Summary:
The same mechanisms that allow information systems to so
effectively communicate with each other also provide a substantial
vulnerability for malicious use and attack. All of the personal data and financial
information that is collected by MIS, DSS, and ESS systems for effective
decision making would be highly vulnerable to misuse and theft if not for the
existence of Security and Control methods. Security refers to the
procedures and measured used to prevent theft or damage to information systems.
Controls are the methods and policies that maintain the accuracy and
accountability of management and security standards. Anywhere that a large
amount of digital data is stored is a likely target for hackers. The internet
is designed to be an open system, but attacks such as a Denial-of-Service (DOS)
attack causes serious disruptions and can be used to penetrate public and
private networks. Without the presence of antivirus software or firewalls,
almost every computer connected to the internet would be disabled by malicious
software (MALWARE) such as a computer virus and a worm. Identity Theft is one of the fastest growing threats of IS
security today. Identity theft is a crime in which a perpetrator obtains vital
pieces of information about an individual in an attempt to impersonate someone
else. The perpetrator is then able to perform various illegal activities such
as obtaining a credit card using someone else’s name and social security
number. Other types of attack include phishing, evil twins, pharming, and click
fraud. All of these are explained in detail by our text.
Some organizations might be reticent to dump large amounts
of money into overhauling and maintaining security for their information
systems because it is not directly tied to profits, but the negative impact, to
include legal ramifications, associated with data theft is vital to the
operation of business today. Legal and regulatory requirements include the
Health Insurance Portability and Accountability Act (HIPAA) and the well-known
Sarbanes-Oxley Act of 2002. Our textbook states that one study found that a
security breach of a large firm, on average, creates a loss of approximately
2.1% of market value (approximately $1.65 billion) per incident.
Being a military man myself, every good plan begins with a
well thought out Risk Assessment. This
determines the level of risk associated with a specific activity if not
properly balanced with a control. When risks can be quantified and identified,
then they are more easily mitigated. Information systems have General and
Application controls as a framework for the risks they face. General controls
govern the design, security and use of computer programs throughout an
organizations network, while application controls are specific and unique to
each computerized application. Organizations must also ensure the establishment
of a security policy for protecting the company’s assets. A final check for all
security frameworks should include frequent MIS audits to continually
re-examine the environment for new threats.
The last section of this chapter presents the many
technologies and tools that organizations have at their disposal for ensuring
information security. Security software itself has become an enormous multi-billion
dollar industry.
Below is a short video with some
facts about Cyber-attacks and one company’s integrated strategy for protecting
against them.
Source - http://www.youtube.com/watch?v=NCV8j-Bn7HI
No comments:
Post a Comment