Attacks, Threats, and Vulnerabilities to the Organization - Assignment Example

?INFORMATION SYSTEMS SECURITY al Affiliation INFORMATION SYSTEMS SECURITY Technology is a blessing to mankind and is a requirement for the success of any business with any hopes of surviving the intense competition in the business world today. All businesses worth their title have an information system to help run their activities. This has proven to be very beneficial in more ways than one as it makes work easier and enables smooth running of operations. However, like all good things, information systems have a loophole too. They are subject to a multiple number of insecurities that could prove to be very disastrous for the business to which the system belongs should it succumb to a threat. Businesses that rely on information systems have an obligation to maintain and keep it secure. As the Information Security Engineer for a videogame development company, it is compulsory that I adopt a vigilant approach to uphold my company’s information security (Godbole, 2009). Attacks, threats and vulnerabilities to the organization Hacking The organization is vulnerable to hacking. Hacking is a criminal act whereby unauthorized people with massive computer knowledge decide to illegally access the personal information on another’s information system, mostly to use for malicious acts that will harm the system’s owner. As identified, the organization’s system is not secure enough to protect itself from hackers. Should this threat not be handled the organization is at a risk of losing its most valuable information to anyone who does not have the business’ best interests at heart. Such information in the wrong hands could lead to the downfall of the organization without fail. Obsolescence The organization’s information system is outdated. This is a threat that needs to be addressed. In a business as competitive as the videogames one cannot afford to have information systems that are out-of-date. With technology evolving by the day, the information systems of the organization are under pressure to keep up in order to beat competition or at least be at par with them. Otherwise, obsolescence could lead to business failure as has already been observed recently in the organization (Godbole, 2009). Crashing of information systems The organization’s information systems have been crashing lately. This means that the systems fail to work somehow due to various reasons. I have made an observation that once the systems crash all the information that was contained in it is lost and the organization has to commence from scratch. It does not have to happen this way at all. This is a problem that must be dealt with so as to save time. If all activities in an organization will be stopped just because one system crashed then the business will lag behind (Godbole, 2009). Poor maintenance by staff The organization’s staff are not using the information systems a required. This could be out of ignorance or simply negligence. I recently observed one staff member pour water on a computer’s keyboard. This is an outrageous show of poor maintenance. The systems need to be taken care of on the outside in order to protect the information they carry inside. Lack of maintenance could lead to a double tragedy, that is, irreparable damage to the computer systems and in turn loss of the data they hold. Theft There has been theft of information systems in the recent past o the organization. This is an attack that cannot be allowed to stand as it should be hazardous to the life of the firm. The organization should find out the source behind these threats and tackle it with immediate effect (Godbole, 2009). Strategies and controls to deal with the risks 1) Hacking Hacking can be dealt with using the strategy of risk avoidance. This means ensuring that it doesn’t occur at all. For this strategy to be enforced the organization needs to apply new methods of securing the information systems further. For instance, by creating stronger passwords for files. This will make it harder for a hacker to access whatever is hidden. The control that I suggest should be used to manage this vulnerability is preventive. The organization should take measures to prevent any forms of hacking whatsoever (Godbole, 2009). 2) Obsolescence The best way to deal with obsolescence is applying the strategy of risk acceptance. This is because the process of system being outdated is practically unavoidable as one cannot prevent technology from advancing whenever and however it wants to. The only way is to always be updated and keep up with the rapid changes in the global technological systems. Thus the organization is able to upgrade its systems accordingly. For this, I recommend that the organization adopts the corrective control measure. Where the system is deemed obsolete, a new one should be brought in to replace it (Dhilon, 2007). 3) Crashing of information systems As observed, occasionally the systems of the organization crash and all data is lost. Due to installing of a backup system, all hope for restoration is impossible. Fortunately, there is a solution for this. Here, risk mitigation can be applied. This is similar to risk reduction as the loss has already occurred. Despite losing the system itself, a double tragedy is not necessary. The organization has the option of adopting a backup system whereby all the data in the information systems can be stored in external hard drives just in case the systems crash. This way, the information can be retained (Dhilon, 2007). The control measure for this is administrative. The risk of losing everything is reduced eventually. 4) Poor maintenance by staff The strategy of risk avoidance will be effective in this case. The information systems must be properly maintained in order to be sustainable. Seeing as the organization’s personnel need to work with the systems on a daily basis they need to be trained on how to handle the systems and maintain them such that they do not undergo severe damages. Loss due to poor maintenance can be easily avoided if everyone who comes into contact with the information systems is enlightened on how to handle it (Dhilon, 2007). The preventive control measure is applied here. Prevent the occurrence of the risk altogether by addressing the staff. 5) Theft This is a criminal act that most organizations are a victim of. Theft occurs daily. The only strategy to use when it comes to theft is risk avoidance. Theft should not be tolerated under any circumstances. The control measure here is detective whereby security cameras are installed to find out who the thieves might be so that they can be put away (Kim & Solom, 2011). To wrap this up, the organization needs to take its information systems a t more seriously. The level of negligence is alarming and this could have ample repercussions to the prosperity and survival of the organization (Kim & Solom, 2011). References Kim, D., & Solomon, M. (2011). Fundamentals of information systems security. Sudbury, MA: Jones & Bartlett Learning. Dhillon, G. (2007). Principles of information systems security: Text and cases. Hoboken, NJ: Wiley. Godbole, N. S. (2009). Information systems security: Security management, metrics, frameworks and best practices. New Delhi: Wiley India. Warkentin, M., & Vaughn, R. (2006). Enterprise information systems assurance and system security: Managerial and technical issues. Hershey, Pa: Idea Group Pub. Bhattacharya, B. B., ICISS (Conference), & International Conference on Computing: Theory and Applications. (2009). Algorithms, architectures and information systems security. Hackensack, NJ: World Scientific. Read More