The advancement in technology has seen tremendous growth in the different organizations. Information systems are some of the leading systems that have been integrated into different operations of the organizations to help the business managed and gain a competitive advantage over its competitors. All this technological advancement has brought with it more challenges in relation to the security required by the system. Intruders and hackers have also managed to gain knowledge on how to interfere with these systems for their own malicious needs hence affecting the operations of the organization. To avoid all this from happening, different organizations have come up with different approaches to secure their systems. In this report, we will address some of the security challenges faced by different organization that affect the operation of the information systems (Stair, & Reynolds, 2017). We will cover multiple areas and discuss some of the main attacks that fac the system specifically the ransomware malwares, the network threats that the company or the organization hardware face, different ways to ensure information security in the organization, and other information threats the company faces.
This is a type of a malware that prevents users from accessing their systems or personal files and demand ransom in order for one to access tis information. This is one of the most common attacks that most companies face, this is due to the fact that most of the information systems relay on sharing information from one end to the other. The basic operations involved in an information system are inclusive of sharing and retrieving data (Feng, Wang, & Li, 2014). With the nature of operations carried out by the IS it becomes possible for the malware to attack different sections of the system and hold the information at ransom. This means that the information is intact in the system but the legal user of the system cannot access the information. Attackers in most of these cases are after something apart from the information. In most cases they are usually after money from the owner of the information or from the organization. There have been few incidences where the attackers have been after the access to other information that the owner may be with holding (O’Gorman, & McDonald, 2012). The nature of this attack cripples the operations of an organization in case it is to occur since the access to information in the company is normally crippled hence the company’s operations cannot proceed. It is also important for one to understand the different ways that one gets the malware. In most cases the malware is got through phishing emails which contain malicious attachments that run in the computer without your knowledge and develops into a ransomware. The other mean of getting this malware is via the drive by downloads over the internet, this is also one of the most common modes of getting the malware into the network (Savage, Coogan, & Lau, 2015). Due to the access to the internet some of this malicious software tend to install in the computer automatically if the systems security is not well installed hence causing the harm. It is important to address the fact that one antivirus system of the organization cannot detect the malware till hen its too late.
The good thing with this particular malware is the fact that one is in a position to remove the malware from the system. The process behind this involves first the elimination of the attacker. there are different types of ransomwares such as the fake antivirus, or a bogus clean up tool this sort of malwares can be easily removed from the computer via the uninstallation process.one of the main ways to eliminate a ransom attack is via constant backing up of information (Andronio, Zanero, & Maggi,2015, November). This ensures that the organization information is backed up in a different secure storage away from the running system in the company. Hence once an attack is detected, the company has the backed-up information of all the works in the company. With this, the system can be formatted and all the information can then be restored in the computer. In the process the malware by the attacker is formatted and the system is then left safe (O’Gorman, & McDonald, 2012). This is one of the best approaches but requires the need of the constant back up of the information.
The next approach is the filtering of the EXEs in emails. Since the use of malicious executable files over the emails are the next approach used by most of the attackers to install and run the malicious malware, this approach operates by filtering any email that has an executable file and the sender of the email is not recognized (Kim, & Solomon, 2016). This ensures that the system in the organization does not invite any external attack since all these are filtered by the set parameters in the emailing platform of the company.
The third approach is the use of the systems pre-installed features such as showing the hidden file. This requires the understanding of the crypto lockers’ files extension. Most of these malwares have an extension of.PDF.EXE and normally rely on the windows behaviours of hiding known file extensions but the minute this is changed one is able to identify the malware and then it becomes easy to delete the file hence killing the malware and disconnecting the attack (Lowry, Dinev, & Willison, 2017). This is one of the most effective approaches to the case but also requires a lot of effort trying to find the file.
These are some of the most important devices in the networking of the organization. The play a vital role in the connection of the different devices and the flow of data package from one station to the other. But it is evident to recognize the different risks that are associated with their use. The routers and the switches are prone to physical damage. This is one of the biggest concerns for most of the organization. These devices being physically accessible by users, they normally end up getting physically impacted by either dropping among other challenges. The minute these physical threats occur then the functionality of the routers is affected hence affecting the entire organizations network (O’Gorman, & McDonald, 2012). The antennas of the router for instance in most of the developers have been identified as weak and easily break in case of a fall of the router and the minute the antenna breaks the signals strength being transmitted ends up being affected.
First it is important to identify what a web service is and in relation to the computer understanding, a web service can be describe as a standardized way of integrating web-based applications by the use of different languages such as XML, WSDL, SOAP, WSDL and UDDI open standards over an internet protocol backbone. There are different approaches that can be used to increase the reliability and availability of the web servers but for the report. It is important to addresses some of these approaches. The first best approach to ensure reliable web service is through the implementation of a secure and reliable internet service provider for the company. This is responsible for the provision of the connection between the organization and the web services, in case this connection is weak or keeps getting interrupted the reliability as well as the availability of the web services will keep on getting interfered with. For the client or instance, trying to access these applications it will become impossible and end up interfering with the performance of the system (Ifinedo, 2014). This calls for the need of the company to conduct an intensive research on the best serve providers that will support the company’s operations in a reliable and consistent manner that does not end u failing and affecting these operations.
This is one of the most important mode of communication currently in most of the organizations that have embraced the integration of information systems in the company. It has also been identified as one of the platforms that is used for phishing by attackers on unknowing system users hence the need for an analysis on how to protect these emailing platforms of the company. One of the best approaches in relation to confidentiality and integrity of the staff email is the use of strong and complex password during the creation of the staff email. These passwords should meet different criteria that are predefined by the company IT sector. This ensures that the company’s passwords are secure hence improving on the confidentiality and integrity of these email. Also, the constant change of the passwords is the other approach (Ifinedo, 2014). This change can be carried out after a few weeks and it can be included in the company protocol as a requirement of the staff members. This ensures that the company staff members keep updating their passwords hence make it impossible for anyone to easily just hack in the company emailing platform. With this the security of access the emailing platform is left on the hands of specifically the organizations staff members and in return impacting the confidentiality and integrity of the staff email platform.
There are different types of malwares and security issues that are related to the web mail and the webserver. In this section e will get to analyze some of these security threats as well as the different malwares that affect both systems. First one of the biggest security threats for the web mail is phishing. This is targeting the different users of the we mail by attempting to retrieve information from the users and end up using this information for different malicious purposes such as requesting for money after the information is retrieved from the mil servers. On the other hand, the web servers have different types of malware and security threats that can cripple an organizations system, a security attack such as the Denial of Service (DoS) where attackers overload the webservers with irrelevant message request and end u blocking the legal message request to the server from the system users for instance in a company. The eb server is occupied with irrelevant request that keep on looping. This causes the system to crush due to the overload caused by the hacker as well as affect the services request by the system users (O’Gorman, & McDonald, 2012). The attack affects the entire organization network sine the more requests are made the more crowded the system becomes. As seen a good example of a malware is the ransomware which holds ransom the services of a web server. This means the webserver is unable to distribute the services it has to deliver to the system and in return cripple the entire system.
There are different ways to improve one availability of the email server in an organization, one of the min ways is use of an email server that is specifically dedicated for the use of basically just managing the email activities. With a dedicated email server that is well configured to process all the email activities, the availability of the email server will be increased since the request received in the server are only programmed to meet these needs and no other services are requested from the server (Spears, & Barki, 2010). This ensures all the systems processing power is dedicated to a particular course hence making the process more effective and most important available. Secondly the implementation of a filter mechanism on the email server to ensure that the system does not have to overload on irrelevant request from sources that are filtered (Schaefer et al., 2017). This makes the server available for the right use and the right request in relation to the company’s services.
Human Factors and Organizational Issues play a huge role in ensuring the security of the systems within an organization. This is due too the fact that they are directly associating with the information system hence different practices by the user can either increase the risk to the system or minimize the risk. For instance, access of insecure websites by the use of the organization’s system increases the chances of an attack to the system. As seen some of these websites have the drive by software installations that are used by the attackers in most cases. This shows the involvement of the users of the system in endangering the risk of attack. Also, the users have a responsibility of ensuring secure passwords are set u for the company systems so as to keep intruders out of the organizations information system but different users do implement weak passwords which end up making it easy for intruders to by-pass these passwords. This on the other hand also exposes the organization’s IS into more risk (Schaefer et al., 2017). It is important for an organization to identify all this risk associated with the human factors as well as the organization factors. After this realization, measures such as educative measure to help the users understand the importance of complex passwords for instance can help reduce the risk levels of the IS by an attacker. Also, the blocking of some of these unsecure websites can control the access by the user to these websites were attackers y get the chance to attack.
These are some of the most important security measure for any organization with a functional IS. They provide information of all the activities that have been happening in the system, the different logins, processes and activities the different users were engaged in and the impact they had on the system. This has been used as a security measure sine it helps in the mapping out of an intruder in case such an incident arises (Haverstock, Estrada, & Estrada, 2012). Most organizations also keep these records for accountability records to ensure each activity carried out in the system can be accounted and linked to a particular use of the system. These are also very important for the performance of the audit analysis since they provide a record of all the activities that have been initiated and carried out within an organizations IS.
There are different devices that are used provide network security that can be used by any company, some of these tools includes the anti-Malware devices which help in the detection of any malware that may affect the organization web and email server. These helps detect an attack before it becomes uncontrollable, second and the thirdly there are the intrusion detection and intrusion prevention systems IDS and IPS tools respectively which help protect the web servers and email servers from different security threats such as malwares, spywares, viruses and even worms that may affect the serves (Ahmad, Maynard, & Shanks, 2015). Thirdly the use of Network Access Control NAC, these devices hep enforce policies by granting only security policy compliant device access in an organization. This means any intruder with no knowledge of the company policies cannot access the system. Next Generation firewall is another device that help in providing web and email server security.
Conclusion and Recommendation
The advancement of technology has brought with at major security risk as covered in the report. Different measures are taken by the companies to try and fight these increasing levels of security threats to any information system of the company. The attacks can come in from different directions but with the right security systems, the information system is left protected as seen above. One of the most significant recommendation from the information attained, it is crucial for any business to have a well-established security system that is responsible for the provision of security for the a since the damage that can be caused by ack of this security can be catastrophic. The implementation of the identified devices for instance boost the security of its information system.
References
Ahmad, A., Maynard, S. B., & Shanks, G. (2015). A case analysis of information systems and security incident responses. International Journal of Information Management, 35(6), 717-723.
Andronio, N., Zanero, S., & Maggi, F. (2015, November). Heldroid: Dissecting and detecting mobile ransomware. In International Workshop on Recent Advances in Intrusion Detection (pp. 382-404). Springer, Cham.
Feng, N., Wang, H. J., & Li, M. (2014). A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Information sciences, 256, 57-73.
Haverstock, P., Estrada, M., & Estrada, J. (2012). U.S. Patent No. 6,434,607. Washington, DC: U.S. Patent and Trademark Office.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-79.
Kim, D., & Solomon, M. G. (2016). Fundamentals of information systems security. Jones & Bartlett Publishers.
Lowry, P. B., Dinev, T., & Willison, R. (2017). Why security and privacy research lies at the centre of the information systems (IS) artefact: Proposing a bold research agenda. European Journal of Information Systems, 26(6), 546-563.
O’Gorman, G., & McDonald, G. (2012). Ransomware: A growing menace. Symantec Corporation.
Savage, K., Coogan, P., & Lau, H. (2015). The evolution of ransomware. Symantec, Mountain View.
Schaefer, R. F., Boche, H., Khisti, A., & Poor, H. V. (Eds.). (2017). Information Theoretic Security and Privacy of Information Systems. Cambridge University Press.
Spears, J. L., & Barki, H. (2010). User participation in information systems security risk management. MIS quarterly, 503-522.
Stair, R., & Reynolds, G. (2017). Fundamentals of information systems. Cengage Learning.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download