StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Influence of Information Technology on Business - Research Paper Example

Cite this document
Summary
The paper "The Influence of Information Technology on Business" states that penetration testing and vulnerability scanners can find all the loopholes and importantly ‘plug’ and secure them. In the future, organisations will implement more advanced IT applications…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.9% of users find it useful
The Influence of Information Technology on Business
Read Text Preview

Extract of sample "The Influence of Information Technology on Business"

An In-depth Analysis on the Influence of Open Source System Penetration Tools on Cyber-crime Anonymous A. Non, Charles O. Cromwell (List on this line using 12 point Times New Roman font – use a second line if necessary) Company/Institution Name, City, Country, Postcode (authors affiliation(s) listed here in 12 point Times New Roman font – use a second line if necessary) Abstract- Cyber attacks on the organisation will not only impede their success, but could also put a big question mark over their survival. To avert this kind of worst case scenario, organisations and other entities will constantly test their IT infrastructure through various means, thereby strengthening and protecting it from threats. One of the key IT based testing process, which is aptly finding loopholes and thereby optimally plugging it is the Penetration Testing process, as well as vulnerability scanners. These tools are used by legitimate security consultants or testers with organisation’s authorization to launch a stimulated cyber attack on the organisation’s IT systems. These attacks could pinpoint the vulnerable areas, and could also aid in mitigating them. Organisations from various sectors are incorporating solutions these tools to develop foolproof protection system. Many reputable industry standards are also prescribing penetration testing as one of the key security exercise. Still, there is scepticism regarding genuineness of this process, as there are chances of agencies or individual testers turning negative and compromising organisations’ critical assets. To prevent such eventualities, there are adequate legal provisions; in addition organisations and security consultants need to come up with protocols or steps, which ensure secure and safe testing. 1. Introduction Any organisation, irrespective of the ‘domains’ they are placed in, will be vulnerable to cyber attacks, especially the ones which are maximally dependent on Information technology. These organisations will be threatened by individuals with apt technical knowledge and other inside information. Their intentions may vary from wrecking the organisation to stealing critical assets. When this type of cyber crime occurs, the organisation could suffer heavy financial losses and more than that could have doubtful future, as its key assets will be compromised aiding its competitors. Disgruntled employees or employees with ‘spying role’ could wreck the organisation by altering or breaking down the IT infrastructure, and also by bringing in IT tools from outside to disable it. Apart from those employees, external ‘elements’ in the form of hackers, cyber thieves, competitors’ aids, etc, could intrude or cyber attack the organisation. 2. Background and its widespread use To actualize a foolproof protection system, organisations has to find out the loopholes or the vulnerable areas in its IT infrastructure. Because, once the weak points are identified, organisations will become even more capable of addressing the loopholes, and thereby implement a better structured system, which is more resilient against potential hackers or attackers. This is where the Penetration testing process and other scanners comes into the picture. A penetration testing process, or occasionally called pentest, is a process under which the security of an IT infrastructure or a computer system is evaluated by simulating a cyber attack from a known malicious source. In April 1995, Dan Farmer and Wietze Venema released a program called Security Administrator Tool for Analyzing Networks, shortened to SATAN. Written largely in PERL, it was designed to automate the process of testing systems for security vulnerabilities, and also picked up large amounts of general network information, such as which hosts are connected to subnets, what types of machines they are, etc. (Sommer, 2006, p.69). Apart from this, there are number of updatable commercially available scanners including vulnerability and port scanners, which can update itself with the known hardware and software vulnerabilities. That is, these tools will also test the system for any risks and could even suggest corrective options. For example, the information provided by such scanning tools provides technical details of the vulnerability and at the same time also gives instructions as to how to eliminate the vulnerabilities by altering configuration settings. (Federal Office for Information Security, 2003). 2.1. Penetration Process Penetration and scanners includes a set of processes or protocols, which are devised from the perspective of the attacker and how they will try to intrude a network with negative intent. These protocols are then applied to a network, and the process of penetration involves analysing the system and finding potential vulnerabilities, which are caused by poor or improper system configuration, known and/or unknown hardware or software flaws, etc. (Godbole, 2009, p.45). In addition, Penetration testing services offered by security consultancies will include checking a businesss firewall, looking for weaknesses in its internet gateway or website, etc. (Sommer, 2006, p.71). After the analysis is done, any security risk will be provided to the system or organisation’s owner, along with the assessment of the risks, and importantly mitigation solution or solutions. Fig.1 Penetration Testing approach diagram (Geer and Hawthorne, 2002) 2.2. Vulnerability Scanners On the same lines, but with a different end result, vulnerability scanners are also used by various organisations, thereby making it also a widespread application. That is, vulnerability scanners are computer programs, which are specifically designed to assess IT infrastructure or any computer systems for any loopholes, but without simulating any direct attack. There are various types of vulnerability scanners that are available including Port scanner, Network enumerator, Web application security scanner, etc. Although, the functionality of all these scanners could vary, they accomplish the main task of enumerating the vulnerable areas in the IT infrastructure. Among these scanners, port scanners are used in a widespread manner to test a server or even host for open ports, and this way IT person or testers can identify the running services on a host, thereby preventing it from any compromise, through security policies. A port scan is stated as “An attack that sends client requests to a range of server port addresses on a host, with the goal of finding an active port and exploiting a known vulnerability of that service.” (Degu and Bastein, 2003, p.418). 2.3. Pentest vs. Vulnerability Scanners Although, pentest and vulnerability scanners are used in a widespread manner, penetration test is regarded as a far effective process as there is no breaking into the system in the case of scanners. That is, scanners could only show the presence of vulnerabilities, while the Pentest can conclusively demonstrate those vulnerabilities. Few testers use commercial vulnerability scanners to try to test or penetrate systems. Most commercial scanners are like Swiss army knives-they perform many functions, but dont do any one function particularly well, so their usefulness in a penetration test is limited. (Lucas and Moeller, 2004, p.135). Importantly, Penetration testing necessitates a lot more planning, care, effort, time, etc than vulnerability scanning, and so the results of Pentests will be more reliable, valid and valuable for the businesses. Thus, penetration testing has evolved from what was in the mid-90s, a dangerous or even an unethical activity, into a proven, widely accepted and widespread activity, practiced by many businesses. 3. Development of protection systems Organisations could think that having just the Windows firewall option and regular changing of passwords will be adequate to ensure their security, and prevent any intrusion or data theft from hackers. The fact is, many organisations underestimate the security threats they face, and overestimate the ability and resources their internal IT staff have to address it. (ISS White Paper). This assumption is wrong and could also be self-defeating because there are highly skilled hackers and also there could be disgruntled employees or even detrimental competitors, who can break into key IT infrastructures, retrieve necessary information and put the organisation in a downhill path. Thus, it is paramount that organisations, which rely on IT, should develop optimum protection systems, and which have to be tested and updated regularly. Organisations and its IT personnel should take care or fulfil four major aspects to develop an optimal protection systems, and they are Penetration testing, intrusion detection, incidence response and legal/audit compliance. (Lubis et. al, 2010). As penetration testing process can pinpoint all the vulnerabilities, it can aid a lot in developing effective protection systems. Pentest professionals, with the permission of the organisation, can test all the key and even supposedly secured parts of the IT infrastructure, and give a report mainly from an outside criminals perspective, so that the necessary protection systems are developed. To develop apt protection systems, organisations have to allocate the IT department adequate financial resources. This penetration testing process can create a kind of Compelling Event. “Well-documented results from a penetration test that expose the susceptibility of customer data, human resources records or even executive e-mail accounts create compelling events that any executive concerned with company finances, liability or reputation needs to know.”(ISS White Paper, p.2). Security has to be upgraded and updated according to the evolution of threats. While the in-house IT personnel could be clouded by internal pressures, independent penetration testing team could offer unbiased analysis. These types of independent audits are becoming a key requirement to get cyber-security insurance. Importantly, key regulatory and legislative requirements are stipulating penetration tests as a key necessity for doing safe and secure business. Regulations such as HIPAA (Health Insurance Portability and Accountability Act), Graham Leach Bliley, etc all include security compliance codes. (ISS White Paper). Because of this possibility, many organisations and entities are adopting penetration testing and so it is becoming widespread. For example, all the credit card companies have been adopting penetration testing as part of its established standard, the Payment Card Industry Data Security Standard (PCI DSS). That is, this standard was developed by leading credit-card companies to help merchants to protect sensitive customers credit-card data, and so any company that does transactions via credit cards needs to be PCI compliant. (Vacca, 2010, p.384). As part of PCI DSS compliancy, companies have to carry out both annual as well as ongoing penetration testing, as part of its routine plans and also after system changes. (Manzuik et. al, 2006, p.56). This way, organisations can implement appropriate safety or corrective measures, thereby eliminating or plugging vulnerabilities, which can be exploited by unauthorized hackers or any other third parties. 4. Controls or ‘Policing’ over Penetration testing process Even after the evolvement of genuine testing agencies, organisations could be sceptical about conducting pentests because of the fear that their IT infrastructure could be penetrated by cyber criminals in the guise of testers, and importantly they fear that all their data could be stolen or compromised. To avoid these worst case scenarios, both the organisations as well as the testers are putting in place optimum security controls. In addition, governments of the land and other overseeing agencies are also coming up with laws and standards to curb any illegal behaviour. EC-Council (2010, p.18), one of the reputed professional certification bodies, provides a list of measures that should be taken by the organisation and the testers before pentests. For example, testers should provide details of the team performing the penetration test, and the team members should agree to a background check and reference check to be carried out by the organisation or other third parties. In addition, the testers should provide updated logs and also actions taken as part of the penetration test, with a qualified organisation representative checking those logs and updates. Apart from selecting genuine and trustworthy testers, organisations has to keep a vigil on the testers to find out whether they are stealing or misusing confidential data during the testing process. From the perspective of the testers, laws are clear that to penetration testing, they should get clear authorisation from the target organisation or client. In the absence of such authorisation, the consultant agencies or testers could be held for criminal liability, punishable by a fine and/or imprisonment, under the Computer Misuse Act 1990. (Dautlich, 2004, p.41). 5. Conclusion With information technology becoming an intricate and indispensable part of many organisations’ functioning and success, it has to be secured in an optimum way, for it to aid the organisation effectively. IT infrastructure and networks of organisations functioning in the government, private and even outsourced domains are becoming a target of cyber-attacks. Here, Penetration testing and vulnerability scanners can find all the loopholes and importantly ‘plug’ and secure them. In the future, organisations will implement more advanced IT applications, and in line with those implementations, cyber attackers will also come up with advanced intrusions. So, the testers or security consultants need to upgrade and update their penetration and scanning process, to be an able defender and protector of crucial IT assets REFERENCE Sommer, P. “Criminalising hacking tools.” Digital Investigation, vol. 3, pp. 68-72, 2006. Federal Office for Information Security. Study: A Penetration Testing, 2003. Godbole, N. Information Systems Security: Security Management, Metrics, Frameworks And Best Practices (W/Cd), New Delhi: Wiley-India, 2009. Geer, D. Harthorne, J. Penetration Testing: A Duet. Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC02), Las Vegas, Nevada, 2002. Degu, C. Bastein, G. CCSP Cisco Secure PIX firewall advanced exam certification guide. Cisco Press, 2003. Lucas, J. Moeller, B. The effective incident response team. New York: Addison-Wesley, 2004. ISS White Paper. Penetration Tests: The Baseline For Effective Information Protection Lubis, M. binti Yaacob, NI. binti Reh, H. Abdulghani, MA. “A Study on Implementation and Impact of Google Hacking to Internet Security.” Proceedings of Regional Conference on Knowledge Integration in ICT 2010. Vacca, JR. Managing Information Security. Syngress, 2010. Manzuik, S. Pfeil, K. Gold, A. Gatford, C. Network Security Assessment: From Vulnerability to Patch. Syngress, 2006. EC-Council. Penetration Testing Procedures and Methodologies, London: Cengage Learning, 2010. Dautlich, M. “Penetration Testing- the Legal Implications.” Computer Law & Security Report, vol. 20, no. 1, pp. 41-43, 2004 . Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(The Influence of Information Technology on Business Research Paper - 1, n.d.)
The Influence of Information Technology on Business Research Paper - 1. Retrieved from https://studentshare.org/information-technology/1575569-an-in-depth-analysis-on-the-influence-of-open-source-system-penetration-tools-on-cyber-crime
(The Influence of Information Technology on Business Research Paper - 1)
The Influence of Information Technology on Business Research Paper - 1. https://studentshare.org/information-technology/1575569-an-in-depth-analysis-on-the-influence-of-open-source-system-penetration-tools-on-cyber-crime.
“The Influence of Information Technology on Business Research Paper - 1”. https://studentshare.org/information-technology/1575569-an-in-depth-analysis-on-the-influence-of-open-source-system-penetration-tools-on-cyber-crime.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Influence of Information Technology on Business

Influence of Technology on Strategic Marketing Management Practices

As argued by O'Conner (1998), the “impact of information technology on marketing is dramatic”.... ??4 The application of information technology in marketing strategy has been talked about since the 1960s.... the influence of Technology on Contemporary Strategic Marketing Management Practices Introduction Conventional models of management are generally unsuitable for a large number of markets nowadays.... ??2 It was demonstrated by Leverick and colleagues (1998) that numerous organisations have transformed their marketing strategies through the influence of technology....
13 Pages (3250 words) Essay

E-Commerce and Information Technology

hellip; The other important issue is how the organization is able to make most fruitful investment in IT because many investors have invested in IT for the main aim of making the most out of information technology.... In order to be able to make the most out of information technology, organizations must try to implement new technologies in an effective way.... E-Commerce and information technology Professor University/Institution Location Date Information systems researchers have tried addressing issues regarding the adoption of computers in organizations since the use of computers in organizations begun....
9 Pages (2250 words) Essay

Influence of Technology on Decision-Making

Influence of technology on decision-making Name Date Course Institute of affiliation Influence of technology on decision-making Considerably, the topic Influence of technology on decision-making addresses the issue, to which technology affects the making of decisions in organization.... 23) it is important to heed that manipulate of technology on decision-making where the decisions arte made on ladders.... hellip; Technology entails the purpose of information in production, utilization as well as design of goods and services, further, the above is done as per the human activities in an organization....
6 Pages (1500 words) Assignment

The Role of Information Technology in Organization Design

The author of this essay entitled "The Role of information technology in Organization Design" casts light on the importance of IT in modern management.... In this connection this report will proficiently evaluate some of the major aspects of cultural impacts on the business practice and also application of information technology systems.... Recognizing the cultural aspect is really a prime factor that is fairly significant for the effectual analysis and investigation of information technologies in that culture at a diversity of levels, comprising executive, nationwide and group, is capable to influence the thriving establishment and exploitation of information technology....
2 Pages (500 words) Essay

Infleunce of Information and Technology on Business Strategy Development: Google Company

Zikmund (2008) summarized that the influence of ICT on the business process has been mainly on communication and monitoring needs.... nbsp;… In the words of Jullien (2006), the growth of information and Technology (ICT) has been the biggest revolution in the business segment since the Industrial Revolution.... This paper is based on the implementation of ICT in the business strategy making the process and the selected organization for analysis is Google Plc....
8 Pages (2000 words) Case Study

Influence of Technology on Society

In the business, world technology gives executive access to well-organized and quality information they can utilize to formulate better choices.... This essay declares that technology has affected various society components.... It is significant to appreciate what the outcomes of the distribution along with high technology usage are for lives of humanity.... hellip; As the report stresses technology does not simply assist the public to tie in friendships, but it has also surfaced as a reason to link various types of persons from a modest to a larger level....
4 Pages (1000 words) Essay

Main Location Criteria for Retail and Service Businesses

This paper “Main Location Criteria for Retail and Service Businesses” explains how entrepreneurial decision making regarding the business location becomes a significant factor being critical to the success.... hellip; The author states that while planning for a small or service business, a number of factors in relation to its location are to be considered.... Retail stores and restaurants have to be located near to customers so that they can reach to the business easily, whereas manufacturers may find locations remote from the customer base in order to be cost-effective due to the availability of raw materials, availability of labor, taxes, regulation and overhead costs (Pinson and Jinnett, 2006, p....
10 Pages (2500 words) Research Paper

How Information Technology Influences the Success of Business Organizations

The following paper under the title 'How information technology Influences the Success of Business Organizations' gives detailed information about advancements in information technology which have been responsible for the globalization wave in most business.... hellip; information technology has made it easy for people to pass various kinds of information from one part of the world to another.... information technology has been an important process that enhances the success of businesses in various ways....
7 Pages (1750 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us