer simulation techniques enable the designing of a model of a real system, such that the model is implemented as a computer program. Organizational changes can be clearly understood through such simulation techniques such that an organization becomes capable of deciding on the measures that are needed to be considered in order to manage such changes. Computer simulations are generally used to improve the present state of working of an organization increasing the level of output of the work, or even newer systems may be designed that may fulfill several needs of the organization may be a lower cost than the current systems. However the use of computer simulations has certain disadvantages or limitations as well since it cannot be used for optimization (Introduction to Computer Simulation, n.d.). It is a tool that is generally cost effective for any organization and assists in exploration of new systems before building them in real (Heidari, n.d., p.5). The present study has been undertaken on a case study and its evaluation considering an organization and its internal process improvement that is trying to involve the computer simulation measures thereby trying to evaluate the risks and the security factors associated with the new system improvement. Objectives of the Study: Considering the case study and the organization’s incorporation of new system of internal process improvement through computer simulation, the following objectives have been decided for the study: To identify the resource used in the design process which is currently held on the internal network and that may be affected by the change from an ‘internal-only’ network to a mix of internal and external networks. To discuss the risks of the integrity of the chosen resource, if this resource was to be provisioned from outside the corporate network. To identify a technology, or process, that would help to protect the integrity of your resource as it moves from the internal to the external network and back again. Internal Process Improvement and the Design Process: As the case study reflects, the Internal Process Improvement team of the organization concerned has plans to make certain changes in their processes of development that includes the incorporation of computer simulation programs. This has primarily arisen from a penalty that the company suffered from in the recent times owing to missing a delivery that was necessary before flights. In order to improve the current status of working, the team has considered using computer simulation of larger parts of engine that is used in their project completion. In the present times, the company makes use of CAD or Computer Aided Design that produce the drawings of the engine containing all the wiring and electrical features (Rouse, 2011). However the usefulness of the computer simulations have been determined and realized thereby the system being attracted for incorporation in the organization. With the computer simulation trying to be considered, there are two possible ways to use the system- either by purchasing the compute resources, or by renting them from outside the corporate organization. Thus bringing the compute resources from the external sources might affect the current system of working that is based on the internal sources and might also increase the risks of security that are the major concerns of this study. It can be understood that with the advancements of technology and their uses in the organizations, the internal operations of the organizations are affected particularly considering the case where the organization plans to incorporate computer simulation techniques that has an up-front cost for the company and it is not possible for the company to avoid these expenses. Although there are positive effects of such external resources and technologies being used in the organizations, however, there are certain factors that might affect the internal operations negatively as well. In this case, the risks of security are a major reason for concern. Till this time, the organization was depended only on the internal resources. However with the compute resources being thought to be rented from the outside of the organizations, this might affect the way the human resources in the organization have been working. Information is easily passed to the different corners through the use of computer, telephones, faxes, and other machines. With the developments of technology, the manner of work among the employees tends to change. Human resources and the managers can plan and perform better with the use of newer technologies that allow better facilities, better understanding and decision making, and strengthen communications as well (Decenzo, 2009. p.9). As in this case it can be understood that once the newer systems are encouraged and involved in the organization, the older systems would be ignored. The CAD that is currently being used would be affected and with outside resources being indulged, the risks of security would increase to great extents. These would then require the entire organizational working team to focus on the new needs of operations as well as considering measures that can protect the organizational information from moving outside the corporate network. In other words, the responsibility of the human resources team would increase and newer recruitments would also be required to be taken significant concern of such that they are trustworthy. Moreover, particular security measures would require to be imitated to which all the employees of the organization would need to adapt to. With these, the up-front costs of the organization would increase thereby causing several adjustments in the internal operations as well. Incorporating Changes: The Risks Involved: The primary risks with the incorporation of the computer simulation and renting the resources from outside arise with the security of the organization data and information. If resources are rented from outside there are possibilities of linkages with the outside networks that can lead leakages of important information to the outside world. This can lead to several frauds and it is known that organizations are prone to such fraud risks often. If not secured or protected, these may even lead to destruction of the organization’s information, affecting their performances and results (Managing the Business Risk of Fraud: A Practical Guide, n.d., p.5). Considering the use of compute resources risks and threats arise more because in the present times the advanced technologies are more associated with open systems. Today, the open systems allow platforms where a range of operating machines from different manufacturers can be coordinated together and this has become a common practice. Open systems are particularly accepted among small business owners since they permit activities to advance or develop their computer systems more simply and inexpensively. This also gives them superior autonomy to allocate computer files with outside clients or vendors (Computers and Computer Systems, 2012). Thus it can be understood that there are risks of information getting leaked or shared with the outside of the organization when such resources are particularly rented from outside. Information might get outside the bounds of the organization. LANs or the local area networks have altered the manner in which organizational employees can use computer systems and hence also perform the computer simulations as far as the case study is concerned. In organizations where employees previously had the right to use midrange computer all the way through dumb workstations, in the present times, these employees characteristically have greater potential. Now these employees have their own personal computer at their counters. However they are still proficient to contact required information from a midrange or other server through the connected network. WANs or the wide area networks are generally used by companies with multiple facilities positioned over a wide geographic area. LANs are on the other hand preferred more by smaller businesses. Under a WAN system, the databases of a company can be accessed at headquarters located in one city, at a manufacturing plant that might be located in a different city, and at sales offices situated in other locations (Computers and Computer Systems, 2012). Hence keeping connected to the outside world increases the risks of the data being leaked and frauds taking place. There are risks of spread of computer viruses, penetration and theft of data from external hackers, engineered network overloads activated by malevolent mass e-mailing, exploitation of computer resources and private information by employees, illegal financial transactions and other kinds of computer fraud carried out in the name of the company, electronic surveillance of corporate computer data by external parties, and damage from break down, fire, or natural disasters. Most of these risks and the damages to the organizations occur owing to lack of proper security measures. “In monetary terms, the most damaging breaches of computer security involve (1) the theft of trade secrets; (2) unauthorized and fraudulent financial transactions (for instance, when an employee surreptitiously changes his rate of pay on the payroll system); (3) system break-ins by outsiders; (4) telecommunications fraud, in which an attacker gains use of a company's phone lines or other telecommunications resources and charges up large bills; and (5) computer viruses” (Computer Security, 2012). Studies reveal that it is often the misuse from the internal members that lead to security risks from resources adopted from outside an organization. Insider misuse is not essentially malevolent actions. Organizational employees mistreating the computing resources of the organization are in most cases not doing so with the intention to damage the organization. They may only be focused to get their work done. “For example, an employee may use his personal laptop to bring work home over the weekend in spite of the organization’s ban on use of personal computing devices for business purposes” (Security Threats in Employee Misuse of IT Resources, 2009). Insider misuses are not required to be malevolent to cause a danger to the organization. It is necessary to making the internal employees aware of these threats such that such risks may be mitigated (Security Threats in Employee Misuse of IT Resources, 2009). The threat of insider misuse or lack of integration may be further than loss of production. It has been observed that certain forms of maltreatment might also expose the organization to more evil threats. “For example, surfing the web can bring users to websites that contain malicious code, opening the user’s desktop and network to infection. Participating in peer-to-peer file sharing networks can do the same. Storage of pirated music, video, or unlicensed software exposes the organization to copyright violation liabilities” (Security Threats in Employee Misuse of IT Resources, 2009). Although many organizations are responsive to the necessity to protect the organizational information security threats initiated from external to the organization, the danger initiated by insiders “misusing computing resources can be just as great or greater” (Security Threats in Employee Misuse of IT Resources, 2009). Figure 1: This figure presents the percentage of Organizations Viewing Type of Insider Misuse as Major Target (Security Threats in Employee Misuse of IT Resources, 2009). Considering the case study of concern, it is necessary to understand this fact since the integration of the compute resources from external to the organization would otherwise significantly cause risks and threats to the security of the organizational data. Use of Technology to Integrate the New System and Secure Information Systems: ERP or Enterprise Resource Planning is primarily a process of integration of the processes of business management with the use of modern advanced technology. Like the organization concerned for the study, there are several other organizations that use the newer systems of information and technology for the purpose of developing their performances. ERP is the combination of three important parts of an organization that include Business Management Practices, Information Technology, and Specific Business Objectives (ERP (Enterprise Resource Planning, 2012)). The technology of ERP works depending on its core storehouse that is well organized and managed and contains all data in a centralized manner. It obtains information from as well as supplies information to the disjointed applications as and when they require. A wide range of organizational functions are enveloped through the software architecture of ERP that enable integration of new technologies in to the organizational system. It helps to expand the integration between the different processes of a business thereby developing the communication and distribution of information (ERP (Enterprise Resource Planning, 2012)). ERP system is in charge of real time integration of management information. It performs this function by controlling the information that flows across an organization. The implementation of this process involves an “enterprise-wide database and a collection of application modules to support day to day business operations and management processes” (Benefits of Implementing an ERP System, 2011). The primary advantage of implementing ERP within an organization is integration. The system facilitates in reducing the operational costs by harmonizing different departments of the company. The main purpose of ERP is to control precision along with redundancy of data and their entries. This working of this system is centralized and capable of replacing multiple, disconnected databases with a solitary system. It can also integrate different applications and sources of information. Also, the system assists in lowering help desk support and reducing the costs of marketing. In addition ERP is an ultimate function to advance the collaboration between departments and employees and communication with customers as well (Benefits of Implementing an ERP System, 2011). Thus in order to integrate the computer simulation techniques in the organization the ERP systems can be considered to be incorporated such that the risks and threats of integration and security can be reduced. An ideal ERP system would connect and integrate all the departments of the organization with the new business process or the technology, in this case being the computer simulation measures. These include the manufacturing, the finance, the human resources, the supply chain management, the projects, as well as the customer relationship management departments (ERP (Enterprise Resource Planning, 2012)). Information security is a combination of systems, operations and internal controls to make certain that the integrity and privacy of data and operation procedures are achieved in an organization. Accessibility of the information is as well vital to the organization. If the integrity of the information is confidential, but if it is not obtainable to formal users, it would be of no use. Security to enterprise resource planning (ERP) system needs to be administered by the similar ideologies as conservative information security. All the business related information of an organization is controlled through an ERP system. Moreover information relating to customers and suppliers are also under the control of this system. It is thus necessary to protect this information from the opponents and also make sure that the information contained in the ERP system obeys the rules to auditing standards. The safety and security of the information within the ERP system is consequently essential to the continuation of the organization (Marnewick & Labuschagne, 2006). In order to allow the system to conform to the needs and goals of the organization, there are certain measures that can be adopted. These are as follows (Marnewick & Labuschagne, 2006): A general security structure is analyzed to resolve the aspects that are appropriate to ERP systems. The deficiencies of this security framework are recognized in the perspective of an ERP system. An ERP security framework is developed such that it performs traditionally to business and IT governance requirements. The system of ERP not only improves the integration of information and security but it also improves the restrictions of data, thereby keeping the customer information and company data safe and protected (Benefits of Implementing an ERP System, 2011). The three major constituents of the security framework include the people, the policy and the technology. In regard to people, it can be realized that when a new system of security is being implemented within an organization, the employees may not the functioning and implementation of the program. They would not know how to transfer and utilize their data in the process as well as how to respond to any problem that may arise. Thus, proper training of the personnel would be necessary in this regard. Security policies are essential for an organization that enables the employees of an organization to understand the security issues of the company and measures that they would need to follow in case of any security problems being arisen in the organization (Deutsch, 2012). Thus with any new change being incorporated in the organization as can be considered in the case study, the policies also need to be accordingly updated such that level of security within the organization may be sustained. As far as the technology is concerned, the security of data may be achieved through the use of VPN or Virtual Private Network. A VPN is a technology of network that generates a protected network connection over a public network like the Internet or a private network held by a service provider, and generally used in organizations (What is VPN?, 2012). With the help of VPNs, an organization can protect private network traffic over an unprotected network. It helps in securing the mechanism for “encrypting and encapsulating private network traffic and moving it through an intermediate network. Data is encrypted for confidentiality, and packets that might be intercepted on the shared or public network are indecipherable without the correct encryption keys” (How VPN Works, 2003). The five pillars of information security include identification and authentication, authorization, confidentiality, integrity and non-repudiation. It is thus necessary to ensure that the ERP system is only accessible to internal users of the organization, particularly the ones who are authorized and legitimate. The rights and accesses of users should be restricted depending on the chances of information leakages and frauds. Protecting the privacy of data entails the assertion that only authorized people are capable of viewing specific sets of data. Users who are authorized should only be allowed to modify any information contained in the system of ERP. The organization also needs to ensure that a deal that is done is lawful and can be confirmed as such in cases of an inquiry or argument. Organizations can employ digital signatures or public key encryption to put into effect suitable and legal transactions (Marnewick & Labuschagne, 2006). Thus considering the case study, it can be said that ERP system can perform as a technology making the organization capable of integrating the use of computer simulation with the older systems of the organization such that the renting of resources from external of the organization do not affect the normal functioning and security of the organization negatively. Conclusion: The above study has been focused on a case study involving the need of an organization to initiate newer systems of computer simulation for the betterment of its performances. However while the benefits of computer simulation are known and there are greater attractions for the system, on the other hand there are concerns regarding the integrity of the system in the organizational environment and among the human resources as well as in regard to the protection of organizational security. From the study it can be concluded that renting compute resources from external to the organization undoubtedly increases the threats or risks of security for the organizations since controls are bound to be lost to the external powers. Moreover there are possibilities of leakages of information through misuses and the chances of frauds. ERP system has been obtained to be a technology that can be used to integrate this new system in the organization and along with that considering the necessary security measures would enable the organization to achieve both the benefits of the new system as well as protection of the security of the organization. References 1) Benefits of Implementing an ERP System (2011), smb-software, available at: http://www.smb-software.com/benefits-of-implementing-an-erp-system/ (accessed on August 19, 2012) 2) Computers and Computer Systems (2012), referenceforbusiness, available at: http://www.referenceforbusiness.com/small/Co-Di/Computers-and-Computer-Systems.html#b (accessed on July 27, 2012) 3) Computer Security (2012), referenceforbusiness, available at: http://www.referenceforbusiness.com/encyclopedia/Clo-Con/Computer-Security.html#b (accessed on July 28, 2012) 4) Decenzo, D.A. (2009), Fundamentals of Human Resource Management, 8th Ed, New Jersey: John Wiley & Sons 5) Deutsch, W. (2012), 6 Security Policies You Need, about, available at: http://bizsecurity.about.com/od/creatingpolicies/a/6_policies.htm (accessed on August 22, 2012) 6) Enterprise Resource Planning (2012), tech-faq, available at: http://www.tech-faq.com/erp.html (accessed on July 30, 2012) 7) Heidari, M. (n.d.), The Role of Modeling and Simulation in Information Security The Lost Ring, windowsecurity, available at: http://www.windowsecurity.com/uplarticle/Information_Warfare/The_Role_of_Modeling_and_Simulation_in_Information_Security3.pdf (accessed on July 24, 2012) 8) How VPN Works (2003), technet, available at: http://technet.microsoft.com/en-us/library/cc779919(v=ws.10).aspx (accessed on August 19, 2012) 9) Introduction to Computer Simulation (n.d.), gmu, available at: http://classweb.gmu.edu/aloerch/simulation540.pdf (accessed on July 24, 2012) 10) Managing the Business Risk of Fraud: A Practical Guide (n.d.), acfe, available at: http://www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/managing-business-risk.pdf (accessed on July 27, 2012) 11) Marnewick, C. & L. Labuschagne (2006), A Security Framework for an ERP System, icsa, available at: http://icsa.cs.up.ac.za/issa/2005/Proceedings/Full/009_Article.pdf (accessed on August 1, 2012) 12) Rouse, M. (2011), CAD (Computer-aided design), techtarget, available at: http://whatis.techtarget.com/definition/CAD-computer-aided-design (accessed on July 26, 2012) 13) Security Threats in Employee Misuse of IT Resources (2009), computereconomics, available at: http://www.computereconomics.com/article.cfm?id=1436 (accessed on July 29, 2012) 14) What is VPN? (2012), whatismyipaddress, available at: http://whatismyipaddress.com/vpn (accessed on August 23, 2012) Read More