1. Why Organization are heavilyreliant on information system Aninformation system can be technically defined as a set of related componentsthat collect (or recover), process, store, and distribute information tosupport decision-making and control in an organization. In addition tosupporting decision-making, coordination and control, information systems canalso help managers and workers analyze problems, see complex issues and createnew products. Information systems contain information about people, places andthings important in the organization or environment around them. Forinformation, we mean data that has been modeled in a meaningful and useful formfor humans. Data, on the other hand, is the flow of untreated events thatrepresent events that occur in organizations or the physical environment beforethey are organized and organized in a way that people can understand and use.Thedefinition of an information system is based on the more general concept of thework system.
Companies operate through work systems. Typical businessorganizations include work systems that provide materials to suppliers, manufacturephysical and / or information products, deliver products to customers, findcustomers, create financial relationships, hire employees, coordinate work ,send taxes and perform other functions. A work system is a system in whichparticipants and / or machines perform work (processes and activities) usinginformation, technologies and other resources to produce specific products and/ or services for internal customers or specific externalities. An informationsystem is a work system whose processes and activities are devoted toprocessing information, i.e., capturing, transmitting, storing, retrieving,manipulating, and displaying information.
Thus, an information system is asystem in which human participants and/or machines perform work (processes andactivities) using information, technology, and other resources to produceinformational products and/or services for internal or external customers.Nowadays,organizations rely heavily on the information system to succeed in the businessworld, and people’s lifestyles are changing rapidly because we can not exhaustour information system in our day-to-day lives. Wireless communications,including laptops and mobile computing devices, enable managers, employees,customers, suppliers, and business partners to stay connected in any way theycan.
E-mail, online conferences, the Web and the Internet offer new anddifferent communication channels for all businesses, large and small. Byincreasing communication channels and reducing communication costs, customersneed more activities in terms of services and products at lower cost.E-commerce is changing the way companies should attract and respond to customers.The following facts are reason why information system is so essential to theorganizations, 1Economic Importance:Althoughthe cost of installing and maintaining an information system is quite high(depending on the type of system) initially, but in due course, the costs aredecreasing and seem fair in relation to the types of profits being exploited.help from that.
Moreover, over time, the cost of information systems tends todecrease, while the costs of their substitutes (eg labor) tend to increasehistorically (Laudon, 1990). In addition, computer systems use networks, whichhelp an organization reduce transaction costs, allowing the organization toengage external vendors rather than using internal resources.2.Information Systems Improve Performance:Informationsystems are designed to improve the overall efficiency and effectiveness of aprocess. Information systems speed up the process and reduce the time byremoving additional steps of the operation. For example, in 1977, Citibankdeveloped ATMs and debit cards (Laudon and Laudon 9th Ed.). He facilitatedfinancial transactions and was a huge success.
In addition, banks havecontinued to innovate and, today, with the help of reliable and secureinformation systems from TEMENOS, Infosys, Oracle, etc., most customers canmake the largest number of transactions since their personal computer or evenfrom the cell phone. In addition, information systems provide real-timeinformation that reduces the magnitude of errors, thereby increasing thequality of the output of the process.3.
Importance in Decision Making:Informationsystems provide managers with tools to monitor, plan and forecast moreaccurately and faster than ever before. In addition, they enable managers toreact more quickly and adapt quickly to the rapidly changing businessenvironment. Decision support systems can significantly improve results on bothquantitative and qualitative fronts. For example, in the United States, about142 million employees generate $ 12.
2 trillion in gross domestic product. Ifthe quality of decision of these employees could only be improved by 1% in oneyear, the GDP could increase considerably. 4.Organizational Behavior Change:Behavioralresearch shows that computer systems facilitate the flattening of hierarchiesby expanding the distribution of information to empower lower-level employees.It pushes the decision to make rights at the lowest level of the organization,as lower-level employees receive the information they need to make decisionsthat eliminate the need for middle managers. This also leads to a reduction inthe administrative costs of the organization. 2.Various types ofsecurity threats to any information system of an organization.
Thefollowings are types of security treats to information system;a) Malicious software: Viruses, Worms,Trojan Horses and SpywareMalicioussoftware programs are referred as malware and includes a variety of threats,such as computer viruses, worms, and Trojans. A computer virus is malware thatattaches to other software or files. data to execute, usually without theknowledge or permission of the user. Worms, which are standalone computerprograms copied from one computer to another on a network. Unlike viruses,worms can work alone without connecting to other computer program files andrelying less on human behavior to spread from one computer to another. A Trojanis software that seems to be benign, but does something different thanexpected.
The Trojan itself is not a virus because it does not replicate, butit is often a way to introduce viruses or other malicious code into a computersystem. Spyware also acts as malware. These small programs sneak onto computersto monitor users’ web browsing activity and to advertise.b) Hackers and Computer CrimeAhacker is an individual who intends to gain unauthorized access to a computersystem. Hacker activities have broadened beyond mere system intrusion toinclude theft of goods and information, as well as system damage andcybervandalism, the intentional disruption, defacement, or even destruction ofa Web site or corporate information system. In a denial-of-service (DoS)attack, hackers flood a network server or Web server with many thousands offalse communications or requests for services to crash the network. The networkreceives so many queries that it cannot keep up with them and is thusunavailable to service legitimate requests.
A distributed denial-of-service(DDoS) attack uses numerous computers to inundate and overwhelm the networkfrom numerous launch points. Most hacker activities are criminal offenses, andthe vulnerabilities of systems we have just described make them targets forother types of computer crime as well. Computer crime is defined by the U.S.Department of Justice as “any violations of criminal law that involve aknowledge of computer technology for their perpetration, investigation, orprosecution.” Many companies are reluctant to report computer crimes becausethe crimes may involve employees, or the company fears that publicizing itsvulnerability will hurt its reputation. The most economically damaging kinds ofcomputer crime are denial of service attacks, activities of malicious insiders,and Web-based attacks.c) Internal Threats: EmployeeWetend to think that threats to the security of a company are born outside theorganization.
In fact, the workers in the company raise serious securityproblems. Employees have access to insider information and, in the presence ofsloppy internal security procedures, they can often move around anorganization’s systems without a trace. End-users and information systemspecialists are also a major source of errors introduced into informationsystems. End users introduce errors by entering incorrect data or by notfollowing the correct instructions for data processing and computer equipmentuse. IT specialists can create software errors when designing and developingnew software or maintaining existing programs.
d) SoftwareVulnerabilitySoftwareerrors are a constant threat to information systems, leading to unquantifiedproductivity losses and sometimes putting people who use or rely on systems atrisk. The increasing complexity and size of software, as well as demands fortimely delivery to markets, have contributed to increased software defects orvulnerabilities. A major problem with the software is the presence of hiddenerrors or flaws in the program code.3. The Impact of Ransomware on BusinessOrganizationsTheword Ransomware is a combination of ransom and software, and a program that isdesigned to attack a targeted system with the aim of holding the user as ahostage, and restricting users from accessing their devices.
It can also beused to encrypt the user’s data, forcing the victim to pay the ransom.Generally, ransomware uses malware and Trojan forms to bypass and infect thetargeted system. Ransomware consists of two major types: lockers, which preventthe user from the entire system, and crypto ransomware, which only encrypts theuser files. Ransomware vastly attacks companies and endpoint users. Ransomwareattacks may happen in different contexts such as email attachment, compromisedwebsites, advertising, running untrusted program on the machine, sharingnetworks and communicating with an infected system.
The world has experienced amassive global ransomware cyber-attack known as “WannaCrypt” or “WannaCry”since Friday, May 12 2017. Hundreds of thousands’ computers worldwide have beenhit and affected more than 150 countries. WannaCry is far more dangerous thanother common ransomware types because of its ability to spread itself across anorganization’s network by exploiting a critical vulnerability in Windowscomputers. The malware has the capability to scan heavily over TCP port 445(Server Message Block/SMB), spreading similar to a worm, compromising hosts,encrypting files stored on them then demanding a ransom payment in the form ofBitcoin. It is important to note that this is not a threat that simply scansinternal ranges to identify where to spread, it is also capable of spreadingbased on vulnerabilities it finds in other externally facing hosts across theinternet.Thereare approximately 30–40 publicly named companies among the likely thousandsthat were impacted by this ransomware. Examples include the Russian InteriorMinistry, Telefonica (Spain’s largest telecommunications company) and FedEx.The UK National Health Service (NHS) was badly hit, with 16 of the 47 NHStrusts being affected, and routine surgery and doctor appointments beingcanceled as the service recovers.
There are reports that in China over 40,000organizations have been affected, including over 60 academic institutions. Ransomwarecan be use with badly for productivity. It make all projects on hold untilaccess to important files is recovered and the system is protected. If yourcomputers have been infected with Ransomware, all sensitive information mayfall into the wrong hands and be erased from your devices. A data breachcontaining information about customers or customers’ employees creates a crisisthat no company wants to deal with. Sensitive information is at stake, butpaying hackers does not guarantee that the information has not been copied yet.Paying the repurchase does not guarantee the safe return of all files.
Mostcompanies have an IT strategy and disaster recovery plan, but surprisingly, feware sufficiently prepared to deal with a ransomware attack. This is partlybecause they do not understand the risks, and because ransomware threats evolveat a rate that antivirus software struggles to keep up. 4. Prevention and risk mitigation planto organizations Organizationsshould be practice the following Control measure for prevention of futureattack,(A) Conduct ongoing, documented, andthorough information security risk assessmentsMaintainan ongoing information security risk assessment program that considers new andevolving threats to online accounts and adjusts customer authentication,layered security, and other controls in response to identified risks. Identify,prioritize, and assess the risk to critical systems, including threats to applicationsthat control various system parameters and other security and fraud preventionmeasures.(B) Securely configure systems andservicesProtectionssuch as logical network segmentation, offline backups, air gapping, maintainingan inventory of authorized devices and software, physical segmentation ofcritical systems, and other controls may mitigate the impact of a cyber-attackinvolving ransomware. Consistency in system configuration promotes theimplementation and maintenance of a secure network.
Essential components of asecure configuration include the removal or disabling of unused applications,functions, or components.(C) Protect against unauthorized accessLimitthe number of credentials with elevated privileges across the organization,especially administrator accounts and the ability to easily assign elevatedprivileges that access critical systems. Review access rights periodically toreconfirm approvals are appropriate to the job function. Establish stringentexpiration periods for unused credentials, monitor logs for use of oldcredentials, and promptly terminate unused or unwarranted credentials.Establish authentication rules, such as time of-day and geolocation controls,or implement multifactor authentication protocols for systems and services(e.g., virtual private networks).
In addition, conduct regular audits to reviewthe access and permission levels to critical systems for employees andcontractors. Implement least privileges access policies across the entireenterprise. In particular, do not allow users to have local administrator rightson workstations, and remove access to the temporary download folder.(D) Perform security monitoring, prevention, andrisk mitigationEnsurethat protection and detection systems, such as intrusion detection systems andantivirus protection, are up to date and that firewall rules are configuredproperly and reviewed periodically. Establish a baseline environment to enablethe ability to detect anomalous behavior. Monitor system alerts to identify,prevent, and contain attack attempts from all sources. (E) Perform Update information securityawareness and training programsConductregular, mandatory information security awareness training across theinstitution, including how to identify, prevent, and report phishing attemptsand other potential security incidents. Ensure that the training reflects thefunctions performed by employees.
(F) Implement and regularly testcontrols around critical systemsEnsurethat appropriate controls, such as access control, segregation of duties,audit, and fraud detection, and monitoring systems are implemented for systemsbased on risk. Limit the number of sign-on attempts for critical systems andlock accounts once such thresholds are exceeded. Implement alert systems to notifyemployees when baseline controls are changed on critical systems. Test theeffectiveness and adequacy of controls periodically. Report test results tosenior management and to the board of directors or a committee of the board ofdirectors.
Include in the report recommended risk mitigation strategies andprogress to remediate findings. (G) Review, update, and test incidentresponse and business continuity plans periodicallyTestthe effectiveness of incident response plans at the organization and with thirdparty service providers to ensure that all employees, including individualsresponsible for managing risk, information security, vendor management, frauddetection, and customer inquiries, understand their respective responsibilitiesand their institution’s protocols. 5 Ethical issues that may arisefrom using connected devices in an organizationEthicsrefers to the principles of right and wrong that individuals, acting as freemoral agents, use to make choices to guide their behaviors. (Kenneth C Laudon, Jane P Laudon, 2017) Ethical issues ininformation systems have been given new urgency by the rise of the Internet andelectronic commerce. Internet and digital firm technologies make it easier thanever to assemble, integrate, and distribute information, unleashing newconcerns about the appropriate use of customer information, the protection ofpersonal privacy, and the protection of intellectual property.
Employeesmust be trained and kept aware of a number of topics related to informationsecurity, not the least of which are the expected behaviors of an ethicalemployee. This is especially important in information security, as manyemployees may not have the formal technical training to understand that theirbehavior is unethical or even illegal. Proper ethical and legal training isvital to creating an informed, well prepared, and low-risk system user.Asmuch as information technology is important to our lives, it is facing someserious ethical challenges and it is up to the IT experts and users ofinformation technology to be ready for these challenges. As more emerginginformation technologies pop up on the market, most of the IT experts and usersdo not know how to go about the challenges brought about by these technologies.
Information technology is facing major challenges which are lack of privacy,security, copyright infringement and increased computer crimes. Criminals havebeen eagerly utilizing the many loop holes technology offers. Since informationtechnology greatly aid the speed, flow and access of information, cyber-crimehas become an ever-rising profession. Many businesses and organizations are atrisk of becoming a cyber victim on a daily basis, as most, if not all businessis based on some digital network.Thereis also the possible threat of unfaithful or vengeful employees that can useinformation technology to achieve their personal goals which might be harmfulto an organization. IT is not bad in itself, but the way humans use the tools providedby information technology has brought some serious challenges.