StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Factors that Are Contributing to the Increasing Vulnerability of Organisational Information Assets - Assignment Example

Cite this document
Summary
The paper "Factors that Are Contributing to the Increasing Vulnerability of Organisational Information Assets" is a great example of a business assignment. Organizations are increasingly using the internet as a business tool to accomplish many functions. There exist a lot of threats to organizations assets on the internet…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.3% of users find it useful

Extract of sample "Factors that Are Contributing to the Increasing Vulnerability of Organisational Information Assets"

MIS101 – Assignment Template – Trimester 2, 2013 Your Name: Insert your name here Student Number: Insert you MIBT student ID number here Deakin Email: Insert you MIBT email address here Assignment – Part A Question 1: Identify and discuss the factors that are contributing to the increasing vulnerability of organisational information assets. Internet usage Organizations are increasingly using the internet as a business tool to accomplish many functions. There exist a lot of threats to organizations assets on the internet. If the people working for the organization are not well informed and trained on internet usage, they might not be aware about threats such as spyware and malicious programs thereby making the organization vulnerable to attacks from such mentioned sources (Harrington, 2005). System complexity and Connectivity As organizations increase in size or operations, the nature of its activities is also complex. If the organization adopts an information system, its information assets will be more vulnerable than those of a small organization (Foltz, 2004). This is because the more complex a system is, the more the possibility of there being a flaw in the system. The system can also be accessed from different points which may be an unintentional design flaw in the system which may not have been recognized. In the efforts to ensure efficiency in operations or in doing business, an organization may have a system that is way too connected such that sensitive resources can be accessed remotely from the internet or via physical connections. The many accesses, privileges and portals increase the vulnerability of the organization’s assets (Skoularidou & Spinellis, 2003). Password management Weak passwords and weak systems that may not be able to guard against intrusion make it possible for intruders and unauthorized people in the organization to access information assets upon which they may misuse it for their personal gain (Foltz, 2004). Question 2: Contrast unintentional and deliberate threats to an information resource. Provide two (2) examples of both. Unintentional threats to an information resource occur when an action or inaction results in an intended breach of systems security and integrity (Huang & MacCullum, 2010). They include: Software failures: this is usually noticeable whenever the software behavior is not in harmony with the intended system behavior. This is common whenever data is lost or expected performance upon issuance of command. The causative factor is poor software development or software testing. This kind of a scenario may result in unintentional security lapse in the system of system failure that can affect core activities of a system. Natural factors: these are factors that may be not in control of the management and thus cause threat to the system unintentionally. They include such factors as fire, humidity, water, heat and even dust. The factors may result in the system failing to perform as expected or getting totally destroyed. Deliberate threats on the other hand are as a result of actions committed by humans knowingly to take advantage of information systems vulnerability (Huang & MacCullum, 2010). They include: Unauthorized disclosure whereby a person who is not authorized to access a system is able to gain access through deliberate exposure, scavenging, or taking advantage of system weakness. It may also be a deception threat action where the authorized person receives data and believes it to be true whereas it is false. It is made possible through masquerade where unauthorized person gains access to a system and misuses it. It can also be through spoofing or malicious logic (Foltz, 2004). Question 3: Explain each of the following types of remote attacks: virus, worm, phishing, and spear phishing. What approach could you use to mitigate these information security risks within an organisation? Describe a scenario. Viruses are computer programs capable of penetrating into a computer system and attaching to the computer’s files through transfer of infected documents or programs in a network platform, it is then able to replicate multiple times without any instructions. Virus attacks can result into massive loss of data, programs corruption and destruction of hardware (Kaufman & Speciner, 2002). Worms: these are computer programs which are capable of penetrating a network system without the owners’ knowledge and then propagate by themselves. They enter a system through exploiting the vulnerability of the system or tricking a user into executing the malicious program. Their implication is similar to viruses (Mouratidis & Jahankhani, 2008). Phishing: this is a cyber crime that attempts to acquire sensitive or confidential information such as passwords and credit card information through fraud. Cyber criminals usually send millions of emails hoping some recipients will respond to one of their messages (O'Beirne, 2002). In spear phishing Fraudsters first gather your information by hacking websites or accessing social network profiles. They then masquerade as legitimate organizations or people you know inquiring for personal information through email by convincing you to enter details at a fake website (Puuronen & Seleznyov, 2003). Viruses and worms usually take advantage of the vulnerability of a system. This can be guarded against by having the computer’s firewall on and installing powerful antivirus software. To protect an organization against phishing internet security and phishing filter should be in place. A policy should be in place. For example sensitive information should not be shared upon request without efforts to authenticate the identity of the person requesting the information. Question 4: Define and contrast - risk acceptance, risk limitation, and risk transference. There is risk in every aspect of our lives and in doing business as well, risk is rarely eliminated in it entirety but there are several ways and approaches to risk management in Information Systems as explained below. Risk acceptance Acceptance is to simply an approach to managing risk whereby the system is allowed to operate within a known risk. The risk is accepted either because its implication is not so much harmful. It can also be accepted due to the high cost to mitigate the risk. Acceptance can be viewed as a practice of playing down the occurrence of an information systems risk (White & Pearson, 2001). The effect maybe disastrous if an intrusion or security threat materializes. Risk limitation This is a very common approach to risk management that organizations adopt in managing the security of their information systems and assets. It involves the search and fixing of security flaws or provision of a control strategy and infrastructure to reduce the potentiality of the risk occurring in case of a security incident involving the system frailty. Risk limitation is different from risk acceptance since the management takes an action to mitigate the risk and don’t simply allow it to be (White & Pearson, 2001). Risk transference This is simply allowing another party to carry the information system risk. It is not a common phenomenon in Information Technology systems but has been practiced especially where financial implication of a risk can be quantified. Transference does not reduce or mitigate risk occurrence but rather reduces the risk occurrence impact on the organization (Bishop, 2004). Assignment – Part B A case study critical thinking analysis using Toulmin’s Model of Argument (~600 WORDS) Use the Table provided for your answers. Claim Sensitive FBI data is not secure from attack Data The FBI officials contacted argue that the data being held by the hacker group Antisec which they claim is apple unique device identifiers information was not in possession of the FBI neither had they asked for such information. The FBI also says that no FBI agent’s computer was confiscated or hacked into. The FBI officials however agree that it is impossible to protect against data theft from every avenue of attack. The FBI says through its officials that data leaks is a reality and it is all about mitigating the impact to the organisation and individuals meaning the information is actually very much accessible by high profile hacker groups The nature of FBI’s work means they use unconventional methods to obtain information which might actually put sensitive FBI data at risk of leaking. In one hacking incident the FBI arrested several hackers and revealed that a Sabu who is the leader of a group associated with high profile hacking cases was an FBI informant Warrant The possibility of data in possession of FBI being stolen is confirmed by their admission on protection difficulty and further by the admission that the FBI and other federal agencies are targets for attacks by hacker groups on almost a daily basis. The sites are therefore reviewed regularly to update their security features. The FBI also admits that only mitigation on data theft impact can be done. Mitigation or risk limitation is the common approach adopted to secure IT systems in many organisations FBI agents and informants such as Sabu can be as well be having links with criminal organisations and can use the privileges to access to information to steal and disseminate sensitive data. Backing The FBI through some of its officials confirmed the vulnerability of the data in their possession by saying it is difficult to protect the data from every possible attack source. The FBI can only mitigate the impact of data breach. The fact that the FBI may be infiltrated means it is possible that data may find its way out of the agency through rough agents and informants Rebuttal The FBI claims that data in their possession is safe since the validity of the disclosed UDIDs cannot be determined. Apple also confirmed it has never supplied the information to FBI. Many users didn’t find their UDIDs in the released information and thus the argument by FBI may hold true if at all the hacker group does not prove the information they have as valid Qualifier The claim may be limited in that data from the FBI is not easily leaked in such massive amounts from the agency judging from the prevalence rate in the past. The claim by Antisec cannot also not be authenticated and as such it is not clear where the sourced the data they claim to be having. Apple refused having released the data to any third party not even the government agencies The possibility that such data maybe in the wrong hands is a possibility and as such apple or FBI should not claim the group is only causing excitement and fear. Apps developers can leak the data to malicious groups intentionally or unintentionally through system flaws Your Opinion The data under FBI custody is not very much safe from intruders judging from the high profile attacks aimed at the agency. There is a possibility that it can be accessed since the agency officials say they do mitigate the impact. The fact that humans with diverse interests in the bureau can access the data puts it at an even higher risk of leaking to fraudsters. References Bishop, M. 2004., Computer security: art and science. Addison-Wesly Professional. Foltz, B. 2004., Cyber-terrorism, computer crime and reality. Information Management and Computer Security Journal , 12 (2), pp.12-23. Harrington, J. 2005., Network security: A practical approach. Academic Press. Huang, S., & MacCullum, D., 2010. Network security. Prentice Hall. Kaufman, C., & Speciner, M., 2002. Network security: Private communication ina public world. Prentice Hall. Mouratidis, H., & Jahankhani, H., 2008. Management versus security specialists: an empirical study on security related perceptions. Inoformation Management & Computer Security Journal, 16 (2), pp.1-9. O'Beirne, R., 2002. Computer network security and cyber ethics. Library Review , 51 (9), pp.12-19. Puuronen, S., & Seleznyov, A., 2003. Using continuous user authentication to detect masquaraders. Information Management & Computer Security Journal, 11 (3), pp.7-15. Skoularidou, V., & Spinellis, D., 2003. Security architechures for network clients. Information Management & Computer Security Journal , 22 (2), pp.23-45. White, G., & Pearson, S., 2001. controlling corprate email, PC use and cmputer security. Information Management and Computer Security Journal , 9 (2), pp.23-32. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Factors that Are Contributing to the Increasing Vulnerability of Assignment, n.d.)
Factors that Are Contributing to the Increasing Vulnerability of Assignment. https://studentshare.org/business/2081020-mis101-assignment-template-trimester-2-2013
(Factors That Are Contributing to the Increasing Vulnerability of Assignment)
Factors That Are Contributing to the Increasing Vulnerability of Assignment. https://studentshare.org/business/2081020-mis101-assignment-template-trimester-2-2013.
“Factors That Are Contributing to the Increasing Vulnerability of Assignment”. https://studentshare.org/business/2081020-mis101-assignment-template-trimester-2-2013.
  • Cited: 0 times

CHECK THESE SAMPLES OF Factors that Are Contributing to the Increasing Vulnerability of Organisational Information Assets

Knowledge Management: How Businesses Benefit from Use this Systems to Achieve Competitive Advantage

It may be distinguished from organizational learning by focusing on specific knowledge assets as well as the development and cultivation of different channels through which knowledge is able to flow smoothly.... … The paper "How Businesses Benefit from Using Knowledge Management Systems to Achieve Competitive Advantage" is an outstanding example of a management literature review....
12 Pages (3000 words) Literature review

How the Economic Downturn Affect the Human Resources Practices in the UAE Bank

Apparently, there exist a number of other proactive measures at the disposal of the organization aimed at reducing their vulnerability to the economic downturn.... … The paper “How the Economic Downturn Affect the Human Resources Practices in the UAE Bank” is a meaningful example of the research paper on management....
21 Pages (5250 words) Research Paper

Are the Events of 9-11 and beyond Preage an Era of New Terrorism

… The paper “Are the Events of 9-11 and beyond Preage an Era of New Terrorism?... rdquo; is a provoking example of the essay on the military.... Terrorism has occurred throughout the history of the world, but today the world is experiencing a new age of terrorism which is threatening the peace and security of the entire world....
13 Pages (3250 words) Essay

Porter Five Force Model Issues

It thereby shows data leads towards information and then towards knowledge.... Data is thereby the information which may be facts, figures or numbers which are obtained from some experiments or calculation.... information, on the other hand, is retrieving or gaining vital inputs from the data.... It thereby shows data leads towards information and then towards knowledge.... Data is thereby the information which may be facts, figures or numbers which are obtained from some experiments or calculation....
19 Pages (4750 words) Assignment

Risk Management in Relation to Smaller Businesses

… The paper “Risk Management in Relation to Smaller Businesses” is an earnest example of the case study on management.... In the world of business, every company or business organization aims at ensuring that they grow to enjoy a market monopoly.... They always want to achieve this by being entrepreneurial and innovative....
11 Pages (2750 words) Case Study

IKEA and Strategic Management

Diversity in employment shows the company's internal commitment to equality and treatment of all people as equal and potential of contributing to the success of the firm in different ways.... The factors that have changed are consumer preferences, changing income patterns, levels of consumer satisfaction or customer service, emphasis on quality, sustainability, and corporate social responsibility and product liability.... Adequate positioning and segmentation strategies: The Company has relevant information relating to potential and existing customers....
7 Pages (1750 words) Case Study

Evaluation of My Skills and Competencies for Managing

the increasing trend towards globalization has seen local firms competing with prominent multinational firms.... … The paper "Evaluation of My Skills and Competencies for Managing" is a perfect example of a management report.... nbsp;The contemporary world of business is demanding more effective management than before....
14 Pages (3500 words)

Business Information Systems

According to Whitman (2004), the biggest threat to the information assets of an organization are the employees of the company.... Vulnerabilities of assets refer to the flaws in the assets of an organization; or in the words of Lenaghan and Onwubiko (2007), it is the absence of controls in security that could result in a breach in the security of the assets when they are exploited by threats.... Vulnerabilities of assets refer to the flaws in the assets of an organization; or in the words of Lenaghan and Onwubiko (2007), it is the absence of controls in security that could result in a breach in the security of the assets when they are exploited by threats....
6 Pages (1500 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us