Securing Information Systems

Securing Information System

In an organization, security and control must be given high attention if one is to run a firm nowadays.

• Security
  • Policies, practices, and technical safeguards are employed to guard against unauthorized access, changes, theft, and physical harm to information systems.
• Control
  • Methods, rules, and internal controls that guarantee the security of the company's assets, the correctness and dependability of its financial records, and operational excellence in accordance with management standards.

Why Systems are Vulnerable?

When a lot of data is kept in electronic form, it makes it much more exposed to threats than it was when it was kept in manual form. Through communication networks, IS in several locations are connected, reducing the possibility of fraud or illegal access to a single place. but might happen at any network access point. Vulnerabilities can be found in the communication between the layers as well as at each layer in the multi-tier client/server computing architecture. Client-layer users have the potential to destroy systems by breaking security and making unauthorized system access. It is possible to alter messages without authorisation or gain access to data that is being transmitted through a network and is still vulnerable.

Denial of service (DOS) attacks or malicious software can be launched by intruders to disrupt IS's functionality.

• Availability of the network
• Hardware issue (Breakdown, configuration error)
• Software issue (programming error, installation error)
• Disaster
• Theft and loss of portable electronics

Internet Vulnerability

• Due to their virtual openness to everyone, large public networks like the internet are more vulnerable than internal networks.
• Due to the size of the internet, abuses can have a significant influence. As a result, when the internet is included into a business network, the IS of the organization become more open to outside interference.
• The widespread usage of peer-to-peer file sharing tools, instant messaging, and e-mail has also increased vulnerabilities.
• Email attachments could be used to spread trade secrets or act as a conduit for dangerous software or illegal access to internal business networks.
• In contrast to dial-up services, which organize a temporary internet address, computers linked to the internet through cable modem or digital subscriber lines have a fixed internet address that gives hackers a set budget.

Malicious Software

Unwanted software created with the intention of harming another machine is referred to as malicious software. It includes a number of threats and is also sometimes referred to as malware.

• Virus
  • It's a program that, typically without the user's knowledge or permission, attaches itself to other software or data files in order to run. Viruses are inherently parasitic. The computer is harmed or the virus is activated when a virus-affected file is run.
• Worm
  • They are independent computer programs that transmit copies of themselves via a network from one computer to another. They can run independently without connecting to other computers, unlike viruses. rely more on program files and less on actions of people. A computer network's operation is disrupted or even stopped, and data and programs are destroyed.
• Trojan Horse
  • It is a piece of software that seems unique but actually performs in an unexpected way.
• Spyware
  • Malicious malware also frequently targets internet users. It gathers and keeps track of the online activity and personal data of users, then sells that information to third parties.

Hacker

A hacker is someone who wants to use a computer system without authorization. It might not be a crime. The definition of a hacker is an intelligent coder. A "good hack" is a brilliant and ingenious solution to a programming or coding issue. And carrying out such coding and programming is known as hacking. The following list includes five characteristics that could indicate someone is a hacker:

• A person who enjoys learning both programming language syntax and system details
• A programmer who finds enjoyment in doing the work. Just speculating about it makes him or her boring.
• A capable individual who can appreciate someone else's hacking
• A person who quickly accepts programming
• A person who has specialized knowledge of a certain system or programming language.

In widely used media, a person who seeks to break into and gain illegal access to computer systems is referred to as a "hacker." This type of hacker typically possesses the technical and logical understanding to identify the weak points in a security system, such as a computer engineer or an experienced programmer.

• Cracker
  • Cracker is a common phrase to describe a hacker who has malicious intentions. Data loss and system security breaches are only a few examples. By identifying gaps in the security measures used by websites and computer systems, hackers and crackers gain illegal access. The scope of hackers' activity has expanded beyond simple system penetration to encompass merchandise and information theft as well as system damage and online vandalism (i.e. the intentional distribution of the website or corporate information system)
• Spoofing
  • Hackers who want to conceal their genuine identity frequently impersonate someone else or spoof themselves by using a false email address. With a site posing as the intended destination, spoofing may also involve redirecting to a web link or to an address other than the one intended.
• Sniffer
  • It is a kind of malicious software that keeps track of data transfer through networks. When used for illegal purposes, sniffers can harm a computer system and are highly challenging to find. Sniffer gives hackers the ability to steal data from any location on a network, including e-mail, instant messages, business files, private reports, etc. Sniffer can also be used to spot illegal activities or potential network issues.
• Denial of Service Attack (DOS)
  • ​​​​​​​​​​​​​​Hackers flood network servers or web servers with thousands of phony communications or service requests during a DOS attack in an effort to bring down the network. The network receives so many requests that it is unable to handle them all and is therefore unable to fulfill a legitimate request. Botnet is a group of computers that creates programs for DOS attacks. The perpetrators of a denial-of-service assault create a botnet out of thousands of PCs that have been secretly infected with malicious software. By installing malicious software on other people's computers that creates a backdoor that allows an attacker to receive instructions, hackers can build their own botnets.
    • Distributed DOS
      • Using many computers to start a DOS

Reference

Laudon, Laudon, "Management Information Systems Managing the Digital Firm", twelfth edition