Information Security Mapping for Biomed Devices - Case Study Example

Information Security Mapping Name Institution Information Security Mapping Introduction This paper is a case study of Robert who is a client manager for Biomed Devices in Perth. He stores his information in a laptop and carries an iPad and a smart phone. He uses Microsoft word 2013 for all his business activities which contain detailed and confidential information about his clients. Robert has little knowledge on information security and does not use third party firewalls, antivirus, among other software for protection of his information system. From the case study, Robert enjoys extensive benefits from his information systems; however, he is exposed to immense threats associated with use of IT systems. The paper will discuss the significant of information to organizations and the society, describe and apply ideas relating to information security, and discuss the benefits, shortcomings, and risks o various IT environments. Importance of information to organizations and society in general Organizations gather and distribute information, and it may undergo some distortions in the process. Majority of these distortions are deliberate and at times, the staff of a certain organization summarize and report data to the management. Data summary means that some of the data has been eliminated (Friedman, Kahn Jr, Borning & Huldtgren, 2013). This kind of distortion is deliberate. Other times, information may undergo major distortion such that loses its actual meaning. The word and information are most of the times utilizes interchangeably as they are assumed to have similar concept. In reality, the two terms are distinct. Data refers to collection of observations that may at times be proved wrong; therefore, data may not be necessarily true. Data is convertible to information after processing. The procedure of processing data involves the elimination of errors and reduction of unreliability of the sources. Data is then assessed to make it relevant to the issues at hand. The final step involves organizing data in methods that are understandable (Bélanger & Crossler, 2011). Information systems refer to composition of people and computers that process and interpret information. At times, the term is used in referring to applications utilized in running computerized databases or to refer to computer system. In the current rimes, use of computers and information has become inevitable. Since mid 1960s, the use technology has greatly increased and consequently, production technology has also significantly increased (Venkatesh, Thong & Xu, 2012). The increase in the use of technology has altered the work system and the massive use of technology in companies has resulted to notable changes in technology. Use of information systems has led to reduction in operational costs by over 40% since mid 1950s. The cost reductions resulted from introduction of new computer applications which include mathematical and other systematic applications (Zhang, Li, Ruan, Liu, 2012). Storage costs have reduced with over 30% yearly in the last 10 decades. The reduction in cost enables any users save their data on technological gadgets. Also, there has been significant reduction in transmission costs due to the use of networked technology (Ryan, Mazzuchi, Ryan, De la Cruz & Cooke, 2012). The reductions in costs indicate how information has developed with time. Majority of companies do not have to manage their data as hard copies. Information systems enable companies to store their data in an easily accessible way which is effortlessly updated. Information systems are very significant in strategic planning (Lapointe & Rivard, 2005). The management utilizes information systems in the evaluation of information from distinct sources involving external sources which present the actual situation of the economy. This is significant in making of vital business related decisions since an organization is able to assess market current market trends. With the increase in globalization, majority of international companies work with greater revenue and have bigger business prospects. The need for adequate information systems vary with the magnitude of the business. As the businesses advance, information systems are utilized in the managing of operations, monitoring the increasing supply chains. Environment security is understood differently by many people (Liang & Xue, 2009). It includes two significant concepts including making sure that the environment is not contaminated or corrupted in any way which would hinder its normal operations and ensuring that nothing escapes from the confined environment not information is shared without the consent of the organization. Systems encompass of individuals, gadgets, and technologies. An environment is viewed as a system and securing things in the system’s environment shows a great level of responsibility and success in information security (Lumley, Coetzee, Tladinyane & Ferreira, 2011). Concepts, principles and techniques relating to the security of information Information security also referred to as InfoSec or computer security refers to the process of protecting information from unauthorized persons’ use, exposure, inspection, alteration, copying, and destruction. Computer does not necessarily refer to home desktop. Computer refers to any tool with a processor and some storage system and includes mobile phones, tablets, and calculators (Nolan & McFarlan, 2005). Majority of big organizations employ IT security experts because of the significance of the information they hold. They are obligated to keep all the technology within the company safe from all kinds of malicious activity which may try to access its confidential information (Tallon & Pinsonneault, 2011). They should ensure that data is safe when dangerous issues arise. The issues may involve natural disasters, physical destruction of theft, and any instance which involves data loss. Majority of the information in the current times is stored in computers and one of the major ways of offering information assurance is having an off-site backup of the data when any of the calamities occur (Ifinedo, 2014). The most significant step of information security is identifying the value of all sections of the information and establishing the most efficient methods of required for its protection (Ray, Muhanna & Barney, 2005). Some forms of information require high levels of security unlike others which explains the significance of information classification. In this case, Robert should recognize that confidential information about his clients is very valuable and should be protected from all forms of malicious activities. Aspects to consider while determining how vital information is by establish the value it holds for the company, the duration the organization has been in possession of the information, or whether the information is outdated (Yen & Bakken, 2011). The behavior of the staff plays significant role on the security of the information a company holds. Cultural concepts enable majority of organizations establish various protective measures for the business information. However, information security culture should be updated frequently so as to accommodate the changes in technology. Information security is a continuous process which requires strategic planning (Roberts & Grover, 2012). IT environments The IT Environment Framework composes of four major parts which include IT systems services, IT operational services, IT operating Environmental Services, and System developmental life cycle. The area or section of the IT systems services offer all technical solutions and services which is very significant in any IT organization. Technical solutions may be small such as the Atomic Systems or large as the composite systems. No environment is all-inclusive without accounting fully for the relevant systems. IT operational services assist in the maintenance of all the other systems. It involves both general and specific systems which include Deployment Management and problem management respectively (Sambamurthy, Bharadwaj & Grover, 2003). IT operating systems refer to the restricted and delimited operating systems. It enables the carrying out of IT work in contained regions that do not affect other environments. Such environments involve reconstruction environments. The Systems development life cycle refer to specific environment in which every environment belongs to. It includes various policies, standards, processes and work vital in moving a system through system development life cycle in an effectual and productive way. Information threats occur in various forms the most common threats in the current days include software attacks, damage, theft of intellectual property, loss of equipment, and information extortion (Sittig & Singh, 2011). The most common software attacks include viruses, Trojan horses, worms and phishing attack. Intellectual property refers to the possession of property with some form of safety. Software theft is the most frequent in IT organizations in the current times. Identity theft is when a person attempts to use another person’s identity to take advantage of various situations and access confidential data (Rindfleisch, 1997). Majority of technological devices are prone to theft because they are portable. Cell phones, tablets, laptops are prone to theft and have become extensively used with the increase in data amounts. Sabotage refers to distortion of a company’s website in the attempt to spoil the customers’ confidence with the company. Information extortion refers to theft of the information of an organization in the attempt to gain cash in exchange of the stolen information. There are many methods which are applied in the protection of information systems, but the most important and efficient method is user circumspection. In this case, Robert is prone to all the above mentioned IT threats. Firstly, he does not use protective software or any other third party protective applications. Secondly, he leaves his electronic gadgets unattended most of the time in his car (Shaikh & Haider, 2011). Thirdly, he uses public internet cafes which expose him to a wide range of threats. If confidential information about his company, the clients, or the products get into hands of his competitors, the company would suffer extensive permanent financial loss and the organization’s reputation would be lost. It is the obligation of the management of every organization to protect its information from IT threats (Lo & Chen, 2012). Securing confidential information of nay business is an ethical requirement and organizations should invest in information security. So as to protect his information from IT threats, Robert should install an updated antivirus system in his computer. It defends the computer against any forms of virus attacks (Stoneburner, Goguen & Feringa 2002). He should also keep his windows updated. Technology gadgets such as phones, laptops, and tablets should not be left unattended as the vulnerability for theft increases. Windows firewalls notify the user when the computer detects any malicious activity trying to access it. While using public internet cafes, Robert should ensure he clears his internet cache and browsing history. In addition, public Wi-Fi is associated with numerous risks and chances of being hacked are extensively high. It makes it easy for unauthorized parties to access his confidential information. Conclusion This paper is a case study Robert who is a client manager for Biomed Devices in Perth. He stores his information in a laptop and carries an iPad and a smart phone. Robert enjoys extensive benefits from his information systems; however, he is at exposed to immense threats associated with use of IT systems. Data refers to collection of observations that may at times be proved wrong; therefore, data may not be necessarily true while information refers to processed data. In the current rimes, use of computers and information has become inevitable. Majority of companies do not have to manage their data as hard copies. Information systems enable companies to store their data in an easily accessible way which is effortlessly updated. Information systems are very significant in strategic planning and have reduced operational costs significantly. Information security or computer security refers to the process of protecting information from unauthorized persons’ use, exposure, inspection, alteration, copying, and destruction. Information threats occur in various forms the most common threats in the current days include software attacks, damage, theft of intellectual property, loss of equipment, and information extortion. In this case, Robert is prone to all the above mentioned IT threats. References Bélanger, F., & Crossler, R. E. (2011). Privacy in the digital age: a review of information privacy research in information systems. MIS quarterly, 35(4), 1017-1042. Friedman, B., Kahn Jr, P. H., Borning, A., & Huldtgren, A. (2013). Value sensitive design and information systems. In Early engagement and new technologies: Opening up the laboratory (pp. 55-95). Springer Netherlands. Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-79. Lapointe, L., & Rivard, S. (2005). A multilevel model of resistance to information technology implementation.MIS quarterly, 461-491. Liang, H., & Xue, Y. (2009). Avoidance of information technology threats: a theoretical perspective. MIS quarterly, 71-90. Lo, C. C., & Chen, W. J. (2012). A hybrid information security risk assessment procedure considering interdependences between controls. Expert Systems with Applications, 39(1), 247-257. Lumley, E. J., Coetzee, M., Tladinyane, R., & Ferreira, N. (2011).Exploring the job satisfaction and organisational commitment of employees in the information technology environment.Southern African Business Review, 15(1), 100-118. Nolan, R., & McFarlan, F. W. (2005).Information technology and the board of directors.Harvard business review, 83(10), 96. Ray, G., Muhanna, W. A., & Barney, J. B. (2005). Information technology and the performance of the customer service process: A resource-based analysis. Mis Quarterly, 625-652. Rindfleisch, T. C. (1997). Privacy, information technology, and health care. Communications of the ACM, 40(8), 92-100. Roberts, N., & Grover, V. (2012). Leveraging information technology infrastructure to facilitate a firm's customer agility and competitive activity: An empirical investigation.Journal of Management Information Systems, 28(4), 231-270. Ryan, J. J., Mazzuchi, T. A., Ryan, D. J., De la Cruz, J. L., & Cooke, R. (2012). Quantifying information security risks using expert judgment elicitation. Computers & Operations Research, 39(4), 774-784. Sambamurthy, V., Bharadwaj, A., & Grover, V. (2003). Shaping agility through digital options: Reconceptualizing the role of information technology in contemporary firms. MIS quarterly, 237-263. Shaikh, F. B., & Haider, S. (2011, December). Security threats in cloud computing. In Internet technology and secured transactions (ICITST), 2011 international conference for (pp. 214-219).IEEE. Sittig, D. F., & Singh, H. (2011).Defining health information technology–related errors: new developments since To Err Is Human.Archives of internal medicine, 171(14), 1281-1284. Stoneburner, G., Goguen, A., & Feringa, A. (2002).Risk management guide for information technology systems.Nist special publication, 800(30), 800-30. Tallon, P. P., & Pinsonneault, A. (2011). Competing perspectives on the link between strategic information technology alignment and organizational agility: insights from a mediation model. Mis Quarterly, 35(2), 463-486. Venkatesh, V., Thong, J. Y., & Xu, X. (2012). Consumer acceptance and use of information technology: extending the unified theory of acceptance and use of technology. MIS quarterly, 36(1), 157-178. Yen, P. Y., &Bakken, S. (2011). Review of health information technology usability study methodologies. Journal of the American Medical Informatics Association, amiajnl-2010. Zhang, J., Li, T., Ruan, D., & Liu, D. (2012). Rough sets based matrix approaches with dynamic attribute variation in set-valued information systems. International Journal of Approximate Reasoning, 53(4), 620-635. Concept Map n Read More