1. making, competitive advantage and survival. IT platform can

1.                 
Why organizations are heavily reliant on
information systems.

Information
technology and organizations stimulus each other depend on organization’s structure,
business processes, politics, culture, environment and management decisions. IT
security should be viewed as a necessary cost of doing business. In the work on
IT and information security with companies in a wide range of industries,
including banking, insurance, defense, aerospace, industrial goods, energy, raw
materials telecommunications, and logistics, have identified a number of other
actions that executives can take to improve the companies’ chances of success. To
rival and success in global market, information technology is important in
competitive environment. (Kenneth C. Laudon, Jane P. Laudon, 2018), global investment
in information technology has expanded by 30 percent in the period 2005 to
2015. IT investment now accounts for an estimated 20 percent of all capital
investment.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Information systems are transforming business
as mobile digital platform, systems used to improve customer experience,
respond to customer demand, reduce inventories, growing online newspaper
readership, expanding e-commerce and internet advertising, new federal security
and accounting laws. Firms contribute heavily in information systems to get six
strategic business objectives. There are operational excellence, new products,
services, and business models, customer and supplier intimacy, improved
decision making, competitive advantage and survival. IT platform can top to
changes in business objectives and strategies. Businesses rely on information
systems to help them achieve their goals and to attain higher profitability.
Information systems improved decision making from accurate information. To
achieve the greater efficiency and productivity, the tool of information
technology is an important. IS support organization to achieve competitive
advantage as delivering better performance, charging less for superior
products, responding to customers and suppliers in real time (Examples: Apple,
Walmart, UPS).

Competitiveness was very often increased because of great
cost savings and better service to clients. Communication and inter
organizational systems seemed to be very important in this respect. Now
a day, organizations are in the rival for improving their capability in order
to survive in the global market. To make effective and timely decisions that
best achieves their organization goals more easy to get from using the appropriate
information of internal and external sources. (Karim, 2011).

(Karim, 2011),
stated
that “information is an arrangement of people, data, process, and information
technology that interact to collect, process, store and provide as output the
information needed to support an organization,” “If the relevant
information required in a decision-making process or an organization planning
is not available at the appropriate time, then there is a good change to be a
poor organization planning and priority of needs, inappropriate decision-making
and defective programming”, (Adebayo, 2007).

In
postindustrial organizations, authority progressively relies on knowledge and
competence rather than formal positions with sufficient information technology.
Because of the difficulty to sustain competitive advantage, organization needs
to be continuous innovation. In order to stay ahead system performing strategic
may become tools for survival and firm value chains. The reasons to why the
information system is critical are operation excellence, new products,
services, and business models, customer and supplier affection, improved
decision making, competitive advantage, survival.

2.                 
Outline
the various types of security threats to any information systems.

Internet is
becoming the domain platform for life in the 21st century.
Organization face related situation and must struggle with their specific
probable threats. The aim of computer security
professionals is to attain protection of valuable information and system
resources. A division can be made between the security of system resources and
the security of information or data as the system security, and the information
security or data security. System security is the protection of the hardware
and software of a computer system against malicious programs (Spinello, R. and Tavani, H., 2001). Most of the
businesses make risk identification, assessment, and mitigation a high
priority. There is a specific type of threat today for which many companies. Information security is a serious
problem for individuals and organizations because it indications to unlimited
financial losses. Information systems are exposed to different types of
security risks. The type of damage caused by security threats are different as
database integrity security breaches, physical destruction of entire
information systems facility caused by fire, flood, etc. The sources of those
threats can be unwanted activities of reliable employees, hacker’s attack,
accidental mistakes in data entry, etc. Information systems are vulnerable
because of the accessibility of networks can breakdowns hardware problems,
unauthorized changes and programming errors software problems, disasters, use
of networks outside of firm’s control, and loss of portable devices (Kenneth C. Laudon, Jane P. Laudon, 2018). Risks come from
easily by using network open to anyone, size of internet mean abuses can have
wide impact, use of fixed internet address with cable and DSL moderns creates
fixed targets for hackers, unencrypted VOIP, interception and attachments with
malicious software from email. Security is breached easily from radio frequency
bands easy to scan. And using service set identifiers, identify access points,
broadcast multiple times, can be identified by sniffer programs, war driving, eavesdroppers
drive by buildings and gain access to network and resources.

Malware (malicious software) as viruses and worms can
operate on their own without attaching to other computer program files and can
spread much more rapidly than computer viruses. Worms and viruses spread by drive-by
download and destroy data and programs. Malware that comes with a downloaded
file that a user intentionally or unintentionally requests by E-mail, IM
attachments, hackers, request malicious files without user intervention, delete
files, transmit files, install programs running in the background to monitor
user action, & potentially convert the smartphone into a robot in a botnet
to send e-mail & text messages to anyone, mobile device malware and social
network malware.

Hackers & crackers make intentional
disruption, damage of website or information system gain unauthorized access by
finding weaknesses computer systems. Hackers flood a network server or Web
server with many thousands of false communications for spoofing for redirecting
a Web link to an address different from the intended one. It’s very damaging
and difficult to detect. An extremely serious threat because
they can be used to launch very large attacks using many different techniques.
Computers as targets of crime for breaching the confidentiality of protected
computerized data and computer may be instrument of crime theft of trade
secrets or unauthorized copying of software or copyrighted intellectual
property, such as articles, books, music, and video, schemes to defraud, using
e-mail for threats or harassment intentionally attempting to intercept
electronic communication, illegally accessing stored electronic communications,
including e-mail and voice mail, transmitting or possessing child pornography
using a computer. Hackers may be aim for identity
theft as used information to obtain credit, merchandise, or services in the
name of the victim and phishing, evil twins, pharming, click fraud,
cyber-terrorism, cyber-warfare. The sources of threat can be inside or outside
the attacked system. The organizations and their security systems are usually
focused on protecting themselves from threats that are origin from outside the
system. The threats that are coming from inside are often not considered.
Because the way it is possible to determine from what we are protecting
information system, it is possible to more efficiently use limited resources.

 

3.                 
Examine the impacts of ransomware on business
organizations.

It will not be amazing if ransomware
change in a few years. A key area that could become a bigger target for
cybercriminals are payment systems, as seen with the Bay Area Transit attack in
2016 where the service provider’s payment kiosks were targeted with ransomware
(web link 3).

“The Bitcoin Connection with the
exception of some ransomware families that demand high amounts, ransomware
alternates typically ask for 0.5?5 Bitcoins (as of 2016) in exchange for a
decrypt key. This is important for two reasons—some variants increase the
ransom as more time elapses with nonpayment, and the Bitcoin exchange rate is
on the rise. In January 2016, 1 BTC was worth US$431. Bitcoin’s value has risen
dramatically since then, topping out at US$1,082.55 at the end of March, 2017”
(web link 3).

Ransomware
is a type of malware that uses malicious codes to intrude the system before
users notice it, to encrypt important files, to require money using encrypted
files
as a

criminal, and to
give fiscal damages to users. The rapid growth of the mobile market has been
the main target of hackers to obtain illegal gains by using ransomware. The
market share of Korea’s Android OS is approximately 80%of the total share of
smartphone market as shown in Table 1. Compared to other OS such as iOS,
Windows Phone, or Blackberry, Android holds a high market share close to
monopoly, while the others combined have less than 15% share in the mobile device
market (web link 1). The share of the Android platform is so high that the
platform is the main target of ransomware attacks. Damage cases of
Android-based smartphones are continuously growing recently. Traditional
vaccine system can detect a system if it is infected with ransomware and cure
it. However, it cannot prevent attacks by ransomware without obtaining
information on the  ransomware. In
addition, files cannot be recovered without the encryption key because files
are already encrypted even if the traditional vaccine system can remove the ransomware
(web link 2). Users can avoid infections by updating the vaccine system from
time to time. However, this method has limited efficacy. Existing vaccine
system can detect ransomware using intrusion detection method based on files (D. Kim and S.
Kim, 2015).
However, this approach cannot detect modified ransomware with new patterns
because it can only prevent ransomware based on analysis information of the
ransomware. Therefore, an active instead of a passive prevention method is
urgently required.   

 

 

 

 

 

 

 

 

TABLE 1: Smart
device operating system market share

Source: “Worldwide
Quarterly Mobile Phone Tracker,” IDC, August 2015.

 

 

4.         Prepare
a prevention and risk mitigation plan to organizations so that the organizations
are well prepared to overcome future attacks.

Organizations have very treasured
information assets to protect. Poor security and control may result in critical
allowed liability. Failed computer systems can lead to significant or total
loss of business function. Business must protect not only their information
assets but also those of stakeholders. An organization can be held liable for
unnecessary risk and harm created if the organization fails to take appropriate
protective action to prevent loss of confidential information (Kenneth C. Laudon, Jane P. Laudon, 2018). Security threats come
not only outside from organization but also originate inside an organization. A
security breach may cut into a firm’s market value almost immediately.
Information system controls may be automated or manual controls unique to each
computerized application. To protect the information systems, organization determines
level of risk to firm if specific activity or process is not properly
controlled in organization as types of threat, probability of occurrence during
year, potential losses, value of threat and expected annual loss. Ranks
information risks, identifies acceptable security goals, and identifies
mechanisms for achieving these goals. Set up policies for drives acceptable use
policy (AUP).

 The
primary attack technology
may or may not cross the firewall as they are executed. Technology
isn’t the only source for security risks. Psychological and sociological
aspects are also involved (Ponemon Institude, July 2016). Management sets identifying
valid users and controlling access to prevent, respond to cyber attacks and
data breaches. Monitor the occurrence of possible cyber attacks and set up
policies and procedures for employees to follow depend on each company business
unit as IT, Human Resources, Legal. The organization should invest in security
equipment and procedures to deter or prevent cyber attacks. These include the
most up to date IT protection measures, for example: having the company’s
database on a different web server than the application server, applying the
latest security patches, protecting all passwords, using read-only views of
documents and materials when possible, maintaining strict input validation,
developing network security architecture, monitoring activities and procedures
of third-party contractors with access to the computer system (whether direct
or remote), performing network scans to assess activity on the network,
comparing outbound network traffic to baseline operations, choosing names for
tables and fields that are difficult to guess.

If organization face systems break down,
make a plan for recovery disaster as devises plans for restoration of disrupted
services, focuses on restoring business operations after disaster. Assess
financial and organizational impact of each threat by auditing. After analyzing
and planning, should audit and control information systems and security
information systems.  The most important
tools and technologies for safeguarding information systems are identity
management software, authentication, firewall, Intrusion detection system,
antivirus and antispyware software, unified threat management (UTM) systems,
Wired Equivalent Privacy (WEP) security, Wi-Fi Protected Access (WPA2)
specification. In recent years, new and increased use of technologies such as
mobile devices, social media and cloud computing has increased the risk posed
by cyber criminals. Two methods of encryption are symmetric key encryption and
public key encryption. Firms must ensure providers provide adequate protection
and need to include key factors in Service level agreements (SLAs) before
signing with a cloud service provider to security in the cloud. Security
policies should include and cover any special requirements for mobile devices. Quickly
containing any attacks and minimizing any financial and reputational harm. Some
companies delegate responsibility for computer systems security to their chief information
officer who is usually responsible for protecting access to a company’s
information technology (IT) system and the privacy and security of information
on that system. ?

Individual or organization may receive
threats from individuals requesting to have hacked its computer systems submission
to return stolen confidential information in exchange for property. Companies
can determine whether the extortionist has done what he claims by isolating
areas that may be affected to determine if they have been compromised. And
determine the feasibility of restoring critical systems where a denial of
service attack affects critical infrastructure. This includes assessing whether
restoring service will negatively affect collecting evidence in the investigation
and document all aspects of the investigation and secure and preserve all
evidence, including logs of critical system events.
According (NTT Group , 2016), if seventy-seven percent of
organizations lack a recovery plan, then may be their resources would be better
spent on protective measures. That’s why companies should detect the attack in
its early stages. The cyber incident response plan should address the recovery
of the company’s computer systems by both: Eliminating the vulnerabilities
exploited by the attacker and any other identified vulnerabilities and bringing
the repaired systems back online. If systems are restored, management should
evaluate how the response the executed the response plan and consider whether
the cyber incident response plan can be improved.

Where an internal investigation leads to
evidence of the attacker’s possible identity, companies should consider
preparing formal referrals to law enforcement for possible criminal
prosecution. Companies considering this course of action can retain white collar
crime or intellectual property counsel to guide them through the investigation,
referral and criminal proceedings. The outcome of a criminal prosecution may depend
on the
company’s ability to provide evidence and testimony. Therefore should be
prepared to help the prosecutor present complex computer crime evidence to a
judge and jury.

 

 

5.         As an employee of a highly connected
and globalized world, highlight and critically those ethical issues that may
arise from using connected devices an organization.

Ethical analysis of security and privacy issues in information
technology largely takes place in computer ethics which appeared in the 1980s (Herman T.
Tavani , 2004)
. Computer ethics analyzes right and responsibilities of computer professionals
and computer users. Ethical issues in public policy for information technology
development and use. Many privacy disputes in today’s society result from
tensions between people’s right to privacy and state and corporate interests in
surveillance. The
employee and organization must know the basic concepts of ethic as
responsibility, accountability, and liability and should well-known and
understood to Laws, with an ability to appeal to higher authorities. The
confuse as a person is injured by a machine controlled by software, it is
should be or not such as is it wrong for business to
read their employee’s e-mail and is it ethically allowable for computer users
to copy copyrighted software? Ethic is mostly
concerned with rights, harms and interests, it will be considered what privacy
is, why it is important and how it is impacted by information technology.  Ethical issues require ethic or ethical
analysis. Ethical analysis aims to get clear on the facts and values in such
cases, and to find a balance between the various values, rights and interests
that are at stake and to propose or evaluate policies and courses of action.

 In Western societies
respect of a right to personal privacy. “The right to privacy was first
defended by the American justices Samuel Warren and Louis Brandeis, who defined
privacy as “the right to be let alone” (Warren, S. and Brandeis, L, 1890). Privacy is held to
be valuable for several reasons. It is held to be important because it is
believed to protect individuals from all kinds of external threats, such as
defamation, ridicule, harassment, manipulation, blackmail, theft,
subordination, and exclusion. In the information society, privacy protection is
realized through all kinds of information privacy laws, policies and
directives, or data protection policies. Along with privacy and property
laws, new information technologies are challenging existing liability laws and
social practices for holding individuals and institutions accountable (Kenneth C. Laudon, Jane P. Laudon, 2018).

The ethics importance of computer security will be assessed, as well
as the relation between computer security and national security. Information
security is customarily defined as concerned with the protection of three
aspects of data: their confidentiality, integrity and availability. Computer
security poses ethical issues by exploring the relation between computer
security and rights, harms and interests. The most observable damage that can
occur from breaches of computer security is economic harm. When system security
is dented, valuable hardware and software may be damaged service may become
unavailable, resulting in losses of time and resources. That because breaches
of information security may come at an even higher economic cost. Stored data
may also have personal, cultural or social value, as opposed to economic value,
that can be lost when data is corrupted or lost. Any type of loss of system or
data security is moreover likely to cause some amount of psychological or
emotional damage.

Compromises of the confidentiality of information may cause
additional harms and rights violations. Third parties may compromise the
confidentiality of information by accessing, copying and disseminating it. Such
actions may, first of all, violate property rights, including intellectual
property rights.

In addition to violations of property and privacy rights, breaches
of confidentiality may also cause a variety of other harms resulting from the
dissemination and use of confidential information, a firm damages its
reputation, and compromises of the confidentiality of online credit card
transactions undermines trust in the security of online financial transactions
and harms e-banking and e-commerce activity. Compromises of the availability of
information can, when they are prolonged or intentional, violate freedom
rights, specifically rights to freedom of information and free speech. Freedom
of information is the right to access and use public information. Security systems
may be so protective of information and system resources that they discourage
or prevent stakeholders from accessing information or using services but it may
also be discriminatory: they may wrongly exclude certain classes of users from
using a system, or may wrongly privilege certain classes of users over others.

A recent concern in computer and national security has been the
possibility of cyberterrorism, which is defined by Herman Tavani as the
execution of “politically motivated hacking operations intended to cause grave
harm, that is, resulting in either loss of life or severe economic loss, or
both” (Herman T. Tavani , 2004). A distinction
between cyberterrorism and other kinds of cyberattacks may be found in its
political nature: cyberterrorism consists of politically motivated operations
that aim to cause harm. Ethical analysis of privacy and security issues in
computing can help computer  professionals
and users recognize and resolve ethical dilemmas and can yield ethical policies
and guidelines for the use of information technology.