Today’s business world is enormously different from that of even a few decades ago. Take the case of the 1980s, where the business environment still did not include the use of computers and information technology, and the Internet was not as widely used in the business world. As such, the scale of the business was limited to geographical boundaries. The introduction of the Internet and the storage of data on digital sources increased the potential of the business, both in terms of expansion and storage of information (Sicari et al, p.147). The 1990s saw a rapid process of globalization, which was aided by the rapid use of the Internet amongst other things, and the business world evolved to include a global marketplace, where businesses now cater to consumers all over the world and also compete with other businesses all over the world.
An important impact of such a process of globalization and the introduction of businesses into a global marketplace of producers and consumers is that businesses now face the need to store and analyze data on an enormous scale. That is because, not only do businesses need to store employee, transaction and other company related data such as financial data, biodata of employees, etc., they also need to store consumer data, so that the data can be used for other analyses which help determine and forecast demand, or target consumers based on their preferences and buying patterns (Sicari et al, p.147). Developments in Information Storage, such as cloud storage and remote storage, has helped businesses cope with the increasing need to store and retrieve information. However, with its uses come many costs and threats associated with the Information Storage systems (Sicari et al, p.148). The aim of this report is to discuss the developments in information storage systems and analyze the threats to such information storage systems. We will, therefore, discuss the topic of information system security in detail, and identify possible solutions to the threats posed to such security for businesses.
What is Information System Security?
Information system security refers to the process by which data and the relevant frameworks are protected from being subjected to access that has not been authorized, along with illegal destruction, modification, and disruption of relevant data for malicious purposes. In order to ensure the security of information systems, it is essential to formulate a security program first, from where a more detailed process follows (Ahmad et al, p. 360). Information systems security is among the most significant issues encountered by our society today, in terms of the technological advances being made in the 21st century. Information systems have turned out to be vital components of our daily lives, be it within companies, at home, or for governmental purposes (Ahmad et al, p. 360). Information systems have managed to change the manner by which we continue with our lives, carry out business related ventures, and keep the governmental framework running (Ahmad et al, p. 360). The system has turned into such as integral component as a result of the various purposes it constitutes, rendering our activities speedier and more effective, as we learn to carry out more than one duty at a time.
Information systems have advanced considerably well over a very short period, with societal frameworks having advanced alongside it and turning us into a generation that is heavily reliant on technology. In fact, children today are unaware of a life that existed without highly effective technological frameworks (Chang & Ramachandran, p.140). Alongside the increased reliance on information systems, the digital-centric generation has further given rise to enhanced profits, competition, and effectiveness when it comes to the business world utilizing these systems.
Given that the present technology-savvy era has heavily begun to rely on these information systems, the issues concerned with them have likewise increased, and threaten to disrupt our lives and the day-to-day routines that we have become so accustomed to. The complex part played by the system within our day-to-day routines has advanced to such an extent that there barely exist any visible faults now (Chang & Ramachandran, p.141). However, plenty of issues have begun to rise. As a result, ranging from identity theft and malicious viruses to hacking and spamming (Chang & Ramachandran, p.141). Such prevalent issues threaten how reliable and secure our information systems remain within a particular setting and will be discussed further ahead in the paper.
The Internet presents tremendous potential for the purpose of Information Storage. That is because conventional data storage on hardware presents difficulties for the business, which are difficult to overcome. The scale of data storage needed for businesses nowadays means that the storage hardware will take up plenty of physical storage space of the offices, resulting in increased costs of rent and storage (Nazareth & Choi, p.129). Additionally, that storage hardware will be at risk of theft and harm from accidents. The introduction of remote storage and cloud computing, in particular, has increased the scale of information that companies can store, at a lower cost as compared to the storage of additional hardware.
The Internet, through cloud computing and remote storage, not only provides businesses with the ability to store large amounts of data on remote servers at a low cost but also allows businesses to access that information whenever the need arises, even if the servers are located at the other end of the world. networking is also an important part of daily business activities so that all employees can access relevant information from the information system, add to the information system and share and communicate the information with other members of the business (Nazareth & Choi, p.129). However, with these massive opportunities, the Internet also presents a number of security threats to the Information Systems of all businesses. network security and the information shared in that network is also at threat from the Internet.
An Information system represents an integrated network of components for the purpose of storing, receiving, sharing and processing data and information. For the modern business, that is an essential component of the business activity, and these businesses are so dependent on their Information Systems and networks, that any disruption may lead to adverse effects ranging in scale. Some argue that businesses today are so dependent on computer-based and Internet and telecom intensive information systems that any sort of disruption in access, theft of information or damage to information may lead to a full-blown business catastrophe with huge losses for the company (Soomro, p. 216). This is why Information Security is so important. Nazareth and Choi classify the threats to security from the Internet as a threat to the three major abilities of the network (which make it a strong and usable network), which are confidentiality, integrity and availability (p. 124). He argues that without these three abilities, networks present no value to the business (Nazareth & Choi, p.124). Confidentiality within a network is necessary because the sensitive information, which is stored within a network, is a threat of being exposed or leaked to unauthorized personnel, or even at risk of being deleted or corrupted by unauthorized access. The Integrity of the network is needed so that it is ensured that the information stored in the network is valid, and categorically stored by authorized personnel only so that there is no doubt about the accuracy, consistency, and reliability of the data stored in the network.
The aspect of Availability is important for any network because the information stored within the network needs to be available for access and use to authorized persons at all times to make the most business use of the information, and so that business work is not hindered and disturbed. Networks need continuous access to the Internet, and the Internet is constantly under threat from viruses and intruders (Nazareth & Choi, p.129). In case of such threats, all the three required abilities of the network, which are Confidentiality, Availability, and Integrity, are compromised, resulting in a weak network, and the threat of loss, theft, corruption or unavailability of the information stored. That, in turn, harms the performance of the business.
Threats to Information System Security
There is a close link between Information System, a business network and the Internet. Baskerville emphasizes the threats from the Internet to information systems within the network and categorize these threats in four main categories: interruption, interception, modification, and fabrication (p. 139). Interruption occurs when a threat acts to make unavailable or destroys the information asset of a business network. Interception refers to the unauthorized access of the information assets of the network by another party, which can then be used to harm the business (Baskerville et al., p. 140). Modification refers to the act of altering the information asset of the network by unauthorized threat.
Lastly, Fabrications refers to the event of an unauthorized party planting inaccurate or counterfeit information and data within the Information system of the network. All these categories of threats from the Internet to the Information system alter the quality or accuracy of the data stored in the information system or adversely affects its access. As such, these threats need to be catered to protect the Confidentiality, Integrity, and Availability of the network (Baskerville et al, p. 140). As such, viruses and hackers represent some of such threats to the Information System, which may use the Internet to gain access, and corrupt, steal or delete data from the business network and information system. Other common threats include Phishing, Botnets, Malware, Pharming, Spam, Spyware, and Spoofing.
The linkage of the Internet to the Information System also results in internal threats to the data stored in the Information System, which are apart from the external threats already identified. Internal threats may occur employees, knowingly or unknowingly share their logins and passwords, or leave they are logged in accounts and computers unattended long enough for unauthorized personnel to access their accounts and view the information they are not authorized to view (Baskerville et al, p.142). The unauthorized personnel can then steal, manipulate, corrupt or delete the important data stored in information systems.
Cloud computing is an important aspect of business Information storage today, as it allows businesses the facility to remotely store large amounts of data, in addition to having complete and quick access to such data. That mitigates the threat of accidents and natural disasters harming the data in the information system in case of such occurrences on the office premises, as well as decreases the costs needed to maintain additional storage space as part of the office premises (Baskerville et al, p. 142). Additionally, the business is also spared the responsibility of maintaining the servers, which keep their information, and most companies offer well known secure services.
However, because like all other networks, Cloud computing is also accessed through the Internet, the data stored on remote servers is at an equal risk of the threats posed to Information Systems anywhere else in the world. In fact, Safa, Solms and Furnell argue that such risks are far greater for the remote servers in cloud computing, as they store a large amount of data from all over the world (p. 72). Any security breach at any remote server location may mean the threat to important and confidential data of hundreds of businesses and organizations around the world.
Physical security is also an important aspect of Information Systems Security. The information stored in the system needs some sort of hardware on the premises so that the data in the system can be accessed, stored and altered. In case of acts of vandalism, accidents, and natural disasters, there is a threat to the physical security of the hardware that the company uses to store, access and edit the required data within the information system (Safa et al, p.73). Such threats may deter the process of access to information on the system, and in cases of small businesses which may choose to store all of their data on premises on hardware, any physical harm to the hardware may result in loss or corruption of important data.
It is important to understand that there are so many threats varying in nature and scale to the Information System Security, so that necessary steps can be taken to secure the Information System, as well as the network, and therefore the data that is stored, accessed and shared across the network. This paper does not present an exhaustive list of the threats to Information Systems Security, something that hints at the enormous level of threats that Information Systems face. Additionally, since these Information Systems represent the backbone of businesses today, and interdependence in computer-based and Internet and telecommunications intensive information systems define the nature of the business today (Safa et al. p. 76). It is important for the success of any business that they find and implement effective solutions to the threats that their information systems face.
Recommended Solutions
The technological problems encountered have resulted in plenty of hurdles that are disrupting the flow of relevant data along with the security breach of data being exchanged. However, despite that, there are certain solutions that can help counter the threat or, at the very least, minimize them as much as is possible. A few solutions are brought about in the shape of counter-programming, while other possible solutions are of a legislative nature as implemented by the relevant governments (Ahmad et al, p. 362). But, based on evidence so far, there is no one solution that can help us get rid of such a massive issue that is not limited to just one area but extends over the whole world.
For every breach in security systems, a different form of the solution is required. At the very least, however, we can manage to stay away from certain threats that are quite obvious, particularly spams and potential viruses, sometimes disguised as various software applications aiming to seek our permission before making changes to our computer (Ahmad et al, p. 362). Oftentimes, that software is quite legitimate. There is, however, no guarantee for every software that we come across and sometimes, in our haste to download something important, we end up downloading something that completely invades our computer’s security. The solutions discussed ahead can significantly help in combatting such a plague and minimizing the threat to whatever extent is possible.
Through the types of threat presented to the Information System for businesses, we can see that there are two broad categories of threats that the business has to protect its Information System against Physical and Digital Threats. The physical threats to information systems need to be protected against, in order for the information and data stored on the network to be secure (Chang & Ramachandran, p. 144). That means that the company will have to take certain necessary measures to protect its Information System against physical threats. One of these measures includes installing alarms and security cameras, which help prevent intruders from stealing or vandalizing hardware.
Such security cameras and alarms will alert the security guards and the authorities in time of any physical intrusion so that they can take the necessary steps to save their data. Additionally, the office premises should be equipped with proper equipment to deal with accidents, such as fire. Multiple fire extinguishers and fire alarms should be installed on all floors, and all employees should be given the basic training to deal with fire emergencies. Additionally, in case of natural disasters such as floods and earthquakes, the company should have data backed up on another location, in case the office premises are heavily damaged, and the storage hardware in the office is also affected (Chang & Ramachandran, p. 144). The company should also make sure that in case of loss or damage to hardware, the company is able to find quick and easy replacements to facilitate in the quick access of Information System, for the efficient running of the business.
In today’s world, however, the threat posed by the digital category is more significant since it can result not only in the loss but the theft and damaging use of the confidential and sensitive information of the business. That threat is internal, as well as external, and is posed by accidental or intentional invasion or interference within the Information System (Ab Rahman et al, p. 47). Such threats can harm the flow of sensitive information, as well as corrupt, steal or modify such information. Examples of such threats include viruses, hackers, malware. Others argue that to secure against the internal and external threats of digital invasion, a business needs to secure the storage and the channel of transmission (Nestler et al, p. 76). That is because the sensitive and confidential data within the Information system is stored and retrieved through these storage and transmission lines. The first step towards Information system security is to harden the operating system against attacks and viruses (Nestler et al, p. 77). That means that the very base of the information system, which allows access to the information stored in the system, is protected against invasions. That can be done through the installation of the latest service packs, and the religious usage of a complex system of IDs and passwords.
Additionally, unnecessary services should be disabled in order to restrict the points of access to hackers and malicious attackers to the Information System. Passwords and IDs will make sure that access to the information system is restricted to authorized personnel, and employees should be trained to constantly change passwords and protect their IDs and passwords from other people, even colleagues and other company employees. Access to the information system should be designed in a way that ensures that secure passwords are established, and changed by monthly basis. The second step identified in securing the Information System is to protect against viruses and malware (Nestler et al, p. 77). That can be done by installing well-known antiviruses software, which aids in the detection as well as the removal of such viruses and digital threats. The businesses should make sure that the anti-virus software is strong and continuously updated to protect against the constantly evolving nature of digital threats. The third step that identified is to make sure strong firewalls are installed, as firewalls restrict the inflow and outflow of information within the network and also act to filter through the incoming and outgoing data (Nestler et al, p. 78).
The identified solutions have shown how physical and digital threats can be detected and prevented. However, for an efficient security system, it is important that the security standards and efforts be continuously analyzed and evaluated so that the security system does not let in any threat through mismanagement. The fact remains that such security systems are only as effective as the management, which installs and implements them. Businesses nowadays should not leave information security to programs and software without continuous evaluation and analyses of the success and efficiency of the system (Sicari et al, p. 153). Antivirus software, for example, need to be evaluated based on the level of protection they offer and their performance in the detection and protection against viruses, after implementation of the software. In case the software is not performing up to par, security needs to be improved by determining another antivirus software based on the company’s needs, which should then be installed in place of the previous one.
Similarly, ID and password management within the Information Systems need to be continuously reviewed. IDs and passwords for terminated employees need to be canceled, and if there is any chance that any other employee may have shared their IDs and passwords with the terminated employee, their IDs and passwords should also be changed. Employees should be made aware of the need for Information Systems Security, and the severe threats posed to the network by internal as well external sources, so that they are constantly at a lookout for suspicious activities (Sicari et al, p. 154). Businesses should also have plans ready, and in place, in case a security breach does occur, and the Information System comes under risk of invasion. In such cases, the Information system needs to be designed in a way that any invasion does not allow access to the complete set of information available under the system. Even in the case of cloud computing, where the information is secured on remote servers by other companies, the businesses need to make sure that their information is backed up by more than one source, so that in case of loss or theft of information, not all of the information available in the business’s information system is lost.
In today’s high-tech world, businesses have been forced to incorporate dependence on information technology, especially the Internet, because, without such incorporation of technologies, businesses would lose their competitiveness in the global marketplace. As such, because the businesses are competing globally, their information storage and sharing needs are also increasing, and with that increase comes the increase in the security threats to the information systems of the businesses.
It is important to secure against the physical and virtual threats posed to the information system of businesses, and that can be done through a variety of measures, such as installing antiviruses, firewalls, using a complex system of IDs and passwords to restrict access, and constant supervision. Even after all these measures, it is important to keep evaluating and reevaluating the success of all these measures and keep altering security measures according to the changing needs for security of the information system. We need to understand that the most secure of all Information Systems is not a 100% secure against all potential threats, and therefore the security of the network needs to be continuously reviewed and renewed.
It is also important to note that all businesses are unique, and therefore have their own unique needs for security due to variance in scale, type of business, the culture within the business and the level of sensitivity of the information that their systems hold. That report presents a basic guideline which can be followed by all businesses and implemented on the various scale and using different particulars according to the unique needs of each business.
2018-6-30-1530329173